last executing test programs: 54m32.154945072s ago: executing program 0 (id=121): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xcc) 54m27.320485635s ago: executing program 0 (id=123): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x5000, 0x4, 0xe, 0xf1, 0x5, 0xfd, 0xd4, 0xd4, 0x0, 0xd7, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0xa, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0x8080000, 0xdddd1000, 0xb, 0x1, 0x2, 0x0, 0x4, 0x1, 0x81, 0x0, 0xc4, 0x5}, {0x8000000, 0x2000, 0xf, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x1, 0x5, 0x9, 0xd, 0x6, 0x3, 0x4, 0x2e, 0xf}, {0x6000, 0x0, 0xb, 0x0, 0x3, 0x1, 0x1, 0xfb, 0x4, 0x90, 0x1, 0xfc}, {0x6000, 0x4000, 0xf, 0xff, 0xff, 0xff, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x1, 0xfc, 0x7}, {0x4012000, 0x5}, {0x4, 0x9}, 0x40010000, 0x0, 0xffff1000, 0x202, 0xb, 0x2000, 0xdddd6800, [0x3, 0x401, 0x7, 0x8]}) 54m24.172890255s ago: executing program 1 (id=124): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r8, 0x3, 0x40b2811, r7, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0xdddd0000, 0x8000}) syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2c) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) 54m21.780083434s ago: executing program 0 (id=125): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000080)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, 0xffffffffffffffff) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x2, 0x4, &(0x7f0000000000)=0x7}) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0xb, 0x11, r2, 0x0) r8 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) 54m11.170417981s ago: executing program 0 (id=126): openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f00000001c0), 0xd40, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x7}) ioctl$KVM_RUN(r8, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(0x0, 0xffffffffffffffff) ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x3, 0x3, 0x0}) r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x6}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r9, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r11, 0xae80, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8001}) ioctl$KVM_CREATE_VM(r13, 0x401c5820, 0x20000000) r14 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r14, 0x4008ae6a, &(0x7f00000000c0)={0x836, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x801}}]}) r15 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000040)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x6030000000138002}}], 0x20}, 0x0, 0x0) 54m10.267360479s ago: executing program 1 (id=127): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) syz_kvm_vgic_v3_setup(r5, 0x2, 0x0) close(r5) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r6, &(0x7f00000001c0), 0xf001) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x541b, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async) syz_kvm_vgic_v3_setup(r5, 0x2, 0x0) (async) close(r5) (async) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) write$eventfd(r6, &(0x7f00000001c0), 0xf001) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x541b, 0x0) (async) 53m57.932031052s ago: executing program 1 (id=128): mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x10, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 53m56.404851817s ago: executing program 0 (id=129): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, 0x0, 0x40000, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000000)={0x2, 0x80a0000, 0x0, r6, 0x4fd0f096b459bd7b}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r4, 0x2000000, 0x11, r2, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x2, 0x1, 0x1c, 0x0, 0x6, 0x2, 0x3, 0xec, 0x80, 0xcd, 0x7f, 0x6, 0x0, 0x4001, 0x0, 0x8, 0x10, 0x81, 0x4d, '\x00', 0x9, 0x5}) 53m51.113777469s ago: executing program 1 (id=130): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) 53m45.122563716s ago: executing program 1 (id=131): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f00000001c0), 0x100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0x80111500, 0x20000000) close(r2) close(0x3) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xab) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) 53m44.191860056s ago: executing program 0 (id=132): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffffffc) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000200, 0x1000, 0x1}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x5, 0x2, 0x3]}}], 0xfffffffffffffe4f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 53m39.014074456s ago: executing program 1 (id=133): munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000f2a000/0x4000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) 52m57.873045935s ago: executing program 32 (id=132): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffffffc) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000200, 0x1000, 0x1}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x5, 0x2, 0x3]}}], 0xfffffffffffffe4f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 52m51.581601693s ago: executing program 33 (id=133): munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000f2a000/0x4000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) 44m26.455263567s ago: executing program 2 (id=167): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) (async, rerun: 32) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 32) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r6, 0x400454d0, 0x7ffffffd) (async) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0xb, 0x11, r2, 0x0) syz_kvm_assert_syzos_uexit$arm64(r8, 0xffffffffffffffff) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000080)=0x9}) 44m23.553543757s ago: executing program 3 (id=168): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0) (async) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x320) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000280), 0x199141, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000280), 0x199141, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x5d) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0xfffff828, 0x6}) (async) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0xfffff828, 0x6}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0xd0, 0x9, &(0x7f0000000080)=0x100000000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r10}) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000180)={0x8000000, 0x4000}) syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async) r11 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 44m14.527238439s ago: executing program 2 (id=169): mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async, rerun: 32) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a1e000/0x400000)=nil) (async, rerun: 32) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2b) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r4, 0x4068aea3, &(0x7f0000000040)) (async, rerun: 64) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2f) (rerun: 64) ioctl$KVM_HAS_DEVICE_ATTR_vm(r5, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x6, 0xe60, 0x3}}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 44m10.032152919s ago: executing program 3 (id=170): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000fb6000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x10010, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=[@featur2={0x1, 0x56}], 0x1) (async) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, 0x0) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) syz_kvm_vgic_v3_setup(r3, 0x2, 0x200) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110003, &(0x7f00000001c0)=0x7}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) 44m1.143697866s ago: executing program 2 (id=171): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r2, 0xc018aec0, &(0x7f00000000c0)={0x1}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3c) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x2) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) 43m54.764089147s ago: executing program 3 (id=172): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x60300000001000d7, 0x0}) 43m47.497933161s ago: executing program 2 (id=173): ioctl$KVM_GET_SREGS(0xffffffffffffffff, 0x8000ae83, &(0x7f0000000000)) (async) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r0, 0x4004aec2, &(0x7f0000000140)=0x7) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x39) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000300)={0x0, &(0x7f0000000180)=[@code={0xa, 0x84, {"00e0ff0d000028d5201b95d200c0b8f2a10180d2a20180d2c30080d2c40180d2020000d41820201e00a0bf0d807782d20060b8f2610080d2020080d2630080d2440180d2020000d4000008d5000020ea00a0bf0d207998d20040b8f2610080d2620180d2430080d2c40180d2020000d4"}}, @uexit={0x0, 0x18, 0x7}, @eret={0xe6, 0x18, 0x1d50}, @uexit={0x0, 0x18, 0x8}, @uexit={0x0, 0x18, 0xcd}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x4, 0x6, 0x5, 0x81, 0x4}}, @msr={0x14, 0x20, {0x603000000013e6d9, 0x3}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x251}}], 0x154}, &(0x7f0000000340)=[@featur2={0x1, 0x8a}], 0x1) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000380)={0x1, 0x40}) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async, rerun: 32) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f00000003c0)=0x7) (async, rerun: 32) r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000600)={0x0, &(0x7f0000000400)=[@irq_setup={0x46, 0x18, {0x3, 0x65}}, @memwrite={0x6e, 0x30, @generic={0x3000, 0xb5b, 0xdc4c, 0xa}}, @irq_setup={0x46, 0x18, {0x1, 0x3b}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x15c}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x358}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x1, 0xd, 0x8001, 0xffffff00, 0x1}}, @eret={0xe6, 0x18, 0xfffffffffffffffb}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x2fe}}, @memwrite={0x6e, 0x30, @generic={0x4000, 0x69b, 0x1ff, 0x4}}, @msr={0x14, 0x20, {0x6030000000138065, 0x3d46}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x2, 0xf, 0x2, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8, 0xfffffffffffffffc, 0x8}}, @mrs={0xbe, 0x18, {0x603000000013c000}}], 0x1d8}, &(0x7f0000000640)=[@featur1={0x1, 0x20}], 0x1) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000680)=@arm64={0xa, 0x9, 0x32, '\x00', 0x2}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r0, 0x4018aee2, &(0x7f0000000700)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000006c0)={0xfffd, 0x3}}) (async, rerun: 32) r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (rerun: 32) ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000780)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000740)=0xfffffffffffffff7}) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000800)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000007c0)={0x3c5, 0x7fffffff}}) (async, rerun: 32) ioctl$KVM_ARM_PREFERRED_TARGET(r2, 0x8020aeaf, &(0x7f0000000840)) (async, rerun: 32) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000c80)={0x4, 0x400, 0x300, &(0x7f0000000880)=[0x9f9, 0x0, 0x8, 0x8, 0x8, 0xfffffffff0224223, 0x97a50000000000, 0xffffffffffff8000, 0x0, 0x9, 0x5, 0x5, 0x3, 0x47, 0x1, 0x5, 0xffff, 0x7fffffff, 0xd5b, 0xffffffff, 0xbae, 0x1, 0x6, 0x3, 0x8, 0x278d, 0x5, 0x1d3e, 0x5, 0x9cb, 0x55, 0xc9f, 0x7, 0x6, 0x6, 0x8001, 0x1, 0x0, 0x1, 0x3, 0x401, 0x8, 0x8, 0x5, 0xffffffffa1dbaf79, 0x4, 0xffffffff00000001, 0x80, 0x592, 0x3, 0x4, 0x7, 0x7, 0xc, 0x4, 0x0, 0x9, 0x3, 0x9, 0x4, 0x4, 0xea1, 0x219, 0x3, 0x812d, 0x7, 0x9, 0x4, 0x7, 0x35, 0x9, 0x8000000000000001, 0x2, 0x7, 0x7fffffffffffffff, 0x1, 0x2000000000, 0x8, 0x15ed, 0xf, 0xfff, 0xe, 0xfcbf, 0x7fffffff, 0xf53b, 0x7, 0x4c0a, 0xd, 0x6, 0x1, 0x10000, 0x320c, 0x4, 0xfffffffffffffff7, 0x100, 0x80000001, 0x100, 0x5, 0x2, 0x9, 0x4, 0x4, 0x80000000, 0xa505, 0x1, 0x9, 0x0, 0x5, 0xc40b, 0x7fffffff, 0x800, 0x73e, 0x1000, 0x7, 0x2680, 0x3ff, 0x3ff, 0x8, 0x10, 0x64, 0x0, 0x3ff, 0x6, 0x9ce, 0x2, 0x8000000000000001, 0x6, 0x1]}) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x2c0) (async) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000f40)={0x0, &(0x7f0000000cc0)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2ff}}, @eret={0xe6, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x4, 0xe, 0x1, 0x51f3}}, @code={0xa, 0x9c, {"60fe82d200e0b8f2610080d2620180d2a30180d2e40180d2020000d4e05298d20000b8f2a10080d2020180d2630180d2640180d2020000d40080c04800d8a07ee0928dd200a0b0f2810080d2820080d2e30080d2a40080d2020000d40000407a007008d500804048c0d387d20080b0f2610180d2020180d2030180d2840180d2020000d400a8210e"}}, @svc={0x122, 0x40, {0xc4000007, [0x2d, 0x5, 0x80000001, 0xb449, 0x828f]}}, @msr={0x14, 0x20, {0x603000000013df46, 0x5}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x8, 0xffffffff, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x7, 0x4}}, @irq_setup={0x46, 0x18, {0x1, 0x386}}, @mrs={0xbe, 0x18, {0x603000000013e728}}, @mrs={0xbe, 0x18, {0x603000000013c687}}, @svc={0x122, 0x40, {0x8, [0x74, 0x7, 0x2, 0x7, 0xb]}}], 0x244}, &(0x7f0000000f80)=[@featur1={0x1, 0xcf}], 0x1) (async) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xa) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r7 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async) ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000001000)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000fc0)=0xffffffffffffffff}) (async) syz_kvm_setup_cpu$arm64(r6, r2, &(0x7f0000baa000/0x400000)=nil, &(0x7f0000001400)=[{0x0, &(0x7f0000001040)=[@smc={0x1e, 0x40, {0x84000001, [0x40, 0x2, 0xed, 0x7, 0x3da]}}, @hvc={0x32, 0x40, {0x84000053, [0x8, 0x7327, 0x4, 0x60b8, 0x2]}}, @irq_setup={0x46, 0x18, {0x4, 0x24a}}, @msr={0x14, 0x20, {0x38b9, 0x7}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xd00, 0x3}}, @hvc={0x32, 0x40, {0xc5000021, [0x8, 0x81, 0x1, 0x2, 0x7]}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013e090}}, @hvc={0x32, 0x40, {0x84000011, [0x2, 0x7fffffffffffffff, 0x1, 0x6, 0x6]}}, @svc={0x122, 0x40, {0x100, [0x6, 0x5, 0xaf, 0x8001, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x6, 0x101, 0x0, 0x2}}, @smc={0x1e, 0x40, {0x4000, [0x5, 0xfffffffffffffffa, 0x1, 0x2, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013c3a0}}, @hvc={0x32, 0x40, {0x1000, [0x8, 0x100000001, 0x0, 0x2, 0x7]}}, @uexit={0x0, 0x18, 0x1}, @eret={0xe6, 0x18, 0x2}, @smc={0x1e, 0x40, {0x0, [0x200, 0x5, 0x8001, 0x9bed, 0x8000000000000000]}}, @mrs={0xbe, 0x18, {0x60300000001383f6}}, @uexit={0x0, 0x18, 0x1}, @hvc={0x32, 0x40, {0x84000013, [0x5, 0x4, 0xfffffffffffffff9, 0x3, 0x81]}}], 0x390}], 0x1, 0x0, &(0x7f0000001440)=[@featur2={0x1, 0x8}], 0x1) (async, rerun: 32) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f00000014c0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000001480)=0x1b}) (async, rerun: 32) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000001500)={0x0, 0xc}) 43m37.202868779s ago: executing program 2 (id=174): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, &(0x7f0000000100)={0x5, 0x0, &(0x7f0000d99000/0x4000)=nil}) 43m33.314393553s ago: executing program 3 (id=175): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async) r2 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x2, 0x200) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000000)=0x81}) (async) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) 43m25.035992355s ago: executing program 2 (id=176): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x33) r3 = syz_kvm_vgic_v3_setup(r2, 0x4, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x3, 0x5}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0x2441c0000000000, &(0x7f0000000000)=0x9}) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_GET_API_VERSION(r7, 0xae00, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000000140)=@attr_other={0x0, 0x8, 0x288, 0x0}) r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) write$eventfd(r8, &(0x7f0000000100)=0xfffffffffffffbc2, 0x8) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bfd000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r13, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616}) r14 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000080)=[@memwrite={0x6e, 0x0, @vgic_gicr={0x80e0000, 0x280, 0x3ff, 0xf}}], 0xfff6}, 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1d) close(r15) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 43m23.460247403s ago: executing program 3 (id=177): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, 0x0, 0x141000, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x40305828, &(0x7f0000000240)=@attr_other={0x0, 0x8, 0x80000000, &(0x7f00000001c0)=0x40}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) (async) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000080)=@arm64_extra={0x603000000013df01, &(0x7f0000000000)=0x2}) 43m10.485547826s ago: executing program 3 (id=178): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r1, 0x41, 0x100) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454d0, 0x1) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_extra={0x603000000013c022, &(0x7f0000000080)=0x1}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x983, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0x2, 0x20000013) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r8, 0x400454d0, 0x1) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000200)={0x4, 0xffda, 0x2}}) 42m38.711403691s ago: executing program 34 (id=176): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x33) r3 = syz_kvm_vgic_v3_setup(r2, 0x4, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x3, 0x5}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0x2441c0000000000, &(0x7f0000000000)=0x9}) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_GET_API_VERSION(r7, 0xae00, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000000140)=@attr_other={0x0, 0x8, 0x288, 0x0}) r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) write$eventfd(r8, &(0x7f0000000100)=0xfffffffffffffbc2, 0x8) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bfd000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r13, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616}) r14 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000080)=[@memwrite={0x6e, 0x0, @vgic_gicr={0x80e0000, 0x280, 0x3ff, 0xf}}], 0xfff6}, 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1d) close(r15) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 42m22.94861549s ago: executing program 35 (id=178): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r1, 0x41, 0x100) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454d0, 0x1) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_extra={0x603000000013c022, &(0x7f0000000080)=0x1}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x983, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0x2, 0x20000013) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r8, 0x400454d0, 0x1) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000200)={0x4, 0xffda, 0x2}}) 36m11.46264741s ago: executing program 4 (id=179): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r5, 0xffffffffffffffff) syz_kvm_assert_reg(r3, 0x603000000013c4f1, 0x8000) syz_kvm_assert_reg(r3, 0x603000000013c4f2, 0x8000) syz_kvm_assert_reg(r3, 0x603000000013dce0, 0x8000) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@uexit={0x0, 0x18, 0x7}, @hvc={0x32, 0x40, {0x80008000, [0x10001, 0x7fff, 0x91e, 0x8000000000000001]}}, @svc={0x122, 0x40, {0x84000002, [0xffff, 0xf9ce, 0x40, 0x53b, 0x7fffffff]}}], 0x98}, &(0x7f0000000100)=[@featur2={0x1, 0x92}], 0x1) syz_kvm_assert_reg(r3, 0x603000000013dce1, 0x8000) syz_kvm_assert_reg(r3, 0x603000000013dce2, 0x8000) syz_kvm_assert_reg(r3, 0x603000000013dce3, 0x8000) syz_kvm_assert_reg(r3, 0x603000000013dce4, 0x8000) syz_kvm_assert_reg(r3, 0x603000000013dce5, 0x8000) syz_kvm_assert_reg(r3, 0x603000000013dce8, 0x8000) syz_kvm_assert_reg(r3, 0x603000000013dce9, 0x8000) 36m1.651578847s ago: executing program 5 (id=180): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x11, r4, 0x40000) syz_memcpy_off$KVM_EXIT_MMIO(r6, 0x20, &(0x7f0000000080)="173ea04e539f083b583a50e00fc16c4b72bd83875fa60766", 0x0, 0x18) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000bfd000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x4, 0x1, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r9, 0xae80, 0x0) 35m56.686299412s ago: executing program 4 (id=181): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000) ioctl$KVM_CREATE_VM(r4, 0x541b, 0x2004001f) r5 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r5}) r6 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x5000}) syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000002c0)={0x0, &(0x7f00000001c0)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x4, 0x3, 0x6}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x1c8}}, @mrs={0xbe, 0x18, {0x603000000013e6c1}}, @msr={0x14, 0x20, {0x0, 0x10000}}, @svc={0x122, 0x40, {0x84000008, [0x2067, 0x2, 0xf2, 0x7, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013df78}}], 0xe8}, &(0x7f0000000300)=[@featur1={0x1, 0x22}], 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) 35m44.49437213s ago: executing program 5 (id=182): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x17) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x10ae0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f000086d000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r11, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r13, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r15 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28) r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x1) r17 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r16, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r17, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x30, r2, 0x0) 35m39.790004236s ago: executing program 4 (id=183): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) ioctl$KVM_CREATE_VM(r0, 0x80086601, 0x20000000) 34m56.513751433s ago: executing program 36 (id=182): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x17) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x10ae0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f000086d000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r11, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r13, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r15 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28) r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x1) r17 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r16, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r17, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x30, r2, 0x0) 34m49.990192181s ago: executing program 37 (id=183): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) ioctl$KVM_CREATE_VM(r0, 0x80086601, 0x20000000) 27m18.922999512s ago: executing program 6 (id=184): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r3, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000680)=[@code={0xa, 0x6c, {"607785d20020b8f2210080d2a20080d2430180d2440180d2020000d4007008d5000000a900f4a02e0000403a0000289e809e9dd200e0b0f2c10180d2420180d2630180d2840080d2020000d4009c200e000028d50028601e"}}, @svc={0x122, 0x40, {0xc4000004, [0x32f8864f, 0x81, 0xd, 0xffffffffffffffff, 0x800]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x176}}, @code={0xa, 0x84, {"007008d5000008d5000008d520509bd20000b8f2210080d2e20080d2e30180d2440180d2020000d40000003cc02687d200e0b0f2410180d2020180d2830180d2440080d2020000d4007008d5007008d5204a9dd20060b8f2010080d2620180d2030180d2e40080d2020000d40088200e"}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x3, 0x5, 0xfffffeff, 0x3}}, @irq_setup={0x46, 0x18, {0x4, 0x2e1}}, @uexit={0x0, 0x18}, @svc={0x122, 0x40, {0x2000, [0x9, 0x965b, 0xa, 0x8001, 0x7]}}, @msr={0x14, 0x20, {0x6030000000138077, 0x8}}, @eret={0xe6, 0x18, 0xf}, @mrs={0xbe, 0x18, {0x603000000013c646}}, @mrs={0xbe, 0x18, {0x603000000013e6d1}}, @code={0xa, 0x6c, {"007008d5007008d5000028d5007008d50008c0780000681e000000b1007008d5e0d881d20060b8f2e10080d2620080d2a30180d2040080d2020000d480e294d200a0b0f2c10080d2420080d2030080d2e40080d2020000d4"}}, @hvc={0x32, 0x40, {0x8400000a, [0xffffffff, 0x8, 0x2, 0x7, 0x101]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4, 0xb, 0x1, 0xfffffbff, 0x1}}, @svc={0x122, 0x40, {0x3000000, [0xffffffffffffffff, 0x4, 0x8, 0x8000, 0xc8]}}, @eret={0xe6, 0x18, 0x8000000000000000}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0xc, 0x7f, 0x8, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x4, 0x8, 0x8, 0x10, 0x2}}, @memwrite={0x6e, 0x30, @generic={0x2000, 0xa7e, 0x9, 0x4}}, @msr={0x14, 0x20, {0xfe9dd5f5dd8b74d0, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x253}}, @uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x4, 0xb, 0x200, 0x7, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0x4, 0x2, 0x5, 0x3}}, @irq_setup={0x46, 0x18, {0x0, 0x9d}}, @hvc={0x32, 0x40, {0x4000001e, [0x9, 0x8, 0x1, 0x7fff, 0x8]}}], 0x50c}, &(0x7f0000000040)=[@featur2={0x1, 0xa4}], 0x1) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r3, 0x8, 0x5110, r4, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f00000000c0)={0x5, 0x5, 0x2000, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x3}) 27m13.943657464s ago: executing program 7 (id=185): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r8 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000240)={0x4, 0x8000000, 0xc, r8, 0x8}) ioctl$KVM_GET_REG_LIST(r7, 0xc008aeb0, 0xffffffffffffffff) r9 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x2}) r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r11, 0x400454d1, 0x110c330021) r12 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x2, 0x100) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x3, 0x2ea, &(0x7f0000000000)=0x7}) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r13, 0x3, 0x11, r9, 0x0) r14 = mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r13, 0x3, 0x11, r12, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r14, 0xffffffffffffffff) ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000200)={0x100000, 0x11a000}) 27m5.275263405s ago: executing program 6 (id=186): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x400001, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff, 0x1}) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x5, 0x5, 0x0}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bde000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x2, 0x20001}}], 0x28}, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x101a40, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r2, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="aa0000000000000028000000000000000401030000000500000007000000b809000002000000000047f4fdde89973b7d767711d8595ce633246585a0dd1760a143653609aea906a95c4cb0dc40f409e447a5ff27c0584cce4629a83c72bd34eaee84a4ca915470d3db99"], 0x28}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r2, 0x4, 0x220) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0xa, 0xffffffffffffffff}) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r12 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r11, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0) r13 = eventfd2(0x0, 0x1) close(r13) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) r14 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) write$eventfd(r13, &(0x7f0000000180)=0x5, 0xfffffde3) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x2, &(0x7f0000000240)=0x9}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 26m49.679543765s ago: executing program 7 (id=187): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x10) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r5}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) r9 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f00000001c0)=@other={0xd, &(0x7f0000000080)=0x2}) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r11, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000180)={0x5000}) r12 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) 26m40.127051513s ago: executing program 6 (id=188): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xe4) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000000)={0x1, 0x7}) (async) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x29) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) (async) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r6, 0x2, 0x12, r5, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r6, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async) r7 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, r6, 0xc, 0x10, r7, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r8, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x0, 0x6, 0x0}) 26m1.541596634s ago: executing program 38 (id=187): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x10) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r5}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) r9 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f00000001c0)=@other={0xd, &(0x7f0000000080)=0x2}) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r11, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000180)={0x5000}) r12 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) 25m49.812390757s ago: executing program 39 (id=188): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xe4) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000000)={0x1, 0x7}) (async) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x29) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) (async) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r6, 0x2, 0x12, r5, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r6, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async) r7 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, r6, 0xc, 0x10, r7, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r8, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x0, 0x6, 0x0}) 2m52.171429941s ago: executing program 9 (id=256): mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x101300, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xf92) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000280)=0x400000080a0000}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0x80111500, 0x20000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r8, 0x541b, 0x2000001c) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = eventfd2(0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000004000/0x4000)=nil, 0x930, 0x0, 0x11, r10, 0x0) r11 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r11, 0x2, 0x100) close(r11) r12 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x1e) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x54800, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r12, 0x4010aeb5, &(0x7f0000000000)={0x8}) r13 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r13, 0x1, 0x100) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) munmap(&(0x7f0000584000/0x800000)=nil, 0x800000) 2m49.049711393s ago: executing program 8 (id=257): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x7f, &(0x7f0000000340)=0x8}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f0000000080)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000000)=0x13}) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, 0x0) 2m28.276734121s ago: executing program 8 (id=258): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vm(r1, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0xc2, 0x2, 0x1}}) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = eventfd2(0x3, 0x0) write$eventfd(r3, &(0x7f0000000400)=0xfffffffffffffffc, 0x8) write$eventfd(r3, &(0x7f0000000480)=0x8c49, 0x8) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@msr={0x14, 0x20, {0x603000000013c65d, 0xf}}], 0x20}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2m21.462252685s ago: executing program 9 (id=259): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x82880, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r8, 0x3, 0x40b2811, r7, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0xdddd0000, 0x8000}) r9 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x2c) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) 2m2.302265918s ago: executing program 8 (id=260): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000000040)=0x1) (async) r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000040000000300000021fc5f1400000000010000002000000000000000000000000000000000000000000000000000000015a39e9a16554d5f01301244b6a331091c8ce96e5e066b7920ce3689dc9533eb2b61047ea94511daddc0995953e405bd40f3549e71ef19c9d3813141bd1f89700946d6c2e4f1e9a0"]) (async) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r5 = ioctl$KVM_CREATE_VM(r4, 0x894c, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xe4) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r8, 0x4068aea3, &(0x7f00000000c0)) (async) r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0) (async, rerun: 32) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (rerun: 32) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async, rerun: 64) ioctl$KVM_GET_STATS_FD_vm(r9, 0xaece) (rerun: 64) openat$kvm(0x0, 0x0, 0x185543, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000180)={0x1, 0x104000, 0x1}) (async, rerun: 64) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000380)={0x3000}) (async, rerun: 64) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r9, 0x4010ae68, &(0x7f0000000140)={0x6000, 0x99000, 0x1}) (async) ioctl$KVM_CREATE_VCPU(r5, 0xb702, 0x0) 1m52.925411352s ago: executing program 9 (id=261): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ff8000/0x4000)=nil, r2, 0x3800000, 0x4000010, 0xffffffffffffffff, 0x0) 1m38.651898583s ago: executing program 8 (id=262): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x6c, {"0000029e003492d200a0b0f2210080d2c20180d2030080d2240080d2020000d40004000e000028d5c05482d20080b0f2a10180d2e20080d2c30080d2240180d2020000d4007008d5007008d5007008d5000000130000005c"}}, @svc={0x122, 0x40, {0x86000000, [0x7, 0xe000000000, 0x8b, 0x0, 0x9]}}, @msr={0x14, 0x20, {0x603000000013e6ce, 0x2}}, @code={0xa, 0x6c, {"000000bc004593d200e0b8f2210180d2e20080d2030180d2a40080d2020000d40024c01a0040651e0000009b0000689e00128ed200a0b0f2810180d2c20180d2430080d2840080d2020000d41f4000d5000c00b8000028d5"}}, @code={0xa, 0x9c, {"008194d20020b0f2810180d2e20080d2630080d2e40080d2020000d40098212e007008d5602283d20040b0f2c10080d2820080d2230180d2440080d2020000d4006285d20020b0f2a10080d2a20080d2830180d2c40080d2020000d4a0f29bd200c0b0f2610180d2220080d2030080d2440080d2020000d4003c4093007008d5000028d5000028d5"}}, @eret={0xe6, 0x18, 0x1b22}, @hvc={0x32, 0x40, {0x84000006, [0xffffffffffffe345, 0x0, 0x80, 0x3, 0x24]}}, @code={0xa, 0x6c, {"00a8312e008008d5008008d5007008d51f000072008008d5e0979cd200a0b0f2410080d2820180d2a30080d2640180d2020000d4007008d5a04e99d20040b8f2410180d2620080d2230180d2040080d2020000d4000020ca"}}, @svc={0x122, 0x40, {0x10, [0x7f, 0x400, 0x8d, 0x9, 0xe8]}}, @smc={0x1e, 0x40, {0x80000001, [0x7, 0x8, 0x9e8, 0x6, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0x6, 0x8, 0x3, 0x2}}, @irq_setup={0x46, 0x18, {0x3, 0x25e}}, @svc={0x122, 0x40, {0x84000003, [0x2, 0xea, 0x4, 0x2, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013e668}}, @smc={0x1e, 0x40, {0x84000013, [0x5, 0xa7f, 0x0, 0x81, 0x5]}}, @uexit={0x0, 0x18, 0x1}, @irq_setup={0x46, 0x18, {0x4, 0x338}}, @uexit={0x0, 0x18, 0x2}, @irq_setup={0x46, 0x18, {0x3, 0x80}}], 0x450}, &(0x7f0000000540)=[@featur1={0x1, 0x20}], 0x1) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x0, r4, 0x2}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r4, 0x3}) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2) r6 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x553404bc06501799) ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) 1m36.909514688s ago: executing program 9 (id=263): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r2, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x802, 0x40000008, 0x0, 0x80}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, r10, 0x1, 0x2012, r9, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x3, 0xa0) r11 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r14, 0xae03, 0x4) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r14, 0x4068aea3, &(0x7f0000000180)) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000000)={0x7}) r15 = eventfd2(0x0, 0x80800) ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x4, r15}) 1m11.205852087s ago: executing program 8 (id=264): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r1, 0xe, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eff000/0x2000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r1, 0x6000002, 0x4d832, 0xffffffffffffffff, 0x0) 1m9.712802245s ago: executing program 9 (id=265): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2c) ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f00000000c0)={0x5, 0x5, 0x2000, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x3}) 55.550073222s ago: executing program 8 (id=266): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@uexit={0x0, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x6030000000138006}}, @hvc={0x32, 0x40, {0x84000052, [0x578, 0x5, 0x4, 0x8, 0xd]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0x1, 0x101, 0xffff, 0x2}}], 0x98}, &(0x7f0000000100)=[@featur1={0x1, 0xa2}], 0x1) (rerun: 64) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000240)=@arm64_sve={0x6080000000150244, &(0x7f0000000200)=0x7}) (async) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000280)={0xb6, 0x0, 0x10000}) (async) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 55.062895233s ago: executing program 9 (id=267): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@msr={0x14, 0x20, {0x603000000013c65d, 0xf}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x24) 8.205247176s ago: executing program 40 (id=266): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@uexit={0x0, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x6030000000138006}}, @hvc={0x32, 0x40, {0x84000052, [0x578, 0x5, 0x4, 0x8, 0xd]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0x1, 0x101, 0xffff, 0x2}}], 0x98}, &(0x7f0000000100)=[@featur1={0x1, 0xa2}], 0x1) (rerun: 64) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000240)=@arm64_sve={0x6080000000150244, &(0x7f0000000200)=0x7}) (async) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000280)={0xb6, 0x0, 0x10000}) (async) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 0s ago: executing program 41 (id=267): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@msr={0x14, 0x20, {0x603000000013c65d, 0xf}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x24) kernel console output (not intermixed with test programs): [ 385.379338][ T3156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 420.632673][ T3156] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:5705' (ED25519) to the list of known hosts. [ 600.899611][ T25] audit: type=1400 audit(600.150:61): avc: denied { name_bind } for pid=3314 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 602.837492][ T25] audit: type=1400 audit(602.090:62): avc: denied { execute } for pid=3315 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 602.869812][ T25] audit: type=1400 audit(602.120:63): avc: denied { execute_no_trans } for pid=3315 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 625.228158][ T25] audit: type=1400 audit(624.470:64): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 625.262059][ T25] audit: type=1400 audit(624.500:65): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 625.344170][ T3315] cgroup: Unknown subsys name 'net' [ 625.396663][ T25] audit: type=1400 audit(624.650:66): avc: denied { unmount } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 625.793026][ T3315] cgroup: Unknown subsys name 'cpuset' [ 625.899837][ T3315] cgroup: Unknown subsys name 'rlimit' [ 626.808990][ T25] audit: type=1400 audit(626.060:67): avc: denied { setattr } for pid=3315 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 626.829432][ T25] audit: type=1400 audit(626.070:68): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 626.861375][ T25] audit: type=1400 audit(626.100:69): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 628.041036][ T3318] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 628.061337][ T25] audit: type=1400 audit(627.310:70): avc: denied { relabelto } for pid=3318 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 628.087282][ T25] audit: type=1400 audit(627.330:71): avc: denied { write } for pid=3318 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 628.268640][ T25] audit: type=1400 audit(627.520:72): avc: denied { read } for pid=3315 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 628.284985][ T25] audit: type=1400 audit(627.530:73): avc: denied { open } for pid=3315 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 628.331080][ T3315] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 679.930441][ T25] audit: type=1400 audit(679.180:74): avc: denied { execmem } for pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 684.460321][ T25] audit: type=1400 audit(683.710:75): avc: denied { read } for pid=3321 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 684.482641][ T25] audit: type=1400 audit(683.730:76): avc: denied { open } for pid=3321 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 684.565828][ T25] audit: type=1400 audit(683.810:77): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 684.844782][ T25] audit: type=1400 audit(684.090:78): avc: denied { module_request } for pid=3321 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 685.988719][ T25] audit: type=1400 audit(685.230:79): avc: denied { sys_module } for pid=3321 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 714.297738][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 715.298146][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 715.359613][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 715.591663][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.615395][ T3321] hsr_slave_0: entered promiscuous mode [ 727.645883][ T3321] hsr_slave_1: entered promiscuous mode [ 728.392898][ T3322] hsr_slave_0: entered promiscuous mode [ 728.440916][ T3322] hsr_slave_1: entered promiscuous mode [ 728.482757][ T3322] debugfs: 'hsr0' already exists in 'hsr' [ 728.506514][ T3322] Cannot create hsr debugfs directory [ 734.042044][ T25] audit: type=1400 audit(733.290:80): avc: denied { create } for pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 734.099243][ T25] audit: type=1400 audit(733.350:81): avc: denied { write } for pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 734.145639][ T25] audit: type=1400 audit(733.390:82): avc: denied { read } for pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 734.321837][ T3321] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 734.712319][ T3321] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 735.020564][ T3321] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 735.187795][ T3321] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 736.951467][ T3322] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 737.210241][ T3322] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 737.402455][ T3322] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 737.658482][ T3322] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 749.680613][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 752.408263][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 812.813097][ T3321] veth0_vlan: entered promiscuous mode [ 813.239663][ T3321] veth1_vlan: entered promiscuous mode [ 815.188399][ T3321] veth0_macvtap: entered promiscuous mode [ 815.439222][ T3322] veth0_vlan: entered promiscuous mode [ 815.637928][ T3321] veth1_macvtap: entered promiscuous mode [ 816.252938][ T3322] veth1_vlan: entered promiscuous mode [ 818.696667][ T3426] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.786006][ T3426] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.790361][ T3426] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.819652][ T3426] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.210845][ T3322] veth0_macvtap: entered promiscuous mode [ 820.913139][ T3322] veth1_macvtap: entered promiscuous mode [ 822.392411][ T25] audit: type=1400 audit(821.640:83): avc: denied { mount } for pid=3321 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 822.641386][ T25] audit: type=1400 audit(821.880:84): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/syzkaller.aJPc3o/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 822.842418][ T25] audit: type=1400 audit(822.090:85): avc: denied { mount } for pid=3321 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 823.592039][ T25] audit: type=1400 audit(822.840:86): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/syzkaller.aJPc3o/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 823.802106][ T25] audit: type=1400 audit(823.050:87): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/syzkaller.aJPc3o/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3778 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 824.134812][ T3333] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.139633][ T3333] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.248278][ T3333] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.251965][ T3333] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.686234][ T25] audit: type=1400 audit(823.920:88): avc: denied { unmount } for pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 825.167412][ T25] audit: type=1400 audit(824.290:89): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 825.255319][ T25] audit: type=1400 audit(824.500:90): avc: denied { mount } for pid=3321 comm="syz-executor" name="/" dev="gadgetfs" ino=3790 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 825.783217][ T25] audit: type=1400 audit(825.030:91): avc: denied { mount } for pid=3321 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 825.929369][ T25] audit: type=1400 audit(825.180:92): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 827.829634][ T3321] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 829.365502][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 829.366317][ T25] audit: type=1400 audit(828.520:94): avc: denied { read write } for pid=3321 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 829.436767][ T25] audit: type=1400 audit(828.660:95): avc: denied { open } for pid=3321 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 829.458280][ T25] audit: type=1400 audit(828.700:96): avc: denied { ioctl } for pid=3321 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 842.694520][ T25] audit: type=1400 audit(841.940:97): avc: denied { read } for pid=3481 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 842.749783][ T25] audit: type=1400 audit(842.000:98): avc: denied { open } for pid=3481 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 842.895961][ T25] audit: type=1400 audit(842.130:99): avc: denied { ioctl } for pid=3481 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 846.574789][ T25] audit: type=1400 audit(845.820:100): avc: denied { write } for pid=3486 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 853.615939][ T25] audit: type=1400 audit(852.840:101): avc: denied { append } for pid=3492 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 920.590950][ T25] audit: type=1400 audit(919.840:102): avc: denied { execute } for pid=3531 comm="syz.1.16" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4511 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 983.771916][ T25] audit: type=1400 audit(983.020:103): avc: denied { setattr } for pid=3574 comm="syz.0.32" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 985.246503][ T25] audit: type=1400 audit(984.490:104): avc: denied { map } for pid=3574 comm="syz.0.32" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 985.306203][ T25] audit: type=1400 audit(984.540:105): avc: denied { execute } for pid=3574 comm="syz.0.32" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1087.401748][ T25] audit: type=1400 audit(1086.610:106): avc: denied { ioctl } for pid=3625 comm="syz.0.47" path="net:[4026532629]" dev="nsfs" ino=4026532629 ioctlcmd=0xae46 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1113.057974][ T3648] kvm [3648]: Failed to find VMA for hva 0x21016000 [ 1330.006702][ T3764] kvm [3762]: Unsupported guest access at: eeef0000 [ 1330.006702][ T3764] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1585.231244][ T3867] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1587.052368][ T3867] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1588.050549][ T3867] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1588.952996][ T3867] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1600.709731][ T3867] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1600.860819][ T3867] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1600.953257][ T3867] bond0 (unregistering): Released all slaves [ 1602.355105][ T3867] hsr_slave_0: left promiscuous mode [ 1602.398142][ T3867] hsr_slave_1: left promiscuous mode [ 1602.980678][ T3867] veth1_macvtap: left promiscuous mode [ 1603.008384][ T3867] veth0_macvtap: left promiscuous mode [ 1603.028256][ T3867] veth1_vlan: left promiscuous mode [ 1603.043243][ T3867] veth0_vlan: left promiscuous mode [ 1626.159382][ T3867] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1627.269146][ T3867] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1628.382894][ T3867] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1629.201502][ T3867] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1642.439722][ T3867] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1642.516562][ T3867] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1642.569333][ T3867] bond0 (unregistering): Released all slaves [ 1643.717902][ T3867] hsr_slave_0: left promiscuous mode [ 1643.777298][ T3867] hsr_slave_1: left promiscuous mode [ 1644.105577][ T3867] veth1_macvtap: left promiscuous mode [ 1644.106933][ T3867] veth0_macvtap: left promiscuous mode [ 1644.122577][ T3867] veth1_vlan: left promiscuous mode [ 1644.145385][ T3867] veth0_vlan: left promiscuous mode [ 1671.595860][ T3898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1671.822197][ T3898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1678.920723][ T3903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1679.197542][ T3903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1696.413041][ T3898] hsr_slave_0: entered promiscuous mode [ 1696.478174][ T3898] hsr_slave_1: entered promiscuous mode [ 1702.347672][ T3903] hsr_slave_0: entered promiscuous mode [ 1702.399296][ T3903] hsr_slave_1: entered promiscuous mode [ 1702.429606][ T3903] debugfs: 'hsr0' already exists in 'hsr' [ 1702.437873][ T3903] Cannot create hsr debugfs directory [ 1711.516128][ T3898] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1711.741835][ T3898] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1712.250152][ T3898] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1712.371746][ T3898] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1717.191695][ T3903] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1717.522191][ T3903] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1717.889425][ T3903] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1718.249784][ T3903] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1736.378690][ T3898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1743.959353][ T3903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1834.373096][ T3898] veth0_vlan: entered promiscuous mode [ 1835.227671][ T3898] veth1_vlan: entered promiscuous mode [ 1837.976629][ T3898] veth0_macvtap: entered promiscuous mode [ 1838.360991][ T3898] veth1_macvtap: entered promiscuous mode [ 1842.327345][ T2134] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1842.330220][ T2134] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1842.402643][ T2134] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1842.427553][ T2134] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1842.490873][ T3903] veth0_vlan: entered promiscuous mode [ 1844.288671][ T3903] veth1_vlan: entered promiscuous mode [ 1848.196434][ T3903] veth0_macvtap: entered promiscuous mode [ 1849.262733][ T3903] veth1_macvtap: entered promiscuous mode [ 1852.676644][ T4038] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1852.686043][ T4038] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1852.856583][ T4038] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1852.898680][ T4038] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2266.812254][ T4355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2267.315243][ T4355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2292.148701][ T4366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2292.630402][ T4366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2299.889959][ T3351] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2301.619790][ T3351] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2303.062008][ T3351] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2304.421072][ T3351] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2307.791280][ T4355] hsr_slave_0: entered promiscuous mode [ 2307.819712][ T4355] hsr_slave_1: entered promiscuous mode [ 2307.907038][ T4355] debugfs: 'hsr0' already exists in 'hsr' [ 2307.916008][ T4355] Cannot create hsr debugfs directory [ 2321.956592][ T3351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2322.259136][ T3351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2322.408064][ T3351] bond0 (unregistering): Released all slaves [ 2323.607942][ T3351] hsr_slave_0: left promiscuous mode [ 2323.675497][ T3351] hsr_slave_1: left promiscuous mode [ 2324.061836][ T3351] veth1_macvtap: left promiscuous mode [ 2324.072528][ T3351] veth0_macvtap: left promiscuous mode [ 2324.082816][ T3351] veth1_vlan: left promiscuous mode [ 2324.095639][ T3351] veth0_vlan: left promiscuous mode [ 2349.288948][ T4366] hsr_slave_0: entered promiscuous mode [ 2349.342909][ T4366] hsr_slave_1: entered promiscuous mode [ 2352.460284][ T3351] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2353.762911][ T3351] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2355.090720][ T3351] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2356.510317][ T3351] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2358.518736][ T4355] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2358.819199][ T4355] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2359.987326][ T4355] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2360.721612][ T4355] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2374.762995][ T3351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2374.870800][ T3351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2374.968281][ T3351] bond0 (unregistering): Released all slaves [ 2376.422508][ T3351] hsr_slave_0: left promiscuous mode [ 2376.508238][ T3351] hsr_slave_1: left promiscuous mode [ 2376.857426][ T3351] veth1_macvtap: left promiscuous mode [ 2376.860757][ T3351] veth0_macvtap: left promiscuous mode [ 2376.872825][ T3351] veth1_vlan: left promiscuous mode [ 2376.917266][ T3351] veth0_vlan: left promiscuous mode [ 2397.100565][ T4366] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2397.612628][ T4366] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2398.236591][ T4366] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2398.671541][ T4366] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2421.759314][ T4355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2428.489635][ T4366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2551.528443][ T4355] veth0_vlan: entered promiscuous mode [ 2552.351775][ T4355] veth1_vlan: entered promiscuous mode [ 2555.657293][ T4355] veth0_macvtap: entered promiscuous mode [ 2556.060243][ T4355] veth1_macvtap: entered promiscuous mode [ 2559.247889][ T4366] veth0_vlan: entered promiscuous mode [ 2560.721953][ T4035] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2560.729317][ T4035] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2560.781430][ T4035] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2560.839686][ T4035] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2561.212436][ T4366] veth1_vlan: entered promiscuous mode [ 2566.288684][ T4366] veth0_macvtap: entered promiscuous mode [ 2566.962797][ T4366] veth1_macvtap: entered promiscuous mode [ 2570.669179][ T4409] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2570.747113][ T4019] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2570.946636][ T3867] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2571.010236][ T4019] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2675.216704][ T3351] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2677.085234][ T3351] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2678.878209][ T3351] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2680.900413][ T3351] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2703.260357][ T3351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2703.489778][ T3351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2703.736793][ T3351] bond0 (unregistering): Released all slaves [ 2707.770418][ T3351] hsr_slave_0: left promiscuous mode [ 2708.000535][ T3351] hsr_slave_1: left promiscuous mode [ 2709.155889][ T3351] veth1_macvtap: left promiscuous mode [ 2709.175326][ T3351] veth0_macvtap: left promiscuous mode [ 2709.192595][ T3351] veth1_vlan: left promiscuous mode [ 2709.212495][ T3351] veth0_vlan: left promiscuous mode [ 2741.695377][ T3351] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2743.277981][ T3351] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2744.720267][ T3351] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2745.782418][ T3351] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2770.452977][ T3351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2770.628226][ T3351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2770.767400][ T3351] bond0 (unregistering): Released all slaves [ 2772.400141][ T3351] hsr_slave_0: left promiscuous mode [ 2772.466515][ T3351] hsr_slave_1: left promiscuous mode [ 2772.787429][ T3351] veth1_macvtap: left promiscuous mode [ 2772.797219][ T3351] veth0_macvtap: left promiscuous mode [ 2772.804025][ T3351] veth1_vlan: left promiscuous mode [ 2772.869248][ T3351] veth0_vlan: left promiscuous mode [ 2826.509396][ T4612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2826.801999][ T4612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2830.788492][ T4615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2831.149699][ T4615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2858.566935][ T4612] hsr_slave_0: entered promiscuous mode [ 2858.620091][ T4612] hsr_slave_1: entered promiscuous mode [ 2862.060496][ T4615] hsr_slave_0: entered promiscuous mode [ 2862.128213][ T4615] hsr_slave_1: entered promiscuous mode [ 2862.182347][ T4615] debugfs: 'hsr0' already exists in 'hsr' [ 2862.246466][ T4615] Cannot create hsr debugfs directory [ 2879.299116][ T4612] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 2880.331536][ T4612] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 2880.842333][ T4612] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 2881.629723][ T4612] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 2888.832574][ T4615] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 2889.366465][ T4615] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 2889.852657][ T4615] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 2890.427300][ T4615] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 2918.491945][ T4612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2924.182087][ T4615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3075.206102][ T4612] veth0_vlan: entered promiscuous mode [ 3076.552677][ T4612] veth1_vlan: entered promiscuous mode [ 3081.983225][ T4615] veth0_vlan: entered promiscuous mode [ 3082.908460][ T4612] veth0_macvtap: entered promiscuous mode [ 3084.108648][ T4612] veth1_macvtap: entered promiscuous mode [ 3084.500098][ T4615] veth1_vlan: entered promiscuous mode [ 3090.455087][ T4019] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3090.786365][ T4019] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3090.874719][ T4549] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3090.887752][ T4549] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3092.022728][ T4615] veth0_macvtap: entered promiscuous mode [ 3093.527804][ T4615] veth1_macvtap: entered promiscuous mode [ 3099.348500][ T3416] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3099.353114][ T3416] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3099.408812][ T4524] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3099.432376][ T4409] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3232.907351][ T4549] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3235.270578][ T4549] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3237.526544][ T4549] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3239.679472][ T4549] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3272.826621][ T4549] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3273.310587][ T4549] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3274.210205][ T4549] bond0 (unregistering): Released all slaves [ 3277.239894][ T4549] hsr_slave_0: left promiscuous mode [ 3277.346236][ T4549] hsr_slave_1: left promiscuous mode [ 3278.275306][ T4549] veth1_macvtap: left promiscuous mode [ 3278.276586][ T4549] veth0_macvtap: left promiscuous mode [ 3278.299927][ T4549] veth1_vlan: left promiscuous mode [ 3278.317742][ T4549] veth0_vlan: left promiscuous mode [ 3319.125291][ T4549] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3321.002532][ T4549] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3322.993176][ T4549] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3325.510327][ T4549] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3351.155718][ T4549] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3351.775054][ T4549] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3352.288204][ T4549] bond0 (unregistering): Released all slaves [ 3356.090453][ T4549] hsr_slave_0: left promiscuous mode [ 3356.257308][ T4549] hsr_slave_1: left promiscuous mode [ 3357.168319][ T4549] veth1_macvtap: left promiscuous mode [ 3357.196265][ T4549] veth0_macvtap: left promiscuous mode [ 3357.216937][ T4549] veth1_vlan: left promiscuous mode [ 3357.226813][ T4549] veth0_vlan: left promiscuous mode [ 3408.597526][ T4906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3408.938678][ T4906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3419.777621][ T4911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3420.143216][ T4911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3448.532414][ T4906] hsr_slave_0: entered promiscuous mode [ 3448.639050][ T4906] hsr_slave_1: entered promiscuous mode [ 3459.199784][ T4911] hsr_slave_0: entered promiscuous mode [ 3459.292409][ T4911] hsr_slave_1: entered promiscuous mode [ 3459.415715][ T4911] debugfs: 'hsr0' already exists in 'hsr' [ 3459.417615][ T4911] Cannot create hsr debugfs directory [ 3475.236199][ T4906] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 3476.526051][ T4906] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 3477.475944][ T4906] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 3478.320216][ T4906] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 3487.033014][ T4911] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 3487.697724][ T4911] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 3488.362836][ T4911] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 3489.135343][ T4911] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 3522.741560][ T4906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3531.082697][ T4911] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3707.757072][ T4906] veth0_vlan: entered promiscuous mode [ 3708.956786][ T4906] veth1_vlan: entered promiscuous mode [ 3713.769630][ T4906] veth0_macvtap: entered promiscuous mode [ 3715.218265][ T4906] veth1_macvtap: entered promiscuous mode [ 3716.548744][ T4911] veth0_vlan: entered promiscuous mode [ 3719.037595][ T4911] veth1_vlan: entered promiscuous mode [ 3722.782065][ T4364] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3722.836088][ T4364] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3722.837022][ T4364] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3722.837801][ T4364] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3727.447583][ T4911] veth0_macvtap: entered promiscuous mode [ 3729.269112][ T4911] veth1_macvtap: entered promiscuous mode [ 3735.547795][ T4364] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3735.597711][ T4409] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3735.622816][ T4409] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3735.745800][ T4409] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4931.621617][ T5604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4932.319856][ T5604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4940.323249][ T5607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4940.880726][ T5607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4999.462669][ T5604] hsr_slave_0: entered promiscuous mode [ 4999.741970][ T5604] hsr_slave_1: entered promiscuous mode [ 4999.929758][ T5604] debugfs: 'hsr0' already exists in 'hsr' [ 4999.949685][ T5604] Cannot create hsr debugfs directory [ 5008.301898][ T5607] hsr_slave_0: entered promiscuous mode [ 5008.488250][ T5607] hsr_slave_1: entered promiscuous mode [ 5008.590123][ T5607] debugfs: 'hsr0' already exists in 'hsr' [ 5008.665922][ T5607] Cannot create hsr debugfs directory [ 5076.242362][ T5604] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 5077.904768][ T5604] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 5078.987483][ T5604] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 5081.636649][ T5604] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 5091.321046][ T5607] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 5091.952735][ T5607] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 5093.016904][ T5607] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 5093.673206][ T5607] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 5142.831620][ T5604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5150.688060][ T27] INFO: task syz.9.267:5581 blocked for more than 430 seconds. [ 5150.785985][ T27] Not tainted syzkaller #0 [ 5150.800855][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 5150.801522][ T27] task:syz.9.267 state:D stack:0 pid:5581 tgid:5581 ppid:4911 task_flags:0x400040 flags:0x00000019 [ 5150.803052][ T27] Call trace: [ 5150.857080][ T27] __switch_to+0x584/0xb20 (T) [ 5150.922754][ T27] __schedule+0x1eec/0x33a4 [ 5150.935816][ T27] schedule+0xac/0x27c [ 5150.936521][ T27] schedule_timeout+0x5c/0x1e4 [ 5150.936998][ T27] do_wait_for_common+0x28c/0x444 [ 5150.937434][ T27] wait_for_completion+0x44/0x5c [ 5150.937947][ T27] __synchronize_srcu+0x2a4/0x320 [ 5150.938458][ T27] synchronize_srcu+0x3cc/0x4f0 [ 5150.938941][ T27] mmu_notifier_unregister+0x320/0x42c [ 5150.939429][ T27] kvm_put_kvm+0x6a0/0xfa8 [ 5150.939830][ T27] kvm_vm_release+0x58/0x78 [ 5150.940315][ T27] __fput+0x4ac/0x980 [ 5150.940715][ T27] ____fput+0x20/0x58 [ 5150.941136][ T27] task_work_run+0x1bc/0x254 [ 5150.941551][ T27] do_notify_resume+0x1bc/0x270 [ 5150.942010][ T27] el0_svc+0xb8/0x164 [ 5150.942471][ T27] el0t_64_sync_handler+0x84/0x12c [ 5150.942930][ T27] el0t_64_sync+0x198/0x19c [ 5151.148253][ T27] [ 5151.148253][ T27] Showing all locks held in the system: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 5151.165452][ T27] 1 lock held by khungtaskd/27: [ 5151.166313][ T27] #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 5151.168859][ T27] 3 locks held by kworker/u4:3/42: [ 5151.169383][ T27] 1 lock held by klogd/3119: [ 5151.169728][ T27] 2 locks held by getty/3185: [ 5151.170074][ T27] #0: adf0000011c4a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 5151.171792][ T27] #1: 4aff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8 [ 5151.320315][ T27] 2 locks held by syz-executor/3315: [ 5151.320758][ T27] 2 locks held by kworker/u4:4/3351: [ 5151.321093][ T27] #0: 7af000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 5151.322913][ T27] #1: ffff80008fec7c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 5151.416193][ T27] 3 locks held by kworker/u4:1/3867: [ 5151.416582][ T27] 2 locks held by kworker/u4:8/4019: [ 5151.416903][ T27] #0: 7af000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 5151.418637][ T27] #1: ffff80008e797c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 5151.420394][ T27] 3 locks held by kworker/u4:0/4364: [ 5151.420715][ T27] 3 locks held by kworker/u4:2/4369: [ 5151.421156][ T27] 3 locks held by kworker/u4:7/5547: [ 5151.421473][ T27] 2 locks held by syz.8.266/5583: [ 5151.421780][ T27] 1 lock held by syz-executor/5607: [ 5151.422119][ T27] 3 locks held by kworker/u4:10/5626: [ 5151.422471][ T27] 1 lock held by modprobe/5747: [ 5151.422796][ T27] 1 lock held by modprobe/5748: [ 5151.587805][ T27] [ 5151.615177][ T27] ============================================= [ 5151.615177][ T27] [ 5153.500483][ T5607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5171.860572][ T27] INFO: task syz.9.267:5581 blocked for more than 451 seconds. [ 5171.867190][ T27] Not tainted syzkaller #0 [ 5171.867834][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 5171.868180][ T27] task:syz.9.267 state:D stack:0 pid:5581 tgid:5581 ppid:4911 task_flags:0x400040 flags:0x00000019 [ 5171.868922][ T27] Call trace: [ 5171.869201][ T27] __switch_to+0x584/0xb20 (T) [ 5171.869750][ T27] __schedule+0x1eec/0x33a4 [ 5171.870290][ T27] schedule+0xac/0x27c [ 5171.870803][ T27] schedule_timeout+0x5c/0x1e4 [ 5171.871258][ T27] do_wait_for_common+0x28c/0x444 [ 5171.871660][ T27] wait_for_completion+0x44/0x5c [ 5171.872179][ T27] __synchronize_srcu+0x2a4/0x320 [ 5171.872645][ T27] synchronize_srcu+0x3cc/0x4f0 [ 5171.873124][ T27] mmu_notifier_unregister+0x320/0x42c [ 5172.065798][ T27] kvm_put_kvm+0x6a0/0xfa8 [ 5172.066495][ T27] kvm_vm_release+0x58/0x78 [ 5172.067024][ T27] __fput+0x4ac/0x980 [ 5172.067461][ T27] ____fput+0x20/0x58 [ 5172.067855][ T27] task_work_run+0x1bc/0x254 [ 5172.068303][ T27] do_notify_resume+0x1bc/0x270 [ 5172.068756][ T27] el0_svc+0xb8/0x164 [ 5172.069236][ T27] el0t_64_sync_handler+0x84/0x12c [ 5172.069690][ T27] el0t_64_sync+0x198/0x19c [ 5172.070458][ T27] [ 5172.070458][ T27] Showing all locks held in the system: [ 5172.070788][ T27] 1 lock held by khungtaskd/27: [ 5172.071144][ T27] #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 5172.072851][ T27] 2 locks held by kworker/u4:3/42: [ 5172.073208][ T27] #0: 7af000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 5172.279149][ T27] #1: ffff80008ca57c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 5172.281059][ T27] 1 lock held by klogd/3119: [ 5172.281435][ T27] 2 locks held by getty/3185: [ 5172.281736][ T27] #0: adf0000011c4a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 5172.368536][ T27] #1: 4aff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8 [ 5172.370561][ T27] 3 locks held by kworker/u4:1/3867: [ 5172.370931][ T27] 3 locks held by kworker/u4:11/4039: [ 5172.371285][ T27] 3 locks held by kworker/u4:0/4364: [ 5172.371599][ T27] 3 locks held by kworker/u4:2/4369: [ 5172.371917][ T27] 2 locks held by kworker/u4:5/4409: [ 5172.372245][ T27] 3 locks held by kworker/u4:12/4549: [ 5172.372576][ T27] 2 locks held by kworker/u4:13/4916: [ 5172.372940][ T27] 3 locks held by kworker/u4:15/5074: [ 5172.479753][ T27] 2 locks held by kworker/u4:7/5547: [ 5172.517181][ T27] #0: 7af000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 5172.519281][ T27] #1: ffff80008fef7c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 5172.521092][ T27] 2 locks held by syz.8.266/5583: [ 5172.521449][ T27] 2 locks held by syz-executor/5604: [ 5172.521758][ T27] 2 locks held by syz-executor/5607: [ 5172.522100][ T27] 3 locks held by kworker/u4:9/5616: [ 5172.522448][ T27] 2 locks held by kworker/u4:10/5626: [ 5172.522769][ T27] #0: 7af000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 5172.681685][ T27] #1: ffff8000a0d87c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 5172.765415][ T27] 1 lock held by modprobe/5754: [ 5172.765877][ T27] 4 locks held by modprobe/5755: [ 5172.766351][ T27] [ 5172.766641][ T27] ============================================= [ 5172.766641][ T27] VM DIAGNOSIS: 18:36:43 Registers: info registers vcpu 0 CPU#0 PC=ffff800085a1e9a0 X00=fdf000001c89d800 X01=ffff80008712376f X02=38f0000010df4000 X03=ffff800085353ea8 X04=0000000000000000 X05=0000000000000000 X06=0000000000000000 X07=0000000000000000 X08=fdf000001c89d870 X09=00000000000000fe X10=0000000000000000 X11=00000000000000fd X12=fffe800001c89d8e X13=0000000000000028 X14=0000000000002000 X15=ffff800080007680 X16=ffff800080010e20 X17=000000000000004c X18=00000000000000ff X19=fdf000001c89d800 X20=efff800000000000 X21=0000000000000040 X22=0000000000000005 X23=000000000000004c X24=000000000000001f X25=1ff00000131b11de X26=0000000000000001 X27=fdf000001c89d8b8 X28=000000000000001f X29=ffff800080007920 X30=ffff800085a1dc3c SP=ffff8000800078c0 PSTATE=60402009 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffff980d8b30:0000ffff980d9060 Z02=0000ffff97e226e0:0000ffff97e220d0 Z03=0000ffff98109d10:0000ffff980d8600 Z04=0000ffff980d9ad0:0000ffff980d95a0 Z05=0000ffff97e226e0:0000ffff97e220d0 Z06=0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000