last executing test programs: 8m47.318535597s ago: executing program 1 (id=232): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000100)={0x3, 0x2, 0xeeef0000, 0x2000, &(0x7f0000c0c000/0x2000)=nil, 0xfffffffffffffff0}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) 8m28.900619886s ago: executing program 1 (id=234): mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef000000003a08000000000000010000000000000002c0f70000000000030000000000000004020000000000001400000000000000200000000000000084", @ANYRESDEC=r1, @ANYRES64=r5, @ANYRESHEX=r5], 0x60}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 8m18.189665898s ago: executing program 1 (id=237): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8m13.523699636s ago: executing program 1 (id=239): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (rerun: 64) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r1, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x810, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000666000/0x3000)=nil, 0x3000) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r6, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000080)=[@code={0xa, 0xb4, {"60ff98d200c0b8f2a10080d2820180d2e30180d2840080d2020000d4007008d5007008d5000860fc000028d5000008d520e084d200e0b0f2610180d2220180d2230080d2240080d2020000d4c0f981d200e0b0f2010080d2820180d2630080d2040180d2020000d480c994d200a0b8f2610080d2c20180d2030180d2440180d2020000d4c0039ed200e0b0f2010180d2020180d2830080d2440080d2020000d4"}}], 0xb4}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) 8m4.751264778s ago: executing program 1 (id=241): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x3, 0x0, &(0x7f0000000180)=0x100}) (async) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x64}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000200)=0x8000000}) (async) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) (async) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r9, 0x3, 0x11, r3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) syz_kvm_assert_syzos_uexit$arm64(r10, 0x2) (async) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000300)={0x1000020, 0x1}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r10, 0xfffffffffffffffe) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) 7m35.072544372s ago: executing program 1 (id=243): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004c, 0x0}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f00000000c0)) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000240)=@arm64_sys={0x603000000013c015, &(0x7f0000000200)=0xae}) ioctl$KVM_GET_MP_STATE(r3, 0x8004ae98, &(0x7f0000000140)) 6m47.742061777s ago: executing program 32 (id=243): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004c, 0x0}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f00000000c0)) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000240)=@arm64_sys={0x603000000013c015, &(0x7f0000000200)=0xae}) ioctl$KVM_GET_MP_STATE(r3, 0x8004ae98, &(0x7f0000000140)) 1m1.220038769s ago: executing program 2 (id=280): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000280)=[@featur2={0x1, 0xf}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x0, 0x4, 0x0}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f0000000540)=[@irq_setup={0x46, 0x18, {0x0, 0x119}}, @code={0xa, 0x9c, {"0078284e007008d500fc009b00ed91d20080b0f2210080d2a20080d2030180d2440180d2020000d4000028d5000008d5e09385d20060b8f2010080d2220080d2830080d2840080d2020000d400999fd20080b0f2410080d2a20080d2430180d2640080d2020000d4406394d20020b8f2810180d2620180d2830080d2e40080d2020000d4000028d5"}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x287}}, @hvc={0x32, 0x40, {0x4000000, [0x3, 0x50f, 0x4, 0x6, 0x1]}}, @hvc={0x32, 0x40, {0xc5000021, [0x8, 0x400, 0x100, 0x8, 0x6]}}, @msr={0x14, 0x20, {0x603000000013df4e, 0x3}}, @hvc={0x32, 0x40, {0x80000000, [0x5, 0xfffffffffffffffb, 0x8, 0x0, 0x9]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1000, 0xff, 0x8}}, @svc={0x122, 0x40, {0x80000002, [0xfffffffffffffffc, 0x8, 0x9, 0x0, 0x1]}}, @smc={0x1e, 0x40, {0xc4000005, [0x9, 0x7, 0x5, 0x2, 0xc217]}}, @hvc={0x32, 0x40, {0x84000002, [0x83e9, 0x7, 0xffffffffffff8001, 0x9, 0x4]}}, @eret={0xe6, 0x18, 0x40}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x14, 0xf, 0x1}}, @hvc={0x32, 0x40, {0x8000, [0x8, 0x4559408c, 0x4, 0x3, 0xec77]}}, @hvc={0x32, 0x40, {0x4200ff13, [0x4, 0xfffffffffffffff0, 0xb, 0x7a, 0x2]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x12c}}], 0x39c}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000d05000/0x1000)=nil, 0x930, 0x6, 0x8032, r7, 0x0) 49.97456131s ago: executing program 2 (id=282): mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) munmap(&(0x7f000049b000/0x400000)=nil, 0x400000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x4, 0xfffa}}) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0x10, 0x3ff, 0x1}}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 49.812270246s ago: executing program 0 (id=283): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xfffffffffffffffe) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x8001, 0x0, r4}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r7, 0x400454d0, 0x7ffffffd) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000100)="fb0149dd033be3ac2cc4a29ea6af8031d1dfd900080001000000315f9731c10d097fd66f8f1f44f9ffffffffffffffebb207000000000000000000002a2900", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) 40.704903017s ago: executing program 2 (id=284): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x3, 0x0, &(0x7f0000000000)=0x6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100006, &(0x7f0000000100)=0xc5c5}) (async) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100006, &(0x7f0000000100)=0xc5c5}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000280)=0x3}) 40.623329465s ago: executing program 0 (id=285): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) openat$kvm(0x0, 0x0, 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) (async) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r3, 0x4018aee3, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000007, 0x4f833, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x2, 0x8000000, 0x1000, &(0x7f0000c42000/0x1000)=nil}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x200, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xef) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) 31.761707812s ago: executing program 0 (id=286): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r1, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r1, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) (async) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x3, 0xfffffffd}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r3, 0x1, 0x120) (async) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x2873f7aecfc88708, 0x0) (async) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) syz_kvm_assert_reg(r10, 0x603000000013df01, 0x8000) (async) r11 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) 31.520771116s ago: executing program 2 (id=287): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x7e) r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000) r3 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x59) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000000)={0xa4a605311ad0de6b, 0x0, &(0x7f0000c67000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f000073e000/0x400000)=nil) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x100) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r10, 0x400454cc, 0xffffffffffffffff) eventfd2(0x4, 0x800) r11 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000200)=@arm64_fw={0x6030000000140000, &(0x7f0000000240)=0x10001}) 21.15283625s ago: executing program 0 (id=288): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f00000001c0), 0x100, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000) close(r7) close(0x3) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xcd) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000540)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) r9 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x29) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) r12 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r11, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, &(0x7f0000000000)=@arm64={0xad, 0x40, 0xcd, '\x00', 0x100}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000140)=@x86={0x7, 0xe, 0x4, 0x0, 0x6, 0xb, 0x0, 0x7, 0x2, 0xa1, 0x5, 0xed, 0x0, 0x3, 0x10, 0x2, 0xb, 0x4, 0x9, '\x00', 0xf6, 0x2}) 11.34809457s ago: executing program 2 (id=289): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) munmap(&(0x7f0000f7c000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0x4, 0x80a, 0x1}}) (async) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) 9.832973758s ago: executing program 0 (id=290): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x101000, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000240)={0x0, &(0x7f0000000200)=[@mrs={0xbe, 0x18, {0x603000000013c3a0}}], 0x18}, 0x0, 0x0) (async) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000240)={0x0, &(0x7f0000000200)=[@mrs={0xbe, 0x18, {0x603000000013c3a0}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) (async) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x8, 0xc, &(0x7f0000000280)=0xfffffffffffffffe}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x6, &(0x7f0000000180)=0x8}) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000000000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000000000/0x400000)=nil) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2) syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) (async) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f00000001c0)={0x0, &(0x7f0000000380)}, 0x0, 0x0) ioctl$KVM_RUN(r15, 0xae80, 0x0) (async) ioctl$KVM_RUN(r15, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r16, 0xc0189436, 0x10001fbffffd) mmap$KVM_VCPU(&(0x7f0000d38000/0x4000)=nil, r12, 0x3, 0x12, r10, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4000000015) 2.55005203s ago: executing program 2 (id=291): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xa}}], 0x30}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil}) r11 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x80000000}) r13 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000001c0)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013addb, 0x7}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r14, 0xae03, 0xe4) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000100)={0x101ff, 0x4, 0x1, 0x1000, &(0x7f0000ee3000/0x1000)=nil, 0x5, r4}) 0s ago: executing program 0 (id=292): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x21) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r6 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x3534c1, 0x0) r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@uexit={0x0, 0x18, 0x7}, @uexit={0x0, 0x18, 0x9}, @code={0xa, 0x3c, {"0000799e00e8a05e0000c0690000281e007008d5000008d50000ae9e00b8a12e0000005a0094004f"}}, @irq_setup={0x46, 0x18, {0x1, 0x165}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x0, 0x5, 0x2, 0x8}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x63}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x1ac}}], 0xfc}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r11 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x20) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r13, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000acc000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) r14 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) ioctl$KVM_RUN(r15, 0xae80, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000100)={0x55}) kernel console output (not intermixed with test programs): [ 382.964804][ T3152] 8021q: adding VLAN 0 to HW filter on device bond0 [ 400.508167][ T3152] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:61320' (ED25519) to the list of known hosts. [ 594.648585][ T25] audit: type=1400 audit(593.900:60): avc: denied { name_bind } for pid=3303 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 595.858470][ T25] audit: type=1400 audit(595.110:61): avc: denied { execute } for pid=3304 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 595.898329][ T25] audit: type=1400 audit(595.150:62): avc: denied { execute_no_trans } for pid=3304 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 621.595691][ T25] audit: type=1400 audit(620.840:63): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 621.628020][ T25] audit: type=1400 audit(620.880:64): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 621.713819][ T3304] cgroup: Unknown subsys name 'net' [ 621.764451][ T25] audit: type=1400 audit(621.020:65): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 622.169278][ T3304] cgroup: Unknown subsys name 'cpuset' [ 622.268954][ T3304] cgroup: Unknown subsys name 'rlimit' [ 623.185148][ T25] audit: type=1400 audit(622.440:66): avc: denied { setattr } for pid=3304 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 623.209725][ T25] audit: type=1400 audit(622.450:67): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 623.227774][ T25] audit: type=1400 audit(622.480:68): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 624.401034][ T3312] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 624.423054][ T25] audit: type=1400 audit(623.670:69): avc: denied { relabelto } for pid=3312 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 624.448383][ T25] audit: type=1400 audit(623.700:70): avc: denied { write } for pid=3312 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 624.629132][ T25] audit: type=1400 audit(623.880:71): avc: denied { read } for pid=3304 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 624.647433][ T25] audit: type=1400 audit(623.890:72): avc: denied { open } for pid=3304 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 624.696674][ T3304] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 675.829465][ T25] audit: type=1400 audit(675.080:73): avc: denied { execmem } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 680.518760][ T25] audit: type=1400 audit(679.770:74): avc: denied { read } for pid=3315 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 680.546696][ T25] audit: type=1400 audit(679.790:75): avc: denied { open } for pid=3315 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 680.613407][ T25] audit: type=1400 audit(679.860:76): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 680.873348][ T25] audit: type=1400 audit(680.100:77): avc: denied { module_request } for pid=3315 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 681.957494][ T25] audit: type=1400 audit(681.200:78): avc: denied { sys_module } for pid=3315 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 710.620894][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 711.153780][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 711.404959][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 711.768139][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 723.652487][ T3315] hsr_slave_0: entered promiscuous mode [ 723.679527][ T3315] hsr_slave_1: entered promiscuous mode [ 724.660541][ T3316] hsr_slave_0: entered promiscuous mode [ 724.715882][ T3316] hsr_slave_1: entered promiscuous mode [ 724.755677][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 724.763706][ T3316] Cannot create hsr debugfs directory [ 730.023711][ T25] audit: type=1400 audit(729.270:79): avc: denied { create } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 730.059320][ T25] audit: type=1400 audit(729.310:80): avc: denied { write } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 730.188263][ T25] audit: type=1400 audit(729.440:81): avc: denied { read } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 730.352539][ T3315] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 730.670800][ T3315] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 731.018352][ T3315] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 731.298475][ T3315] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 732.788884][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 732.955090][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 733.123998][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 733.325807][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 746.080843][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 748.110564][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 804.059076][ T3315] veth0_vlan: entered promiscuous mode [ 804.476739][ T3315] veth1_vlan: entered promiscuous mode [ 806.520910][ T3316] veth0_vlan: entered promiscuous mode [ 806.635513][ T3315] veth0_macvtap: entered promiscuous mode [ 807.014753][ T3315] veth1_macvtap: entered promiscuous mode [ 807.439927][ T3316] veth1_vlan: entered promiscuous mode [ 809.587992][ T2125] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.606134][ T2125] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.620467][ T2125] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.629136][ T2125] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.008877][ T3316] veth0_macvtap: entered promiscuous mode [ 810.679323][ T3316] veth1_macvtap: entered promiscuous mode [ 812.055403][ T25] audit: type=1400 audit(811.300:82): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 812.280537][ T25] audit: type=1400 audit(811.530:83): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/syzkaller.UiuvhF/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 812.499897][ T25] audit: type=1400 audit(811.740:84): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 812.898290][ T25] audit: type=1400 audit(812.110:85): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/syzkaller.UiuvhF/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 813.055025][ T25] audit: type=1400 audit(812.270:86): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/syzkaller.UiuvhF/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3764 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 813.195841][ T3396] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.200072][ T3396] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.263875][ T3396] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.267955][ T3396] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.743757][ T25] audit: type=1400 audit(812.990:87): avc: denied { unmount } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 813.929488][ T25] audit: type=1400 audit(813.180:88): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 814.093508][ T25] audit: type=1400 audit(813.340:89): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="gadgetfs" ino=3774 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 814.326248][ T25] audit: type=1400 audit(813.560:90): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 814.408188][ T25] audit: type=1400 audit(813.660:91): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 815.845138][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 828.012523][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 828.031026][ T25] audit: type=1400 audit(827.260:96): avc: denied { read } for pid=3469 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 828.054982][ T25] audit: type=1400 audit(827.270:97): avc: denied { open } for pid=3469 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 828.826776][ T25] audit: type=1400 audit(828.070:98): avc: denied { ioctl } for pid=3469 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 838.802717][ T25] audit: type=1400 audit(838.010:99): avc: denied { execute } for pid=3479 comm="syz.0.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3896 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 878.544843][ T25] audit: type=1400 audit(877.790:100): avc: denied { setattr } for pid=3502 comm="syz.0.12" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 888.958674][ T25] audit: type=1400 audit(888.210:101): avc: denied { write } for pid=3510 comm="syz.1.14" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 998.684853][ T25] audit: type=1400 audit(997.920:102): avc: denied { append } for pid=3570 comm="syz.1.32" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1048.169549][ T25] audit: type=1400 audit(1047.420:103): avc: denied { map } for pid=3598 comm="syz.0.39" path="pipe:[2782]" dev="pipefs" ino=2782 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1163.194254][ T3665] KVM: debugfs: duplicate directory 3665-14 [ 1289.819407][ T3750] KVM: debugfs: duplicate directory 3750-5 [ 1606.855253][ T25] audit: type=1400 audit(1606.050:104): avc: denied { ioctl } for pid=3938 comm="syz.1.140" path="net:[4026532616]" dev="nsfs" ino=4026532616 ioctlcmd=0xb708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1760.687499][ T4033] kvm [4033]: Failed to find VMA for hva 0x20c01000 [ 1772.974807][ T4041] kvm [4041]: Failed to find VMA for hva 0x20d8d000 [ 2059.219384][ T4192] kvm [4188]: Unsupported guest access at: eeef0000 [ 2059.219384][ T4192] { Op0( 2), Op1( 5), CRn(11), CRm(11), Op2( 3), func_write }, [ 2081.197825][ T4201] KVM: debugfs: duplicate directory 4201-14 [ 2229.230527][ T2110] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2231.278673][ T2110] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2232.759719][ T2110] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2233.959173][ T2110] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2252.248784][ T2110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2252.484295][ T2110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2252.629931][ T2110] bond0 (unregistering): Released all slaves [ 2254.687026][ T2110] hsr_slave_0: left promiscuous mode [ 2254.773982][ T2110] hsr_slave_1: left promiscuous mode [ 2255.505867][ T2110] veth1_macvtap: left promiscuous mode [ 2255.534782][ T2110] veth0_macvtap: left promiscuous mode [ 2255.558296][ T2110] veth1_vlan: left promiscuous mode [ 2255.586026][ T2110] veth0_vlan: left promiscuous mode [ 2331.284692][ T4269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2331.758067][ T4269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2367.506528][ T4269] hsr_slave_0: entered promiscuous mode [ 2367.613364][ T4269] hsr_slave_1: entered promiscuous mode [ 2383.399604][ T4269] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2383.825679][ T4269] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2384.280002][ T4269] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2384.639484][ T4269] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2414.746734][ T4269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2517.580106][ T4269] veth0_vlan: entered promiscuous mode [ 2518.208564][ T4269] veth1_vlan: entered promiscuous mode [ 2520.593982][ T4269] veth0_macvtap: entered promiscuous mode [ 2520.999758][ T4269] veth1_macvtap: entered promiscuous mode [ 2523.619116][ T2110] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2523.643899][ T2110] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2523.658002][ T2110] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2523.706528][ T2110] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2632.199251][ T4565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d34b [ 2632.233740][ T4565] flags: 0x1ffce4000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x39) [ 2632.255911][ T4565] raw: 01ffce4000000000 ffffc1ffc074d308 ffffc1ffc0829608 0000000000000000 [ 2632.294505][ T4565] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 2632.306604][ T4565] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 2632.349652][ T4565] ------------[ cut here ]------------ [ 2632.349931][ T4565] kernel BUG at ./include/linux/mm.h:1036! [ 2632.351736][ T4565] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 2632.356687][ T4565] Modules linked in: [ 2632.358862][ T4565] CPU: 0 UID: 0 PID: 4565 Comm: syz.2.291 Not tainted syzkaller #0 PREEMPT [ 2632.360430][ T4565] Hardware name: linux,dummy-virt (DT) [ 2632.361779][ T4565] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2632.363075][ T4565] pc : kvm_s2_put_page+0x374/0x3a0 [ 2632.365375][ T4565] lr : kvm_s2_put_page+0x374/0x3a0 [ 2632.366372][ T4565] sp : ffff80008f567570 [ 2632.367167][ T4565] x29: ffff80008f567570 x28: 89f0000020a58000 x27: 89f0000020a58000 [ 2632.368804][ T4565] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 2632.370167][ T4565] x23: ffffc1ffc074d2c8 x22: 0000000000000000 x21: ffffc1ffc074d2f4 [ 2632.371550][ T4565] x20: 0000000000000000 x19: ffffc1ffc074d2c0 x18: 000000007a870094 [ 2632.372957][ T4565] x17: 000000000457b387 x16: 000000007a63593c x15: 00000000f97e09fe [ 2632.374406][ T4565] x14: ffffffffffffffff x13: fff000001ff5d888 x12: 0000000000000001 [ 2632.375794][ T4565] x11: 0000000000080000 x10: 0000000000059bdc x9 : 77716a774c023c00 [ 2632.377327][ T4565] x8 : 77716a774c023c00 x7 : ffff80008039dbc8 x6 : 0000000000000000 [ 2632.378805][ T4565] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008038edd0 [ 2632.380171][ T4565] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 2632.381817][ T4565] Call trace: [ 2632.382760][ T4565] kvm_s2_put_page+0x374/0x3a0 (P) [ 2632.384108][ T4565] stage2_free_walker+0x1b0/0x264 [ 2632.385171][ T4565] __kvm_pgtable_walk+0x7d8/0xa68 [ 2632.386227][ T4565] kvm_pgtable_walk+0x294/0x468 [ 2632.387166][ T4565] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 2632.388277][ T4565] kvm_free_stage2_pgd+0x198/0x28c [ 2632.389275][ T4565] kvm_uninit_stage2_mmu+0x20/0x38 [ 2632.390306][ T4565] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 2632.391368][ T4565] kvm_mmu_notifier_release+0x48/0xa8 [ 2632.392448][ T4565] mmu_notifier_unregister+0x128/0x42c [ 2632.393576][ T4565] kvm_put_kvm+0x728/0x1020 [ 2632.394504][ T4565] kvm_vcpu_release+0x70/0x9c [ 2632.395417][ T4565] __fput+0x4ac/0x980 [ 2632.396265][ T4565] ____fput+0x20/0x58 [ 2632.397091][ T4565] task_work_run+0x1bc/0x254 [ 2632.397977][ T4565] get_signal+0x13ec/0x1554 [ 2632.398931][ T4565] do_signal+0x23c/0x4dd0 [ 2632.399878][ T4565] do_notify_resume+0xb0/0x270 [ 2632.400836][ T4565] el0_svc+0xb8/0x164 [ 2632.401665][ T4565] el0t_64_sync_handler+0x84/0x12c [ 2632.402527][ T4565] el0t_64_sync+0x198/0x19c [ 2632.404057][ T4565] Code: f00375a1 910f0821 aa1303e0 97f9caf8 (d4210000) [ 2632.405957][ T4565] ---[ end trace 0000000000000000 ]--- [ 2632.407501][ T4565] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 2632.409610][ T4565] Kernel Offset: disabled [ 2632.410403][ T4565] CPU features: 0x000000,0000d180,2fbe33e1,057ffe1f [ 2632.411550][ T4565] Memory Limit: none [ 2632.413344][ T4565] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:12:30 Registers: info registers vcpu 0 CPU#0 PC=ffff80008048dea8 X00=00000000000003e7 X01=00000000000003e8 X02=0000000000000000 X03=ffff80008048de7c X04=0000000000000000 X05=0000000000000000 X06=ffff800080488b28 X07=ffff800080015834 X08=1bf000001ff5d880 X09=0000000000000002 X10=0000000000ff0100 X11=0000000000080000 X12=0000000000000000 X13=00000000ffffffff X14=0000000000000002 X15=ffff800087f699e0 X16=0000000000000000 X17=000000000457b387 X18=000000007a870094 X19=00000000000003e8 X20=00000000000003e7 X21=ffff800087942d60 X22=00000000000003e7 X23=00000000000000ff X24=ffff800087942d60 X25=00000000000003e7 X26=1bf000001ff5d890 X27=00000000000003c0 X28=ffff800087724000 X29=ffff80008f566f90 X30=ffff80008048dea8 SP=ffff80008f566f50 PSTATE=804023c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=000000756c6c2570:6f6f6c2f7665642f Z02=0000000000000000:ffffffff00000000 Z03=ffffff000000ff00:0000000000000000 Z04=0000000000000000:fff000f000000000 Z05=bb448243222c92da:e3914ed4e87380b0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc07b83e0:0000ffffc07b83e0 Z17=ffffff80ffffffd0:0000ffffc07b83b0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000