last executing test programs: 59m33.933075994s ago: executing program 1 (id=129): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000240)={0x2, 0x4, 0x7000, 0x1000, &(0x7f0000ba2000/0x1000)=nil, 0x10001, r0}) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b7c000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000000c0)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_IOEVENTFD(r6, 0x5452, &(0x7f0000000180)={0x6, 0x2, 0x4, 0xffffffffffffffff, 0x7}) 59m22.957194918s ago: executing program 1 (id=131): r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r0, 0xc, 0x10, 0xffffffffffffffff, 0x0) (async) r1 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_SET_GUEST_DEBUG_arm64(r1, 0x4208ae9b, &(0x7f0000000000)={0x0, 0x0, {[0x7fffffffffffffff, 0xfffffffffffff801, 0x1, 0x4, 0x8000, 0x7878, 0x7, 0xa, 0xffffffff, 0x80000000, 0x6, 0x6, 0x7fffffffffffffff, 0x2, 0xffffffffffffff27, 0x8000000000000001], [0xffffffffffffffff, 0xf, 0x2, 0x2, 0x0, 0x7, 0xb9, 0x28, 0x1ff, 0x5, 0x7, 0x0, 0xe, 0x3, 0x5664, 0xffffffff], [0xffff, 0x7c, 0xffffffffffffffff, 0xc61, 0x3, 0x9, 0x0, 0x7, 0xf, 0x8000000000000001, 0x7, 0xc9, 0x9, 0x3, 0x1, 0xffff], [0x7, 0x100, 0x5, 0x9, 0x80000001, 0x2, 0x4, 0x9, 0x8, 0x0, 0x470, 0x5694, 0x1, 0xe, 0x2, 0x6]}}) (async) ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000240)={0x4, [0x7, 0x8, 0x68000, 0x80000001]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r1, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000004c0)=[{0x0, &(0x7f0000000280)=[@eret={0xe6, 0x18, 0xfa}, @msr={0x14, 0x20, {0x603000000013df7c, 0x5}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1a00, 0x2, 0xe}}, @svc={0x122, 0x40, {0x58, [0x0, 0x1, 0x3, 0xfffffffffffffffb, 0x4]}}, @mrs={0xbe, 0x18}, @svc={0x122, 0x40, {0x84000001, [0x401, 0x308, 0x4, 0x4, 0x10]}}, @mrs={0xbe, 0x18, {0x6030000000138032}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x37}}, @msr={0x14, 0x20, {0x6030000000131a04, 0xffff}}, @hvc={0x32, 0x40, {0x2006fae, [0x9, 0x7, 0xb8, 0x6edb, 0x2ce1]}}, @uexit={0x0, 0x18, 0x51}, @smc={0x1e, 0x40, {0x1000000, [0x3, 0x6, 0xa2, 0x0, 0x6]}}, @svc={0x122, 0x40, {0x84000052, [0x3, 0x100000001, 0x1000, 0xffffffff, 0x6]}}], 0x238}], 0x1, 0x0, &(0x7f0000000500)=[@featur2={0x1, 0x84}], 0x1) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_REGS(r2, 0x4360ae82, &(0x7f0000000540)={[0x1, 0x2, 0x8000, 0x10001, 0x6, 0x92, 0x3, 0x101, 0x6, 0xc, 0x0, 0x10001, 0x9, 0x7, 0x8, 0x2], 0x8080000, 0xa00}) (async) ioctl$KVM_SET_SREGS(r2, 0x4000ae84, &(0x7f0000000600)={{0xd000, 0x8000000, 0xa, 0xff, 0x4, 0x4, 0x2, 0x5, 0x2, 0x7, 0x2, 0x5}, {0x4000, 0x1, 0xb, 0x3, 0x81, 0x4, 0x0, 0x9, 0x0, 0x3, 0xd, 0x6e}, {0x3000, 0xdddd0000, 0x8, 0xed, 0x60, 0x3, 0x4, 0xd, 0x21, 0x2, 0xf2, 0x2}, {0x8000000, 0x3000, 0xd, 0x7, 0x9, 0xf5, 0xf8, 0x7e, 0x3, 0x80, 0xf5, 0x8}, {0xdddd0000, 0xb000, 0xa, 0x10, 0xb, 0x4a, 0x7, 0x4, 0x7, 0x4, 0x0, 0xfe}, {0x3000, 0xeeee8000, 0x9, 0x8, 0x2, 0x8, 0xe, 0x5e, 0x10, 0x4}, {0x0, 0xffff1000, 0x0, 0xc, 0x6, 0x2, 0x40, 0x9, 0x9, 0x3, 0xe, 0x8}, {0x2004, 0x0, 0xc, 0x0, 0x1, 0xf4, 0x1, 0x8, 0x2, 0xac, 0x81, 0x3}, {0x1000, 0x1}, {0x2000}, 0x0, 0x0, 0x10000, 0x310, 0x8, 0x6001, 0x3000, [0x400, 0x3, 0x80000000, 0x7]}) (async) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000780)=@arm64_fw={0x6030000000140000, &(0x7f0000000740)=0xfffffffffffffffd}) (async) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000007c0)=@x86={0x81, 0x57, 0x6, 0x0, 0x8, 0x4, 0x5, 0x2, 0x3, 0xf, 0xe7, 0x0, 0x0, 0x8, 0x5, 0xfb, 0xa6, 0x6, 0x6, '\x00', 0xfe, 0xa}) r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000980)={0x0, &(0x7f0000000800)=[@its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x8, 0x5, 0xff}}, @eret={0xe6, 0x18, 0x1}, @uexit={0x0, 0x18, 0x7f}, @msr={0x14, 0x20, {0x603000000013c644, 0x4e2a}}, @uexit={0x0, 0x18, 0x9}, @smc={0x1e, 0x40, {0x8400000e, [0xfffffffffffffffa, 0x5, 0x5, 0x4, 0x6]}}, @smc={0x1e, 0x40, {0x86000000, [0xd16, 0x7fffffffffffffff, 0x9, 0x6, 0x1]}}, @svc={0x122, 0x40, {0x80, [0xfffffffffffffffb, 0x6, 0xffff, 0x3f5d, 0x6e32]}}], 0x150}, &(0x7f00000009c0)=[@featur1={0x1, 0xa0}], 0x1) ioctl$KVM_ARM_VCPU_FINALIZE(r3, 0x4004aec2, &(0x7f0000000a00)=0x4) ioctl$KVM_GET_MP_STATE(r3, 0x8004ae98, &(0x7f0000000a40)) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000d00)={0x0, &(0x7f0000000a80)=[@mrs={0xbe, 0x18, {0x603000000013f682}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1000, 0x5}}, @hvc={0x32, 0x40, {0x4000000, [0x80000001, 0x3, 0xf6f, 0x2e56, 0x800]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x0, 0x8, 0x9}}, @hvc={0x32, 0x40, {0xfb000001, [0x5, 0x0, 0x8, 0x1, 0x6]}}, @irq_setup={0x46, 0x18, {0x3, 0x134}}, @uexit={0x0, 0x18, 0xff}, @irq_setup={0x46, 0x18, {0x0, 0x16e}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x3, 0x2, 0xffffffff, 0x0, 0x3}}, @hvc={0x32, 0x40, {0xc400000d, [0x4, 0x0, 0xfffffffffffffffb, 0x5, 0x4]}}, @code={0xa, 0x9c, {"00a490d20020b8f2410080d2020180d2430180d2840180d2020000d4407d90d20000b8f2a10080d2220180d2830080d2040080d2020000d40048c01a007008d5007008d5007008d5000028d5000008d5e0039dd200a0b8f2410180d2c20080d2c30180d2a40180d2020000d4006582d20040b0f2410180d2620080d2630080d2440180d2020000d4"}}], 0x244}, &(0x7f0000000d40)=[@featur2={0x1, 0x10}], 0x1) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000d80)=0x6) (async) ioctl$KVM_RUN(r1, 0xae80, 0x0) (async) r6 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000f40)={0x0, &(0x7f0000000dc0)=[@code={0xa, 0x6c, {"c0c197d200c0b0f2c10080d2820080d2630080d2e40080d2020000d400000013000008d500b8a12e1f0000ea007008d5007008d500c0600d007008d5c0679bd200c0b8f2a10180d2420180d2630080d2a40180d2020000d4"}}, @hvc={0x32, 0x40, {0x84000005, [0x2, 0x9, 0x8000, 0xc, 0xb2df]}}, @eret={0xe6, 0x18, 0x5}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x218}}, @hvc={0x32, 0x40, {0x32000046, [0x1, 0x8, 0xfffffffffffffffb, 0x3, 0x7]}}, @memwrite={0x6e, 0x30, @generic={0xd000, 0x630, 0x3}}], 0x15c}, &(0x7f0000000f80)=[@featur2={0x1, 0x10}], 0x1) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000001000)=@arm64_core={0x6030000000100048, &(0x7f0000000fc0)=0xcf}) (async) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000001040)={0x4, 0x20}) (async) mmap$KVM_VCPU(&(0x7f0000d74000/0x3000)=nil, r0, 0x2000009, 0x2010, r5, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f0000001080)={0x1000, 0x1000}) (async) ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, &(0x7f00000010c0)=0x1) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000001100)={0x4}) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 59m16.007807801s ago: executing program 1 (id=132): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2a) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25) r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x3a0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r8, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r8, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x80000000000000c, 0x0, 0x4, 0x10000, 0x7, 0x9004, 0x9, 0x8, 0x9, 0x5, 0x49, 0x3ff, 0x5, 0x2, 0x1, 0x8, 0x7, 0xc1, 0x1, 0x2, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x4, 0x7, 0x4, 0x3, 0x9, 0x888f, 0x1, 0x6, 0x46, 0x1, 0x3, 0xa3de, 0x20000000006, 0x8, 0x7, 0x400, 0x3, 0xffffffffffffffb7, 0xfffffffffffffffa, 0x80000000, 0xe, 0x6, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x4, 0xbbd9, 0x80000000, 0xfffffffffffffbfd, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0xfffffffffffffffe, 0x3, 0x2, 0x2, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0x7, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x8061d, 0x0, 0x7, 0xf6, 0x0, 0x6, 0xfffffffffffffffb, 0x7, 0xe53e, 0x4, 0x8, 0x2293332f, 0x6, 0x5, 0x1e, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x80000001, 0x7, 0xdfd7, 0xfff9, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x1000003]}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) r10 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000000)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x10002}) r11 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@hvc={0x32, 0x40, {0x84000015, [0x100000001, 0x8000000000000000, 0xffffffffffffffff, 0xee24, 0xfffffffffffeffff]}}], 0x40}, &(0x7f0000000040)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r11, 0xae80, 0x0) 58m56.85975325s ago: executing program 1 (id=135): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x58) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, 0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, 0x0) r3 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000200)=@attr_other={0x0, 0x1, 0x9, &(0x7f0000000180)=0x80000000}) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20000) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x6030000000138064, &(0x7f00000000c0)=0x8000}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xb702, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x141001, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0x9, 0x8, &(0x7f0000000240)=0x65}) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece) r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async) r9 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@irq_setup={0x5, 0x18}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x2, 0x100) r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CLEAR_DIRTY_LOG(r11, 0xc018aec0, 0xfffffffffffffffe) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x204000, 0x0) 58m46.884978101s ago: executing program 1 (id=136): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x38) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@msr={0x14, 0x20, {0x603000000013c65e, 0x10000}}], 0x20}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0xfffffffffffffffe, 0x100) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x3, 0x5, 0x0}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010004c, &(0x7f0000000240)=0x2}) r11 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) syz_memcpy_off$KVM_EXIT_MMIO(r11, 0x20, &(0x7f0000000000)="1d6eca68914a977d1ba9e12c66a83d49d6656d7344bac04f", 0x0, 0x18) syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f0000000140)=[@hvc={0x32, 0x40, {0x2, [0x7fff, 0x0, 0x6, 0x7, 0x10001]}}], 0x40}], 0x1, 0x0, &(0x7f00000001c0)=[@featur2], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x38) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@msr={0x14, 0x20, {0x603000000013c65e, 0x10000}}], 0x20}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0xfffffffffffffffe, 0x100) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x7}) (async) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x3, 0x5, 0x0}) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010004c, &(0x7f0000000240)=0x2}) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) (async) syz_memcpy_off$KVM_EXIT_MMIO(r11, 0x20, &(0x7f0000000000)="1d6eca68914a977d1ba9e12c66a83d49d6656d7344bac04f", 0x0, 0x18) (async) syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f0000000140)=[@hvc={0x32, 0x40, {0x2, [0x7fff, 0x0, 0x6, 0x7, 0x10001]}}], 0x40}], 0x1, 0x0, &(0x7f00000001c0)=[@featur2], 0x1) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) 58m37.896905122s ago: executing program 1 (id=138): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x14) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0x1}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x2) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x32) ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x0) (async) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000080)={0x0, 0x22}) (async) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x800) r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000680)={0x0, &(0x7f00000000c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1a00, 0x7, 0xd}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x10, 0xfffffffffffffffd, 0x7}}, @msr={0x14, 0x20, {0x603000000013dce1, 0xfffffffffffffffa}}, @eret={0xe6, 0x18, 0xc}, @svc={0x122, 0x40, {0x8, [0x8, 0x6, 0x2, 0x3d]}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0xd58, 0x0, 0x2}}, @eret={0xe6, 0x18, 0xf}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x5, 0x5}}, @msr={0x14, 0x20, {0x603000000013c518, 0x10001}}, @code={0xa, 0x9c, {"609a96d20060b8f2210180d2e20080d2e30080d2c40180d2020000d4000080380000679e0038205e000028d50084ff0d20ff98d20080b0f2010180d2020180d2430180d2440180d2020000d400cd86d200e0b8f2a10080d2220080d2230080d2640180d2020000d4000028d5404794d20040b0f2210180d2220080d2a30180d2c40080d2020000d4"}}, @hvc={0x32, 0x40, {0xc3000020, [0x4, 0x1, 0x1, 0xfffffffffffff5c1, 0x3]}}, @eret={0xe6, 0x18, 0x8000000000000000}, @mrs={0xbe, 0x18, {0x603000000013ff12}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x289}}, @eret={0xe6, 0x18, 0x40}, @code={0xa, 0x84, {"000840f8008008d50018201ea09c98d20040b0f2210080d2620080d2e30180d2a40180d2020000d4000000fa0070000cc0388fd20060b0f2410080d2820180d2230180d2640080d2020000d4007008d5007008d5c04d87d20020b8f2c10180d2c20180d2230080d2240080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x2, 0x21d}}, @irq_setup={0x46, 0x18, {0x2, 0x100}}, @irq_setup={0x46, 0x18, {0x2, 0x2be}}, @code={0xa, 0x9c, {"c01f89d20060b0f2e10180d2620080d2c30080d2840180d2020000d4007008d5007008d5000040ba007008d5c02a8dd20000b0f2a10180d2820180d2230180d2440080d2020000d4a08791d200c0b8f2e10180d2620180d2c30080d2e40080d2020000d460628fd200a0b8f2a10180d2020080d2630080d2640180d2020000d40018000e000008d5"}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x9, 0x9, 0xae21}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0x4, 0x6, 0x4, 0x2}}, @smc={0x1e, 0x40, {0xc4000003, [0x5, 0x0, 0x45034a9d, 0x0, 0x5]}}, @hvc={0x32, 0x40, {0x80003fff, [0x0, 0x5, 0x96b, 0x5, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013c018}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0xa, 0x0, 0xfffffffd}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x40, 0x0, 0xa}}, @irq_setup={0x46, 0x18, {0x3, 0x3cb}}, @msr={0x14, 0x20, {0x603000000013c020, 0x19b}}], 0x59c}, &(0x7f00000006c0)=[@featur2], 0x1) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000a00)=[{0x0, &(0x7f0000000700)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8, 0xa7b, 0xa}}, @uexit={0x0, 0x18, 0xc56}, @msr={0x14, 0x20, {0x603000000013c523, 0x40}}, @irq_setup={0x46, 0x18, {0x4, 0x2be}}, @mrs={0xbe, 0x18, {0x603000000013df7f}}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013c298}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x2, 0x0, 0xa, 0xfffffff8}}, @irq_setup={0x46, 0x18, {0x4, 0x158}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0xad}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x247}}, @msr={0x14, 0x20, {0x603000000013c008, 0x7}}, @svc={0x122, 0x40, {0x84000003, [0x6, 0x7ff, 0x0, 0x9, 0x7]}}, @irq_setup={0x46, 0x18, {0x3, 0x3a4}}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x1, 0xe, 0x6, 0x9}}, @irq_setup={0x46, 0x18, {0x1, 0x8f}}, @svc={0x122, 0x40, {0x40000000, [0x5, 0x1000, 0x6, 0x5, 0x4]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x11e}}, @uexit={0x0, 0x18, 0x4}, @uexit={0x0, 0x18, 0x6067d693}, @smc={0x1e, 0x40, {0x10, [0x6, 0x3, 0x7, 0xfffffffffffffffa, 0x9]}}], 0x300}], 0x1, 0x0, &(0x7f0000000a40)=[@featur1={0x1, 0x40}], 0x1) r4 = eventfd2(0x5, 0x80001) write$eventfd(r4, &(0x7f0000000a80)=0x6, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000b00), 0x400000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x22) r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000fc0)={0x0, &(0x7f0000000b40)=[@irq_setup={0x46, 0x18, {0x3, 0x374}}, @eret={0xe6, 0x18, 0x5}, @uexit={0x0, 0x18, 0x9}, @uexit={0x0, 0x18, 0xef}, @hvc={0x32, 0x40, {0x84000001, [0x8, 0x82c, 0x5, 0xed2, 0xaf]}}, @smc={0x1e, 0x40, {0xc5000021, [0xfe, 0xb9c, 0x1, 0x8, 0x4]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe0, 0x2, 0x8}}, @eret={0xe6, 0x18, 0x2}, @smc={0x1e, 0x40, {0xc400000e, [0x1, 0x2, 0x80000000, 0x7, 0x9]}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x1d}}, @hvc={0x32, 0x40, {0x84000001, [0x1f8, 0x6, 0x5, 0x7, 0xe0]}}, @eret={0xe6, 0x18, 0x8}, @irq_setup={0x46, 0x18, {0x0, 0x3b9}}, @msr={0x14, 0x20, {0x603000000013d9e0, 0x9}}, @uexit={0x0, 0x18, 0x4d9c}, @svc={0x122, 0x40, {0x4048, [0xffffffffffffffff, 0x80000000, 0x6, 0x6, 0x9]}}, @irq_setup={0x46, 0x18, {0x1, 0x2b0}}, @msr={0x14, 0x20, {0x603000000013c640, 0x7}}, @mrs={0xbe, 0x18, {0x603000000013df4d}}, @smc={0x1e, 0x40, {0xc4000014, [0xfffffffffffffff9, 0x5, 0x101, 0x7, 0x7]}}, @irq_setup={0x46, 0x18, {0x2, 0x1e6}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x12b}}, @irq_setup={0x46, 0x18, {0x3, 0x279}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x1, 0x4, 0x8001, 0x80000001}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x0, 0x7, 0xc, 0x10001, 0x1}}, @hvc={0x32, 0x40, {0x400, [0x1, 0xa, 0x4, 0x8000000000000001, 0x80000000]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x8, 0x3, 0x6}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x654b, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x2, 0xe, 0x94ce, 0x7, 0x3}}], 0x470}, &(0x7f0000001000)=[@featur1={0x1, 0x30}], 0x1) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead) (async) ioctl$KVM_HAS_DEVICE_ATTR_vm(r6, 0x4018aee3, &(0x7f0000001080)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000001040)={0x5, 0x6, 0x2}}) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r8, 0x1000000, 0x100010, r7, 0x0) (async) ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f00000010c0)={0x2, 0xcbc5}) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000001100)={0x10200, 0x0, &(0x7f0000ffe000/0x1000)=nil}) (async) ioctl$KVM_DIRTY_TLB(r7, 0x4010aeaa, &(0x7f0000001140)={0xaabf, 0x924}) (async) r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1d) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000001180)={r4, 0x10000, 0x1, r4}) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f00000011c0)={0x4, 0xc}) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000001200)={0x2}) (async) ioctl$KVM_ARM_VCPU_FINALIZE(r7, 0x4004aec2, &(0x7f0000001240)=0x3) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000001280), 0x24000, 0x0) 57m51.16381626s ago: executing program 32 (id=138): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x14) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0x1}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x2) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x32) ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x0) (async) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000080)={0x0, 0x22}) (async) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x800) r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000680)={0x0, &(0x7f00000000c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1a00, 0x7, 0xd}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x10, 0xfffffffffffffffd, 0x7}}, @msr={0x14, 0x20, {0x603000000013dce1, 0xfffffffffffffffa}}, @eret={0xe6, 0x18, 0xc}, @svc={0x122, 0x40, {0x8, [0x8, 0x6, 0x2, 0x3d]}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0xd58, 0x0, 0x2}}, @eret={0xe6, 0x18, 0xf}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x5, 0x5}}, @msr={0x14, 0x20, {0x603000000013c518, 0x10001}}, @code={0xa, 0x9c, {"609a96d20060b8f2210180d2e20080d2e30080d2c40180d2020000d4000080380000679e0038205e000028d50084ff0d20ff98d20080b0f2010180d2020180d2430180d2440180d2020000d400cd86d200e0b8f2a10080d2220080d2230080d2640180d2020000d4000028d5404794d20040b0f2210180d2220080d2a30180d2c40080d2020000d4"}}, @hvc={0x32, 0x40, {0xc3000020, [0x4, 0x1, 0x1, 0xfffffffffffff5c1, 0x3]}}, @eret={0xe6, 0x18, 0x8000000000000000}, @mrs={0xbe, 0x18, {0x603000000013ff12}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x289}}, @eret={0xe6, 0x18, 0x40}, @code={0xa, 0x84, {"000840f8008008d50018201ea09c98d20040b0f2210080d2620080d2e30180d2a40180d2020000d4000000fa0070000cc0388fd20060b0f2410080d2820180d2230180d2640080d2020000d4007008d5007008d5c04d87d20020b8f2c10180d2c20180d2230080d2240080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x2, 0x21d}}, @irq_setup={0x46, 0x18, {0x2, 0x100}}, @irq_setup={0x46, 0x18, {0x2, 0x2be}}, @code={0xa, 0x9c, {"c01f89d20060b0f2e10180d2620080d2c30080d2840180d2020000d4007008d5007008d5000040ba007008d5c02a8dd20000b0f2a10180d2820180d2230180d2440080d2020000d4a08791d200c0b8f2e10180d2620180d2c30080d2e40080d2020000d460628fd200a0b8f2a10180d2020080d2630080d2640180d2020000d40018000e000008d5"}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x9, 0x9, 0xae21}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0x4, 0x6, 0x4, 0x2}}, @smc={0x1e, 0x40, {0xc4000003, [0x5, 0x0, 0x45034a9d, 0x0, 0x5]}}, @hvc={0x32, 0x40, {0x80003fff, [0x0, 0x5, 0x96b, 0x5, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013c018}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0xa, 0x0, 0xfffffffd}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x40, 0x0, 0xa}}, @irq_setup={0x46, 0x18, {0x3, 0x3cb}}, @msr={0x14, 0x20, {0x603000000013c020, 0x19b}}], 0x59c}, &(0x7f00000006c0)=[@featur2], 0x1) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000a00)=[{0x0, &(0x7f0000000700)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8, 0xa7b, 0xa}}, @uexit={0x0, 0x18, 0xc56}, @msr={0x14, 0x20, {0x603000000013c523, 0x40}}, @irq_setup={0x46, 0x18, {0x4, 0x2be}}, @mrs={0xbe, 0x18, {0x603000000013df7f}}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013c298}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x2, 0x0, 0xa, 0xfffffff8}}, @irq_setup={0x46, 0x18, {0x4, 0x158}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0xad}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x247}}, @msr={0x14, 0x20, {0x603000000013c008, 0x7}}, @svc={0x122, 0x40, {0x84000003, [0x6, 0x7ff, 0x0, 0x9, 0x7]}}, @irq_setup={0x46, 0x18, {0x3, 0x3a4}}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x1, 0xe, 0x6, 0x9}}, @irq_setup={0x46, 0x18, {0x1, 0x8f}}, @svc={0x122, 0x40, {0x40000000, [0x5, 0x1000, 0x6, 0x5, 0x4]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x11e}}, @uexit={0x0, 0x18, 0x4}, @uexit={0x0, 0x18, 0x6067d693}, @smc={0x1e, 0x40, {0x10, [0x6, 0x3, 0x7, 0xfffffffffffffffa, 0x9]}}], 0x300}], 0x1, 0x0, &(0x7f0000000a40)=[@featur1={0x1, 0x40}], 0x1) r4 = eventfd2(0x5, 0x80001) write$eventfd(r4, &(0x7f0000000a80)=0x6, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000b00), 0x400000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x22) r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000fc0)={0x0, &(0x7f0000000b40)=[@irq_setup={0x46, 0x18, {0x3, 0x374}}, @eret={0xe6, 0x18, 0x5}, @uexit={0x0, 0x18, 0x9}, @uexit={0x0, 0x18, 0xef}, @hvc={0x32, 0x40, {0x84000001, [0x8, 0x82c, 0x5, 0xed2, 0xaf]}}, @smc={0x1e, 0x40, {0xc5000021, [0xfe, 0xb9c, 0x1, 0x8, 0x4]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe0, 0x2, 0x8}}, @eret={0xe6, 0x18, 0x2}, @smc={0x1e, 0x40, {0xc400000e, [0x1, 0x2, 0x80000000, 0x7, 0x9]}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x1d}}, @hvc={0x32, 0x40, {0x84000001, [0x1f8, 0x6, 0x5, 0x7, 0xe0]}}, @eret={0xe6, 0x18, 0x8}, @irq_setup={0x46, 0x18, {0x0, 0x3b9}}, @msr={0x14, 0x20, {0x603000000013d9e0, 0x9}}, @uexit={0x0, 0x18, 0x4d9c}, @svc={0x122, 0x40, {0x4048, [0xffffffffffffffff, 0x80000000, 0x6, 0x6, 0x9]}}, @irq_setup={0x46, 0x18, {0x1, 0x2b0}}, @msr={0x14, 0x20, {0x603000000013c640, 0x7}}, @mrs={0xbe, 0x18, {0x603000000013df4d}}, @smc={0x1e, 0x40, {0xc4000014, [0xfffffffffffffff9, 0x5, 0x101, 0x7, 0x7]}}, @irq_setup={0x46, 0x18, {0x2, 0x1e6}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x12b}}, @irq_setup={0x46, 0x18, {0x3, 0x279}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x1, 0x4, 0x8001, 0x80000001}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x0, 0x7, 0xc, 0x10001, 0x1}}, @hvc={0x32, 0x40, {0x400, [0x1, 0xa, 0x4, 0x8000000000000001, 0x80000000]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x8, 0x3, 0x6}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x654b, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x2, 0xe, 0x94ce, 0x7, 0x3}}], 0x470}, &(0x7f0000001000)=[@featur1={0x1, 0x30}], 0x1) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead) (async) ioctl$KVM_HAS_DEVICE_ATTR_vm(r6, 0x4018aee3, &(0x7f0000001080)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000001040)={0x5, 0x6, 0x2}}) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r8, 0x1000000, 0x100010, r7, 0x0) (async) ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f00000010c0)={0x2, 0xcbc5}) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000001100)={0x10200, 0x0, &(0x7f0000ffe000/0x1000)=nil}) (async) ioctl$KVM_DIRTY_TLB(r7, 0x4010aeaa, &(0x7f0000001140)={0xaabf, 0x924}) (async) r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1d) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000001180)={r4, 0x10000, 0x1, r4}) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f00000011c0)={0x4, 0xc}) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000001200)={0x2}) (async) ioctl$KVM_ARM_VCPU_FINALIZE(r7, 0x4004aec2, &(0x7f0000001240)=0x3) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000001280), 0x24000, 0x0) 42m56.155075383s ago: executing program 0 (id=256): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r0 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x0, 0x8, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0xa) r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r3 = mmap$KVM_VCPU(&(0x7f0000800000/0x800000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2e) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000200)=@arm64_core={0x6030000000100042, &(0x7f0000000240)=0x2}) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r7, 0x2000000, 0x30, r10, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r7, 0x0, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b7c000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 42m31.156801996s ago: executing program 0 (id=260): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@mrs={0xbe, 0x18, {0x603000000013809c}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) r7 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x380) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x9b89, 0x7, &(0x7f0000000000)=0x8}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xeeee0000, 0x1000, &(0x7f0000fd1000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r13, 0x3000001, 0x100010, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x7f, 0x8, 0xf, 0x0, 0x5, 0x6, 0x86, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0xfffffffd, 0x0, 0x0, 0x6, 0x5, 0x8, '\x00', 0x1, 0xe46}) write$eventfd(r16, &(0x7f00000001c0)=0x3, 0x50) ioctl$KVM_HAS_DEVICE_ATTR(r8, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x4, 0x500, 0x0}) 42m25.775340143s ago: executing program 2 (id=261): ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0) r9 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r8, 0xae80, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x60) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000000)=0xf4020000}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000240)=0x79c3}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0xae) 42m12.847300576s ago: executing program 2 (id=262): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x9, &(0x7f0000000000)=0xb}) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000040)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x80000, 0x10000, 0x4, 0x19, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 42m5.837825028s ago: executing program 0 (id=263): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0x80111500, 0x20000000) write$eventfd(r2, &(0x7f0000000000), 0xfffffdef) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r7, 0x8, 0x13, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r7, 0x1000001, 0x12, r6, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) close(r8) 42m0.578194687s ago: executing program 2 (id=264): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0x80086601, 0x20000000) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x8) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) close(r3) 41m55.388545782s ago: executing program 0 (id=265): openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r1, 0x0, 0x0) (async) r3 = syz_kvm_vgic_v3_setup(r1, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000871000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@smc={0x1e, 0x40, {0xc4000053, [0x81, 0xfffffffffffffffe, 0x0, 0x1ff, 0xc1]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) eventfd2(0x0, 0x0) (async) r8 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r8, 0x0, 0x3, r8}) eventfd2(0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0xb}) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000140)={0x1}) 41m53.959671714s ago: executing program 2 (id=266): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x4, 0x220) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x400680, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2e) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x6) syz_kvm_setup_cpu$arm64(r8, 0xffffffffffffffff, &(0x7f0000bc8000/0x400000)=nil, &(0x7f0000000180)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x10}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000000)=0x6}) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) r14 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r13, 0x0, 0x110, r12, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r12, r14, 0xffffffffffffffff) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x40000000, 0x10000, 0x0, 0x100, 0x2}}], 0x50}, 0x0, 0x0) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) ioctl$KVM_CREATE_VM(r15, 0xae01, 0x26) r16 = openat$kvm(0x0, &(0x7f00000001c0), 0x589200, 0x0) r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r17, 0xae41, 0x1) syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000ab8000/0x400000)=nil) 41m46.4188992s ago: executing program 0 (id=267): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) syz_kvm_vgic_v3_setup(r1, 0x2, 0x2e0) ioctl$KVM_RUN(r3, 0xae80, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r5, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013df40}}], 0x18}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r10, 0x3, 0x11, r9, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r9, r11, 0xffffffffffffffff) openat$kvm(0x0, &(0x7f0000000080), 0x8600, 0x0) 41m42.06723064s ago: executing program 2 (id=268): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000980)=[@uexit={0x0, 0x18, 0x23}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x204}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x4, 0x7, 0x6, 0x10000, 0x1}}, @smc={0x1e, 0x40, {0x84000012, [0xb75, 0x2, 0xe8, 0xffffffffffffffff, 0xaf]}}, @uexit={0x0, 0x18, 0x1}, @code={0xa, 0xb4, {"0068203c60e190d20080b8f2610080d2c20180d2e30180d2240080d2020000d4000028d520328dd200e0b8f2810180d2e20180d2e30080d2240080d2020000d40020600d003182d20080b8f2c10080d2220180d2430180d2840180d2020000d420f79bd200c0b8f2210180d2420180d2430180d2c40180d2020000d400a09f0c20058bd20020b0f2010180d2420080d2430080d2240180d2020000d4008008d5"}}, @eret={0xe6, 0x18, 0x1}, @smc={0x1e, 0x40, {0x80007fff, [0xb76, 0x6, 0xffffffffffffffff, 0x2, 0x8e88]}}, @smc={0x1e, 0x40, {0x10, [0x8, 0x41, 0xfff, 0x1, 0x401]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0xb, 0x8259, 0x2, 0x3}}, @irq_setup={0x46, 0x18, {0x5, 0x185}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0x5, 0x2, 0xc3, 0x1}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @mrs={0xbe, 0x18, {0x603000000013e21b}}, @mrs={0xbe, 0x18, {0x6030000000130205}}, @msr={0x14, 0x20, {0x603000000013c2a3, 0x627}}, @svc={0x122, 0x40, {0x80, [0x7, 0x9, 0x8, 0x10000000000d, 0x8]}}, @code={0xa, 0xb4, {"007008d500e0df0d000008d5202282d200c0b0f2e10080d2620180d2a30080d2040080d2020000d4604a9fd20040b0f2010180d2620080d2a30180d2e40080d2020000d4006d8dd200e0b8f2a10080d2620180d2830180d2a40080d2020000d4001c004e0000403a80cb9fd20060b8f2e10080d2820180d2230080d2a40180d2020000d4e0ec99d200a0b8f2c10080d2e20180d2030180d2a40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xe00, 0x8}}, @hvc={0x32, 0x40, {0x84000050, [0xd3, 0x6, 0x6, 0x7f, 0x7]}}, @code={0xa, 0x6c, {"008008d5000008d500c0005f200d9dd20000b8f2c10180d2a20080d2030080d2640180d2020000d4000820380040800c00a4002f000000b100fca09b803c80d20040b8f2610080d2020180d2230080d2840180d2020000d4"}}, @smc={0x1e, 0x40, {0x80000002, [0x2, 0xa2, 0x7f, 0xfffffffffffffffd, 0x7f]}}, @mrs={0xbe, 0x18}, @hvc={0x32, 0x40, {0x40, [0x2, 0x0, 0x7fff, 0x0, 0xe]}}, @memwrite={0x6e, 0x30, @generic={0xffff1000, 0xb6b, 0x3, 0x6}}, @svc={0x122, 0x40, {0x84000014, [0x80, 0x8000, 0x5, 0x0, 0xb]}}, @hvc={0x32, 0x40, {0x3f000000, [0x3, 0x10000, 0x5, 0x1ecb, 0x6]}}, @mrs={0xbe, 0x18, {0x279e}}], 0x60c}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) (async) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000240)={0x2, 0x0, [{0x5, 0x5, 0x1, 0x0, @msi={0x0, 0x92, 0x7, 0x80000001}}, {0x0, 0x4, 0x1, 0x0, @msi={0xffffffff, 0x6, 0x3a, 0x2}}]}) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000080)={0x6, 0xffffffffffffffff, 0x1}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x13, r7, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc0602, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@mrs={0xbe, 0x18, {0x603000000013f602}}, @irq_setup={0x46, 0x18, {0x1, 0x348}}, @irq_setup={0x46, 0x18, {0x4, 0x111}}, @code={0xa, 0x9c, {"00a0006fc03088d200a0b8f2210180d2220180d2230080d2640180d2020000d4000028d5007008d50000009b600695d200c0b8f2210180d2420080d2e30180d2040180d2020000d4008008d500fc88d200e0b0f2610080d2220180d2230080d2840080d2020000d40070005f60f780d200a0b0f2010080d2620180d2a30080d2640080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x3, 0x17a}}, @uexit={0x0, 0x18, 0x8}, @svc={0x122, 0x40, {0x3f000000, [0x4, 0x10001, 0x2, 0x6, 0xfffffffffffffff4]}}, @eret={0xe6, 0x18, 0xfffffffffffffb32}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x51}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x9, 0xc}}, @code={0xa, 0x84, {"007008d5007008d5a0b09ed20080b0f2210180d2a20080d2e30080d2240180d2020000d4c06a8cd20000b0f2010080d2020180d2a30180d2640180d2020000d4007008d500ec9ad200a0b0f2c10180d2820180d2430080d2240080d2020000d4007008d50000c00c00e4000f007008d5"}}, @svc={0x122, 0x40, {0x84000013, [0x40, 0x4, 0x6, 0x9, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x7, 0x0, 0x6f7, 0x3}}, @msr={0x14, 0x20, {0x0, 0x8}}, @code={0xa, 0x84, {"0020002f403299d20080b0f2410080d2e20080d2630180d2640080d2020000d4c03b9ad200a0b0f2610080d2a20180d2430180d2640180d2020000d4007008d5e0128ed20080b8f2810180d2a20080d2630080d2440180d2020000d4007008d5007008d5000008d50020200d0060600d"}}, @irq_setup={0x46, 0x18, {0x0, 0x178}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x4, 0x6, 0x9, 0x1}}, @smc={0x1e, 0x40, {0xc400000d, [0x2, 0xfff, 0x5, 0x8]}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x7e}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x338}}, @hvc={0x32, 0x40, {0x8400000b, [0x6, 0x8, 0x9, 0x7, 0x100]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x1, 0x10, 0x5, 0x7}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0xf, 0xfffffff0, 0x5, 0x3}}, @svc={0x122, 0x40, {0x31000000, [0x1, 0x6, 0x5, 0x4, 0xfffffffffffffffb]}}, @code={0xa, 0x54, {"007008d50070000c008008d500008052000840f8000860f8008008d50000006bc03698d200c0b0f2e10180d2020180d2c30080d2640080d2020000d400a0000d"}}, @uexit={0x0, 0x18}, @msr={0x14, 0x20, {0x6030000000130204, 0xce1a}}, @smc={0x1e, 0x40, {0x8400000d, [0x2, 0x0, 0x1, 0xfffffffffffffc00, 0x4]}}, @memwrite={0x6e, 0x30, @generic={0x1, 0xf13, 0x100000000, 0xe}}], 0x5f0}, &(0x7f00000008c0)=[@featur1={0x1, 0x2}], 0x1) (async) close(0x5) (async) r8 = eventfd2(0x1, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0xcb3993e4c7433bb8, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r8, 0x401, 0x2, r8}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x2, 0x8080000, 0x0, r8}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 41m33.594157386s ago: executing program 0 (id=269): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f00000000c0)) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000080)={0x9, 0xffffff6f}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f00000001c0)={0x0, 0xffffffff}) 41m30.252245641s ago: executing program 2 (id=270): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae03, 0xa8) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x0, {0x84000053, [0x1000009, 0x8000000000000001, 0xffffffffffffffff, 0x400, 0xfffffffffffff801]}}], 0xc7}, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r6, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x24) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bff000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x6) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000000)=@arm64_core={0x603000000010001c, &(0x7f0000000140)=0x8}) r11 = eventfd2(0xffffffff, 0x80001) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r11, 0x6}) 40m47.019698425s ago: executing program 33 (id=269): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f00000000c0)) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000080)={0x9, 0xffffff6f}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f00000001c0)={0x0, 0xffffffff}) 40m42.58037607s ago: executing program 34 (id=270): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae03, 0xa8) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x0, {0x84000053, [0x1000009, 0x8000000000000001, 0xffffffffffffffff, 0x400, 0xfffffffffffff801]}}], 0xc7}, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r6, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x24) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bff000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x6) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000000)=@arm64_core={0x603000000010001c, &(0x7f0000000140)=0x8}) r11 = eventfd2(0xffffffff, 0x80001) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r11, 0x6}) 22m32.982327696s ago: executing program 4 (id=358): r0 = openat$kvm(0x0, 0x0, 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r6, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) munmap(&(0x7f0000000000/0x4000)=nil, 0x4000) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r7, 0x3000003, 0x2011, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) 22m21.993687645s ago: executing program 4 (id=359): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r1, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000080)="fb0149dd033be3ac4e37c4005a9614fbff67521ce16f8f09449a7a836b73312954000000000000000000000000000000000000000000000000000000dc6900", 0x0, 0x2e) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r1, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000200), 0x2a4033, 0x1f01) r3 = eventfd2(0x0, 0x0) close(r3) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x109c80, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, r5, 0x0, 0x810, r3, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x403, 0x1, 0x39d}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r0, 0x2, 0x80) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000180)={0x4, 0xffffffffffffffff}) ioctl$KVM_RUN(r9, 0xae80, 0x0) r11 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) syz_memcpy_off$KVM_EXIT_MMIO(r11, 0x20, &(0x7f0000000140)="5c73e206aab807d8d2a25f1d68c91cdd9d29d09d4f14ae3a", 0x0, 0x18) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) r12 = eventfd2(0x0, 0x0) close(r12) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x2e) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x930, 0x1, 0x13, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r14, 0xc040aed4, &(0x7f0000000000)={0x10001, 0x6}) 21m59.201494631s ago: executing program 4 (id=362): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000000)=0x1}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000180)={0xffffffffffffffff, 0xc8, 0x2}) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000180)={0xffffffffffffffff, 0xc8, 0x2}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r10 = syz_kvm_vgic_v3_setup(r7, 0x4, 0x220) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0x0, 0x0}) (async) ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0x0, 0x0}) ioctl$KVM_CREATE_VM(r5, 0x400454d1, 0xffffffffffffc) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000080)={0x4, 0xff}) 21m37.113082902s ago: executing program 4 (id=364): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x5c5b02, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000240)={0x0, &(0x7f00000001c0)=[@eret={0xe6, 0x18, 0x7}, @hvc={0x32, 0x40, {0x30000000, [0x0, 0xd, 0x603f, 0x1ff, 0x3c067eed]}}], 0x58}, &(0x7f00000002c0)=[@featur1={0x1, 0x48}], 0x1) ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, &(0x7f0000000300)={0xce, "263f4f9e785cf34baafbfcee496dde3c05a8d4b022c2ee25d0df095dd86ae3988b520f50110a8023a621c011dbf7601b68d606a9a9b8053d6964c05bcf41d122c0caa1d3a99163f3f83e5ed48348722140d26e6da45b9fc2aea8d379b0058665ee5c7b1ecd0bd803304f7962a751a642420c7a41f6a94995ab32ea3a2be90b44055aae2d8aef7174befd17df9ad98b4f52bb1e884d2d0ce4b2a41e5ce4bb92f8637e68f35211041e1fff01b5d859a853604d1df95664606be81e17c3b1c4ddfa9679045c7f50f3ceb6db39b53f59"}) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000280)=@arm64_sys={0x603000000013c801, &(0x7f00000000c0)=0x1}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x3}) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_GSI_ROUTING(r9, 0x4008ae6a, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0xa}) r10 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000dfd000/0x3000)=nil, 0x3000) syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x6030000000100038, &(0x7f0000000140)=0x40}) (async) ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x6030000000100038, &(0x7f0000000140)=0x40}) 21m25.060724157s ago: executing program 4 (id=366): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async) r4 = eventfd2(0x0, 0x0) close(r4) r5 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r6, 0x3000002, 0x13, r4, 0x0) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000200)=@arm64_core={0x6030000000100030, &(0x7f00000001c0)=0x100000001}) write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000100)={0x4, 0x1, 0x0, 0x1000, &(0x7f0000ee6000/0x1000)=nil}) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000140)={0x0, &(0x7f0000000000)=[@memwrite={0x6e, 0x30, @generic={0xeeee8000, 0xbc6, 0x7fff, 0xe}}], 0x30}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) (async) r13 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013d801, 0x81}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) 21m11.1554008s ago: executing program 4 (id=368): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x6030000000100034, &(0x7f0000000140)=0x9}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x0, 0xf000, 0x1, 0xffffffffffffffff, 0x20}) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x29) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r7, 0x2, 0x12, r6, 0x0) r8 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r12, 0x2, 0x100) close(r12) r13 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) close(r13) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x30) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) 20m23.395448571s ago: executing program 35 (id=368): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x6030000000100034, &(0x7f0000000140)=0x9}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x0, 0xf000, 0x1, 0xffffffffffffffff, 0x20}) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x29) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r7, 0x2, 0x12, r6, 0x0) r8 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r12, 0x2, 0x100) close(r12) r13 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) close(r13) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x30) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) 13m34.138764536s ago: executing program 3 (id=398): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0x1000, &(0x7f000000d000/0x1000)=nil, 0x100000000000000, r3}) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2e) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000240)={0x7, 0x1000}}) r11 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r7, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000080)=@arm64_core={0x6030000000100004, &(0x7f0000000100)=0x7ffffffd}) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000002000/0x1000)=nil, r12, 0x1, 0x12, 0xffffffffffffffff, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000640)=[@hvc={0x32, 0x40, {0x84000002, [0x0, 0x9, 0x100000001, 0x6, 0x2]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x34}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x70, 0x8, 0x2}}, @code={0xa, 0x84, {"0008c09a000028d520e194d20040b8f2e10180d2c20180d2630080d2440180d2020000d4a0319bd20000b0f2210180d2420080d2230080d2040180d2020000d4c03c8ed200a0b0f2810080d2c20080d2e30080d2040180d2020000d400fca00ee003202a0008a03c001c200e000028d5"}}, @code={0xa, 0xe4, {"000040fc60598cd20060b0f2010080d2e20080d2c30080d2e40080d2020000d480cf8ed20060b0f2810180d2c20180d2030180d2640180d2020000d4603c9bd200c0b8f2e10080d2620180d2230180d2a40180d2020000d4a07691d20020b8f2610080d2620180d2a30080d2e40180d2020000d4007008d540919ed20080b0f2e10180d2e20180d2830180d2c40080d2020000d440e895d20000b0f2610080d2e20080d2030080d2640180d2020000d40050805f800a82d200c0b8f2410080d2820080d2230080d2640180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x844, 0x7f, 0x2}}, @svc={0x122, 0x40, {0x84000050, [0x5, 0x5fd, 0xf49, 0x1, 0x6]}}, @memwrite={0x6e, 0x30, @generic={0x70000, 0x549, 0xfffffffffffffff7, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013c10a}}, @mrs={0xbe, 0x18, {0x603000000013dce3}}, @eret={0xe6, 0x18, 0x6}, @msr={0x14, 0x20, {0x603000000013c200, 0x1}}, @msr={0x14, 0x20, {0x603000000013dea2}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x6, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013dea6}}, @svc={0x122, 0x40, {0x0, [0x2, 0x4, 0x8000000000000001, 0x100000001, 0x1]}}], 0x3b0}, &(0x7f0000000600)=[@featur1={0x1, 0x41}], 0x1) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, 0x0) 13m11.908258675s ago: executing program 3 (id=399): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25) r7 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) ioctl$KVM_HAS_DEVICE_ATTR(r7, 0x4018aee3, 0xffffffffffffffff) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r8, &(0x7f00000001c0)=0x1, 0x11) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r9, &(0x7f00000001c0)=0x4, 0x4d) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000380)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)={0xc, "11029c14e50eaac9139c4595"}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000bc2000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r13, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000140)=@arm64_ccsidr={0x6020000000110808, 0x0}) ioctl$KVM_GET_API_VERSION(r5, 0xae00, 0x0) 12m49.028043576s ago: executing program 3 (id=400): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) r1 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffffe}, &(0x7f0000000040)=[@featur2={0x1, 0x34}], 0x1) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f00000000c0)=@arm64_sve={0x608000000015026e, &(0x7f0000000080)=0x2}) ioctl$KVM_ARM_PREFERRED_TARGET(r1, 0x8020aeaf, &(0x7f0000000100)) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x1, 0x0, 0xdddd0000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000180)=0xd) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0xa00, 0x0) ioctl$KVM_SET_REGS(r1, 0x4360ae82, &(0x7f0000000200)={[0x80000001, 0x8, 0x0, 0x3, 0x5, 0x1, 0x7, 0x4, 0x3, 0x70, 0x7ff, 0x5, 0x800, 0x8, 0x1ff, 0x5], 0xeeef0000, 0x91204}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r4 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f00000002c0)={0x9, 0x7}) ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000300)={0x1ff, 0xc, 0xeeee0000, 0x2000, &(0x7f0000dee000/0x2000)=nil, 0x7ff, r4}) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f00000003c0)={0x2710, 0x0, &(0x7f0000e8c000/0x1000)=nil}) r5 = eventfd2(0x7, 0x80800) r6 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000005c0)={0x0, &(0x7f0000000400)=[@its_setup={0x82, 0x28, {0x0, 0x4, 0x2ef}}, @irq_setup={0x46, 0x18, {0x4, 0x17d}}, @hvc={0x32, 0x40, {0xccf8b0bd86d6cf37, [0x1a2, 0x8, 0x1d6e, 0x5, 0xffff]}}, @mrs={0xbe, 0x18, {0x603000000013e218}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0x2b6}}, @uexit={0x0, 0x18, 0x902}, @mrs={0xbe, 0x18, {0x6030000000138065}}, @irq_setup={0x46, 0x18, {0x3, 0x1d2}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x40, 0x9, 0x1}}, @eret={0xe6, 0x18, 0x5}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x4f}}], 0x190}, &(0x7f0000000600)=[@featur2={0x1, 0x13}], 0x1) ioctl$KVM_GET_REG_LIST(r6, 0xc008aeb0, &(0x7f0000000640)={0x1, [0x8000000000000001]}) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r8 = ioctl$KVM_GET_STATS_FD_cpu(r7, 0xaece) ioctl$KVM_S390_VCPU_FAULT(r6, 0x4008ae52, &(0x7f0000000680)=0x6) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000700)=@arm64_core={0x6030000000100024, &(0x7f00000006c0)=0x8001}) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000740)={0x8, 0x0, [{0xfffffffc, 0x1, 0x1, 0x0, @sint={0x0, 0xfffffff7}}, {0xc, 0x4, 0x1, 0x0, @irqchip={0x8, 0xcb}}, {0x3, 0x3, 0x0, 0x0, @msi={0x3, 0x9, 0x2f, 0x4}}, {0xc64, 0x2, 0x1, 0x0, @sint={0x10001}}, {0x8ebd, 0x2, 0x0, 0x0, @irqchip={0x8, 0x100}}, {0xffff, 0x4, 0x1, 0x0, @msi={0xffffffff, 0x0, 0xffffff80, 0x7}}, {0x92, 0x3, 0x1, 0x0, @sint={0x101, 0x9}}, {0x7, 0x5, 0x0, 0x0, @sint={0x1, 0x2efe}}]}) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000900)={r5, 0xac, 0x1, r5}) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000940)={0x4, 0x40}) ioctl$KVM_SET_REGS(r7, 0x4360ae82, &(0x7f0000000980)={[0x3, 0x0, 0xf862, 0x3, 0x6, 0x101, 0x7, 0xfffffffffffffff9, 0x4, 0x5123cbb, 0x9, 0x0, 0x1, 0xe47700000000000, 0x637a, 0x8000], 0x4, 0x183040}) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000a80)={0x0, &(0x7f0000000a40)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x60000000000, 0x2}}], 0x30}, &(0x7f0000000ac0)=[@featur2], 0x1) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000b00)={0x1, 0x0, [{0xffff, 0x5, 0x0, 0x0, @adapter={0xffffffffffffffff, 0x80, 0x1, 0x387, 0x80000000}}]}) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25) ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f0000000b80)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000b40)}) mmap$KVM_VCPU(&(0x7f0000f8a000/0x4000)=nil, 0x0, 0x2000005, 0x4000010, r1, 0x0) 12m33.55724827s ago: executing program 3 (id=401): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r6, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) munmap(&(0x7f0000000000/0x4000)=nil, 0x4000) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r7, 0x3000003, 0x2011, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (fail_nth: 4) 12m32.507116773s ago: executing program 5 (id=371): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013e7fc, 0x8000}}], 0x20}, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) ioctl$KVM_CAP_PTP_KVM(r4, 0x4068aea3, &(0x7f0000000100)) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12m17.250665735s ago: executing program 3 (id=402): openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20000000005) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8902, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x69) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) openat$kvm(0x0, 0x0, 0x80, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, 0x0) openat$kvm(0x0, &(0x7f0000000240), 0x298040, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x1b) r9 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION2(r8, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x4, 0x2000, &(0x7f0000ffe000/0x2000)=nil, 0x100000000000000, r9}) close(r8) close(r9) r10 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, 0x0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) r12 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) openat$kvm(0x0, 0x0, 0x121240, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) 12m15.450430564s ago: executing program 5 (id=403): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000240)={0x0, 0x94}) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2c) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r4, 0x8, 0x13, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c028, &(0x7f0000000600)=0x6}) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r4, 0x1000001, 0x12, 0xffffffffffffffff, 0x0) r8 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x84000053, [0x1000009, 0x8000000000000001, 0xffffffffffffffff, 0x400, 0xfffffffffffff800]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) 11m50.404968239s ago: executing program 3 (id=404): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21) ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000000)={0xc0, 0x0, 0xe000}) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000080)={0xe4, 0x0, 0xff}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x801, 0x0) ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r0, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_RESET_DIRTY_RINGS(r0, 0xaec7) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000001c0)={0x3, 0x0, [{0x7, 0x4, 0x1, 0x0, @sint={0x80000000}}, {0x1, 0x1, 0x1, 0x0, @msi={0x24, 0x9, 0x6, 0x84}}, {0x9, 0x4, 0x0, 0x0, @adapter={0x7, 0x9, 0x809, 0x7, 0x5}}]}) r3 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece) r4 = ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x101ff, 0x0, 0x26000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) write$eventfd(r3, &(0x7f0000000300)=0x8, 0x8) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1b) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000340)={0xdf, 0x0, 0x9000}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f00000003c0)=@arm64={0xfc, 0x0, 0x4, '\x00', 0x7e}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r6, 0x5, 0x10010, r4, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r6, 0x4, 0x10, r4, 0x0) r7 = ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece) ioctl$KVM_RESET_DIRTY_RINGS(r7, 0xaec7) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000400)={0x1, 0x1000}) syz_kvm_vgic_v3_setup(r2, 0x3, 0x120) ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000440)={0xc0, 0x0, 0x10000}) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000ab9000/0x400000)=nil) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x40, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x4) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x989) 11m50.069464419s ago: executing program 5 (id=405): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r2, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x2, 0x80, 0x0}) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2c) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x603000000010002a, &(0x7f00000000c0)=0x9}) r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async) r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async) r12 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r13, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0xd000}) r14 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async) r15 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000040)={0x5}) (async) ioctl$KVM_RUN(r15, 0xae80, 0x0) (async) syz_kvm_vgic_v3_setup(r11, 0x1, 0x0) r16 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0x84000053, [0x0, 0x7, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r16, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r16, 0x4020aeae, &(0x7f0000000000)={0x5, 0x4f}) 11m3.451921564s ago: executing program 36 (id=404): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21) ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000000)={0xc0, 0x0, 0xe000}) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000080)={0xe4, 0x0, 0xff}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x801, 0x0) ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r0, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_RESET_DIRTY_RINGS(r0, 0xaec7) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000001c0)={0x3, 0x0, [{0x7, 0x4, 0x1, 0x0, @sint={0x80000000}}, {0x1, 0x1, 0x1, 0x0, @msi={0x24, 0x9, 0x6, 0x84}}, {0x9, 0x4, 0x0, 0x0, @adapter={0x7, 0x9, 0x809, 0x7, 0x5}}]}) r3 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece) r4 = ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x101ff, 0x0, 0x26000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) write$eventfd(r3, &(0x7f0000000300)=0x8, 0x8) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1b) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000340)={0xdf, 0x0, 0x9000}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f00000003c0)=@arm64={0xfc, 0x0, 0x4, '\x00', 0x7e}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r6, 0x5, 0x10010, r4, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r6, 0x4, 0x10, r4, 0x0) r7 = ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece) ioctl$KVM_RESET_DIRTY_RINGS(r7, 0xaec7) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000400)={0x1, 0x1000}) syz_kvm_vgic_v3_setup(r2, 0x3, 0x120) ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000440)={0xc0, 0x0, 0x10000}) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000ab9000/0x400000)=nil) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x40, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x4) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x989) 11m0.038933091s ago: executing program 37 (id=405): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r2, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x2, 0x80, 0x0}) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2c) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x603000000010002a, &(0x7f00000000c0)=0x9}) r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async) r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async) r12 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r13, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0xd000}) r14 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async) r15 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000040)={0x5}) (async) ioctl$KVM_RUN(r15, 0xae80, 0x0) (async) syz_kvm_vgic_v3_setup(r11, 0x1, 0x0) r16 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0x84000053, [0x0, 0x7, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r16, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r16, 0x4020aeae, &(0x7f0000000000)={0x5, 0x4f}) 1m54.856616176s ago: executing program 6 (id=406): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r6, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) munmap(&(0x7f0000000000/0x4000)=nil, 0x4000) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r7, 0x3000003, 0x2011, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (fail_nth: 5) 1m52.457721763s ago: executing program 7 (id=407): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000dca000/0x4000)=nil, 0x0, 0x1, 0x2010, r6, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r8, 0x8, 0x13, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000bc7000/0x2000)=nil, r8, 0x200000b, 0x10, r6, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r9, 0x3, 0x11, r5, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2f) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000bc2000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffffffefffffb) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r13, r14, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013c016, &(0x7f0000000000)=0x5}) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x28) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r16, 0x4010aeb5, &(0x7f0000000100)={0x7, 0x779e}) ioctl$KVM_RUN(r12, 0xae80, 0x0) 1m37.566652439s ago: executing program 6 (id=408): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000080)={0x0, 0xffffff6f}) ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f00000001c0)={0x0, 0xffffffff}) r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000200)=[@mrs={0xbe, 0x0, {0x603000000013df6d}}, @uexit={0x0, 0x0, 0xfffffffffffffffa}, @uexit={0x0, 0x0, 0x1}, @its_setup={0x82, 0x0, {0x2, 0x2, 0x36e}}, @memwrite={0x6e, 0x0, @vgic_gits={0x8080000, 0x20020, 0x7, 0x1}}, @irq_setup={0x46, 0x0, {0x4, 0x327}}, @svc={0x122, 0x0, {0x86000000, [0x2fc1, 0x0, 0x65, 0x3, 0x101]}}, @code={0xa, 0x0, {"007008d500c8a07ea0d08fd20000b0f2c10180d2220180d2e30180d2e40180d2020000d400b8200e000028d5008008d5000080f9008008d5c08e9dd20080b0f2810180d2e20180d2e30180d2040080d2020000d40000403a"}}, @uexit={0x0, 0x0, 0x2}, @memwrite={0x6e, 0x0, @generic={0xeeef0000, 0xd5, 0x8}}, @memwrite={0x6e, 0x0, @vgic_gits={0x8080000, 0xffe8, 0xa3, 0x2}}], 0x18}, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x1000, 0x7, &(0x7f0000000000)=0x1}) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1m15.075530862s ago: executing program 7 (id=409): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x40010, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000) close(r5) ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x3) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000001c0)="fb0149dd833be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8faa767969d22627e700", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x0, 0x1000009, 0x11, r8, 0x0) r10 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@other={0x81, &(0x7f0000000100)=0xfffffffffffffffc}) ioctl$KVM_CREATE_VM(r10, 0x401c5820, 0x20000007) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0x80111500, 0x20000000) ioctl$KVM_CREATE_VM(r12, 0x541b, 0x20) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8}) 1m12.348932549s ago: executing program 6 (id=410): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x450c00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, 0xffffffffffffffff, 0x1}) r2 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000100)={0x101ff, 0x0, &(0x7f0000eaa000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, 0xffffffffffffffff) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r7 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x2, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r0, 0x400454d1, 0x2b) r8 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x308, &(0x7f00000000c0)=0x1}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x81, 0x7f, &(0x7f0000000140)=0x3}) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, 0xffffffffffffffff, 0x3}) eventfd2(0x9, 0x1) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000002c0)={0x3, 0x0, [{0x7, 0x5, 0x1, 0x0, @sint={0x7f6, 0x5}}, {0xffffff70, 0x5, 0x1, 0x0, @msi={0x9, 0x4, 0x63d8, 0x6}}, {0x4, 0x3, 0x1, 0x0, @sint={0x8000}}]}) r9 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000080)={0xa, 0xffffffffffffffff, 0x1}) openat$kvm(0x0, &(0x7f0000000080), 0x121200, 0x0) r10 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000bfe000/0x400000)=nil) ioctl$KVM_IRQ_LINE_STATUS(r10, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) 51.108348816s ago: executing program 7 (id=411): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x40000000, [0x7, 0xb5, 0x401, 0x7fffffffffffffff, 0x200]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xc, 0x4, 0x6, 0x2}}, @uexit={0x0, 0x18, 0x1000}, @hvc={0x32, 0x40, {0x8400000f, [0x8000, 0x0, 0xfffffffffffffffd, 0x8]}}, @code={0xa, 0x84, {"008008d5000008d5007008d5000488d20040b0f2610080d2c20080d2e30180d2c40080d2020000d400d781d20000b0f2810180d2620080d2430180d2840180d2020000d4007008d5a09b98d20040b0f2c10180d2220080d2830080d2040080d2020000d40008c0da00c8a10e00b0205e"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x5, 0x1}}, @smc={0x1e, 0x40, {0x4, [0x6, 0x8000, 0x80000001, 0x5, 0xfff]}}], 0x1b4}, &(0x7f0000000200)=[@featur2={0x1, 0x4}], 0x1) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000003c0)=[{0x0, &(0x7f0000000240)=[@code={0xa, 0x84, {"0008c0380040200d007008d5c01696d200e0b8f2210180d2620080d2e30180d2240080d2020000d480438ad20040b8f2410080d2e20080d2a30180d2c40080d2020000d40068201e007008d5a0948dd200e0b8f2610180d2020180d2230080d2440080d2020000d4008008d5000cc03c"}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x1, 0x10, 0x0, 0x87a8, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x1, 0x3, 0x3, 0x3c2, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0x264}}, @code={0xa, 0x6c, {"409985d20080b0f2010180d2420080d2430080d2e40180d2020000d40000402d00c0ff0d0060204e000008d50000699e007008d500000091000000f8e04388d20060b8f2210180d2c20080d2830080d2040180d2020000d4"}}], 0x158}], 0x1, 0x0, &(0x7f0000000400)=[@featur1={0x1, 0x10}], 0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xcb) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r7, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) ioctl$KVM_CAP_PTP_KVM(r1, 0x4068aea3, &(0x7f0000000440)) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, 0x0) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r8, 0x3000003, 0x2011, r7, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) 24.524594131s ago: executing program 38 (id=410): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x450c00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, 0xffffffffffffffff, 0x1}) r2 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000100)={0x101ff, 0x0, &(0x7f0000eaa000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, 0xffffffffffffffff) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r7 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x2, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r0, 0x400454d1, 0x2b) r8 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x308, &(0x7f00000000c0)=0x1}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x81, 0x7f, &(0x7f0000000140)=0x3}) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, 0xffffffffffffffff, 0x3}) eventfd2(0x9, 0x1) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000002c0)={0x3, 0x0, [{0x7, 0x5, 0x1, 0x0, @sint={0x7f6, 0x5}}, {0xffffff70, 0x5, 0x1, 0x0, @msi={0x9, 0x4, 0x63d8, 0x6}}, {0x4, 0x3, 0x1, 0x0, @sint={0x8000}}]}) r9 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000080)={0xa, 0xffffffffffffffff, 0x1}) openat$kvm(0x0, &(0x7f0000000080), 0x121200, 0x0) r10 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000bfe000/0x400000)=nil) ioctl$KVM_IRQ_LINE_STATUS(r10, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) 0s ago: executing program 39 (id=411): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x40000000, [0x7, 0xb5, 0x401, 0x7fffffffffffffff, 0x200]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xc, 0x4, 0x6, 0x2}}, @uexit={0x0, 0x18, 0x1000}, @hvc={0x32, 0x40, {0x8400000f, [0x8000, 0x0, 0xfffffffffffffffd, 0x8]}}, @code={0xa, 0x84, {"008008d5000008d5007008d5000488d20040b0f2610080d2c20080d2e30180d2c40080d2020000d400d781d20000b0f2810180d2620080d2430180d2840180d2020000d4007008d5a09b98d20040b0f2c10180d2220080d2830080d2040080d2020000d40008c0da00c8a10e00b0205e"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x5, 0x1}}, @smc={0x1e, 0x40, {0x4, [0x6, 0x8000, 0x80000001, 0x5, 0xfff]}}], 0x1b4}, &(0x7f0000000200)=[@featur2={0x1, 0x4}], 0x1) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000003c0)=[{0x0, &(0x7f0000000240)=[@code={0xa, 0x84, {"0008c0380040200d007008d5c01696d200e0b8f2210180d2620080d2e30180d2240080d2020000d480438ad20040b8f2410080d2e20080d2a30180d2c40080d2020000d40068201e007008d5a0948dd200e0b8f2610180d2020180d2230080d2440080d2020000d4008008d5000cc03c"}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x1, 0x10, 0x0, 0x87a8, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x1, 0x3, 0x3, 0x3c2, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0x264}}, @code={0xa, 0x6c, {"409985d20080b0f2010180d2420080d2430080d2e40180d2020000d40000402d00c0ff0d0060204e000008d50000699e007008d500000091000000f8e04388d20060b8f2210180d2c20080d2830080d2040180d2020000d4"}}], 0x158}], 0x1, 0x0, &(0x7f0000000400)=[@featur1={0x1, 0x10}], 0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xcb) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r7, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) ioctl$KVM_CAP_PTP_KVM(r1, 0x4068aea3, &(0x7f0000000440)) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, 0x0) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r8, 0x3000003, 0x2011, r7, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) kernel console output (not intermixed with test programs): [ 396.019521][ T3171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.102421][ T3171] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:29583' (ED25519) to the list of known hosts. [ 603.499810][ T24] audit: type=1400 audit(602.710:60): avc: denied { name_bind } for pid=3329 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 605.377115][ T24] audit: type=1400 audit(604.580:61): avc: denied { execute } for pid=3330 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 605.405862][ T24] audit: type=1400 audit(604.610:62): avc: denied { execute_no_trans } for pid=3330 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 629.369257][ T24] audit: type=1400 audit(628.580:63): avc: denied { mounton } for pid=3330 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 629.409022][ T24] audit: type=1400 audit(628.610:64): avc: denied { mount } for pid=3330 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 629.511236][ T3330] cgroup: Unknown subsys name 'net' [ 629.567997][ T24] audit: type=1400 audit(628.770:65): avc: denied { unmount } for pid=3330 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 630.028908][ T3330] cgroup: Unknown subsys name 'cpuset' [ 630.149093][ T3330] cgroup: Unknown subsys name 'rlimit' [ 631.028517][ T24] audit: type=1400 audit(630.230:66): avc: denied { setattr } for pid=3330 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 631.059354][ T24] audit: type=1400 audit(630.250:67): avc: denied { mounton } for pid=3330 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 631.067858][ T24] audit: type=1400 audit(630.260:68): avc: denied { mount } for pid=3330 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 632.104410][ T3334] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 632.123691][ T24] audit: type=1400 audit(631.330:69): avc: denied { relabelto } for pid=3334 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.150067][ T24] audit: type=1400 audit(631.360:70): avc: denied { write } for pid=3334 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 632.336813][ T24] audit: type=1400 audit(631.540:71): avc: denied { read } for pid=3330 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.360076][ T24] audit: type=1400 audit(631.570:72): avc: denied { open } for pid=3330 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.398932][ T3330] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 689.309581][ T24] audit: type=1400 audit(688.520:73): avc: denied { execmem } for pid=3335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 693.172151][ T24] audit: type=1400 audit(692.360:74): avc: denied { read } for pid=3338 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 693.191538][ T24] audit: type=1400 audit(692.370:75): avc: denied { open } for pid=3337 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 693.258576][ T24] audit: type=1400 audit(692.450:76): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 693.487233][ T24] audit: type=1400 audit(692.690:77): avc: denied { module_request } for pid=3338 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 694.524673][ T24] audit: type=1400 audit(693.720:78): avc: denied { sys_module } for pid=3337 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 721.250672][ T3338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 721.556357][ T3338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 721.657292][ T3337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 722.014344][ T3337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 734.063230][ T3338] hsr_slave_0: entered promiscuous mode [ 734.091841][ T3338] hsr_slave_1: entered promiscuous mode [ 734.912898][ T3337] hsr_slave_0: entered promiscuous mode [ 734.969518][ T3337] hsr_slave_1: entered promiscuous mode [ 735.014704][ T3337] debugfs: 'hsr0' already exists in 'hsr' [ 735.031570][ T3337] Cannot create hsr debugfs directory [ 741.057524][ T24] audit: type=1400 audit(740.260:79): avc: denied { create } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 741.107887][ T24] audit: type=1400 audit(740.310:80): avc: denied { write } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 741.170835][ T24] audit: type=1400 audit(740.380:81): avc: denied { read } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 741.328009][ T3338] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 741.622662][ T3338] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 741.903161][ T3338] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 742.353137][ T3338] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 743.930665][ T3337] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 744.100476][ T3337] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 744.271240][ T3337] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 744.447963][ T3337] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 761.969520][ T3338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 765.568588][ T3337] 8021q: adding VLAN 0 to HW filter on device bond0 [ 817.169864][ T3338] veth0_vlan: entered promiscuous mode [ 817.833938][ T3338] veth1_vlan: entered promiscuous mode [ 820.599790][ T3337] veth0_vlan: entered promiscuous mode [ 821.201570][ T3338] veth0_macvtap: entered promiscuous mode [ 821.915706][ T3338] veth1_macvtap: entered promiscuous mode [ 822.120424][ T3337] veth1_vlan: entered promiscuous mode [ 825.252210][ T2134] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.494562][ T2134] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.520863][ T2134] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.610436][ T2134] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.931868][ T3337] veth0_macvtap: entered promiscuous mode [ 826.828457][ T3337] veth1_macvtap: entered promiscuous mode [ 829.061892][ T24] audit: type=1400 audit(828.270:82): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 829.357236][ T24] audit: type=1400 audit(828.540:83): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/syzkaller.MC6k8J/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 829.712743][ T24] audit: type=1400 audit(828.830:84): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 830.222693][ T24] audit: type=1400 audit(829.430:85): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/syzkaller.MC6k8J/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 830.469743][ T24] audit: type=1400 audit(829.680:86): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/syzkaller.MC6k8J/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 830.817059][ T2134] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.823532][ T2134] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.899711][ T2134] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.903910][ T2134] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.512609][ T24] audit: type=1400 audit(830.720:87): avc: denied { unmount } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 831.817213][ T24] audit: type=1400 audit(831.020:88): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 831.993768][ T24] audit: type=1400 audit(831.180:89): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="gadgetfs" ino=3758 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 832.528265][ T24] audit: type=1400 audit(831.710:90): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 832.648182][ T24] audit: type=1400 audit(831.850:91): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 834.766624][ T3338] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 836.348548][ T24] kauditd_printk_skb: 1 callbacks suppressed [ 836.349484][ T24] audit: type=1400 audit(835.530:93): avc: denied { read write } for pid=3338 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 836.396606][ T24] audit: type=1400 audit(835.590:94): avc: denied { open } for pid=3338 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 836.479083][ T24] audit: type=1400 audit(835.640:95): avc: denied { ioctl } for pid=3338 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 845.510934][ T24] audit: type=1400 audit(844.710:96): avc: denied { read } for pid=3495 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 845.576486][ T24] audit: type=1400 audit(844.780:97): avc: denied { open } for pid=3495 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 845.634118][ T24] audit: type=1400 audit(844.840:98): avc: denied { ioctl } for pid=3495 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 857.796699][ T24] audit: type=1400 audit(857.000:99): avc: denied { append } for pid=3506 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 865.217635][ T24] audit: type=1400 audit(864.410:100): avc: denied { write } for pid=3511 comm="syz.1.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 876.072537][ T24] audit: type=1400 audit(875.280:101): avc: denied { ioctl } for pid=3517 comm="syz.1.8" path="net:[4026532630]" dev="nsfs" ino=4026532630 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 897.475893][ T24] audit: type=1400 audit(896.670:102): avc: denied { execute } for pid=3529 comm="syz.0.12" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4389 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 996.546607][ T24] audit: type=1400 audit(995.700:103): avc: denied { setattr } for pid=3582 comm="syz.1.30" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1277.042924][ T24] audit: type=1400 audit(1276.200:104): avc: denied { map } for pid=3733 comm="syz.1.75" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1336.374685][ T24] audit: type=1400 audit(1335.510:105): avc: denied { create } for pid=3769 comm="syz.1.87" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1567.016799][ T24] audit: type=1400 audit(1566.220:106): avc: denied { map } for pid=3901 comm="syz.1.132" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=11278 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1567.096431][ T24] audit: type=1400 audit(1566.300:107): avc: denied { read } for pid=3901 comm="syz.1.132" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=11278 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1660.927313][ T3386] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1662.358730][ T3386] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1664.078587][ T3386] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1666.116609][ T3386] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1686.597638][ T3386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1686.859755][ T3386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1687.063191][ T3386] bond0 (unregistering): Released all slaves [ 1688.954317][ T3386] hsr_slave_0: left promiscuous mode [ 1689.137613][ T3386] hsr_slave_1: left promiscuous mode [ 1689.716505][ T3386] veth1_macvtap: left promiscuous mode [ 1689.720070][ T3386] veth0_macvtap: left promiscuous mode [ 1689.750099][ T3386] veth1_vlan: left promiscuous mode [ 1689.758248][ T3386] veth0_vlan: left promiscuous mode [ 1759.556692][ T3948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1759.743870][ T3948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1783.970238][ T3948] hsr_slave_0: entered promiscuous mode [ 1784.081001][ T3948] hsr_slave_1: entered promiscuous mode [ 1805.421809][ T3948] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1805.929467][ T3948] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1806.423957][ T3948] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1806.787426][ T3948] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1832.841794][ T3948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1942.578978][ T3948] veth0_vlan: entered promiscuous mode [ 1943.479499][ T3948] veth1_vlan: entered promiscuous mode [ 1946.590331][ T3948] veth0_macvtap: entered promiscuous mode [ 1946.929028][ T3948] veth1_macvtap: entered promiscuous mode [ 1950.742798][ T3343] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1950.763774][ T3343] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1950.797701][ T3343] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1950.806488][ T3343] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1955.458215][ T24] audit: type=1400 audit(1954.630:108): avc: denied { unmount } for pid=3948 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 2036.541245][ T24] audit: type=1400 audit(2035.740:109): avc: denied { write } for pid=4208 comm="syz.0.173" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=14620 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 2044.667908][ T24] audit: type=1400 audit(2043.820:110): avc: denied { execute } for pid=4213 comm="syz.2.175" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2078.772017][ T4234] kvm [4234]: Failed to find VMA for hva 0x21016000 [ 2140.861693][ T24] audit: type=1400 audit(2140.010:111): avc: denied { map } for pid=4258 comm="syz.2.189" path="/" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 2158.439460][ T4269] KVM: debugfs: duplicate directory 4269-3 [ 2202.433230][ T24] audit: type=1400 audit(2201.640:112): avc: denied { execute } for pid=4292 comm="syz.0.201" path=2F3131312F10FBFF67525673312B0104 dev="tmpfs" ino=575 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 2742.933885][ T4535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2743.428232][ T4535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2749.070187][ T4538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2749.441941][ T4538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2775.093399][ T4535] hsr_slave_0: entered promiscuous mode [ 2775.228585][ T4535] hsr_slave_1: entered promiscuous mode [ 2775.308822][ T4535] debugfs: 'hsr0' already exists in 'hsr' [ 2775.330052][ T4535] Cannot create hsr debugfs directory [ 2779.901899][ T4538] hsr_slave_0: entered promiscuous mode [ 2779.983145][ T4538] hsr_slave_1: entered promiscuous mode [ 2780.072583][ T4538] debugfs: 'hsr0' already exists in 'hsr' [ 2780.077598][ T4538] Cannot create hsr debugfs directory [ 2796.684698][ T4535] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2797.662395][ T4535] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2798.443125][ T4535] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2800.236364][ T4535] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2806.974652][ T4538] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2807.609162][ T4538] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2808.278378][ T4538] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2808.940448][ T4538] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2841.402655][ T4535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2847.613881][ T4538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2858.982247][ T3386] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2860.344471][ T3386] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2861.649673][ T3386] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2863.413309][ T3386] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2883.314075][ T3386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2883.811784][ T3386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2884.376001][ T3386] bond0 (unregistering): Released all slaves [ 2886.279991][ T3386] hsr_slave_0: left promiscuous mode [ 2886.467393][ T3386] hsr_slave_1: left promiscuous mode [ 2886.957873][ T3386] veth1_macvtap: left promiscuous mode [ 2886.983807][ T3386] veth0_macvtap: left promiscuous mode [ 2887.003775][ T3386] veth1_vlan: left promiscuous mode [ 2887.013887][ T3386] veth0_vlan: left promiscuous mode [ 2909.560967][ T3386] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2911.091318][ T3386] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2912.221219][ T3386] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2913.498540][ T3386] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2935.202860][ T3386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2935.483414][ T3386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2935.675993][ T3386] bond0 (unregistering): Released all slaves [ 2937.856689][ T3386] hsr_slave_0: left promiscuous mode [ 2938.071051][ T3386] hsr_slave_1: left promiscuous mode [ 2939.187056][ T3386] veth1_macvtap: left promiscuous mode [ 2939.216747][ T3386] veth0_macvtap: left promiscuous mode [ 2939.227210][ T3386] veth1_vlan: left promiscuous mode [ 2939.244581][ T3386] veth0_vlan: left promiscuous mode [ 3017.789097][ T4535] veth0_vlan: entered promiscuous mode [ 3018.671825][ T4535] veth1_vlan: entered promiscuous mode [ 3021.588772][ T4535] veth0_macvtap: entered promiscuous mode [ 3021.994054][ T4535] veth1_macvtap: entered promiscuous mode [ 3025.037836][ T4541] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3025.057481][ T4541] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3025.173999][ T4541] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3025.176622][ T4541] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3039.561522][ T4538] veth0_vlan: entered promiscuous mode [ 3040.871262][ T4538] veth1_vlan: entered promiscuous mode [ 3044.732195][ T4538] veth0_macvtap: entered promiscuous mode [ 3045.857418][ T4538] veth1_macvtap: entered promiscuous mode [ 3050.252195][ T3954] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3050.258238][ T4541] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3050.450406][ T4541] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3050.458773][ T4541] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3915.191716][ T4328] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3917.252343][ T4328] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3918.999761][ T4328] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3921.554652][ T4328] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3946.663029][ T4328] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3947.246796][ T4328] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3947.664487][ T4328] bond0 (unregistering): Released all slaves [ 3950.434037][ T4328] hsr_slave_0: left promiscuous mode [ 3950.640244][ T4328] hsr_slave_1: left promiscuous mode [ 3951.380610][ T4328] veth1_macvtap: left promiscuous mode [ 3951.392598][ T4328] veth0_macvtap: left promiscuous mode [ 3951.411534][ T4328] veth1_vlan: left promiscuous mode [ 3951.448046][ T4328] veth0_vlan: left promiscuous mode [ 4052.026744][ T5197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4052.384374][ T5197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4093.064153][ T5197] hsr_slave_0: entered promiscuous mode [ 4093.230648][ T5197] hsr_slave_1: entered promiscuous mode [ 4118.771417][ T5197] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 4119.310219][ T5197] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 4119.814229][ T5197] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 4120.531506][ T5197] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 4160.523467][ T5197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4296.187145][ T5430] FAULT_INJECTION: forcing a failure. [ 4296.187145][ T5430] name failslab, interval 1, probability 0, space 0, times 1 [ 4296.204005][ T5430] CPU: 0 UID: 0 PID: 5430 Comm: syz.3.397 Not tainted syzkaller #0 PREEMPT [ 4296.204690][ T5430] Hardware name: linux,dummy-virt (DT) [ 4296.205149][ T5430] Call trace: [ 4296.205542][ T5430] show_stack+0x2c/0x3c (C) [ 4296.207574][ T5430] __dump_stack+0x30/0x40 [ 4296.207963][ T5430] dump_stack_lvl+0xd8/0x12c [ 4296.208297][ T5430] dump_stack+0x1c/0x28 [ 4296.208607][ T5430] should_fail_ex+0x56c/0x6d8 [ 4296.208852][ T5430] should_failslab+0xb8/0xec [ 4296.209078][ T5430] kmem_cache_alloc_noprof+0x90/0x4c4 [ 4296.209397][ T5430] anon_vma_clone+0x50c/0xd40 [ 4296.209691][ T5430] __split_vma+0x3b8/0xab0 [ 4296.209957][ T5430] vms_gather_munmap_vmas+0x2cc/0x146c [ 4296.210229][ T5430] mmap_region+0x6f4/0x1db4 [ 4296.210509][ T5430] do_mmap+0xa50/0xf50 [ 4296.210731][ T5430] vm_mmap_pgoff+0x288/0x3dc [ 4296.210968][ T5430] ksys_mmap_pgoff+0xec/0x448 [ 4296.211236][ T5430] __arm64_sys_mmap+0x13c/0x198 [ 4296.211559][ T5430] invoke_syscall+0x90/0x230 [ 4296.211858][ T5430] el0_svc_common+0x120/0x2f4 [ 4296.212155][ T5430] do_el0_svc+0x58/0x74 [ 4296.212482][ T5430] el0_svc+0x5c/0x238 [ 4296.212712][ T5430] el0t_64_sync_handler+0x84/0x12c [ 4296.212942][ T5430] el0t_64_sync+0x198/0x19c [ 4339.402954][ T5197] veth0_vlan: entered promiscuous mode [ 4340.961979][ T5197] veth1_vlan: entered promiscuous mode [ 4345.700692][ T5197] veth0_macvtap: entered promiscuous mode [ 4346.693106][ T5197] veth1_macvtap: entered promiscuous mode [ 4351.523704][ T2134] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4351.532635][ T2134] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4351.593728][ T21] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4351.780547][ T3386] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4370.330169][ T5468] FAULT_INJECTION: forcing a failure. [ 4370.330169][ T5468] name failslab, interval 1, probability 0, space 0, times 0 [ 4370.378858][ T5468] CPU: 0 UID: 0 PID: 5468 Comm: syz.3.401 Not tainted syzkaller #0 PREEMPT [ 4370.379289][ T5468] Hardware name: linux,dummy-virt (DT) [ 4370.379415][ T5468] Call trace: [ 4370.379500][ T5468] show_stack+0x2c/0x3c (C) [ 4370.379872][ T5468] __dump_stack+0x30/0x40 [ 4370.380184][ T5468] dump_stack_lvl+0xd8/0x12c [ 4370.380518][ T5468] dump_stack+0x1c/0x28 [ 4370.380817][ T5468] should_fail_ex+0x56c/0x6d8 [ 4370.381061][ T5468] should_failslab+0xb8/0xec [ 4370.381297][ T5468] kmem_cache_alloc_noprof+0x90/0x4c4 [ 4370.381602][ T5468] vm_area_dup+0x3c/0x784 [ 4370.381851][ T5468] __split_vma+0x1c8/0xab0 [ 4370.382121][ T5468] vms_gather_munmap_vmas+0x4d0/0x146c [ 4370.382413][ T5468] mmap_region+0x6f4/0x1db4 [ 4370.382681][ T5468] do_mmap+0xa50/0xf50 [ 4370.382898][ T5468] vm_mmap_pgoff+0x288/0x3dc [ 4370.383147][ T5468] ksys_mmap_pgoff+0xec/0x448 [ 4370.383410][ T5468] __arm64_sys_mmap+0x13c/0x198 [ 4370.383715][ T5468] invoke_syscall+0x90/0x230 [ 4370.384016][ T5468] el0_svc_common+0x120/0x2f4 [ 4370.384319][ T5468] do_el0_svc+0x58/0x74 [ 4370.384629][ T5468] el0_svc+0x5c/0x238 [ 4370.384861][ T5468] el0t_64_sync_handler+0x84/0x12c [ 4370.385092][ T5468] el0t_64_sync+0x198/0x19c [ 4564.187126][ T5498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4565.903846][ T5498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4568.720396][ T5500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4569.212734][ T5500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4603.430537][ T5498] hsr_slave_0: entered promiscuous mode [ 4603.483111][ T5498] hsr_slave_1: entered promiscuous mode [ 4603.608157][ T5498] debugfs: 'hsr0' already exists in 'hsr' [ 4603.619327][ T5498] Cannot create hsr debugfs directory [ 4607.551681][ T5500] hsr_slave_0: entered promiscuous mode [ 4607.749446][ T5500] hsr_slave_1: entered promiscuous mode [ 4607.833986][ T5500] debugfs: 'hsr0' already exists in 'hsr' [ 4607.860671][ T5500] Cannot create hsr debugfs directory [ 4639.420075][ T5498] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 4640.299314][ T5498] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 4640.872427][ T5498] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 4641.778155][ T5498] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 4649.891609][ T5500] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 4650.490382][ T5500] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 4651.118042][ T5500] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 4651.818133][ T5500] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 4687.942423][ T5498] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4696.779806][ T5500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4799.222073][ T5598] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4801.794393][ T5598] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4804.337562][ T5598] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4806.537619][ T5598] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4833.634122][ T5598] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4833.890053][ T5598] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4834.032835][ T5598] bond0 (unregistering): Released all slaves [ 4837.227383][ T5598] hsr_slave_0: left promiscuous mode [ 4837.727283][ T5598] hsr_slave_1: left promiscuous mode [ 4838.897463][ T5598] veth1_macvtap: left promiscuous mode [ 4838.906136][ T5598] veth0_macvtap: left promiscuous mode [ 4838.908003][ T5598] veth1_vlan: left promiscuous mode [ 4838.909089][ T5598] veth0_vlan: left promiscuous mode [ 4880.858525][ T5598] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4882.600686][ T5598] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4884.339760][ T5598] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4886.109768][ T5598] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4908.958733][ T5598] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4909.280971][ T5598] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4909.540925][ T5598] bond0 (unregistering): Released all slaves [ 4913.421294][ T5598] hsr_slave_0: left promiscuous mode [ 4914.169816][ T5598] hsr_slave_1: left promiscuous mode [ 4915.030666][ T5598] veth1_macvtap: left promiscuous mode [ 4915.044546][ T5598] veth0_macvtap: left promiscuous mode [ 4915.079422][ T5598] veth1_vlan: left promiscuous mode [ 4915.111821][ T5598] veth0_vlan: left promiscuous mode [ 4968.347897][ T5498] veth0_vlan: entered promiscuous mode [ 4970.870547][ T5498] veth1_vlan: entered promiscuous mode [ 4971.547425][ T5500] veth0_vlan: entered promiscuous mode [ 4973.994076][ T5500] veth1_vlan: entered promiscuous mode [ 4976.948135][ T5498] veth0_macvtap: entered promiscuous mode [ 4977.990809][ T5498] veth1_macvtap: entered promiscuous mode [ 4980.901410][ T5500] veth0_macvtap: entered promiscuous mode [ 4982.188819][ T5500] veth1_macvtap: entered promiscuous mode [ 4985.224445][ T5598] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4985.246186][ T3954] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4985.260247][ T3954] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4985.293773][ T3954] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4989.229887][ T5201] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4989.238055][ T5201] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4989.419538][ T5543] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4989.424471][ T5543] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5010.280919][ T5694] FAULT_INJECTION: forcing a failure. [ 5010.280919][ T5694] name failslab, interval 1, probability 0, space 0, times 0 [ 5010.301699][ T5694] CPU: 0 UID: 0 PID: 5694 Comm: syz.6.406 Not tainted syzkaller #0 PREEMPT [ 5010.302085][ T5694] Hardware name: linux,dummy-virt (DT) [ 5010.302213][ T5694] Call trace: [ 5010.302310][ T5694] show_stack+0x2c/0x3c (C) [ 5010.302697][ T5694] __dump_stack+0x30/0x40 [ 5010.303005][ T5694] dump_stack_lvl+0xd8/0x12c [ 5010.303368][ T5694] dump_stack+0x1c/0x28 [ 5010.303669][ T5694] should_fail_ex+0x56c/0x6d8 [ 5010.303914][ T5694] should_failslab+0xb8/0xec [ 5010.304144][ T5694] kmem_cache_alloc_noprof+0x90/0x4c4 [ 5010.304460][ T5694] mas_alloc_nodes+0x350/0x3b8 [ 5010.304750][ T5694] mas_preallocate+0x4ec/0x958 [ 5010.305039][ T5694] __split_vma+0x318/0xab0 [ 5010.305332][ T5694] vms_gather_munmap_vmas+0x4d0/0x146c [ 5010.305603][ T5694] mmap_region+0x6f4/0x1db4 [ 5010.305869][ T5694] do_mmap+0xa50/0xf50 [ 5010.306090][ T5694] vm_mmap_pgoff+0x288/0x3dc [ 5010.306344][ T5694] ksys_mmap_pgoff+0xec/0x448 [ 5010.306575][ T5694] __arm64_sys_mmap+0x13c/0x198 [ 5010.306869][ T5694] invoke_syscall+0x90/0x230 [ 5010.307207][ T5694] el0_svc_common+0x120/0x2f4 [ 5010.307524][ T5694] do_el0_svc+0x58/0x74 [ 5010.307810][ T5694] el0_svc+0x5c/0x238 [ 5010.308036][ T5694] el0t_64_sync_handler+0x84/0x12c [ 5010.308289][ T5694] el0t_64_sync+0x198/0x19c [ 5241.859597][ T5729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5242.463969][ T5729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5267.673534][ T5739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5268.280823][ T5739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5306.424184][ T5729] hsr_slave_0: entered promiscuous mode [ 5306.609870][ T5729] hsr_slave_1: entered promiscuous mode [ 5330.788991][ T5739] hsr_slave_0: entered promiscuous mode [ 5330.961043][ T5739] hsr_slave_1: entered promiscuous mode [ 5331.147499][ T5739] debugfs: 'hsr0' already exists in 'hsr' [ 5331.150320][ T5739] Cannot create hsr debugfs directory [ 5357.018457][ T5729] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 5359.688445][ T5729] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 5360.274323][ T5729] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 5362.847572][ T5729] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 5381.441124][ T5739] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 5382.233172][ T5739] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 5383.001761][ T5739] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 5383.837621][ T5739] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 5426.573810][ T5729] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5443.140007][ T5739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5523.887553][ T26] INFO: task syz.7.411:5718 blocked for more than 430 seconds. [ 5523.916478][ T26] Not tainted syzkaller #0 [ 5523.917402][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 5523.917948][ T26] task:syz.7.411 state:D stack:0 pid:5718 tgid:5718 ppid:5500 task_flags:0x400040 flags:0x00000011 [ 5523.919157][ T26] Call trace: [ 5523.919579][ T26] __switch_to+0x584/0xb00 (T) [ 5523.920705][ T26] __schedule+0x1da4/0x3678 [ 5523.921243][ T26] schedule+0xac/0x27c [ 5523.921754][ T26] schedule_timeout+0x68/0x1ec [ 5523.922183][ T26] do_wait_for_common+0x28c/0x440 [ 5523.922714][ T26] wait_for_completion+0x44/0x5c [ 5523.923235][ T26] __synchronize_srcu+0x2a4/0x320 [ 5523.923794][ T26] synchronize_srcu+0x3d0/0x4f8 [ 5523.924329][ T26] mmu_notifier_unregister+0x320/0x428 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 5524.121916][ T26] kvm_put_kvm+0x698/0xbe0 [ 5524.162171][ T26] kvm_vm_release+0x58/0x78 [ 5524.162942][ T26] __fput+0x4ac/0x978 [ 5524.163543][ T26] ____fput+0x20/0x58 [ 5524.164054][ T26] task_work_run+0x1b8/0x250 [ 5524.164560][ T26] exit_to_user_mode_loop+0x110/0x188 [ 5524.253505][ T26] el0_svc+0x17c/0x238 [ 5524.254146][ T26] el0t_64_sync_handler+0x84/0x12c [ 5524.254644][ T26] el0t_64_sync+0x198/0x19c [ 5524.307771][ T26] [ 5524.307771][ T26] Showing all locks held in the system: [ 5524.341160][ T26] 1 lock held by khungtaskd/26: [ 5524.341742][ T26] #0: ffff800087c86f38 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44 [ 5524.344494][ T26] 3 locks held by kworker/u4:6/2134: [ 5524.438825][ T26] 2 locks held by getty/3199: [ 5524.456231][ T26] #0: 27f00000129028a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 5524.458377][ T26] #1: 0fff80008ca1b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234 [ 5524.460139][ T26] 2 locks held by syz-executor/3330: [ 5524.460505][ T26] 3 locks held by kworker/u4:4/3954: [ 5524.460812][ T26] 2 locks held by kworker/u4:7/4086: [ 5524.461102][ T26] #0: 4ff000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7cc/0x1d6c [ 5524.463183][ T26] #1: ffff80008ebb7ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x858/0x1d6c [ 5524.706165][ T26] 2 locks held by kworker/u4:3/4328: [ 5524.706668][ T26] 3 locks held by kworker/u4:0/5200: [ 5524.706991][ T26] 2 locks held by kworker/u4:9/5201: [ 5524.707358][ T26] #0: 4ff000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7cc/0x1d6c [ 5524.709366][ T26] #1: ffff80008edf7ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x858/0x1d6c [ 5524.710982][ T26] 3 locks held by kworker/u4:11/5230: [ 5524.711361][ T26] 2 locks held by kworker/0:4/5343: [ 5524.711708][ T26] 3 locks held by kworker/u4:8/5543: [ 5524.712052][ T26] 2 locks held by syz.6.410/5710: [ 5524.712430][ T26] 3 locks held by kworker/u4:14/5850: [ 5524.712755][ T26] 3 locks held by kworker/u4:15/5884: [ 5524.713054][ T26] 1 lock held by cmp/5896: [ 5524.713527][ T26] [ 5524.713794][ T26] ============================================= [ 5524.713794][ T26] [ 5524.714757][ T26] Kernel panic - not syncing: hung_task: blocked tasks [ 5524.726949][ T26] CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT [ 5524.728130][ T26] Hardware name: linux,dummy-virt (DT) [ 5524.728926][ T26] Call trace: [ 5524.729562][ T26] show_stack+0x2c/0x3c (C) [ 5524.730421][ T26] __dump_stack+0x30/0x40 [ 5524.731320][ T26] dump_stack_lvl+0x30/0x12c [ 5524.732241][ T26] dump_stack+0x1c/0x28 [ 5524.733109][ T26] vpanic+0x4d0/0x848 [ 5524.733942][ T26] vpanic+0x0/0x848 [ 5524.734760][ T26] hung_task_panic+0x0/0x2c [ 5524.735687][ T26] kthread+0x4d4/0x51c [ 5524.736445][ T26] ret_from_fork+0x10/0x20 [ 5524.738231][ T26] Kernel Offset: disabled [ 5524.738919][ T26] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f [ 5524.739967][ T26] Memory Limit: none [ 5524.742175][ T26] Rebooting in 86400 seconds..