Extracting prog: 4m40.702477985s
Minimizing prog: 1h3m26.947294102s
Simplifying prog options: 0s
Extracting C: 1m16.902475234s
Simplifying C: 7m37.446866111s


extracting reproducer from 33 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 45s
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-syz_kvm_vgic_v3_setup-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 33 programs with base timeout 45s
testing program (duration=53s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 3, 5, 3, 16, 6, 23, 2, 3, 4, 6, 4, 23, 4, 24, 4, 4, 16, 3, 3, 3, 6, 14, 9, 11, 5, 6, 6, 4, 2, 4, 9, 10]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x92, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, r4, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @remote}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e20}]}, 0x2c}}, 0x0)
executing program 0:
unshare(0x22020400)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58)
executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000200))
openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
writev(r1, &(0x7f0000000600)=[{&(0x7f0000000440)='4', 0x1}], 0x1)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x1, 0x0, 0x0, {[@generic={0x8, 0x2}, @exp_fastopen={0xfe, 0x4}]}}}}}}}, 0x0)
executing program 1:
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
ioctl$DRM_IOCTL_AGP_INFO(r0, 0x80386433, &(0x7f0000002380)=""/224)
setsockopt$inet6_int(r4, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0xa4, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x56, 0xe, {{}, 0x9, @default, 0x0, @void, @void, @void, @val={0x4, 0x6, {0x10}}, @void, @val={0x5, 0x3, {0xd, 0x2, 0xb6}}, @val={0x25, 0x3}, @void, @void, @val={0x2d, 0x1a, {0x0, 0x0, 0x0, 0x0, {0x1000000000000}, 0x6, 0x6}}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_IE_PROBE_RESP={0xd, 0x7f, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, 0x81, 0x40}}]}, @NL80211_ATTR_PROBE_RESP={0x4}, @NL80211_ATTR_IE_ASSOC_RESP={0x4}]]}, 0xa4}}, 0x0)
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r5, 0x2}, 0x18)
syz_usb_connect(0x1, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r4)
close_range(r4, 0xffffffffffffffff, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
syz_usb_control_io(r0, 0x0, 0x0)
executing program 1:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x24, 0x140f, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x9, 0x45, 'issm\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
executing program 1:
r0 = socket$inet(0x2, 0x4000000805, 0x0)
listen(r0, 0x7)
sendmmsg(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[], 0x18}}], 0x2, 0x0)
executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0xf0, &(0x7f0000000280)={&(0x7f00000002c0)={0x24, r1, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0)
executing program 1:
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000800)={0x6})
executing program 1:
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)=ANY=[@ANYBLOB="000005"])
executing program 32:
r0 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r5, 0x2}, 0x18)
syz_usb_connect(0x1, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r4)
close_range(r4, 0xffffffffffffffff, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
syz_usb_control_io(r0, 0x0, 0x0)
executing program 33:
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)=ANY=[@ANYBLOB="000005"])
executing program 3:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x15)
mprotect(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x9)
pipe2$9p(&(0x7f0000000000), 0x80800)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r3, &(0x7f00000001c0)='X', 0x1, 0x4040, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e11263", 0xdc}], 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x89f1, &(0x7f0000000900)={'ip6gre0\x00', @random="0600002000"})
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, 0x0)
shutdown(r3, 0x1)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r2, 0x0, 0x11203}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_MCAST_SNOOPING={0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x10)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=@ipv4_newaddr={0x28, 0x14, 0x101, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, r2}, [@IFA_ADDRESS={0x8, 0x1, @empty}, @IFA_LOCAL={0x8, 0x2, @remote}]}, 0x28}}, 0x0)
executing program 3:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r0, 0x6f000)
executing program 3:
r0 = msgget$private(0x0, 0x0)
msgctl$IPC_RMID(r0, 0x0)
msgctl$MSG_STAT_ANY(r0, 0xd, 0x0)
executing program 34:
r0 = msgget$private(0x0, 0x0)
msgctl$IPC_RMID(r0, 0x0)
msgctl$MSG_STAT_ANY(r0, 0xd, 0x0)
executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef91", 0x12)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0)
recvfrom$inet(r1, &(0x7f0000000680)=""/4096, 0x1000, 0x10000, 0x0, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x50)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x216, 0x5})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000e00)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d57619127cee4253655c33b71054226c3b00b9ee6ae29f0b07bc6fe7981126ca804c1f64e6c19ba36b2778c5f4a1c58625fe19516af43c9870c5b8191e23778abe7df2280d459b1651686a53ca52dce9570444c153f9c2903ae4c868074e89477bf6ed2ab", 0xac}, {&(0x7f0000000f00)="397d5f2edc82d0337ae5ab9ee47dc3e798cf69cfebf169e77257f308227094d569a4326954e50ea185bc6fff0507c5dfd26676de9ddac4fe6db927cd4d03965f42d9c7513eff1631baa83e3daf514c600450374f6d76b8fcf2bc3eca29ce7538f85aa34b2bdcc17ecd080f0850377f771a4e8693703da4e347e0165f00872a21845e17030de0ff47bc869de32ee24ca05e6f805ec0a1d0257e0e6f900e6cfb68e827b515d05bf2cc14e53e04b713a851bd65", 0xb2}, {&(0x7f0000000580)="4068745fc217775e9fca3477d3c929c1231d710ed7", 0x15}], 0x3}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000740)="b1f56ee29c43", 0x6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000300)="b5d3838236773268a73daecfa0fdc5beb5a7ac332a11523627b41db31da6be0055bf716aa2b23b97d43cc40c632f6b9850f364ba0831ed0d6f7157f204275aa850d992d81ba6ab984bd809254e847b644cf6459a8139c3ebba62168141343c853896523ffb04131b2786acc44a57f5b1bd33cdaef8dd3c0526b7454eefe5153c5778ce05c77e962fd6bf3a4b9eb05654e64f1867398e202b4920e9ebc08f6e6dc652a12e45445030e069f44b", 0xac}, {&(0x7f0000000500)="e47ecfc6ce6d4d9cc5a0fbf98f301803da3adfbec8a1d5324076b744b24bc7cf83120d4819726e827d90219c7100dc54801b32c3a9a69a238db1f4d16464062d870e812ee381b6b3c234824a4a4475f9ee81286836e549ff446b0004adc6b16981ea546cd24ff6d5739a", 0x6a}, {&(0x7f0000000840)="fbdd17a812c727337dc6c74dcb077562b57a440dbf7711ba245a62b76d46b0f19e6ff608ef9e5fbb4a8cfb02e28403582ceb8031acc767f766772a93a2f00ddde52ce6f7a84db1c66feecdc4a028e7b9e5e27a0057957743cbf196c517bf3ad97859c31205e3a35f435ec338927f53a43fae1907b2c772d9b35b9b3aa61985ea588557", 0x83}, {&(0x7f0000001300)="9f289544783daada5fedb202b944a5d336217d3a5e4d71506342f371603141bb7a97644a5ed7d82b6e788c09793ec4e047cba8525ef9d17fc8457083a3018bdfc7d6911e486ddc867794efd70509c297900796bb264984193bd19cdd7343dddf3d102bf15b12f7c9578045cb2c429af49ea127da0f1e6fce7ca321f47054201952f0e318c68062c18bd61141d7b54ee3b81529572a116449ee773552cff69f641c4e69741ac10ec7b626d95931a92f805e75cb11af222ae79b977a16991b499925a82482d5ed16d6b0a0faecc057e3df07c33c8e16a5e083e47d48483bb047b17e6aae07e8587fcaea04019b1292864c9e30c679a7b0d3ac5ee9a6eedab246b6fb7afee2f319c653b0ae7132b4a52aba2e21b2cc725abfe5f825f285b38f78af0229684e8a3a0509b5bc10102c48309135ef698296bcd2eaf28793bf9fd3f6d721f58e18514613577833f6022dcad0b265ec7434cb0e461ea733111b5135f6db5156c05095418ae230addc50d9f0fe6dbe80bc89c462dab58cb7c311d183f99fd8ae8aaecd159e13b954dfc1ae0145bc4f34f01a391ed9eed0740459ae02351bf0ea537fad3a57d293efc19435ef2e6b4a3ba5c595970f9f31a5a7bc291b3d8c0c5498c172851e642a537cd4328bc5c8033a96554df30a97a418318b85443d14643a82dd4b00bc977554460a83b42c6e941c0437143813a11f0e24ca4f9dc40040c63182db4114103c8a3047f41287438c7b049f850bed263ce569777f9d878f74c9f4673681dd8c3c5824993fa8b6f98f761433a797092baf983d6bd24ec31fc0ddca76ccd14cbf2c03966be456c78f1a5d5b98e423d396bf0a57ce12afa970dbfa30ed7276e8a60c5a36ca60f7092dfccf911e9e0692ed24241f3d811aac780423ca1a619d8d492d19c03c4f9564416a8000e9a79e9467592ad883c239e00c92e152398715a45083bf4b0a637099c52286a67ac9315493a32fcc35d712cf6c7b762c01d88d6167207671d4fec410db2e342fa7dfe2539b084c47ed2853a417b8e6525dd6b0b5956eb55a0941d427f6298d91aceeb049ab0faba61600231848bcfe911ef922ffc9c8f96855747f1e22760bd7e0a50529b0a8b7a0c9623dabadecb1feda8c9be29dc737d12ace637c8f52b0570a0d1604c20a85a06049875a35633d7efd8b2662f42fb0334ffe589a624f86567126a07eaaa9d2f1711d2a0cc30918404eb2aa778445303c0b733c69d8928dc6a347315be1cbfedfea5ad8a60b57641d1b59a41047aa35344c86b2ace2676ea561d7338880d1c1d8600f466d8636f999512fbbf60d9a4f2c054d93ec46f807151e47ce344c8494da9c405a4ceb1ce3d73bbc531485407f80a626d6808dec3700f164b242ee1ee3884258f863e98ab9e2fcbd7df60cf0e80df6ee6d0ff34ca9018c7baf9f8509720e080b76ef18e17d0d3ee74582dd9ad13fdb052f8e638362c327b609c1306f6fb59171b10c2a770ecd4a66c36a5404258bd3542705aee783074ccd963286b6f8c2576e0b77e1c9d58ea20bc9ae7a16508f241476f5ee52687592369fc78103547b83ecc259da28810932b33bb1bb34d919e683a56e993f0eb7c55a9fd1b369aea8bba9fbcbdea186f5fd2425be9839ef981f9310d236826c98c4b262d0c0e0e7a0069a49d26dc031e4723323f3b583672cbcb7d7d687e391917e750251b617f11e3eb5f703c74029f48794307440a6bb5f3a94498848baad0176424e4139a960bd01c0d24e85b1b752618ff1fb7007df1fd7d8bc39ce6a8aa28a9b52e54f36c96bd030cf7aa2d49fe289a120002244557d7279a53c129f87f7d6703cd8250d670617eed49b0ad9b0649bb41870e1a7e144b355818d3a5ea6b5ac2cb95e72a04c12b426f93fbe953ae0ddfc822ca03c1002042b9602a16e5a827d535574be25bd6790472dbeb2ede3866fb436698f7a6ba9ef020ae4cfe60061ae38dceb5972d5a27b232f525b4a3de944603d3d98eb3bd8771e268a1e8ff991021329e7c81dda4fe1a6ee463674006a24eb1556ff7113379e5f34ab22f317a30b12b1cd9c8775d84ae7c39ae09f23e04329ec8796e753fd917b1ecf955507cd3cb9f0113f3e85a6b9133a55dfadd7c85a1a5396ec6edeac43b46cb5b6f457182a951772cc31e03f2f1e45426fc703dcd145925f7f9f63cfb9641c1573a9eabd2a57d56d85b61ef2bdccc59158f576c3b32a84c119a58d0d2cee6f628742d9a1c84df7068fc42f239cacb96b17f341a3732a22c64f5aae42012235ec8b6797c65c8d9b0735134b190e7a1aafe31e7b9969c3d5320f8f65996cbfd5904215b00a3d787666d9ff30fd1aa00e355cddb34ac872a330ef7efea9f6a329dd39de518ab7db93c3f491ae924783950753f41d9b9cccc2a3fd19adff63589cdd989ee993a0c3b3965a54ec972461b80fd3a3fd495747c36c0275a15b5cef565dd9ee57e83ae3fa9ff1458f0fa68c47fc711c4a04f1", 0x6e4}], 0x4}}], 0x3, 0xc0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a92", 0x4, 0x11, 0x0, 0x0)
executing program 2:
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))
executing program 4:
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x4}]}}]}, 0x38}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x8c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3f, 0xe, {{{}, {0xb4c}, @device_a, @device_b}, 0x0, @default, 0x0, @void, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @val={0x25, 0x3, {0x0, 0x34}}, @void, @val={0x3c, 0x4, {0x1, 0x6, 0xb8, 0x4}}, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_FTM_RESPONDER={0x18, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x5, 0x3, "16"}, @NL80211_FTM_RESP_ATTR_LCI={0x6, 0x2, "acb0"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]]}, 0x8c}, 0x1, 0x0, 0x0, 0x90}, 0x0)
executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef91", 0x12)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0)
recvfrom$inet(r1, &(0x7f0000000680)=""/4096, 0x1000, 0x10000, 0x0, 0x0)
executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e00000000000000fdfe070008"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000280)={r1, 0x0, &(0x7f0000000200)=""/76}, 0x20)
executing program 4:
r0 = socket(0xa, 0x2, 0x0)
getsockopt$bt_hci(r0, 0x29, 0x1, 0x0, 0x0)
executing program 2:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
ioctl$TCFLSH(r0, 0x40204706, 0x20000000)
executing program 4:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 2:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
r2 = eventfd2(0x0, 0x0)
r3 = eventfd2(0x0, 0x1)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000002c0)={r2, 0x1, 0x2, r3})
r4 = eventfd2(0x0, 0x801)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r4, 0x1, 0x2, r3})
close(0x4)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 5m0s
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-syz_kvm_vgic_v3_setup-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program crashed: WARNING in kvm_handle_mmio_return
single: successfully extracted reproducer
found reproducer with 9 syscalls
minimizing guilty program
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-syz_kvm_vgic_v3_setup-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-syz_kvm_vgic_v3_setup-ioctl$KVM_RUN-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-syz_kvm_vgic_v3_setup-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program crashed: WARNING in kvm_handle_mmio_return
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program crashed: WARNING in kvm_handle_mmio_return
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r0, 0xae80, 0x0)

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program crashed: WARNING in kvm_handle_mmio_return
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
program crashed: WARNING in kvm_handle_mmio_return
simplifying C reproducer
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
program crashed: WARNING in kvm_handle_mmio_return
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
program crashed: WARNING in kvm_handle_mmio_return
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
program crashed: WARNING in kvm_handle_mmio_return
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
program crashed: WARNING in kvm_handle_mmio_return
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
program crashed: WARNING in kvm_handle_mmio_return
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$arm64-ioctl$KVM_RUN-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN
program crashed: WARNING in kvm_handle_mmio_return
reproducing took 1h17m1.999148832s
repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3270 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x1b4/0x1f4 arch/arm64/kvm/mmio.c:99
Modules linked in:
CPU: 0 UID: 0 PID: 3270 Comm: syz-executor447 Not tainted 6.12.0-rc7-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : kvm_incr_pc arch/arm64/include/asm/kvm_emulate.h:536 [inline]
pc : kvm_handle_mmio_return+0x1b4/0x1f4 arch/arm64/kvm/mmio.c:118
lr : kvm_arch_vcpu_ioctl_run+0x1ac/0x854 arch/arm64/kvm/arm.c:1135
sp : ffff800088e33ab0
x29: ffff800088e33ab0 x28: f6f0000005b35b40 x27: 0000000000000000
x26: 0000000000000000 x25: fbf00000073d8048 x24: fbf00000073d8000
x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000
x20: f3f000000664a000 x19: fbf00000073d8000 x18: ffffffffffffffff
x17: 0000000000000000 x16: 0000000000000000 x15: ffff800088e33aa0
x14: ffff800088e33d88 x13: ffff800088e33d4a x12: 6d766b3a65646f6e
x11: 0000000000000000 x10: 0000000000000078 x9 : 000000000000000c
x8 : ffff800088e33d98 x7 : 0000000000000000 x6 : 0000000000005452
x5 : 0000000000000005 x4 : f0f00000060bd300 x3 : f6f0000005b35b40
x2 : 0000000000000000 x1 : 0000000093c18046 x0 : 0000000000000001
Call trace:
 kvm_handle_mmio_return+0x1b4/0x1f4 arch/arm64/kvm/mmio.c:99
 kvm_arch_vcpu_ioctl_run+0x1ac/0x854 arch/arm64/kvm/arm.c:1135
 kvm_vcpu_ioctl+0x294/0xa04 virt/kvm/kvm_main.c:4475
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __arm64_sys_ioctl+0xac/0xf0 fs/ioctl.c:893
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151
 el0_svc+0x30/0xdc arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
---[ end trace 0000000000000000 ]---

final repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3270 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x1b4/0x1f4 arch/arm64/kvm/mmio.c:99
Modules linked in:
CPU: 0 UID: 0 PID: 3270 Comm: syz-executor447 Not tainted 6.12.0-rc7-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : kvm_incr_pc arch/arm64/include/asm/kvm_emulate.h:536 [inline]
pc : kvm_handle_mmio_return+0x1b4/0x1f4 arch/arm64/kvm/mmio.c:118
lr : kvm_arch_vcpu_ioctl_run+0x1ac/0x854 arch/arm64/kvm/arm.c:1135
sp : ffff800088e33ab0
x29: ffff800088e33ab0 x28: f6f0000005b35b40 x27: 0000000000000000
x26: 0000000000000000 x25: fbf00000073d8048 x24: fbf00000073d8000
x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000
x20: f3f000000664a000 x19: fbf00000073d8000 x18: ffffffffffffffff
x17: 0000000000000000 x16: 0000000000000000 x15: ffff800088e33aa0
x14: ffff800088e33d88 x13: ffff800088e33d4a x12: 6d766b3a65646f6e
x11: 0000000000000000 x10: 0000000000000078 x9 : 000000000000000c
x8 : ffff800088e33d98 x7 : 0000000000000000 x6 : 0000000000005452
x5 : 0000000000000005 x4 : f0f00000060bd300 x3 : f6f0000005b35b40
x2 : 0000000000000000 x1 : 0000000093c18046 x0 : 0000000000000001
Call trace:
 kvm_handle_mmio_return+0x1b4/0x1f4 arch/arm64/kvm/mmio.c:99
 kvm_arch_vcpu_ioctl_run+0x1ac/0x854 arch/arm64/kvm/arm.c:1135
 kvm_vcpu_ioctl+0x294/0xa04 virt/kvm/kvm_main.c:4475
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __arm64_sys_ioctl+0xac/0xf0 fs/ioctl.c:893
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151
 el0_svc+0x30/0xdc arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
---[ end trace 0000000000000000 ]---