Extracting prog: 52m37.122221649s
Minimizing prog: 8h21m38.042252466s
Simplifying prog options: 0s
Extracting C: 6m22.951617016s
Simplifying C: 40m2.843548621s


extracting reproducer from 12 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 45s
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-syz_kvm_vgic_v3_setup-ioctl$KVM_SET_DEVICE_ATTR-ioctl$KVM_CREATE_VM-ioctl$KVM_CHECK_EXTENSION-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r11 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x38b9) (async)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f0000000740)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xb0, 0x14, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0xdf}}], 0x48}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 12 programs with base timeout 45s
testing program (duration=48s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 6, 24, 14, 40, 27, 29, 11, 19, 20, 24, 8]
detailed listing:
executing program 1:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x30)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, 0xffffffffffffffff)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f00000001c0)=0x7ffffff, 0xfdef)
ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f0000000100)=@attr_arm64={0x0, 0x6, 0x3, &(0x7f0000000000)=0x10})
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f00006ab000/0x3000)=nil, 0x930, 0x400000f, 0x10010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000080)={0xe4, 0x0, 0x2})
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff, 0x1})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000200)={0x5, 0x0, [{0x7, 0x4, 0x1, 0x0, @irqchip={0x4, 0x5}}, {0xe, 0x4, 0x9e31f06208c94ba, 0x0, @sint={0x43, 0xe97d}}, {0x8, 0x4, 0x1, 0x0, @irqchip={0x7fffffff, 0x8}}, {0x153fa9d2, 0x4, 0x1, 0x0, @adapter={0xefd, 0x0, 0x7ff, 0x6, 0xd}}, {0x4, 0x3, 0x0, 0x0, @adapter={0x501, 0x8000000000000001, 0x1, 0x0, 0x3ff}}]})
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, 0x0)
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, 0xfffffffffffffffe)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3f)
ioctl$KVM_CAP_ARM_MTE(r3, 0x4068aea3, &(0x7f0000000140))
executing program 1:
r0 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x1, 0x0, 0x0})
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x36)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x9)
r9 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r7, 0x0, 0x3c0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, <r13=>0xffffffffffffffff, 0x1})
r14 = ioctl$KVM_CREATE_VM(r13, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0x8008b705, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000be7000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x7d7b465c1d30afba, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3})
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, <r4=>0xffffffffffffffff})
close(r3)
close(r4) (async)
close(r4)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013df62, 0xc00000}}], 0x20}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r6, 0x5452, &(0x7f0000000080)={0x7ff})
openat$kvm(0x0, 0x0, 0x0, 0x0) (async)
r11 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x20)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000a67000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000a67000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r14, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x2c}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_setup_cpu$arm64(r14, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x2c}], 0x1, 0x0, 0x0, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8001}) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8001})
ioctl$KVM_CREATE_VM(r16, 0x401c5820, 0x20000000) (async)
ioctl$KVM_CREATE_VM(r16, 0x401c5820, 0x20000000)
ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x6020000000110010})
executing program 1:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x2c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_fp_extra={0x60200000003000d5, &(0x7f0000000100)=0x7fffffff})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0xffffffffffffffff)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
syz_kvm_vgic_v3_setup(r8, 0x5, 0x1c0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000080)=0x11})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r10 = eventfd2(0x0, 0x0)
close(r10)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r11 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="29761e19e7daa1ee8c9c4cfaf9b6520ce750957c4e67e5d7e7563b167f0900339e381ac098349fe4130f7cb3ef2ce60aba2c168901448ed42287aad01f6e7e3de22cba83f3869f17", 0x0, 0x48)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
write$eventfd(r10, &(0x7f0000000180)=0x5, 0xfffffde3)
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r9, 0x4208ae9b, &(0x7f0000000240)={0x20003, 0x0, {[0x97ab, 0x10001, 0x3, 0xc08d, 0x8, 0xffffffff00000001, 0x3b880, 0x400, 0x5, 0x2, 0x6, 0x5, 0x2, 0x8, 0x6, 0x7fff], [0x45e1, 0x8000, 0x5d2, 0xfff, 0xbb9, 0x0, 0x8, 0xe, 0x51bb, 0x8, 0x4d681830, 0x9, 0x3, 0x10000, 0x7, 0xfffffffffffffff6], [0x80000001, 0xfffffffffffffffe, 0xa3, 0x0, 0x8, 0x81, 0x6, 0xfda8, 0x401, 0x5fd6, 0x3, 0x0, 0x40, 0x4, 0xffffffff, 0x9], [0x3, 0x6, 0xe99, 0xe, 0x9, 0x7, 0x8, 0x0, 0xb, 0x2, 0x10, 0x4, 0x9, 0x9, 0xc, 0x6]}})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r14, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0xb, 0x11, r2, 0x0)
r16 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r16, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
executing program 1:
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x78)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000d5f000/0x4000)=nil, 0x4000)
executing program 1:
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000280)={0x0, &(0x7f0000000140)=[@svc={0x122, 0x40, {0xc4000053, [0xffffffff, 0x1e0, 0xfffffffffffffffc, 0x5, 0xa]}}, @mrs={0xbe, 0x18, {0x6030000000138044}}, @smc={0x1e, 0x40, {0x40000000, [0x7, 0xa03e, 0x8, 0x7, 0x81]}}, @mrs={0xbe, 0x18, {0x603000000013c65b}}, @code={0xa, 0x84, {"007008d5000028d5e0148bd20000b8f2810080d2820080d2630180d2840180d2020000d4007008d5008008d50010206e007008d580a997d20020b8f2610180d2020180d2a30180d2c40180d2020000d4007008d5209a91d200a0b0f2c10180d2020180d2c30080d2240080d2020000d4"}}], 0x134}, &(0x7f0000000300)=[@featur2={0x1, 0x82}], 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000000340)={0x1000, "fa6ec8b1d0915945afec7d58fd94a3ecde84605c3e577ac639eb2cf46e2bed07aa366ecd5979df9fc19eb00eddbaf0a4376f36557e8c3dece211d486de10b8c481dd3e622ef1a14aef162b3b418e2836d585ef8b583cb2cb11b906af95d572bfd8defda053dd86c83f8dab18950ff6552110db8ee7ea8d3c0b79eb03dba7a383897993265f4275ece53ad1752b92ec90d6947bb4731ad7e64b2ae9ed10292e2cf8ae3048c823dc7755c85becdc3686312ef21eb2232eae679d0b1f6d97bbd3db7b1a178b6ae7d0f8e8076ae5109e757efd3ddb61c39acdf6053a792a3bbfc598cf1f7a6a2658b500e45eda6fefb739912baf7d7276c0beabdf182fe6b9dfb2a8287d7c15c07ef0c1e8a478ee01e3860334c2784461183fc07d5c5adf548f91eb0d311cfe584937952c96f65df3301057cf14d2efbc1035bc9b2b31caadb4c20a2b826fb08e277a80f4a085da877ad030a7c18f88119034df4ea91638ab991ca062edaaa7aeb437444c933518bd5fb841705ed6be69349591433a42d0a14327a443dcb1df4be8ba2ee962045e9c722313163cfb135c1d7e92179b0e21b9316cbfef4304658b73165cce9455d509a0f9e72700776e141c183ad15714242e6492744072626643334505fa7a5a0f37e047fba6ccf334dd78182314873edf2d7fbd56870d059c036885e97285aee707017b0cf400cb2b83fa20cbc0182011e00f793184cbbd62f784cfe14bb5889d0df3c1a6a7488fecb72fff98350d000503b4890211240ec8ca5a9d210c98f497cee2816d76fff7ee5d800f180bea72b21a7d059a8aa01adc6757dfc46253b1f469f6fef15b525a3ad83988581c95a436d22de3cb9f6f7260196ad5e3cbcb0214cc4e85fb24c34ae9fe287b70307888a344aa676278df2b2f3848d45630f3491f8b91e75f147a31306b88d49d40bde9e36e5537a4f1549e2904fd676da843d74fb0e1684145dfcf5da23e3f2816d543ebab7c60d1c625a1ca4c9be458c77d70a93425bab3841b014951d16f517fe67e35b6da63d1753af353765364fe5de6fc6a711a1094eb03c279b7da4fd0145b73be10352d74ba2449944e607175941b05fd476640a824a27ee190a5eb6ced6b221f58e1cf3cc0bed3fad48728e79f9ff310a378328740ec86d1639850a35b86c32f57937a518df06a1e461281f477e659616a530e314a0813919c2503bfdc92396ad41b9f276fd8681ab9c8fa71fd9484a6195830188d17b4d478582b524025ab56a35e3a932c41c1a23236bda80726d67cd3550237774acfe8406d056f8262bef7d44d9c12e1842bc057e609c93ec597715d3f86de6680ddb0b939dcb617be7b82e9cc81cb2fef877d11d9828bbc4bed004a63bed02f9de30bffe12d27920a4e11ec5bc9fe9036fa4c310bff59b383441aa8d9ee7a0d704d4f70f4e57b996b08b59cded900d7f0684deccd371d6469307c5f091d547532935eb0669a43cda8403362dada811b8609c215d6aae6e7477a5a00a0dc7509b4f2b172ecaa3d6ede7f209061cfba944689893ae882c3280a6dca31d2a06e51591bee1866dd410c98f83970e38593fd086a0a156b074f74652f475d95c2466ffec41f4ab8602f7ffd99885aa35a423c9ce07f2e157937eb34bc793825ccb092242f1e23424fc99279d9f0f9d9ef8cd7922636401f3167c2335627edd33ff7653bbe03f9e03f255fe3fc6a9e410b254ed8e0f61a8f1ca88219d248d16fc8a58e7ad986a58c4ab30344ef32abb1c636af5bcc1b53d3385d1bdc29d9a2d4bbde79c16666d506a93f169d67b36fdf7ddfceac99524dd7628dbe71bbb89704201edfa64d0a8b2bf64df2a755dbf9bfdbe47a17fddff995be62c13d5274581d8e5f9c1cd05a93842729cc657d3135637151b0fc076905d6ea08236b49f03aa0f5bbbd56bf406489b9961e9bc97e005e465b939bed6a4e8adc725c119540a0b18caa367be9fbb001d7f4bb978487282cd2830443f898a773a000cf720e3d018d2a9a2ec36e43177fb9d5beaf64140db27659a0fd427530a436c6b0ecdb4344070a3995eb23c35b43de0ef9fc9d2a438dfaaed0ce5678ccf4523cbae38915c2cf5a993c03ad584f46e25ccd2d6f76a70b02f4e6501d0cbc633451d9dac0c287ade83e807e430d885842babfd9d3fe263ee79c62a482be4cdecfe705ae0ec4f3f6bee45fac5c538b298e794c3af3a48518cf500e66245fe40eb7b299e0a89f3fb7900a815d22fcc127bd516c0f4e3fd0221b1e959769016692dedbad1180250a24dd7fc1fd4c785deb5284742b21e5cf14a1cdab26a4ab0e9ca71e004e1828881db3bc8e26f99ed1e8cea91a9c44f71a7b32a7303f3dfed15be7bf3b35f2852804a2db37f7f56a8551b00fdf4e939f9ed147bee1b74ca92c9943e1e02b7995e6ae21c8b3bceb5bdc0ee6435ea8264c27c99b0741fff6392f639353732943fac006d36aac94eea1312d23d13a546be4b81d1197351d82dc6ec97ece918aa7a89c73bc9419166f404e0b2cc7cbb3cab99c763ac0d0a7b5842db9c005ed1601c0d165364dd821a87c9f8b042eca0118ad06fe1b0dbd3fa277e2a8d210931f83c4134dbe5ecae7ecc9ec2ec1bbf68812535106ed40664e7875cff984d82d96e9f1148b0094e0fcfe3e0710d2f47914c4f0058803ac2c5b509950c07811f530e4b8e9ef328074f93130d704ea9ac5552a11e863022dd38b06f3338f4b90e66c119d14a8dacfc4009ad183f985b424b86728e8995652d83f60fa416f5ad37a283fcd3f938c0515a0f8b033e62f617ca9a979f32d0ab463a02639e6b8804254f4e8c6fdb373d1832bfba63a06574eebf8b16b279289d8aea52d9514d12df34448916c71e3b8405aa4609a5c279f3c7df59eb55b12cd5c925b8c9fe585d2ddb3a6f60ec1a7afcfabf36b10c80cc8ba018a40454ecc13061c2f997570f1c8be115317db7c609758106a98f2bec4059f3e02962ad01642a5aee7f3a92d21809b95b74b990039446ebfa95b01ce12b344b101940f2ffc28623962ba4b1dd7f7d8a387d9b7e6c36c635889aedbc3de39c54ce9d569d1b94041e79858153f8eb6837b6df56ac9786e838af587c71af0e1b7a035ace1bf30c76f672d02016461d532c5a4de714cc619185024b7bee593f3ceff9c0d0ee1e060382bb94c064dda0430b095d23197a6e998db5c3ff722b5629bdf99eb0341305ba411c129cd0122c69284dd7dd970c96ec0cfa30fb2e7c4e10d41d7e72f3db9a299f8a64d8d339f087f67f68b85637cda80197db668aecbc83085d9f31ed85caef1cfa12d9a735b5f3be34485014b2136c09b0ad0caa294c302137d38d0f88ef8cd75934606bb3c92962ae5ab329e8caa5bbc1d2842b45ae84b4f5f70e7103afa1416742e88ba8f18a05bb2c2667566490084e1df59d72105c2dabb34dfb601d029a3fb00918395eecde4cfade8b68f180a28d46244440149ad0b8dc14670b6b9d4d1036b57c09fc90f4e8926c06dbfc5a76b656c0a1137564e478994e3fa4f734573a0bd077e5ea4e9fee454f7fe1461d4315cea230a3775c985daa6ba9599d4bd23e25072876d454907f13600ab1c001fa5ac92adc687d7ea4beb056673c61c4700309e512141985b3581a527c3cabfb739f05780736300852811707fb36d313e2140b79d212f0e1d246da0f0d24b2d321cca4868a1cbaa4b3495b0ac93d4fae465c89fe49cd087074ba4eaa9b3b1cf5271d62da32d5a78108cc89b06456be93cb748bd0ec887379cf2466e328ebf0aa5088185f6958349192a9bf71032896d66301e574f4b9fe01716f196b1404e59e1943bedbe5588352ccf7bfa7efef935c6f21c7d8f65c49ddf645727c180b525787e2d043a6a73e47a10e39956bc9522fe0a26b089e1090ff9d520417aa667b3ccce227c80e5b823f0d2d34d25b13f55496d897229b2c0baf0377a456f33031d5eb2aba96a636925e67eb4d3f531728c674da7adf60f9bb99c8f295d522c8cdf6c6bb7ee84e4151098f8439087082402ea7185f7a55a7793b01afa4207259d060d9b6037d95283caeeb61070e2212def3ef345974a8a675e2f29b16e20760295ca88757b87a97dddc9df33d42863554ac8f9bf63604236d9df06174efe8320eb02ba6eb06cda91b7bc75e564468e3db0d947361bf852f5be2d5eb09c42326949087000e9f9e30ea2f3954ec18f40381bcf75db42a9fbe81f5f127bad980aa954f1e41b5f32e94e0fec3ed53e37fc7aca3becacb6bfc982143f2dd2490ebc0696a6e0e97f87abe7cbe9b40a00f77c779056c7cfb30016d48508c080bc04b5c9497e1ecfceb62afc6dc67ef8c1b526ecd7ee611d026a092c79746fa57440b4f61af8ccb9b1bf2d65ea0126240c57a2a0d1530d29be6ce289fe0f7c4c3b8f9c6af933475ca901dcd041198bc1b5d7a1fa5a29f0ebd3bf4798ccd2dfed111cfe214d94ea85f35ed16151a91a2f18e1e6924995fa26c69dc842d9134a845b97f2220d84b8513fd7c443bc02f07796016cb55e0c42710bd29be9afdc2a16d63692bb70cca3909ebcc4fc40f2c20e5d30172c4eafd110e585ca6b15ee987ff775400f8a8da5a27e6f0473f8ab28ad81f304f3e60b39a22928b921ea0232ad07cdf70720d3bd71a24b42129c3fdb25e37c982a6cc7c43738ca278cffe2db4bbc4045d5592591b58e09884b005583bbfebbfdeb903c9b9b5f347ac7dbd21da5ba416b4c65551c66586cdeeea7895709fc31d6d6f4241e7c4393c93d5ec022689eb3bf556ca07589aaa424067ad0e3ca72eccef1b366bdb9855cc297c07994d030e9dbbe580cd4995536296d7e4b86b3e2428f8a889a3c987c02fa8bfee1d37881446ec6feb54ce8ababb2d9dad156db0c64bbf50c7f09b0f69a4e58f4d6fd337fbc9f72c3f96d7a4b5d5565d766ed9bf8f76482fa63123bda2923222b69a4312ed333acf6d7244d978f03a734f5216ca85bcb8bd8834c0903c1a6de52ffc277ac0513eff6a179ea0e03ba71dd60e797f4950ba8e06809d86af4400140faef786815e6e232dcc7ae311cd9c98095309ddbfc7861a4ce00d35f89f2a8ab13d03154086552dc7457fbce49838ab41aa75cddb7bc35875101d22521eff22dd55ca117b9376d7dd50d9e04ef7b952613ca235f1a2b50ab336f2989c078a90f3b50a0cf28b61870d2368c6fb0582f5d3e72558657d6b3adba2ad7045f63a2e2edf1faf39738a9835553ee58aa68e48c2405dfd023e540190bde0b548e34b1e8571e926aa8ceb42954dbb3b1d36a90718098b30b20b6f99cb3e4403a93f52237b753feb8f719b117e5e80699ab8a75cc4698bc1215657c41f1feebea60d1dcbb7f7a7c049a7dd80f91d58ce0c70463e04376587819bb72fc391285bca9ec694e0876bdcd86517b7584f8a7952ef080f302084ca87f41349104edad33fb87efb7191428121c0c03ef4a707e4363fcea53d3c1522458fc4c5d16168023886a6d8ce6c8ae2ad5bedc0845c3a41d67348b3208fa401eb0e3a334420c45692b7b7a77015f8663a5f084753ce9fd33120b79fe93f64f5ccc1346540b6d95c1ea7834027be42c97f2a33b08c9208243e34d0a2c39f7ed2cc96d2dcda1d2978121e7c6a4af8da4938f7851e08f9588af7994af82cb22917f389a821be70d610f736a2a090651c99ce6df0e06704d3a776300746dbd6a35414782a24b537d6508933689569fbe190181db64328ed9a9969d39acae125a86e0bf8f8a581941cb262f20f939dd76f514178c7e6b6ab45ee2120fc4cf3ba36fb532084bde88"})
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r4 = eventfd2(0x8801, 0x800)
r5 = eventfd2(0x3ff, 0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r4, 0x5, 0x2, r5})
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x8)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r4, 0x5, 0x2, r5})
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x29)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async)
mmap$KVM_VCPU(&(0x7f0000013000/0x2000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
r3 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x29)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x10, 0xffffffffffffffff, 0x0) (async, rerun: 32)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f0000000100)={0x3, 0x80a0000})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000140)={0x200000000000, 0x0, 0xf, 0xffffffffffffffff, 0x3}) (async)
ioctl$KVM_CREATE_VM(r3, 0x401c5820, 0x20000001)
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r11 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x38b9) (async)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f0000000740)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xb0, 0x14, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0xdf}}], 0x48}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
executing program 1:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r4, 0x3})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r4, 0xf})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 5m0s
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-syz_kvm_vgic_v3_setup-ioctl$KVM_SET_DEVICE_ATTR-ioctl$KVM_CREATE_VM-ioctl$KVM_CHECK_EXTENSION-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r11 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x38b9) (async)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f0000000740)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xb0, 0x14, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0xdf}}], 0x48}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 12 programs with base timeout 5m0s
testing program (duration=5m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 6, 24, 14, 40, 27, 29, 11, 19, 20, 24, 8]
detailed listing:
executing program 1:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x30)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, 0xffffffffffffffff)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f00000001c0)=0x7ffffff, 0xfdef)
ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f0000000100)=@attr_arm64={0x0, 0x6, 0x3, &(0x7f0000000000)=0x10})
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f00006ab000/0x3000)=nil, 0x930, 0x400000f, 0x10010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000080)={0xe4, 0x0, 0x2})
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff, 0x1})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000200)={0x5, 0x0, [{0x7, 0x4, 0x1, 0x0, @irqchip={0x4, 0x5}}, {0xe, 0x4, 0x9e31f06208c94ba, 0x0, @sint={0x43, 0xe97d}}, {0x8, 0x4, 0x1, 0x0, @irqchip={0x7fffffff, 0x8}}, {0x153fa9d2, 0x4, 0x1, 0x0, @adapter={0xefd, 0x0, 0x7ff, 0x6, 0xd}}, {0x4, 0x3, 0x0, 0x0, @adapter={0x501, 0x8000000000000001, 0x1, 0x0, 0x3ff}}]})
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, 0x0)
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, 0xfffffffffffffffe)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3f)
ioctl$KVM_CAP_ARM_MTE(r3, 0x4068aea3, &(0x7f0000000140))
executing program 1:
r0 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x1, 0x0, 0x0})
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x36)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x9)
r9 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r7, 0x0, 0x3c0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, <r13=>0xffffffffffffffff, 0x1})
r14 = ioctl$KVM_CREATE_VM(r13, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0x8008b705, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000be7000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x7d7b465c1d30afba, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3})
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, <r4=>0xffffffffffffffff})
close(r3)
close(r4) (async)
close(r4)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013df62, 0xc00000}}], 0x20}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r6, 0x5452, &(0x7f0000000080)={0x7ff})
openat$kvm(0x0, 0x0, 0x0, 0x0) (async)
r11 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x20)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000a67000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000a67000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r14, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x2c}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_setup_cpu$arm64(r14, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x2c}], 0x1, 0x0, 0x0, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8001}) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8001})
ioctl$KVM_CREATE_VM(r16, 0x401c5820, 0x20000000) (async)
ioctl$KVM_CREATE_VM(r16, 0x401c5820, 0x20000000)
ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x6020000000110010})
executing program 1:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x2c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_fp_extra={0x60200000003000d5, &(0x7f0000000100)=0x7fffffff})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0xffffffffffffffff)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
syz_kvm_vgic_v3_setup(r8, 0x5, 0x1c0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000080)=0x11})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r10 = eventfd2(0x0, 0x0)
close(r10)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r11 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="29761e19e7daa1ee8c9c4cfaf9b6520ce750957c4e67e5d7e7563b167f0900339e381ac098349fe4130f7cb3ef2ce60aba2c168901448ed42287aad01f6e7e3de22cba83f3869f17", 0x0, 0x48)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
write$eventfd(r10, &(0x7f0000000180)=0x5, 0xfffffde3)
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r9, 0x4208ae9b, &(0x7f0000000240)={0x20003, 0x0, {[0x97ab, 0x10001, 0x3, 0xc08d, 0x8, 0xffffffff00000001, 0x3b880, 0x400, 0x5, 0x2, 0x6, 0x5, 0x2, 0x8, 0x6, 0x7fff], [0x45e1, 0x8000, 0x5d2, 0xfff, 0xbb9, 0x0, 0x8, 0xe, 0x51bb, 0x8, 0x4d681830, 0x9, 0x3, 0x10000, 0x7, 0xfffffffffffffff6], [0x80000001, 0xfffffffffffffffe, 0xa3, 0x0, 0x8, 0x81, 0x6, 0xfda8, 0x401, 0x5fd6, 0x3, 0x0, 0x40, 0x4, 0xffffffff, 0x9], [0x3, 0x6, 0xe99, 0xe, 0x9, 0x7, 0x8, 0x0, 0xb, 0x2, 0x10, 0x4, 0x9, 0x9, 0xc, 0x6]}})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r14, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0xb, 0x11, r2, 0x0)
r16 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r16, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
executing program 1:
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x78)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000d5f000/0x4000)=nil, 0x4000)
executing program 1:
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000280)={0x0, &(0x7f0000000140)=[@svc={0x122, 0x40, {0xc4000053, [0xffffffff, 0x1e0, 0xfffffffffffffffc, 0x5, 0xa]}}, @mrs={0xbe, 0x18, {0x6030000000138044}}, @smc={0x1e, 0x40, {0x40000000, [0x7, 0xa03e, 0x8, 0x7, 0x81]}}, @mrs={0xbe, 0x18, {0x603000000013c65b}}, @code={0xa, 0x84, {"007008d5000028d5e0148bd20000b8f2810080d2820080d2630180d2840180d2020000d4007008d5008008d50010206e007008d580a997d20020b8f2610180d2020180d2a30180d2c40180d2020000d4007008d5209a91d200a0b0f2c10180d2020180d2c30080d2240080d2020000d4"}}], 0x134}, &(0x7f0000000300)=[@featur2={0x1, 0x82}], 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000000340)={0x1000, "fa6ec8b1d0915945afec7d58fd94a3ecde84605c3e577ac639eb2cf46e2bed07aa366ecd5979df9fc19eb00eddbaf0a4376f36557e8c3dece211d486de10b8c481dd3e622ef1a14aef162b3b418e2836d585ef8b583cb2cb11b906af95d572bfd8defda053dd86c83f8dab18950ff6552110db8ee7ea8d3c0b79eb03dba7a383897993265f4275ece53ad1752b92ec90d6947bb4731ad7e64b2ae9ed10292e2cf8ae3048c823dc7755c85becdc3686312ef21eb2232eae679d0b1f6d97bbd3db7b1a178b6ae7d0f8e8076ae5109e757efd3ddb61c39acdf6053a792a3bbfc598cf1f7a6a2658b500e45eda6fefb739912baf7d7276c0beabdf182fe6b9dfb2a8287d7c15c07ef0c1e8a478ee01e3860334c2784461183fc07d5c5adf548f91eb0d311cfe584937952c96f65df3301057cf14d2efbc1035bc9b2b31caadb4c20a2b826fb08e277a80f4a085da877ad030a7c18f88119034df4ea91638ab991ca062edaaa7aeb437444c933518bd5fb841705ed6be69349591433a42d0a14327a443dcb1df4be8ba2ee962045e9c722313163cfb135c1d7e92179b0e21b9316cbfef4304658b73165cce9455d509a0f9e72700776e141c183ad15714242e6492744072626643334505fa7a5a0f37e047fba6ccf334dd78182314873edf2d7fbd56870d059c036885e97285aee707017b0cf400cb2b83fa20cbc0182011e00f793184cbbd62f784cfe14bb5889d0df3c1a6a7488fecb72fff98350d000503b4890211240ec8ca5a9d210c98f497cee2816d76fff7ee5d800f180bea72b21a7d059a8aa01adc6757dfc46253b1f469f6fef15b525a3ad83988581c95a436d22de3cb9f6f7260196ad5e3cbcb0214cc4e85fb24c34ae9fe287b70307888a344aa676278df2b2f3848d45630f3491f8b91e75f147a31306b88d49d40bde9e36e5537a4f1549e2904fd676da843d74fb0e1684145dfcf5da23e3f2816d543ebab7c60d1c625a1ca4c9be458c77d70a93425bab3841b014951d16f517fe67e35b6da63d1753af353765364fe5de6fc6a711a1094eb03c279b7da4fd0145b73be10352d74ba2449944e607175941b05fd476640a824a27ee190a5eb6ced6b221f58e1cf3cc0bed3fad48728e79f9ff310a378328740ec86d1639850a35b86c32f57937a518df06a1e461281f477e659616a530e314a0813919c2503bfdc92396ad41b9f276fd8681ab9c8fa71fd9484a6195830188d17b4d478582b524025ab56a35e3a932c41c1a23236bda80726d67cd3550237774acfe8406d056f8262bef7d44d9c12e1842bc057e609c93ec597715d3f86de6680ddb0b939dcb617be7b82e9cc81cb2fef877d11d9828bbc4bed004a63bed02f9de30bffe12d27920a4e11ec5bc9fe9036fa4c310bff59b383441aa8d9ee7a0d704d4f70f4e57b996b08b59cded900d7f0684deccd371d6469307c5f091d547532935eb0669a43cda8403362dada811b8609c215d6aae6e7477a5a00a0dc7509b4f2b172ecaa3d6ede7f209061cfba944689893ae882c3280a6dca31d2a06e51591bee1866dd410c98f83970e38593fd086a0a156b074f74652f475d95c2466ffec41f4ab8602f7ffd99885aa35a423c9ce07f2e157937eb34bc793825ccb092242f1e23424fc99279d9f0f9d9ef8cd7922636401f3167c2335627edd33ff7653bbe03f9e03f255fe3fc6a9e410b254ed8e0f61a8f1ca88219d248d16fc8a58e7ad986a58c4ab30344ef32abb1c636af5bcc1b53d3385d1bdc29d9a2d4bbde79c16666d506a93f169d67b36fdf7ddfceac99524dd7628dbe71bbb89704201edfa64d0a8b2bf64df2a755dbf9bfdbe47a17fddff995be62c13d5274581d8e5f9c1cd05a93842729cc657d3135637151b0fc076905d6ea08236b49f03aa0f5bbbd56bf406489b9961e9bc97e005e465b939bed6a4e8adc725c119540a0b18caa367be9fbb001d7f4bb978487282cd2830443f898a773a000cf720e3d018d2a9a2ec36e43177fb9d5beaf64140db27659a0fd427530a436c6b0ecdb4344070a3995eb23c35b43de0ef9fc9d2a438dfaaed0ce5678ccf4523cbae38915c2cf5a993c03ad584f46e25ccd2d6f76a70b02f4e6501d0cbc633451d9dac0c287ade83e807e430d885842babfd9d3fe263ee79c62a482be4cdecfe705ae0ec4f3f6bee45fac5c538b298e794c3af3a48518cf500e66245fe40eb7b299e0a89f3fb7900a815d22fcc127bd516c0f4e3fd0221b1e959769016692dedbad1180250a24dd7fc1fd4c785deb5284742b21e5cf14a1cdab26a4ab0e9ca71e004e1828881db3bc8e26f99ed1e8cea91a9c44f71a7b32a7303f3dfed15be7bf3b35f2852804a2db37f7f56a8551b00fdf4e939f9ed147bee1b74ca92c9943e1e02b7995e6ae21c8b3bceb5bdc0ee6435ea8264c27c99b0741fff6392f639353732943fac006d36aac94eea1312d23d13a546be4b81d1197351d82dc6ec97ece918aa7a89c73bc9419166f404e0b2cc7cbb3cab99c763ac0d0a7b5842db9c005ed1601c0d165364dd821a87c9f8b042eca0118ad06fe1b0dbd3fa277e2a8d210931f83c4134dbe5ecae7ecc9ec2ec1bbf68812535106ed40664e7875cff984d82d96e9f1148b0094e0fcfe3e0710d2f47914c4f0058803ac2c5b509950c07811f530e4b8e9ef328074f93130d704ea9ac5552a11e863022dd38b06f3338f4b90e66c119d14a8dacfc4009ad183f985b424b86728e8995652d83f60fa416f5ad37a283fcd3f938c0515a0f8b033e62f617ca9a979f32d0ab463a02639e6b8804254f4e8c6fdb373d1832bfba63a06574eebf8b16b279289d8aea52d9514d12df34448916c71e3b8405aa4609a5c279f3c7df59eb55b12cd5c925b8c9fe585d2ddb3a6f60ec1a7afcfabf36b10c80cc8ba018a40454ecc13061c2f997570f1c8be115317db7c609758106a98f2bec4059f3e02962ad01642a5aee7f3a92d21809b95b74b990039446ebfa95b01ce12b344b101940f2ffc28623962ba4b1dd7f7d8a387d9b7e6c36c635889aedbc3de39c54ce9d569d1b94041e79858153f8eb6837b6df56ac9786e838af587c71af0e1b7a035ace1bf30c76f672d02016461d532c5a4de714cc619185024b7bee593f3ceff9c0d0ee1e060382bb94c064dda0430b095d23197a6e998db5c3ff722b5629bdf99eb0341305ba411c129cd0122c69284dd7dd970c96ec0cfa30fb2e7c4e10d41d7e72f3db9a299f8a64d8d339f087f67f68b85637cda80197db668aecbc83085d9f31ed85caef1cfa12d9a735b5f3be34485014b2136c09b0ad0caa294c302137d38d0f88ef8cd75934606bb3c92962ae5ab329e8caa5bbc1d2842b45ae84b4f5f70e7103afa1416742e88ba8f18a05bb2c2667566490084e1df59d72105c2dabb34dfb601d029a3fb00918395eecde4cfade8b68f180a28d46244440149ad0b8dc14670b6b9d4d1036b57c09fc90f4e8926c06dbfc5a76b656c0a1137564e478994e3fa4f734573a0bd077e5ea4e9fee454f7fe1461d4315cea230a3775c985daa6ba9599d4bd23e25072876d454907f13600ab1c001fa5ac92adc687d7ea4beb056673c61c4700309e512141985b3581a527c3cabfb739f05780736300852811707fb36d313e2140b79d212f0e1d246da0f0d24b2d321cca4868a1cbaa4b3495b0ac93d4fae465c89fe49cd087074ba4eaa9b3b1cf5271d62da32d5a78108cc89b06456be93cb748bd0ec887379cf2466e328ebf0aa5088185f6958349192a9bf71032896d66301e574f4b9fe01716f196b1404e59e1943bedbe5588352ccf7bfa7efef935c6f21c7d8f65c49ddf645727c180b525787e2d043a6a73e47a10e39956bc9522fe0a26b089e1090ff9d520417aa667b3ccce227c80e5b823f0d2d34d25b13f55496d897229b2c0baf0377a456f33031d5eb2aba96a636925e67eb4d3f531728c674da7adf60f9bb99c8f295d522c8cdf6c6bb7ee84e4151098f8439087082402ea7185f7a55a7793b01afa4207259d060d9b6037d95283caeeb61070e2212def3ef345974a8a675e2f29b16e20760295ca88757b87a97dddc9df33d42863554ac8f9bf63604236d9df06174efe8320eb02ba6eb06cda91b7bc75e564468e3db0d947361bf852f5be2d5eb09c42326949087000e9f9e30ea2f3954ec18f40381bcf75db42a9fbe81f5f127bad980aa954f1e41b5f32e94e0fec3ed53e37fc7aca3becacb6bfc982143f2dd2490ebc0696a6e0e97f87abe7cbe9b40a00f77c779056c7cfb30016d48508c080bc04b5c9497e1ecfceb62afc6dc67ef8c1b526ecd7ee611d026a092c79746fa57440b4f61af8ccb9b1bf2d65ea0126240c57a2a0d1530d29be6ce289fe0f7c4c3b8f9c6af933475ca901dcd041198bc1b5d7a1fa5a29f0ebd3bf4798ccd2dfed111cfe214d94ea85f35ed16151a91a2f18e1e6924995fa26c69dc842d9134a845b97f2220d84b8513fd7c443bc02f07796016cb55e0c42710bd29be9afdc2a16d63692bb70cca3909ebcc4fc40f2c20e5d30172c4eafd110e585ca6b15ee987ff775400f8a8da5a27e6f0473f8ab28ad81f304f3e60b39a22928b921ea0232ad07cdf70720d3bd71a24b42129c3fdb25e37c982a6cc7c43738ca278cffe2db4bbc4045d5592591b58e09884b005583bbfebbfdeb903c9b9b5f347ac7dbd21da5ba416b4c65551c66586cdeeea7895709fc31d6d6f4241e7c4393c93d5ec022689eb3bf556ca07589aaa424067ad0e3ca72eccef1b366bdb9855cc297c07994d030e9dbbe580cd4995536296d7e4b86b3e2428f8a889a3c987c02fa8bfee1d37881446ec6feb54ce8ababb2d9dad156db0c64bbf50c7f09b0f69a4e58f4d6fd337fbc9f72c3f96d7a4b5d5565d766ed9bf8f76482fa63123bda2923222b69a4312ed333acf6d7244d978f03a734f5216ca85bcb8bd8834c0903c1a6de52ffc277ac0513eff6a179ea0e03ba71dd60e797f4950ba8e06809d86af4400140faef786815e6e232dcc7ae311cd9c98095309ddbfc7861a4ce00d35f89f2a8ab13d03154086552dc7457fbce49838ab41aa75cddb7bc35875101d22521eff22dd55ca117b9376d7dd50d9e04ef7b952613ca235f1a2b50ab336f2989c078a90f3b50a0cf28b61870d2368c6fb0582f5d3e72558657d6b3adba2ad7045f63a2e2edf1faf39738a9835553ee58aa68e48c2405dfd023e540190bde0b548e34b1e8571e926aa8ceb42954dbb3b1d36a90718098b30b20b6f99cb3e4403a93f52237b753feb8f719b117e5e80699ab8a75cc4698bc1215657c41f1feebea60d1dcbb7f7a7c049a7dd80f91d58ce0c70463e04376587819bb72fc391285bca9ec694e0876bdcd86517b7584f8a7952ef080f302084ca87f41349104edad33fb87efb7191428121c0c03ef4a707e4363fcea53d3c1522458fc4c5d16168023886a6d8ce6c8ae2ad5bedc0845c3a41d67348b3208fa401eb0e3a334420c45692b7b7a77015f8663a5f084753ce9fd33120b79fe93f64f5ccc1346540b6d95c1ea7834027be42c97f2a33b08c9208243e34d0a2c39f7ed2cc96d2dcda1d2978121e7c6a4af8da4938f7851e08f9588af7994af82cb22917f389a821be70d610f736a2a090651c99ce6df0e06704d3a776300746dbd6a35414782a24b537d6508933689569fbe190181db64328ed9a9969d39acae125a86e0bf8f8a581941cb262f20f939dd76f514178c7e6b6ab45ee2120fc4cf3ba36fb532084bde88"})
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r4 = eventfd2(0x8801, 0x800)
r5 = eventfd2(0x3ff, 0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r4, 0x5, 0x2, r5})
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x8)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r4, 0x5, 0x2, r5})
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x29)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async)
mmap$KVM_VCPU(&(0x7f0000013000/0x2000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
r3 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x29)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x10, 0xffffffffffffffff, 0x0) (async, rerun: 32)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f0000000100)={0x3, 0x80a0000})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000140)={0x200000000000, 0x0, 0xf, 0xffffffffffffffff, 0x3}) (async)
ioctl$KVM_CREATE_VM(r3, 0x401c5820, 0x20000001)
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r11 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x38b9) (async)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f0000000740)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xb0, 0x14, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0xdf}}], 0x48}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
executing program 1:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r4, 0x3})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r4, 0xf})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 16m0s
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-syz_kvm_vgic_v3_setup-ioctl$KVM_SET_DEVICE_ATTR-ioctl$KVM_CREATE_VM-ioctl$KVM_CHECK_EXTENSION-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r11 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x38b9) (async)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f0000000740)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xb0, 0x14, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0xdf}}], 0x48}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

program crashed: kernel BUG in kvm_s2_put_page
single: successfully extracted reproducer
found reproducer with 24 syscalls
minimizing guilty program
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-syz_kvm_vgic_v3_setup-ioctl$KVM_SET_DEVICE_ATTR-ioctl$KVM_CREATE_VM-ioctl$KVM_CHECK_EXTENSION-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r10 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
r11 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x38b9) (async)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f0000000740)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xb0, 0x14, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0xdf}}], 0x48}, 0x0, 0x0) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-syz_kvm_vgic_v3_setup-ioctl$KVM_SET_DEVICE_ATTR-ioctl$KVM_CREATE_VM-ioctl$KVM_CHECK_EXTENSION-syz_kvm_setup_syzos_vm$arm64
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r10 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
r11 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x38b9) (async)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-syz_kvm_vgic_v3_setup-ioctl$KVM_SET_DEVICE_ATTR-ioctl$KVM_CREATE_VM-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r10 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-syz_kvm_vgic_v3_setup-ioctl$KVM_SET_DEVICE_ATTR-ioctl$KVM_CREATE_VM
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r10 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-syz_kvm_vgic_v3_setup-ioctl$KVM_SET_DEVICE_ATTR-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r10 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000000)=0x9b})
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0xa0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-openat$kvm-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_add_vcpu$arm64-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-syz_kvm_add_vcpu$arm64-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27)
r6 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-munmap-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$arm64-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9) (async)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program crashed: kernel BUG in kvm_s2_put_page
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xffff, [0xffffffff91c60682, 0x7, 0x8000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x73}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4}}, @code={0xa, 0xcc, {"0010005e007008d5001ca00e008008d5a06d86d20040b0f2410080d2a20080d2230180d2640080d2020000d4c0638fd200a0b0f2210180d2a20080d2c30080d2a40180d2020000d420448ad200a0b0f2e10080d2620180d2e30180d2c40180d2020000d4801390d20040b0f2a10180d2420080d2430080d2e40180d2020000d4a03394d20000b0f2410080d2620080d2430180d2640080d2020000d4e0e193d20040b8f2a10080d2220180d2230080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x80003fff, [0xfb6, 0xab4e, 0x6, 0xe6, 0x517]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0x6, 0x0, 0x6, 0x2}}], 0x1e4}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
extracting C reproducer
testing compiled C program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
simplifying C reproducer
testing compiled C program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
testing compiled C program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
testing compiled C program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
testing compiled C program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
testing compiled C program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
testing compiled C program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
testing program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
validation run: crashed=true
testing program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
validation run: crashed=true
testing program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_kvm_setup_syzos_vm$arm64-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-syz_kvm_setup_syzos_vm$arm64-openat$kvm-syz_kvm_add_vcpu$arm64-ioctl$KVM_RUN-syz_kvm_vgic_v3_setup-ioctl$KVM_CHECK_EXTENSION
detailed listing:
executing program 0:
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38b9)

program crashed: KASAN: invalid-access Read in __kvm_pgtable_walk
validation run: crashed=true
reproducing took 10h38m11.635460956s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: invalid-access in __kvm_pgtable_visit arch/arm64/kvm/hyp/pgtable.c:163 [inline]
BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x8e4/0xa68 arch/arm64/kvm/hyp/pgtable.c:237
Read of size 8 at addr e5f00000145ec000 by task syz.2.17/3645
Pointer tag: [e5], memory tag: [fe]

CPU: 0 UID: 0 PID: 3645 Comm: syz.2.17 Not tainted syzkaller #0 PREEMPT 
Hardware name: linux,dummy-virt (DT)
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_address_description+0xac/0x288 mm/kasan/report.c:378
 print_report+0x84/0xa0 mm/kasan/report.c:482
 kasan_report+0xb0/0x110 mm/kasan/report.c:595
 kasan_tag_mismatch+0x28/0x3c mm/kasan/sw_tags.c:175
 __hwasan_tag_mismatch+0x30/0x60 arch/arm64/lib/kasan_sw_tags.S:55
 __kvm_pgtable_visit arch/arm64/kvm/hyp/pgtable.c:163 [inline]
 __kvm_pgtable_walk+0x8e4/0xa68 arch/arm64/kvm/hyp/pgtable.c:237
 _kvm_pgtable_walk arch/arm64/kvm/hyp/pgtable.c:260 [inline]
 kvm_pgtable_walk+0x294/0x468 arch/arm64/kvm/hyp/pgtable.c:283
 kvm_pgtable_stage2_destroy_range+0x60/0xb4 arch/arm64/kvm/hyp/pgtable.c:1563
 stage2_destroy_range arch/arm64/kvm/mmu.c:924 [inline]
 kvm_stage2_destroy arch/arm64/kvm/mmu.c:935 [inline]
 kvm_free_stage2_pgd+0x198/0x28c arch/arm64/kvm/mmu.c:1112
 kvm_uninit_stage2_mmu+0x20/0x38 arch/arm64/kvm/mmu.c:1023
 kvm_arch_flush_shadow_all+0x1a8/0x1e0 arch/arm64/kvm/nested.c:1113
 kvm_flush_shadow_all virt/kvm/kvm_main.c:343 [inline]
 kvm_mmu_notifier_release+0x48/0xa8 virt/kvm/kvm_main.c:884
 mmu_notifier_unregister+0x128/0x42c mm/mmu_notifier.c:815
 kvm_destroy_vm virt/kvm/kvm_main.c:1295 [inline]
 kvm_put_kvm+0x6a0/0xfa8 virt/kvm/kvm_main.c:1353
 kvm_vm_release+0x58/0x78 virt/kvm/kvm_main.c:1376
 __fput+0x4ac/0x980 fs/file_table.c:468
 ____fput+0x20/0x58 fs/file_table.c:496
 task_work_run+0x1bc/0x254 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 do_notify_resume+0x1bc/0x270 arch/arm64/kernel/entry-common.c:155
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:173 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:182 [inline]
 el0_svc+0xb8/0x164 arch/arm64/kernel/entry-common.c:880
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4ff00000145ed400 pfn:0x545ec
flags: 0x1ffc68000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x1a)
raw: 01ffc68000000000 ffffc1ffc089b108 ffffc1ffc0896288 0000000000000000
raw: 4ff00000145ed400 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 fff00000145ebe00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 fff00000145ebf00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
>fff00000145ec000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
                   ^
 fff00000145ec100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 fff00000145ec200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
==================================================================
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4ff00000145ed400 pfn:0x545ec
flags: 0x1ffc68000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x1a)
raw: 01ffc68000000000 ffffc1ffc089b108 fff0000072d85420 0000000000000000
raw: 4ff00000145ed400 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
------------[ cut here ]------------
kernel BUG at ./include/linux/mm.h:1036!
Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
Modules linked in:
CPU: 0 UID: 0 PID: 3645 Comm: syz.2.17 Tainted: G    B               syzkaller #0 PREEMPT 
Tainted: [B]=BAD_PAGE
Hardware name: linux,dummy-virt (DT)
pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : put_page_testzero include/linux/mm.h:1036 [inline]
pc : folio_put_testzero include/linux/mm.h:1042 [inline]
pc : folio_put include/linux/mm.h:1359 [inline]
pc : put_page include/linux/mm.h:1429 [inline]
pc : kvm_s2_put_page+0x374/0x3a0 arch/arm64/kvm/mmu.c:264
lr : put_page_testzero include/linux/mm.h:1036 [inline]
lr : folio_put_testzero include/linux/mm.h:1042 [inline]
lr : folio_put include/linux/mm.h:1359 [inline]
lr : put_page include/linux/mm.h:1429 [inline]
lr : kvm_s2_put_page+0x374/0x3a0 arch/arm64/kvm/mmu.c:264
sp : ffff80008e837830
x29: ffff80008e837830 x28: e5f00000145ec000 x27: e5f00000145ec000
x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000
x23: ffffc1ffc0517b08 x22: 0000000000000000 x21: ffffc1ffc0517b34
x20: 0000000000000000 x19: ffffc1ffc0517b00 x18: 0000000000001b80
x17: 0000000004e65049 x16: 00000000a5131fad x15: fff0000072d85404
x14: 0000000000000000 x13: fff00000205dd888 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000ff0100 x9 : 3810b917809a3800
x8 : 3810b917809a3800 x7 : 0000000000000000 x6 : ffff80008048ab34
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008074aff8
x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e
Call trace:
 put_page_testzero include/linux/mm.h:1036 [inline] (P)
 folio_put_testzero include/linux/mm.h:1042 [inline] (P)
 folio_put include/linux/mm.h:1359 [inline] (P)
 put_page include/linux/mm.h:1429 [inline] (P)
 kvm_s2_put_page+0x374/0x3a0 arch/arm64/kvm/mmu.c:264 (P)
 stage2_free_walker+0xdc/0x264 arch/arm64/kvm/hyp/pgtable.c:1546
 kvm_pgtable_visitor_cb arch/arm64/kvm/hyp/pgtable.c:130 [inline]
 __kvm_pgtable_visit arch/arm64/kvm/hyp/pgtable.c:212 [inline]
 __kvm_pgtable_walk+0x7d8/0xa68 arch/arm64/kvm/hyp/pgtable.c:237
 _kvm_pgtable_walk arch/arm64/kvm/hyp/pgtable.c:260 [inline]
 kvm_pgtable_walk+0x294/0x468 arch/arm64/kvm/hyp/pgtable.c:283
 kvm_pgtable_stage2_destroy_range+0x60/0xb4 arch/arm64/kvm/hyp/pgtable.c:1563
 stage2_destroy_range arch/arm64/kvm/mmu.c:924 [inline]
 kvm_stage2_destroy arch/arm64/kvm/mmu.c:935 [inline]
 kvm_free_stage2_pgd+0x198/0x28c arch/arm64/kvm/mmu.c:1112
 kvm_uninit_stage2_mmu+0x20/0x38 arch/arm64/kvm/mmu.c:1023
 kvm_arch_flush_shadow_all+0x1a8/0x1e0 arch/arm64/kvm/nested.c:1113
 kvm_flush_shadow_all virt/kvm/kvm_main.c:343 [inline]
 kvm_mmu_notifier_release+0x48/0xa8 virt/kvm/kvm_main.c:884
 mmu_notifier_unregister+0x128/0x42c mm/mmu_notifier.c:815
 kvm_destroy_vm virt/kvm/kvm_main.c:1295 [inline]
 kvm_put_kvm+0x6a0/0xfa8 virt/kvm/kvm_main.c:1353
 kvm_vm_release+0x58/0x78 virt/kvm/kvm_main.c:1376
 __fput+0x4ac/0x980 fs/file_table.c:468
 ____fput+0x20/0x58 fs/file_table.c:496
 task_work_run+0x1bc/0x254 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 do_notify_resume+0x1bc/0x270 arch/arm64/kernel/entry-common.c:155
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:173 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:182 [inline]
 el0_svc+0xb8/0x164 arch/arm64/kernel/entry-common.c:880
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
Code: d0037581 91251821 aa1303e0 97f9c9f2 (d4210000) 
---[ end trace 0000000000000000 ]---

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: invalid-access in __kvm_pgtable_visit arch/arm64/kvm/hyp/pgtable.c:163 [inline]
BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x8e4/0xa68 arch/arm64/kvm/hyp/pgtable.c:237
Read of size 8 at addr e5f00000145ec000 by task syz.2.17/3645
Pointer tag: [e5], memory tag: [fe]

CPU: 0 UID: 0 PID: 3645 Comm: syz.2.17 Not tainted syzkaller #0 PREEMPT 
Hardware name: linux,dummy-virt (DT)
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_address_description+0xac/0x288 mm/kasan/report.c:378
 print_report+0x84/0xa0 mm/kasan/report.c:482
 kasan_report+0xb0/0x110 mm/kasan/report.c:595
 kasan_tag_mismatch+0x28/0x3c mm/kasan/sw_tags.c:175
 __hwasan_tag_mismatch+0x30/0x60 arch/arm64/lib/kasan_sw_tags.S:55
 __kvm_pgtable_visit arch/arm64/kvm/hyp/pgtable.c:163 [inline]
 __kvm_pgtable_walk+0x8e4/0xa68 arch/arm64/kvm/hyp/pgtable.c:237
 _kvm_pgtable_walk arch/arm64/kvm/hyp/pgtable.c:260 [inline]
 kvm_pgtable_walk+0x294/0x468 arch/arm64/kvm/hyp/pgtable.c:283
 kvm_pgtable_stage2_destroy_range+0x60/0xb4 arch/arm64/kvm/hyp/pgtable.c:1563
 stage2_destroy_range arch/arm64/kvm/mmu.c:924 [inline]
 kvm_stage2_destroy arch/arm64/kvm/mmu.c:935 [inline]
 kvm_free_stage2_pgd+0x198/0x28c arch/arm64/kvm/mmu.c:1112
 kvm_uninit_stage2_mmu+0x20/0x38 arch/arm64/kvm/mmu.c:1023
 kvm_arch_flush_shadow_all+0x1a8/0x1e0 arch/arm64/kvm/nested.c:1113
 kvm_flush_shadow_all virt/kvm/kvm_main.c:343 [inline]
 kvm_mmu_notifier_release+0x48/0xa8 virt/kvm/kvm_main.c:884
 mmu_notifier_unregister+0x128/0x42c mm/mmu_notifier.c:815
 kvm_destroy_vm virt/kvm/kvm_main.c:1295 [inline]
 kvm_put_kvm+0x6a0/0xfa8 virt/kvm/kvm_main.c:1353
 kvm_vm_release+0x58/0x78 virt/kvm/kvm_main.c:1376
 __fput+0x4ac/0x980 fs/file_table.c:468
 ____fput+0x20/0x58 fs/file_table.c:496
 task_work_run+0x1bc/0x254 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 do_notify_resume+0x1bc/0x270 arch/arm64/kernel/entry-common.c:155
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:173 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:182 [inline]
 el0_svc+0xb8/0x164 arch/arm64/kernel/entry-common.c:880
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4ff00000145ed400 pfn:0x545ec
flags: 0x1ffc68000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x1a)
raw: 01ffc68000000000 ffffc1ffc089b108 ffffc1ffc0896288 0000000000000000
raw: 4ff00000145ed400 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 fff00000145ebe00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 fff00000145ebf00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
>fff00000145ec000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
                   ^
 fff00000145ec100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 fff00000145ec200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
==================================================================
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4ff00000145ed400 pfn:0x545ec
flags: 0x1ffc68000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x1a)
raw: 01ffc68000000000 ffffc1ffc089b108 fff0000072d85420 0000000000000000
raw: 4ff00000145ed400 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
------------[ cut here ]------------
kernel BUG at ./include/linux/mm.h:1036!
Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
Modules linked in:
CPU: 0 UID: 0 PID: 3645 Comm: syz.2.17 Tainted: G    B               syzkaller #0 PREEMPT 
Tainted: [B]=BAD_PAGE
Hardware name: linux,dummy-virt (DT)
pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : put_page_testzero include/linux/mm.h:1036 [inline]
pc : folio_put_testzero include/linux/mm.h:1042 [inline]
pc : folio_put include/linux/mm.h:1359 [inline]
pc : put_page include/linux/mm.h:1429 [inline]
pc : kvm_s2_put_page+0x374/0x3a0 arch/arm64/kvm/mmu.c:264
lr : put_page_testzero include/linux/mm.h:1036 [inline]
lr : folio_put_testzero include/linux/mm.h:1042 [inline]
lr : folio_put include/linux/mm.h:1359 [inline]
lr : put_page include/linux/mm.h:1429 [inline]
lr : kvm_s2_put_page+0x374/0x3a0 arch/arm64/kvm/mmu.c:264
sp : ffff80008e837830
x29: ffff80008e837830 x28: e5f00000145ec000 x27: e5f00000145ec000
x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000
x23: ffffc1ffc0517b08 x22: 0000000000000000 x21: ffffc1ffc0517b34
x20: 0000000000000000 x19: ffffc1ffc0517b00 x18: 0000000000001b80
x17: 0000000004e65049 x16: 00000000a5131fad x15: fff0000072d85404
x14: 0000000000000000 x13: fff00000205dd888 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000ff0100 x9 : 3810b917809a3800
x8 : 3810b917809a3800 x7 : 0000000000000000 x6 : ffff80008048ab34
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008074aff8
x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e
Call trace:
 put_page_testzero include/linux/mm.h:1036 [inline] (P)
 folio_put_testzero include/linux/mm.h:1042 [inline] (P)
 folio_put include/linux/mm.h:1359 [inline] (P)
 put_page include/linux/mm.h:1429 [inline] (P)
 kvm_s2_put_page+0x374/0x3a0 arch/arm64/kvm/mmu.c:264 (P)
 stage2_free_walker+0xdc/0x264 arch/arm64/kvm/hyp/pgtable.c:1546
 kvm_pgtable_visitor_cb arch/arm64/kvm/hyp/pgtable.c:130 [inline]
 __kvm_pgtable_visit arch/arm64/kvm/hyp/pgtable.c:212 [inline]
 __kvm_pgtable_walk+0x7d8/0xa68 arch/arm64/kvm/hyp/pgtable.c:237
 _kvm_pgtable_walk arch/arm64/kvm/hyp/pgtable.c:260 [inline]
 kvm_pgtable_walk+0x294/0x468 arch/arm64/kvm/hyp/pgtable.c:283
 kvm_pgtable_stage2_destroy_range+0x60/0xb4 arch/arm64/kvm/hyp/pgtable.c:1563
 stage2_destroy_range arch/arm64/kvm/mmu.c:924 [inline]
 kvm_stage2_destroy arch/arm64/kvm/mmu.c:935 [inline]
 kvm_free_stage2_pgd+0x198/0x28c arch/arm64/kvm/mmu.c:1112
 kvm_uninit_stage2_mmu+0x20/0x38 arch/arm64/kvm/mmu.c:1023
 kvm_arch_flush_shadow_all+0x1a8/0x1e0 arch/arm64/kvm/nested.c:1113
 kvm_flush_shadow_all virt/kvm/kvm_main.c:343 [inline]
 kvm_mmu_notifier_release+0x48/0xa8 virt/kvm/kvm_main.c:884
 mmu_notifier_unregister+0x128/0x42c mm/mmu_notifier.c:815
 kvm_destroy_vm virt/kvm/kvm_main.c:1295 [inline]
 kvm_put_kvm+0x6a0/0xfa8 virt/kvm/kvm_main.c:1353
 kvm_vm_release+0x58/0x78 virt/kvm/kvm_main.c:1376
 __fput+0x4ac/0x980 fs/file_table.c:468
 ____fput+0x20/0x58 fs/file_table.c:496
 task_work_run+0x1bc/0x254 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 do_notify_resume+0x1bc/0x270 arch/arm64/kernel/entry-common.c:155
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:173 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:182 [inline]
 el0_svc+0xb8/0x164 arch/arm64/kernel/entry-common.c:880
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
Code: d0037581 91251821 aa1303e0 97f9c9f2 (d4210000) 
---[ end trace 0000000000000000 ]---