last executing test programs:

1h10m34.395249303s ago: executing program 1 (id=20):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async, rerun: 32)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (rerun: 32)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x151400, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async, rerun: 32)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 32)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x4, <r7=>0xffffffffffffffff})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async, rerun: 32)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000240)=0x8}) (async, rerun: 32)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r9, 0x2000007, 0xaf832, 0xffffffffffffffff, 0x0)

1h10m27.17224253s ago: executing program 1 (id=22):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x24) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async, rerun: 64)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x8c68, 0xf4a}) (async, rerun: 64)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r2, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (rerun: 32)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)

1h10m20.205818984s ago: executing program 1 (id=23):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0x4000, 0x13000, 0x1})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0xd, 0xdddd0000, 0x0, r2})
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f00000003c0)={0x4, 0xa7e9ea20e9018807, 0x1})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_fp={0x60c00000001000ab, &(0x7f0000000000)=0x4d})

1h10m10.763349165s ago: executing program 1 (id=25):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000a05000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000daa000/0x1000)=nil, r4, 0x0, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r4, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000e76000/0x3000)=nil, 0x3000)

1h10m1.028398692s ago: executing program 1 (id=27):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x29)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x36)
ioctl$KVM_SET_USER_MEMORY_REGION2(r5, 0x40a0ae49, &(0x7f0000000100)={0x3, 0x2, 0xeeef0000, 0x2000, &(0x7f0000c0c000/0x2000)=nil, 0xfffffffffffffff0})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)

1h9m52.263912801s ago: executing program 1 (id=29):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x603000000010001e, &(0x7f0000000180)=0x2})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000000)={0x10})
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x603000000010001e, &(0x7f0000000180)=0x2}) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) (async)
ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000000)={0x10}) (async)

1h9m8.560850973s ago: executing program 32 (id=28):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r4 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r9 = syz_kvm_vgic_v3_setup(r7, 0x4, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x6, 0x4, &(0x7f0000000000)=0x4})
mmap$KVM_VCPU(&(0x7f000000c000/0x2000)=nil, r5, 0x3000003, 0x10, r4, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r7, 0x4, 0xa0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x6, 0x4, &(0x7f0000000000)=0x4}) (async)
mmap$KVM_VCPU(&(0x7f000000c000/0x2000)=nil, r5, 0x3000003, 0x10, r4, 0x0) (async)

1h9m4.62069709s ago: executing program 33 (id=29):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x603000000010001e, &(0x7f0000000180)=0x2})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000000)={0x10})
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x603000000010001e, &(0x7f0000000180)=0x2}) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) (async)
ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000000)={0x10}) (async)

58m8.378398664s ago: executing program 2 (id=74):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) (async)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r11, 0xc008aeb0, 0x0) (async)
syz_kvm_vgic_v3_setup(r5, 0x3, 0xa0) (async)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x1d)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r14, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000180)={0x8, <r16=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000240)=0x8080000}) (async)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
r17 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r17, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r9, 0x4010aeb5, &(0x7f0000000300)={0x204, 0x4})

57m53.695495806s ago: executing program 2 (id=76):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r5, 0x400454d0, 0x7ffffffd)
r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x31f}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x40}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r9, 0x4068aea3, &(0x7f0000000000)={0xc0, 0x0, 0x8000})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4, <r10=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0xf81e, 0x200, 0x0})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_INTERRUPT(r6, 0x4004ae86, &(0x7f0000000540)=0x4)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000004c0)={0x0, &(0x7f0000000240)=[@irq_setup={0x46, 0x18, {0x4, 0x2bd}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x18}}, @eret={0xe6, 0x18, 0x1}, @code={0xa, 0x54, {"c0e691d200a0b8f2610180d2a20080d2630180d2240180d2020000d40090204e008c004f007008d5000c00780060600d007008d5000080b8000008d5007008d5"}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0xb, 0x1, 0x3, 0x3}}, @eret={0xe6, 0x18, 0xfffffffffffffffa}, @smc={0x1e, 0x40, {0x20, [0x8, 0x100000001, 0x10001, 0x2, 0xa0]}}, @code={0xa, 0x84, {"a03090d20060b0f2e10180d2a20080d2430180d2440080d2020000d40070df0c0040211e000008d5a0df85d20000b8f2410080d2020180d2230080d2640080d2020000d4201885d20000b8f2210180d2620180d2e30080d2640080d2020000d4007008d50050206e007008d5008008d5"}}, @hvc={0x32, 0x40, {0xc5000020, [0x3, 0x9, 0x5, 0xd, 0x1000]}}, @mrs={0xbe, 0x18, {0x603000000013dea7}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x1f3}}, @hvc={0x32, 0x40, {0x80000000, [0x4102, 0x3, 0x7, 0x7, 0x800000000000005]}}], 0x270}, &(0x7f0000000500)=[@featur2={0x1, 0x10}], 0x1)

57m34.971381974s ago: executing program 2 (id=79):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7})
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r2})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000})
r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x29)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r6, 0x2, 0x12, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x13, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x8})
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x6000})

57m22.97294751s ago: executing program 2 (id=80):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x0, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r1, 0x1000000, 0x2010, r0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000140)={0x1ff, 0xdddc1000, 0x0, r5, 0x4})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x8400000a, [0x74a, 0x939, 0xe, 0x9, 0x4]}}], 0x40}, &(0x7f0000000080)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

57m7.151200412s ago: executing program 2 (id=83):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r0, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x7, 0x88000002}})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0)

56m53.146950624s ago: executing program 2 (id=85):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x4000003, 0x200)
r2 = eventfd2(0x0, 0x80001)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r2, 0x8000c8, 0x0, 0x0})
close(r2)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x84000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x20)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x11, r6, 0x40000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="b7fd70886788e8e0e522022a69832d0435b8dd45f22344477a3b4c9464506ced90a91e573a3ffae3de1fc5cd2dd6f1294366d73f78a3bf8c268782fc65b9a6b4f9aa43c1777b7837", 0x0, 0x48)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x31)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000200)="fd4e16552bfcbc1e92615451d6c50d5942ced1b1fdff63fc95e4cb820902c2b75fbff6c3c74cbe9361dd5ab242442b865cf76ebb86a6070bfc4146cd177494e6dffbb1eb4daa6cb0", 0x0, 0x48)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100038, &(0x7f0000000140)=0x7})
r13 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
syz_kvm_assert_reg(r15, 0x6030000000138015, 0x8000)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000000)={0xa, 0x9})
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e32000/0x2000)=nil, r16, 0x1, 0x4010, r6, 0x0)

56m5.291118318s ago: executing program 34 (id=85):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x4000003, 0x200)
r2 = eventfd2(0x0, 0x80001)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r2, 0x8000c8, 0x0, 0x0})
close(r2)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x84000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x20)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x11, r6, 0x40000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="b7fd70886788e8e0e522022a69832d0435b8dd45f22344477a3b4c9464506ced90a91e573a3ffae3de1fc5cd2dd6f1294366d73f78a3bf8c268782fc65b9a6b4f9aa43c1777b7837", 0x0, 0x48)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x31)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000200)="fd4e16552bfcbc1e92615451d6c50d5942ced1b1fdff63fc95e4cb820902c2b75fbff6c3c74cbe9361dd5ab242442b865cf76ebb86a6070bfc4146cd177494e6dffbb1eb4daa6cb0", 0x0, 0x48)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100038, &(0x7f0000000140)=0x7})
r13 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
syz_kvm_assert_reg(r15, 0x6030000000138015, 0x8000)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000000)={0xa, 0x9})
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e32000/0x2000)=nil, r16, 0x1, 0x4010, r6, 0x0)

47m45.851709345s ago: executing program 4 (id=127):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000000)={0x8, 0xffff})
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r0, 0x4068aea3, &(0x7f0000000040))
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x10)
ioctl$KVM_RESET_DIRTY_RINGS(r0, 0xaec7)
syz_kvm_vgic_v3_setup(r0, 0x4, 0x360)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xb)
ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f00000000c0)=0x40)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3c)
ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000100)={0x7, 0x0, [{0x2, 0x2, 0x0, 0x0, @irqchip={0x401, 0x1}}, {0x7, 0x1, 0x0, 0x0, @adapter={0xe, 0x1, 0xebfc, 0xa, 0x9014}}, {0x9, 0x4, 0x0, 0x0, @msi={0x9, 0xad6f, 0x2, 0x10001}}, {0x9, 0x5, 0x1, 0x0, @adapter={0x8, 0x9, 0x5, 0x9, 0x2}}, {0x59800000, 0x1, 0x1, 0x0, @msi={0x73dc, 0x3, 0xd2, 0x3ff}}, {0x1, 0x3, 0x0, 0x0, @adapter={0x5, 0x7, 0x4, 0x5, 0x3}}, {0x6, 0x0, 0x1, 0x0, @irqchip={0xa5c08c0, 0x5}}]})
syz_kvm_setup_cpu$arm64(r1, r0, &(0x7f0000bfd000/0x400000)=nil, &(0x7f00000007c0)=[{0x0, &(0x7f0000000280)=[@irq_setup={0x46, 0x18, {0x4, 0x1fe}}, @svc={0x122, 0x40, {0x0, [0x4, 0x81, 0x4f65, 0x2, 0xb]}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x26b}}, @memwrite={0x6e, 0x30, @generic={0x4, 0x4e8, 0x8000000000000000, 0xe}}, @irq_setup={0x46, 0x18, {0x3, 0x27b}}, @eret={0xe6, 0x18, 0x9910}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0xa, 0x8, 0x8}}, @svc={0x122, 0x40, {0x18beec4323e1479d, [0x6, 0x7, 0xa, 0x40]}}, @eret={0xe6, 0x18, 0x8}, @hvc={0x32, 0x40, {0x8400000d, [0x1, 0x5, 0x0, 0x6, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013df57}}, @svc={0x122, 0x40, {0xc600ff40, [0x1d64ce94, 0xf162, 0x7, 0x5, 0x6]}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x2e4}}, @code={0xa, 0x84, {"000008d5000028d540f987d200a0b0f2010080d2820180d2e30180d2640080d2020000d40000c06d007008d540ce89d20060b8f2210180d2a20180d2c30180d2640180d2020000d4000c0038803a92d20080b0f2610180d2c20180d2630180d2840080d2020000d4007008d50020bf0d"}}, @code={0xa, 0x3c, {"0084c00d000008d50020201e0000408800b8210e007008d50040200d0054205e000020880000400d"}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x2, 0x2, 0xffff, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x5}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x1, 0xa, 0x96, 0x9c, 0x2}}, @svc={0x122, 0x40, {0xc4000011, [0x6, 0xffffffffffffff5e, 0x2, 0x9, 0x5]}}, @smc={0x1e, 0x40, {0x84000052, [0x8000000000000000, 0x1, 0x101, 0x1000, 0x400]}}, @eret={0xe6, 0x18, 0x6314}, @svc={0x122, 0x40, {0x2, [0x3fa3, 0xff, 0xc, 0x1, 0x2]}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x2df}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0x6c, {"000028d5007008d5000028d5c04086d20040b0f2e10180d2420180d2e30180d2840180d2020000d4c0c39ad20080b8f2a10180d2220180d2430080d2840180d2020000d40000a00d008008d5000008d5000028d5007008d5"}}, @msr={0x14, 0x20, {0x603000000013e6d2, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013c102}}], 0x51c}], 0x1, 0x0, &(0x7f0000000800)=[@featur2={0x1, 0x40}], 0x1)
r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000840)={0x3, 0x7})
ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7)
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000880)={0x2710, 0x0, &(0x7f0000c37000/0x4000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x204000, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7)
r5 = eventfd2(0x1, 0x801)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000900)={0x0, 0x2})
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000940)={0x9, 0x8000})
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000980))
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000a00), 0x18001, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x7, 0x180)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000a40)={0x1})
ioctl$KVM_SET_GUEST_DEBUG_arm64(r6, 0x4208ae9b, &(0x7f0000000a80)={0x20000, 0x0, {[0x4, 0x101, 0x6, 0x6, 0x8, 0x105d, 0x1, 0x6cf, 0xca, 0xe, 0x2, 0x1000, 0x7ff, 0x7, 0x4, 0x80000000], [0x980a, 0x5, 0x8000, 0xecd9, 0x3, 0xfffffffffffffffb, 0x0, 0x8000, 0x1, 0x1, 0x78, 0xffffffff, 0xdf18, 0x7fffffffffffffff, 0x8], [0x4, 0x234, 0xd07, 0xe3, 0x3980, 0x816, 0x6, 0x5, 0xffff, 0x3, 0x9, 0x2, 0xffffffff80000000, 0x3, 0x9, 0x4], [0x0, 0x3b, 0xd12, 0xfff, 0x5, 0x0, 0x8, 0x2, 0xe, 0x8e0a, 0x0, 0x8, 0x697, 0x8000000000000001, 0x724, 0x83]}})
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000cc0)={r0, 0x8, 0x1, r5})
openat$kvm(0xffffffffffffff9c, 0xffffffffffffffff, 0x1000, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r6, 0x4018aee3, &(0x7f0000000d40)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000d00)=0x9})

47m36.497975164s ago: executing program 4 (id=128):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000200)=0x8000000})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000})
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r6, &(0x7f0000bfe000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x602000000011000b, &(0x7f00000000c0)=0x8000000})

47m29.190160138s ago: executing program 3 (id=129):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async, rerun: 32)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async, rerun: 32)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x40086602, 0x110e22ffff) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) (async)
eventfd2(0xfffffffa, 0x80001)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000) (async, rerun: 64)
ioctl$KVM_CHECK_EXTENSION(r3, 0x40086602, 0x110e227ffe) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000cc5000/0x4000)=nil, r2, 0x1000001, 0x28031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = openat$kvm(0x0, &(0x7f0000000100), 0x82001, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x3000007, 0x2012, r8, 0x0) (async, rerun: 64)
r9 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) (rerun: 64)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r6, r9, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@featur1={0x1, 0xc0}], 0x1) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
ioctl$KVM_CHECK_EXTENSION(r0, 0x40086602, 0x110e227ffe)
ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000000)={0xeeee0000, 0xdddd0000, 0x7, 0x1, 0xffff})
ioctl$KVM_SET_USER_MEMORY_REGION2(0xffffffffffffffff, 0x40a0ae49, &(0x7f0000000140)={0x0, 0x0, 0xdddd1000, 0x1000, &(0x7f0000d57000/0x1000)=nil, 0x8})

47m23.780091601s ago: executing program 4 (id=130):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x200000000000001}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

47m21.608331979s ago: executing program 3 (id=131):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0x40086602, 0x110e22ffff)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
r6 = eventfd2(0xfffffffa, 0x80001)
write$eventfd(r6, &(0x7f0000000200)=0x8, 0x8)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000)
ioctl$KVM_CHECK_EXTENSION(r5, 0x40086602, 0x110e227ffe)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x28)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r8, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=[@its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x4, 0x0, 0x9, 0xe}}, @hvc={0x32, 0x40, {0x6000000, [0x0, 0x78f7, 0x8, 0x3, 0x9]}}, @smc={0x1e, 0x40, {0x84000009, [0x5, 0x10, 0xd7f, 0x1000, 0x5]}}, @irq_setup={0x46, 0x18, {0x0, 0x5a}}, @mrs={0xbe, 0x18, {0x6030000000139828}}, @msr={0x14, 0x20, {0x603000000013c085, 0x100000001}}, @hvc={0x32, 0x40, {0xc400000d, [0xffffffff, 0x100, 0x6, 0x7, 0x8000000000000000]}}, @hvc={0x32, 0x40, {0x8400000b, [0x4, 0x8, 0x6, 0x6, 0xdd]}}, @mrs={0xbe, 0x18, {0x77fe}}], 0x190}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)

47m11.811118284s ago: executing program 4 (id=132):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x6}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r6, 0x2})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r6, 0x3})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x7, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000140)=0x7})
r12 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r12, 0x4010ae67, &(0x7f0000000000)={0x80a0000, 0x105000})
ioctl$KVM_SET_DEVICE_ATTR_vm(r12, 0x4018aee1, 0x0)

47m6.125465415s ago: executing program 3 (id=133):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x20282, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r3, 0x400454ce, 0x110c230008)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
close(r4)
ioctl$KVM_SET_USER_MEMORY_REGION2(0xffffffffffffffff, 0x40a0ae49, &(0x7f00000000c0)={0x101ff, 0x0, 0xffff1003, 0x1000, &(0x7f0000f6c000/0x1000)=nil, 0x2000000800000000, r4})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000001c0)={0x8})
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bdf000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r8, 0x4068aea3, &(0x7f00000002c0)={0xe1, 0x0, 0x10000})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)

46m49.960118001s ago: executing program 4 (id=134):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3f)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x2, 0x0) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x10025)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, 0xffffffffffffffff, &(0x7f0000283000/0x400000)=nil, &(0x7f0000000200)=[{0x0, 0x0}], 0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_sve_vls={0x606000000015ffff, &(0x7f00000000c0)=0x8}) (async)
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r9, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r10 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="d7b7d9b205e33443b2fc8c0355569de1d209133d52851ae9a4e1801a5cc1c4199233edce8722b2bc662bd54ec8694e9146eb4188671fd81009e7a0af54363e86e24e40ebc8fceb68e578dddba21504f5bd147fa2e92da82985e2636a39c7cde029"], 0x18}], 0x1, 0x0, 0x0, 0x0) (async)
r11 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x13) (async)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) (async)
r12 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x15)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r12, 0x4010ae68, 0x0) (async)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x82203, 0x0) (async)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
ioctl$KVM_IRQ_LINE(r9, 0x4008ae61, 0x0) (async)
ioctl$KVM_GET_STATS_FD_cpu(r10, 0xaece)
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)

46m45.033807177s ago: executing program 3 (id=135):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

46m36.098106876s ago: executing program 4 (id=136):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000240)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x103, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x240)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x320)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, <r12=>0xffffffffffffffff, 0x1})
write$eventfd(r12, 0x0, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)

46m33.950983052s ago: executing program 3 (id=137):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
r6 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r5, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x200000, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0x8000})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r5, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r5, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x200000, 0x0) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0x8000}) (async)

46m21.940535182s ago: executing program 3 (id=138):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7e)
r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000)
r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000380)=[@hvc={0x32, 0x40, {0xc4000012, [0x1, 0xa15f, 0x1, 0x9a0, 0x100]}}, @code={0xa, 0x9c, {"00c693d20060b8f2c10180d2620080d2a30180d2240180d2020000d4008008d5a08c88d20060b0f2c10080d2e20180d2a30180d2a40180d2020000d40040df0ca0ed99d200a0b0f2810180d2420080d2830080d2440080d2020000d4000008d5000028d5008008d5a02a81d200e0b8f2210080d2620080d2030080d2240080d2020000d4003c4093"}}, @msr={0x14, 0x20, {0x603000000013dce6, 0x7f}}, @uexit={0x0, 0x18, 0x6}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1200, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x1e0}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x305}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0x8, 0xd0e, 0x9a4, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0xfffffffffffffffc, 0x4}}, @eret={0xe6, 0x18, 0x6}, @irq_setup={0x46, 0x18, {0x4, 0x197}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0xa4}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x1, 0x7, 0x4, 0x7, 0x2}}, @uexit={0x0, 0x18, 0x80000001}, @smc={0x1e, 0x40, {0x400, [0x10000000000000, 0x1ff, 0x100000000, 0x8, 0x2]}}, @uexit={0x0, 0x18, 0x7fffffffffffffff}, @uexit={0x0, 0x18, 0x9}, @uexit={0x0, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x1, 0x5, 0x5, 0x2, 0x4}}, @uexit={0x0, 0x18, 0x80000001}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0xf, 0xe}}], 0x37c}, &(0x7f0000000180)=[@featur1={0x1, 0x31}], 0x1)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000280)=@arm64_fp={0x604000000010008e, &(0x7f0000000240)=0xe})
r4 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f00000001c0)=0x2})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x59)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r8, 0x4010ae42, &(0x7f0000000000)={0xa4a605311ad0de6b, 0x0, &(0x7f0000c67000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f000073e000/0x400000)=nil)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

45m49.270152115s ago: executing program 35 (id=136):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000240)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x103, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x240)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x320)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, <r12=>0xffffffffffffffff, 0x1})
write$eventfd(r12, 0x0, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)

45m34.600292355s ago: executing program 36 (id=138):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7e)
r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000)
r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000380)=[@hvc={0x32, 0x40, {0xc4000012, [0x1, 0xa15f, 0x1, 0x9a0, 0x100]}}, @code={0xa, 0x9c, {"00c693d20060b8f2c10180d2620080d2a30180d2240180d2020000d4008008d5a08c88d20060b0f2c10080d2e20180d2a30180d2a40180d2020000d40040df0ca0ed99d200a0b0f2810180d2420080d2830080d2440080d2020000d4000008d5000028d5008008d5a02a81d200e0b8f2210080d2620080d2030080d2240080d2020000d4003c4093"}}, @msr={0x14, 0x20, {0x603000000013dce6, 0x7f}}, @uexit={0x0, 0x18, 0x6}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1200, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x1e0}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x305}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0x8, 0xd0e, 0x9a4, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0xfffffffffffffffc, 0x4}}, @eret={0xe6, 0x18, 0x6}, @irq_setup={0x46, 0x18, {0x4, 0x197}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0xa4}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x1, 0x7, 0x4, 0x7, 0x2}}, @uexit={0x0, 0x18, 0x80000001}, @smc={0x1e, 0x40, {0x400, [0x10000000000000, 0x1ff, 0x100000000, 0x8, 0x2]}}, @uexit={0x0, 0x18, 0x7fffffffffffffff}, @uexit={0x0, 0x18, 0x9}, @uexit={0x0, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x1, 0x5, 0x5, 0x2, 0x4}}, @uexit={0x0, 0x18, 0x80000001}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0xf, 0xe}}], 0x37c}, &(0x7f0000000180)=[@featur1={0x1, 0x31}], 0x1)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000280)=@arm64_fp={0x604000000010008e, &(0x7f0000000240)=0xe})
r4 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f00000001c0)=0x2})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x59)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r8, 0x4010ae42, &(0x7f0000000000)={0xa4a605311ad0de6b, 0x0, &(0x7f0000c67000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f000073e000/0x400000)=nil)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

36m9.143420223s ago: executing program 5 (id=139):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="1000000000000000"])
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xdddd1000, 0x2000, &(0x7f0000fa4000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x2, 0x100)
close(r7)
syz_kvm_setup_cpu$arm64(r2, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f0000000340)=[@svc={0x122, 0x40, {0x8600ff01, [0xcb5, 0x0, 0x8000, 0x4, 0x6]}}, @code={0xa, 0x84, {"602b8ad20080b0f2a10080d2220080d2430080d2640080d2020000d40000005e1f2003d500a0400d0004006e000c80d20000b0f2c10080d2c20180d2c30080d2240080d2020000d40000c05ac09490d200a0b0f2210080d2a20080d2230080d2e40080d2020000d40024c09a000028d5"}}, @msr={0x14, 0x20, {0x603000000013df4b, 0xffff}}, @hvc={0x32, 0x40, {0x8400000a, [0x5e5, 0x0, 0x8, 0xa4f8, 0x9]}}, @smc={0x1e, 0x40, {0x2, [0xeec, 0x0, 0x80, 0xffffffff, 0x95]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0xe, 0x7, 0xfffeffff, 0x3}}, @irq_setup={0x46, 0x18, {0x4, 0x1fe}}, @eret={0xe6, 0x18, 0xbc9}], 0x1bc}], 0x1, 0x0, &(0x7f00000001c0)=[@featur2={0x1, 0x14}], 0x1)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x5, 0x2, &(0x7f0000000000)=0x3})
r11 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000000c0)={0xc})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
syz_kvm_vgic_v3_setup(r11, 0x1, 0x100)
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r13 = syz_kvm_vgic_v3_setup(r12, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f00000002c0)=0x5})

35m49.40004091s ago: executing program 6 (id=140):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000240)={0xdddd0000, 0x1000})
r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000})

35m41.380495837s ago: executing program 5 (id=141):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000240)={0xdddd1000, 0x1000})
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000080)={0xb, 0xffffffffffffffff, 0x1})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_vgic_v3_setup(r7, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x1, 0x0})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c024, &(0x7f00000000c0)})
r12 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000280)=[@featur2={0x1, 0xf}], 0x1)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x7ffe)
r16 = syz_kvm_vgic_v3_setup(r15, 0x2, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x4, 0x0})
r17 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r17, 0x5421, 0x20004000)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x0, 0x9, &(0x7f0000000000)=0xbced})

35m30.871803786s ago: executing program 6 (id=142):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x29)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3f, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, 0x0)

35m16.61781937s ago: executing program 5 (id=143):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x1})
r2 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000000)={0x7})
ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f0000000100)={0x6, 0x1ff})
r6 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r6})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x76d107, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000})
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000000c0)={0x8})
ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000000000)={0x6000})
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000000000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2})

35m12.403388615s ago: executing program 6 (id=144):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r6})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x1001, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x29)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000340)=[@its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0x10, 0x8, 0x8, 0x2}}, @svc={0x122, 0x40, {0x100, [0x9, 0x7030, 0x3, 0x5, 0x3]}}, @code={0xa, 0x6c, {"008008d50044207e0000809a007008d5006c200e007c001b20ec99d20040b8f2810180d2e20180d2230180d2240180d2020000d4a0a19dd20080b0f2810180d2620080d2630080d2640080d2020000d40820601e000008d5"}}], 0xd4}, 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r13, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000100)={0x202, 0x2, 0x1, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000000)={0x7fffffff, 0x8000001})

34m53.750468462s ago: executing program 5 (id=145):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100), 0xfffffffffffffde9}, 0x0, 0x0)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x2, &(0x7f0000000240)=0x6})

34m24.477671906s ago: executing program 37 (id=144):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r6})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x1001, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x29)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000340)=[@its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0x10, 0x8, 0x8, 0x2}}, @svc={0x122, 0x40, {0x100, [0x9, 0x7030, 0x3, 0x5, 0x3]}}, @code={0xa, 0x6c, {"008008d50044207e0000809a007008d5006c200e007c001b20ec99d20040b8f2810180d2e20180d2230180d2240180d2020000d4a0a19dd20080b0f2810180d2620080d2630080d2640080d2020000d40820601e000008d5"}}], 0xd4}, 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r13, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000100)={0x202, 0x2, 0x1, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000000)={0x7fffffff, 0x8000001})

34m4.550637643s ago: executing program 38 (id=145):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100), 0xfffffffffffffde9}, 0x0, 0x0)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x2, &(0x7f0000000240)=0x6})

24m39.222192776s ago: executing program 7 (id=146):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bff000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013e08d, &(0x7f00000000c0)=0x6db})
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r8, 0x2000003, 0x11, r6, 0x0)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)

24m12.0786048s ago: executing program 8 (id=147):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0, 0xfe82}, &(0x7f0000000300)=[@featur2={0x1, 0xa0}], 0x1)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000580)=0x10001})

23m49.740645363s ago: executing program 39 (id=146):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bff000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013e08d, &(0x7f00000000c0)=0x6db})
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r8, 0x2000003, 0x11, r6, 0x0)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)

23m22.941447669s ago: executing program 40 (id=147):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0, 0xfe82}, &(0x7f0000000300)=[@featur2={0x1, 0xa0}], 0x1)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000580)=0x10001})

3m12.266079364s ago: executing program 0 (id=209):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_vgic_v3_setup(r3, 0x2, 0x160)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x3, 0x3, 0xfffffffffffffffe})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x2, 0x8000000, 0x1000, &(0x7f0000c42000/0x1000)=nil})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r6, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)

2m56.588479384s ago: executing program 9 (id=211):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0x4020940d, 0x20000000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x0, 0x1}})
ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f0000000080)={0x5, 0x3})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, <r6=>0xffffffffffffffff})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil)
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000140)={0x2, 0x0, [{0x9cd6, 0x6, 0x1, 0x0, @sint={0x5, 0x738c4fda}}, {0x7, 0x5, 0x0, 0x0, @adapter={0xb, 0xff, 0x6, 0x9, 0x2f2e}}]})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x7, 0x1, 0x0})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
eventfd2(0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0x4020940d, 0x20000000) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x0, 0x1}}) (async)
ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f0000000080)={0x5, 0x3}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4}) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) (async)
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000140)={0x2, 0x0, [{0x9cd6, 0x6, 0x1, 0x0, @sint={0x5, 0x738c4fda}}, {0x7, 0x5, 0x0, 0x0, @adapter={0xb, 0xff, 0x6, 0x9, 0x2f2e}}]}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x7, 0x1, 0x0}) (async)

2m51.302667571s ago: executing program 0 (id=212):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xc0189436, 0x20004000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
close(r2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f00000001c0)=0x7ffffff, 0x648)
r6 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000000)=0x1})
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000880)={0x1000, "62abbec9ed91978e677120d11ca49ad80ff4a2448b9651d09450f4f3828b5fe369727a45faf5ffd70ad0d5c090d85f0cc2b9dc91bffda4d5c704ec83fedb46c19bd45eae421dd81cc63e371c76fb6840aa5612cbf282873facd4e10792678bd0897e59eef9172acbf8d1c826b498eba33a4d4237e4a86176bc0325a62048b6569d5df70b7d8ec62ae7ae1e6231943f902ca15630137ead3ba65ed7cd6cbe1ec9da6473a5ab6af14cd1e2f4c8fd6ec7e170955ab4f3593f3a437fbbc261a2089f4801a20e0fe1f99a10dbe7a492af6e69057f639e2147c0aae1efbaa48ada1634bf2b80d1f2efe88c91f4b2ec8806dd0e6b6b0b3d7efd632b18eed6a72e8d8d2b201b780c53316d029f3396b016108cfb8e9400fc2f8973cf390f696f4c5ccc6730a95373814ef283077bbd37ebe9a46057d2324f2148fbc90f7f5ab833a4cf8c4977b17eb794c050f7c9e11ddde91931662b1abadcc62a3d8a804f5666bf07bb5dddb1395bd433205f18bc922dd8886f7267b611b84690a11fe9a0006a7102d4f0a67aefe896ecf05890b490142915fa8f5be568e392714f8b436b49a5f536e820718e5050671ff5f2aa3ce289dc3677d6d9315497b7eb4e500051568191b8be6b2331158f685aa1c71c77ead55b2885a438f98062f1ea65310d48fd500b99498a9ec391214e38ebca26277538cf715fe5b86ab706c0a66dc7983e3dfea953fa345be7da0ebc8c6dae0b6135ba8e2c291118d9bfb087d932ce396e1bca835bf824a0d9b29d09900cd4b6eb810a04c74f8f9e1c30559ef9cccc949a8604b0f56d5ab7dd0f4fe328419eaefe35d9c22467ad3159aced65672673c63609afc09f7bdc25f4074b745491aeab526bfb009816b0ff223ccfaca5c870530b3f1d8cbbf1e1ecadb106b81d9a72f4a930d8ca7ec58dcc3839ec8c6bb3f54414b36c5aebb0cfed0a2786bbaf388ec25fe2440e35e03e333d80d2d8a7ccc9d3b2cf4914adc0f630c72b6bc183e420192706ee6c35f20bae5a15bdf0df17a5ecc397328bb2c6e29c43770e281bd2134f707991909cc5eae0ced70fcf8ade49a2f4943457984cc3585d1622f80d784fbb603cacc68bc38f8f0fda334df7cfec6acdc3d8c32e742ab426e9a0a921ea0db6de01cb38ed6178883ffbfa5eb371fb8f5a755c2139867a10700f203e2b8bc07e80238de2bf60d966f55b0db30e413075562cc267ee4482253dacdd5a68065a09774d1a3bbc2e10dd212390bf438da0181a9fc8c868c8c00473a38ac130ad432e8af729c2ec13c4133ccff902812c1acdacdcd5a856c83d3f4befcdacdc637dd662f29d858b51dceaa7e7eeb0f939b8de19c5a14bca93bdef6c985505f806e48665dfa7d1831f28ac417f71fc63a2cdc0199178f1412598859d42abaae137a75a7cd7c047864122c804260a8078a6157f98166fc779bc3779301f3e2fc47c8886847e716ace6f25f5acf4ce0d475d78a111e2cd6485f7e6c0a59f438eefbeec6354a31f0148d2ac243589da8b0e53f755b32f0c658177ff3b1a614932497e9823059345cd801e3fe5c777cfc6abf224ffbc7fcce1dcf3bcc04003189921bd4d91aa11bbef90ff5d5be5ed34b68d3640c82541d17634e0cfea8fbf2d20cb18438c9a25a38f17f767dd34c842848dfc41ddb58fa81e2f46cba1238cb2224320db1802869ff90f03f996eb385435d34f29b4e011b33d016876d0f2f35b4242a7e40a4a15c639627a92e02c3b44fbcd695af0c5836b62c2650cd55e48388f96d69777f1f25cf6b7cff2d0bf8ace175ed67cbc0de832abf8562e2cf08ae2b9b807697562dd24a5a8b8ef74fa03f8e6fb8e503a55ce921e2ac59fed2118b651f26776a0a7004f035690a541d6639022a594abaffb862ed1c72b6ef09c43b1f55e22a267cf45bfa82b6c58ce122a30d31093218db839eade1a43769dfbea6fdd3efaad853b684557a56c83cc9a74510f690d271b5483d4e963bbb48445869655a19aec1ec9f17abed7ac690fe5891de192c7a89e02f646dc169207d7ec54066d104e7bc1004371677f08acc0fc3140c16473953145c5ed8d3e91293642c993bc3b2d59a102fa4c6f6c114597f482b39ed0e3c0ffa912de2e02237e0583b7fd74a81197e5e8ee455776867949a4574ababbb0a34453c69ab2bff40e3dc08d37aa7adbaddeafab6ebefdd440d614de3bdbf371e5833b0329ee3866a85c0c5009f0ede015b61afc9f163d5371e16d93141af4bf2890321ff29028ef164383810d715a4def2787bcceb513eaf37216a7c42a9c74a23b7e3f0c396562e588ee5159f5509919a60b29a4b94d40392392caf8b63ab79bbf6709ccca4f8c2c286bde0340ce56717cbe74841dbc10dfe90d2012a5a898f0a04dd656fb35d7e883702fbb66602aebad3147c4c6fa5577cf4fbc1bb260344d3740cd244e5b3cc9edc414cb617eb105404300b47d8d9bed0e23767f20f37cf67fe2d37080503bfcd55622a37fb713705a244da2f6256a00b3cec63c8b71eaef4d74900d759e41289dd6577a8dda97c9a6caf3c0aab6b98afa7614c20afaa4908def63e86f2773a533ca6f207d83d87c3098013d8b69ca46d598514bd75947d1da39855f627b4a28cf29a522abf08b371a838e16aa5f1bbfd5cd52986b48d60afc10ba68c70c4116e3fdf9607d3105ea0418a2e4b5f155d6e08ce6375484a0d46f749d48cf7eed2d5a3b481bea1eb15743c0b60d235bf4cd028bfb00a8d579056c03ed454b492a007c2dbf1570c84b00bfe50d7f81688da5fbaea103ccf982b8a3e71c26de0a70f373babe9959ad0eba89a08625c9badf0864621524356fa5cd59c317ea1839411f3395bacc21bbe09abf705c92482dba4ae15e740336465fb272516a29b8882d42ec07d5344cdaecabf090e6f88d7e4b0224ce1618df0170c90e6bb881fe3bdfefcdc309d1fe38544592883cd354816d0b9ab67d0ef06144d82542773040aee8d0ca8c95c6f4e9f02cb9c97fddd5e9f593cd277360de5b93cf8ae11e40d59e6e587f6304fd1346f6b4baa77e78659b4d182ac138d554ee1789250841911d1b9ab1e33096d624359a57ee6b14b48622f0cf9aed50630faa47428962b347351271385084986c5af6c4a18d28d1a358363c9d1723f1e9b2e56a877efef247e5e34e16944c079753651328c3cd8bd5741f4394853db275d41149ce21936d517455e70773426555f38be0228bcd4835a629182b2d53a76075b9ab81e896c758c71f153ebb1019da6461320de4b91531240efffd91a8238794812724ecbdb43454c94739c6399a78969106b10c0e20350e9a29ee1344422ac57a2ed32866f9bd248f7e4262bc59fcc504d19ffd73e46d56abae9b9e91c82137ded83da14ad7f57c1711926924a2013a7625399a7ea1c8f78e2968cf94250ff7b8d684a41d90eea0d94180e29ae2b6582c6a47222746cdfbe8616f4a347b6e306c06749074cb7730d04ac0f84010fb539ae161c517785da651d24706a21d03b53001c1b1479099af9a4c209a10846e1bb8cf6f9f21e3a7383aba2ea37a845c1cf43a829d61165b54614d9dd0ce589c9385698c8ed8a090ad6922ea926f420e2b6d914d257913947ed1299558ec691728c1ba6a66f51549c155c511ec5c13e6d4e619d6f400e0f43b950173b750427c34a33bb1c573e27dee33d2ac9bdc5ecfe73c5e607524f8396e50ba5c83ce1164e5a515ee4485f841eadeda5fa0d6c08f4325b643f0679c9df583ed9ba373c515fb248ac8ce87436473c71936617f3c8203ab3f33a552ffa003d77ef62bd86624474bfe690ce0f1e4700de4db365fa8d3179d0590899957877be3b82cfbdffa6f572099c03e1051a060256318e86ca0ee57e76a6c42e3584efb14aa52aa0aa0304aabe5bb6830c0f634fcb277e2d3e5d85d3241f577e1b300c2d3ec9d5e3a51a991b64b28eeb2159c7d4430e88b20316847dbc8f2ef421fd6a21ea1736e2bdc9d04ef0e1e76f71c6ccabb6f41b84ad61bfd93483969593dfa2d0f6c595ef3f3674be80fdca380d654137f2987b06ac5168e7d715d4532c557d3d53b46ee0031525bc85ee92ebd599f62877ce7af2a2f871e9026fd840bddc060001c9570bab124f175329afd0599c0acf5817f44c6fb5a962349768582bb972ebb00df70fbf8d313095d4c42c6870e3b2dc5913b6e032b9e761e26cf059d1574ee4f46988f5c6ed8e93c02036e06ad322a7f57bdc401324e2f5e3a0a1505cdb872b7cd3c8b6edb647c2104eae4ab50dc257d79e6d01a97e9212f8ad8f91e60cf767c9412c5893e05c779631dbeaeaee8244236d1daa88116982bdc9cb92a466dc80529289b1c8403283c8d0a679fc6277466a8168c2f91ce05b0bf660790cb0617dc0a513db9f1d3cc03e75b4c007635e73e10d3e2500f5b856aad3eb9db2bb5601cf9560907599cf7090035e5c272c0f5bfcdb5310e5dbfec1583634151d8708c1dd4d318425848d8fb8df39a549e16251109f284a1850a0a4b279bddf9d456ae6839cf86432ffdd2d50eea6800a9cb00679cbbcecbdf0f7169d2713bfff65ef58949604cd2e8d1b46462acc84688f44f4ef01d581fa0938e2d2c6aa00cfc3120c623cb82dafc56d8f82dc14e7a7895d1a9194d790d7187a4b0c656e985af275a1ba8514cf561e3e78a3c6bc9dd8e6eb351b2f4ba98a1db0a5702fc75452a92a1503e16cc4affa2af5869ecee5a8a6bd0e0ed96c98a736c6d957f7063b69bdbd1c611b2b6bc793db4c019f027fdc5c7b88ebfdd3716162315c27bc90e4dc34922859c4a258ce2c6a7ae585f54565970e649a81a87714e3464eaf94255bc659162692ef991ce134ccd0b8c7a7fad1c94dfcdd61fa9333fec901265e6309482ae827f6ffde6ecec6d1ae7efa771310d537f3519a3959dd1ad6f2f1a40afc0d37f0647559ced2127a76d5b9790cbda617edadd38748fd3f079f8b1e96e8988a78810e4beabce7d1015c6292b310361b8f2b3a00ae9c6dd7020a04f7daf7ce6a83495b11915454c207be4f0f28cdef7c0dcedec5716557894d7010e5a4108df517dbefaea425129718b170c5b710323785412f80e0218fe982f01e9637ff1bb12fd239e1d7904a5eef08d727f641cb392c0584aade2cd4da69b6c3e99120e88cd3b434da18467761bdd9c78e03977bd35e78b595777f2a6a37af1834b12899ac32175107244360c747771f2f460e11be4daf70a7fba28239d18fc8d72930b4ab33370e91f13d89a070cef786eb2e7a6ca6aec9252524df54772d8c725a9839ce76d70788b22aaee39c9b76f6500032281c93fd4fc87ab4ae013bdf1bed9e2a34bee9cafb151b7e81cc97585a483c3289fcd9a1ad7434c53881b61edc4082ad8b7665bec70912df6db43f5ae39e6b026b1a99b316ce8e0245b92e5b6612d8cd556b665364da3e83e49483c64ba228891d3a0cbaf174262f1bcffb84376fb7d0054981b35c391dc155570272eaab1f96950e3a73ceb9686762c93a053c869e9cbdbeddc009cfad72e318d26a8a963ef9df6808df6425b1d085226359f75557fa14fd638ca6f23c1f24952d25a6f3a6c1406940263a63bceaa78e20cf06258167df6b6a109bd3677a26051d9167d9991d0126cc12fc75629eebe1dcf6a427cffaaefecef89dd78df2fbbef2131277900dc0cceb619921394f9239eb3b0b1babc68b3e3336ece8e55be97ae1f496c3e86fe372bbb72ce5b85f6d4acdbda6cd51745d7214c0a17bd2f39c1a2025194363a372c369c7490052efea44a720fefe9a784a6b8f1f1"})
syz_kvm_setup_cpu$arm64(r1, r7, &(0x7f0000bfe000/0x400000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="82000000001e000028000000000000000100000000000000020000000000000006010000000000000a00000000000000b40000000000000000218dd20080b8f2810180d2c20080d2430080d2640080d2020000d4008008d5008008d580b99ad20020b0f2410080d2620180d2430180d2e40180d2020000d440cb8f80d2840080d2020000d4000028d50000589e0000251e20838dd20000b8f2010080d2220080d2030080d2e40180d2020000d4c0d490d200c0b0f2810180d2820180d2e30180d2640080d2020000d4c0035fd68200000000000000280000000000000000000065020000000000006e00000000000000300000000000000000000a0800000000080000000000000001000000010000000200000000000000aa0000000000000028000000000000000100000000000600000002000000080000000400000000004600000000000000180000000000000001000000d2020000220100000000000040000000000000000100008000000000ffffffffffffff7f03000000000000000000040000000000f807000000000000060000000000000082000000000000002800000000000000010000000000000003000000000000004e0000000000000022010000000000004000000000000000000000060000000002000000000000000900000000000000000000000000000000040000000000004b090000000000000a000000000000006c00000000000000001c004e0000c0ad000008d5008008d5807a8ed200e0b0f2c10080d2420180d2430180d2240180d2020000d4e0cc9dd20000b0f2410080d2a20180d2a30080d2440180d2020000d40000005a008008d5000028d5000cc078c0035fd6220100000000000040000000000000000f0000840000000004000000000000000200000000000000060000000000000002ffffffffffffff0900000000000000aa00000000000000280000000000000009010100000008000000040000000700000001000000000046000000000000001800000000000000010000007d01000032000000000000004000000000000000020000840000000004000000000000000300000000000000020000000000000008000000000000007f00000000000000aa0000000000000028000000000000000c00040000000b00000006000000060000000400000000004600000000000000180000000000000000000000ff000000000000000000000018000000000000000400000000000000e600000000000000180000000000000005000000000000004600000000000000180000000000000000000000a802000022010000000000004000000000000000120000c40000000001000000000000000100000000000000080000000000000006000000000000000100000000000000320000000000000040000000000000008000000000000000050000000000000007000000000000000a00000000000000040000000000000002000000000000004600000000000000180000000000000003000000db030000e6000000000000001800000000000000080000000000000082000000000000002800000000000000030000000000000002000000000000002f010000000000001e0000000000000040000000000000000300004000000000080000000000000000000000000000800100000000000000000000000100000000000000000000000a00000000000000840000000000000000a18dd200a0b0f2a10180d2820080d2030180d2a40180d2020000d4000028d5000c95d20020b8f2610180d2a20180d2430180d2640080d2020000d400d0005f007008d500b8205e0004201e804087d200e0b8f2a10180d2420180d2630180d2e40180d2020000d4000008d5007008d5c0035fd64600000000000000180000000000000003000000970000001400000000000000200000000000000069df1300000030600f0000000000000022010000000000004000000000000001ff7f0080000000000100df00000000000200000000000000030000000000000002000000000000000a00000000000000000000000000000018000000000000000002000000000000320000000000000040000000000000001000000000000000060000000000000007000000000000000300000000000000ffffffffffffff7ffcffffffffffffff1e00000000000000400000000000000001ff00860000000000000000000000000400000000000000030000000000000001000080000000000700000000000000"], 0x67c}], 0x1, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x28}], 0x1)

2m33.638468687s ago: executing program 9 (id=213):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x22)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000ffe000/0x1000)=nil})
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x5, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x80a0000, 0x2000})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
mmap$KVM_VCPU(&(0x7f0000e0f000/0x2000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x4000)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x4)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x1, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000240)=0xfffffffffffffffe})
r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r6, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x2})

2m25.373804801s ago: executing program 0 (id=214):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0xfffffffffffffe1f)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000380)=@attr_other={0x0, 0xfffffffe, 0x4ff, &(0x7f0000000400)=0xfff})
r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000240)={0x3, 0x9}})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_vgic_v3_setup(r10, 0x3, 0xa0)
ioctl$KVM_IRQ_LINE(r10, 0x4008ae61, &(0x7f0000000140)={0x100, 0xff})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000002c0)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000280)=0x9})
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @irq_setup={0x46, 0x0, {0x4, 0x120}}], 0x96}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r12, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r16 = eventfd2(0xfffffffa, 0x80001)
write$eventfd(r16, &(0x7f0000000200)=0x8, 0x8)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000000)={0xd, 0x100000, 0x8, r16, 0x4})

2m7.18104205s ago: executing program 9 (id=215):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000340)=[@uexit={0x0, 0x18, 0x1f95}, @svc={0x122, 0x40, {0x100, [0x9, 0x7030, 0x3, 0x5, 0x3]}}, @code={0xa, 0x6c, {"008008d50044207e0000809a007008d5006c200e007c001b20ec99d20040b8f2810180d2e20180d2230180d2240180d2020000d4a0a19dd20080b0f2810180d2620080d2630080d2640080d2020000d40820601e000008d5"}}], 0xc4}, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
syz_kvm_setup_cpu$arm64(r6, r4, &(0x7f0000001000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000440)=[@irq_setup={0x46, 0x18, {0x2, 0x33}}, @irq_setup={0x46, 0x18, {0x2, 0xc0}}, @code={0xa, 0x6c, {"007008d500b8a17e20469ad200a0b0f2810180d2a20180d2c30080d2640080d2020000d4007008d50820601ee0b187d200c0b0f2610080d2220080d2230180d2a40180d2020000d4000028d5000008d50000309e00a4600d"}}, @hvc={0x32, 0x40, {0x80007fff, [0x80000000, 0x7, 0x7fffffffffffffff, 0xad, 0x2]}}, @hvc={0x32, 0x40, {0x80, [0x4, 0x8e, 0x4, 0x7, 0xfffffffffffffffb]}}, @msr={0x14, 0x20, {0x6030000000138027, 0x80000001}}, @irq_setup={0x46, 0x18, {0x3, 0x41e5}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x1, 0x40000002, 0x8, 0x6, 0x4}}, @code={0xa, 0xb4, {"007008d5007008d500699ad200a0b0f2210080d2020080d2630180d2a40080d2020000d4007008d5608d90d20080b8f2210080d2020080d2230080d2640180d2020000d4600296d20000b0f2810180d2e20180d2030180d2c40180d2020000d460308cd20060b8f2c10180d2a20080d2830180d2840180d2020000d400fc200e5f2003d5607d85d200c0b0f2a10080d2a20080d2430180d2e40180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x0, 0x8}}, @eret={0xe6, 0x18, 0x800}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x4, 0x11, 0x5, 0x3}}, @uexit={0x0, 0x18, 0x101}, @eret={0xe6, 0x18, 0xe8}, @msr={0x14, 0x20, {0x603000000013c212, 0xff}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x27d}}, @irq_setup={0x46, 0x18, {0x0, 0x146}}, @uexit={0x0, 0x18, 0x1}, @msr={0x14, 0x20, {0xa050000000340769, 0x7fff}}, @hvc={0x32, 0x40, {0x40000000, [0x10001, 0xd, 0x80000001, 0x5, 0x8]}}, @code={0xa, 0x6c, {"007008d50040251e000028d580c78bd20040b8f2210180d2c20080d2230080d2240180d2020000d4007008d500a8a17e007008d5007008d540559ad200c0b8f2410080d2820180d2c30080d2840180d2020000d4000008d5"}}, @smc={0x1e, 0x40, {0x8000, [0xa8, 0x0, 0x9ec, 0x9, 0x2]}}, @code={0xa, 0xcc, {"206197d20020b8f2e10180d2c20080d2430080d2440080d2020000d4c01b81d200e0b8f2a10080d2e20080d2030180d2440180d2020000d4000028d560c496d20060b8f2410180d2020180d2430080d2e40080d2020000d40080202e60df9ad20060b8f2810180d2420180d2c30080d2c40080d2020000d40000df0c0000208be07b9bd200c0b0f2810080d2c20180d2830080d2040180d2020000d4a02c8ad200e0b8f2010080d2820080d2a30080d2440080d2020000d4"}}], 0x520}], 0x1, 0x0, &(0x7f0000000140)=[@featur1={0x1, 0x6a}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x202, 0x2, 0x1, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2c)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x7fffffffffffffff})
syz_kvm_setup_cpu$arm64(r3, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f0000000980)=[@irq_setup={0x46, 0x18, {0x2, 0x1af}}, @hvc={0x32, 0x40, {0x80008000, [0x7, 0x67, 0xfffffffffffffffc, 0x1, 0x2]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x2, 0x3, 0x7, 0x3, 0x4}}, @uexit={0x0, 0x18, 0x8}, @smc={0x1e, 0x40, {0x200, [0x7, 0x99b, 0x23, 0x3, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1c00, 0x2, 0x5}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1600, 0x8, 0x4}}, @code={0xa, 0x9c, {"0004000f000028d5007008d5406694d20060b0f2210080d2020180d2830080d2a40080d2020000d4e0b882d200e0b0f2210180d2620180d2630180d2440080d2020000d4020000d4007008d5404988d20080b0f2010080d2220080d2a30080d2240180d2020000d40820201ee01391d200a0b8f2010080d2a20180d2a30180d2c40180d2020000d4"}}, @eret={0xe6, 0x18, 0x9}, @uexit={0x0, 0x18, 0x7fffffff}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x308}}, @msr={0x14, 0x20, {0x603000000013df4c, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf20, 0x1155077a}}, @code={0xa, 0x6c, {"000040b9007008d500f4006f007008d5007008d5008008d5603d8cd200c0b8f2610180d2620180d2030080d2440180d2020000d400c0641e0020206ea0749fd20060b0f2210080d2020080d2830080d2440080d2020000d4"}}, @code={0xa, 0x9c, {"008008d500b291d20060b0f2610180d2e20180d2830180d2a40080d2020000d400c0200e606b95d200c0b8f2610080d2a20180d2e30180d2a40180d2020000d440608dd20040b0f2210180d2020180d2030180d2840180d2020000d4e0a08ed200c0b8f2e10080d2020080d2230180d2440080d2020000d40040e00d0080bf0d0060800c00000033"}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x3, 0x10, 0x8, 0x6, 0x1}}, @msr={0x14, 0x20, {0x603000000013c807, 0x5}}, @mrs={0xbe, 0x18, {0x603000000013a038}}, @code={0xa, 0x6c, {"0000400c007008d5007008d5008008d5000008d5000008d500c0271e008008d5604f9cd20000b0f2e10180d2c20180d2630080d2c40080d2020000d4e0c49bd20000b8f2610080d2a20080d2230080d2040180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0xe35a, 0x1}}, @code={0xa, 0xb4, {"0004000f000040f9000860b8e0ce93d200e0b0f2a10180d2020080d2230180d2440080d2020000d4007008d540a68ed20040b8f2610080d2420180d2e30080d2e40080d2020000d4c06d84d200c0b0f2810080d2a20080d2430080d2e40180d2020000d4e01799d20040b8f2810080d2820180d2c30180d2a40180d2020000d4603f9dd200a0b8f2410080d2820180d2430080d2c40180d2020000d40068217e"}}, @mrs={0xbe, 0x18, {0x603000000013df6e}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x4, 0xc, 0x2, 0xbb7a, 0x4}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x1cc}}, @uexit={0x0, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013e6ce, 0xebb5}}, @code={0xa, 0x6c, {"000028d50094002f00c0611e0000791e602f83d20020b0f2010080d2c20180d2630180d2840080d2020000d4a04e87d20060b8f2210080d2020080d2630080d2a40080d2020000d4008008d50000009000a8a10e000c803c"}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x1, 0x7, 0x3, 0x8}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x7fff}}, @msr={0x14, 0x20, {0x6030000000138010, 0x4}}, @hvc={0x32, 0x40, {0x80008000, [0xffff, 0x9, 0xfffffffffffffffe, 0x4, 0x50f]}}, @hvc={0x32, 0x40, {0x2, [0x63, 0x7ff, 0x4800, 0x6, 0x8000000000000000]}}], 0x728}], 0x1, 0x0, &(0x7f00000001c0)=[@featur2={0x1, 0x80}], 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

1m57.167888114s ago: executing program 0 (id=216):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, <r2=>0xffffffffffffffff})
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000004000000000000000ad770081000000000800000000000000010000000000000002000000000000000300000000000000040000000000000032000000000000004000000000000000530000c400000000000080"], 0x80}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x2000000, 0x0})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000140)=0x7})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x28)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
r13 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x19)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x25)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r17, 0x4208ae9b, &(0x7f0000000400)={0x1, 0x0, {[0xfffffffffffffffb, 0x3ff, 0x1000, 0xe26f, 0x3, 0x6, 0x9, 0x0, 0x4, 0x5, 0x7, 0x81, 0x0, 0x7fffffffffffffff, 0x1, 0x2], [0x80000001, 0x8, 0x34f, 0x80000001, 0x8000000000000000, 0xfffffffffffffffb, 0x8, 0x5, 0x7ff, 0x6, 0xa87f, 0x1, 0x5, 0x7f7fffffffffffff, 0x9, 0x7fffffff], [0x6, 0x2, 0x3, 0xfff, 0xe7, 0x1, 0x100000001, 0x0, 0x8, 0x3ff, 0x8, 0x401, 0x3, 0x3, 0xfffffffd], [0xe, 0xffffffffffff37a5, 0x80000000, 0x54435a02, 0xd17b, 0x2, 0x4, 0xff, 0xa4c, 0x2, 0x400, 0x1, 0xfffffffff14d8e2e, 0x44, 0x400, 0xfffffffffffff2f2]}})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
r18 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
ioctl$KVM_S390_VCPU_FAULT(r12, 0x4008ae52, &(0x7f0000000000)=0x7)
ioctl$KVM_CHECK_EXTENSION(r18, 0x541b, 0xac)

1m35.450610826s ago: executing program 9 (id=217):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x80000000, 0x6})
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r10=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r10, 0x800454cf, 0x200000000000000)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x10003})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x0, r13, 0x2})
ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x0, r13, 0xf})
r14 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xc5000020, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)

1m28.969802338s ago: executing program 0 (id=218):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x80000000})
r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x4, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m8.518147545s ago: executing program 0 (id=219):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x309c00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xb)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f00000000c0)={0x80a0000, 0x5000, 0x80001})
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000000)={0x7})
r4 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000080)={0x0, 0xf000, 0x0, r4})
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000000c0)={0x8})
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0x6000})
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001})

1m7.300686598s ago: executing program 9 (id=220):
munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000) (async)
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3}) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x37d03030d7a92616}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x5000}) (async)
r4 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)

50.553244954s ago: executing program 9 (id=221):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x5d)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000f72000/0x1000)=nil, 0x930, 0x0, 0xe832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0xc3)
openat$kvm(0x0, &(0x7f00000004c0), 0xd2078c21a083311, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_assert_reg(r7, 0x603000000013c4f1, 0x8000)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r7, 0x4018aee3, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@code={0xa, 0x9c, {"007008d5605a88d20080b0f2010180d2820180d2030080d2040180d2020000d4000008d5000028d5800584d200a0b0f2c10180d2820080d2e30180d2c40080d2020000d4000008d5007008d5000028d5007699d200e0b0f2010180d2a20180d2e30180d2840180d2020000d4e00390d20020b0f2a10180d2c20180d2a30180d2e40180d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013f208, 0x1}}, @msr={0x14, 0x20, {0x603000000013806f, 0x1000}}, @svc={0x122, 0x40, {0x8400000c, [0x7ff, 0x6, 0x101, 0x5]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x3a1}}, @code={0xa, 0x54, {"0018285e007008d500c8a05e0040204e602497d20080b0f2410080d2420080d2830180d2a40180d2020000d40000221e000008d5007008d5007008d5008008d5"}}, @mrs={0xbe, 0x18, {0x603000000013dea1}}, @code={0xa, 0x9c, {"40148ad20020b0f2010080d2020180d2830080d2e40080d2020000d40010805f008008d5007008d50060e00d0000009b00a0800d60ad87d200c0b0f2810180d2220180d2230080d2a40180d2020000d480149fd20060b8f2610080d2820080d2830080d2e40080d2020000d4c05188d200e0b8f2e10180d2620180d2e30080d2440080d2020000d4"}}, @msr={0x14, 0x20, {0x0, 0x9}}, @mrs={0xbe, 0x18, {0x603000000013df5d}}, @irq_setup={0x46, 0x18, {0x0, 0xd3}}, @hvc={0x32, 0x40, {0x40, [0x1, 0x8, 0x434, 0x0, 0x4]}}, @code={0xa, 0x9c, {"000028d5207b83d200a0b0f2410080d2e20080d2830080d2440080d2020000d4007008d50078214e00c8b02e000008d560b59bd200a0b8f2610080d2e20080d2430180d2e40080d2020000d400269fd20080b0f2010180d2220180d2c30180d2440180d2020000d4007008d5c0379ad20040b0f2410180d2420080d2e30080d2840180d2020000d4"}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x2e6}}, @svc={0x122, 0x40, {0x84000007, [0x8, 0x4, 0x1, 0x4, 0x7fff]}}], 0x3e0}, &(0x7f0000000480)=[@featur2={0x1, 0x8}], 0x1)
ioctl$KVM_GET_SREGS(r8, 0x8000ae83, &(0x7f0000000600))

19.560790545s ago: executing program 41 (id=219):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x309c00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xb)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f00000000c0)={0x80a0000, 0x5000, 0x80001})
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000000)={0x7})
r4 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000080)={0x0, 0xf000, 0x0, r4})
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000000c0)={0x8})
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0x6000})
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001})

0s ago: executing program 42 (id=221):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x5d)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000f72000/0x1000)=nil, 0x930, 0x0, 0xe832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0xc3)
openat$kvm(0x0, &(0x7f00000004c0), 0xd2078c21a083311, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_assert_reg(r7, 0x603000000013c4f1, 0x8000)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r7, 0x4018aee3, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@code={0xa, 0x9c, {"007008d5605a88d20080b0f2010180d2820180d2030080d2040180d2020000d4000008d5000028d5800584d200a0b0f2c10180d2820080d2e30180d2c40080d2020000d4000008d5007008d5000028d5007699d200e0b0f2010180d2a20180d2e30180d2840180d2020000d4e00390d20020b0f2a10180d2c20180d2a30180d2e40180d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013f208, 0x1}}, @msr={0x14, 0x20, {0x603000000013806f, 0x1000}}, @svc={0x122, 0x40, {0x8400000c, [0x7ff, 0x6, 0x101, 0x5]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x3a1}}, @code={0xa, 0x54, {"0018285e007008d500c8a05e0040204e602497d20080b0f2410080d2420080d2830180d2a40180d2020000d40000221e000008d5007008d5007008d5008008d5"}}, @mrs={0xbe, 0x18, {0x603000000013dea1}}, @code={0xa, 0x9c, {"40148ad20020b0f2010080d2020180d2830080d2e40080d2020000d40010805f008008d5007008d50060e00d0000009b00a0800d60ad87d200c0b0f2810180d2220180d2230080d2a40180d2020000d480149fd20060b8f2610080d2820080d2830080d2e40080d2020000d4c05188d200e0b8f2e10180d2620180d2e30080d2440080d2020000d4"}}, @msr={0x14, 0x20, {0x0, 0x9}}, @mrs={0xbe, 0x18, {0x603000000013df5d}}, @irq_setup={0x46, 0x18, {0x0, 0xd3}}, @hvc={0x32, 0x40, {0x40, [0x1, 0x8, 0x434, 0x0, 0x4]}}, @code={0xa, 0x9c, {"000028d5207b83d200a0b0f2410080d2e20080d2830080d2440080d2020000d4007008d50078214e00c8b02e000008d560b59bd200a0b8f2610080d2e20080d2430180d2e40080d2020000d400269fd20080b0f2010180d2220180d2c30180d2440180d2020000d4007008d5c0379ad20040b0f2410180d2420080d2e30080d2840180d2020000d4"}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x2e6}}, @svc={0x122, 0x40, {0x84000007, [0x8, 0x4, 0x1, 0x4, 0x7fff]}}], 0x3e0}, &(0x7f0000000480)=[@featur2={0x1, 0x8}], 0x1)
ioctl$KVM_GET_SREGS(r8, 0x8000ae83, &(0x7f0000000600))

kernel console output (not intermixed with test programs):

[  409.973534][ T3152] 8021q: adding VLAN 0 to HW filter on device bond0
[  474.354515][ T3152] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:8513' (ED25519) to the list of known hosts.
[  640.059911][   T25] audit: type=1400 audit(639.230:61): avc:  denied  { name_bind } for  pid=3310 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  641.990014][   T25] audit: type=1400 audit(641.160:62): avc:  denied  { execute } for  pid=3311 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  642.032922][   T25] audit: type=1400 audit(641.190:63): avc:  denied  { execute_no_trans } for  pid=3311 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  665.513679][   T25] audit: type=1400 audit(664.690:64): avc:  denied  { mounton } for  pid=3311 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  665.549685][   T25] audit: type=1400 audit(664.720:65): avc:  denied  { mount } for  pid=3311 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  665.638601][ T3311] cgroup: Unknown subsys name 'net'
[  665.692846][   T25] audit: type=1400 audit(664.870:66): avc:  denied  { unmount } for  pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  666.099827][ T3311] cgroup: Unknown subsys name 'cpuset'
[  666.205615][ T3311] cgroup: Unknown subsys name 'rlimit'
[  667.131442][   T25] audit: type=1400 audit(666.300:67): avc:  denied  { setattr } for  pid=3311 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  667.151363][   T25] audit: type=1400 audit(666.320:68): avc:  denied  { mounton } for  pid=3311 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  667.179929][   T25] audit: type=1400 audit(666.350:69): avc:  denied  { mount } for  pid=3311 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  668.405938][ T3314] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  668.426131][   T25] audit: type=1400 audit(667.600:70): avc:  denied  { relabelto } for  pid=3314 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  668.449238][   T25] audit: type=1400 audit(667.620:71): avc:  denied  { write } for  pid=3314 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  668.635441][   T25] audit: type=1400 audit(667.810:72): avc:  denied  { read } for  pid=3311 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  668.660333][   T25] audit: type=1400 audit(667.830:73): avc:  denied  { open } for  pid=3311 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  668.705497][ T3311] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  726.292636][   T25] audit: type=1400 audit(725.470:74): avc:  denied  { execmem } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  730.839019][   T25] audit: type=1400 audit(730.010:75): avc:  denied  { read } for  pid=3322 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  730.864398][   T25] audit: type=1400 audit(730.040:76): avc:  denied  { open } for  pid=3322 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  730.973996][   T25] audit: type=1400 audit(730.150:77): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  731.254789][   T25] audit: type=1400 audit(730.430:78): avc:  denied  { module_request } for  pid=3322 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  731.273858][   T25] audit: type=1400 audit(730.440:79): avc:  denied  { module_request } for  pid=3323 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  732.446576][   T25] audit: type=1400 audit(731.620:80): avc:  denied  { sys_module } for  pid=3322 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  757.935953][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  758.104974][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  758.932194][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  759.076921][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  777.022101][ T3322] hsr_slave_0: entered promiscuous mode
[  777.065250][ T3322] hsr_slave_1: entered promiscuous mode
[  778.113005][ T3323] hsr_slave_0: entered promiscuous mode
[  778.153005][ T3323] hsr_slave_1: entered promiscuous mode
[  778.185567][ T3323] debugfs: 'hsr0' already exists in 'hsr'
[  778.192345][ T3323] Cannot create hsr debugfs directory
[  784.020051][   T25] audit: type=1400 audit(783.190:81): avc:  denied  { create } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  784.089710][   T25] audit: type=1400 audit(783.260:82): avc:  denied  { write } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  784.131045][   T25] audit: type=1400 audit(783.300:83): avc:  denied  { read } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  784.266142][ T3322] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  784.634917][ T3322] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  785.020535][ T3322] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  785.369780][ T3322] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  786.971436][ T3323] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  787.105866][ T3323] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  787.276911][ T3323] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  787.515074][ T3323] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  800.931704][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0
[  803.726012][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0
[  863.903307][ T3322] veth0_vlan: entered promiscuous mode
[  864.392345][ T3322] veth1_vlan: entered promiscuous mode
[  866.540537][ T3322] veth0_macvtap: entered promiscuous mode
[  866.896467][ T3323] veth0_vlan: entered promiscuous mode
[  867.174732][ T3322] veth1_macvtap: entered promiscuous mode
[  867.693391][ T3323] veth1_vlan: entered promiscuous mode
[  869.552984][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  869.566220][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  869.579368][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  869.590493][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  870.685152][ T3323] veth0_macvtap: entered promiscuous mode
[  871.253811][ T3323] veth1_macvtap: entered promiscuous mode
[  872.481770][   T25] audit: type=1400 audit(871.650:84): avc:  denied  { mount } for  pid=3322 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  872.651494][   T25] audit: type=1400 audit(871.800:85): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/syzkaller.fJIqnH/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  872.805793][   T25] audit: type=1400 audit(871.980:86): avc:  denied  { mount } for  pid=3322 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  873.126546][   T25] audit: type=1400 audit(872.300:87): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/syzkaller.fJIqnH/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  873.340100][   T25] audit: type=1400 audit(872.450:88): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/syzkaller.fJIqnH/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3778 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  873.850445][ T3361] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  873.854471][ T3361] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  873.871506][ T3361] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  873.910034][ T3361] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  874.123360][   T25] audit: type=1400 audit(873.280:89): avc:  denied  { unmount } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  874.272464][   T25] audit: type=1400 audit(873.450:90): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  874.395906][   T25] audit: type=1400 audit(873.570:91): avc:  denied  { mount } for  pid=3322 comm="syz-executor" name="/" dev="gadgetfs" ino=3787 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  874.720241][   T25] audit: type=1400 audit(873.890:92): avc:  denied  { mount } for  pid=3322 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  874.812411][   T25] audit: type=1400 audit(873.970:93): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  876.406191][ T3322] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  887.301062][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  887.314256][   T25] audit: type=1400 audit(886.470:98): avc:  denied  { read } for  pid=3473 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  887.468667][   T25] audit: type=1400 audit(886.630:99): avc:  denied  { open } for  pid=3473 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  888.353477][   T25] audit: type=1400 audit(887.510:100): avc:  denied  { ioctl } for  pid=3473 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  891.295109][   T25] audit: type=1400 audit(890.470:101): avc:  denied  { execute } for  pid=3475 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3901 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  917.168519][   T25] audit: type=1400 audit(916.340:102): avc:  denied  { ioctl } for  pid=3496 comm="syz.1.7" path="net:[4026532620]" dev="nsfs" ino=4026532620 ioctlcmd=0xae79 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  926.859300][   T25] audit: type=1400 audit(926.020:103): avc:  denied  { write } for  pid=3502 comm="syz.1.9" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  946.724584][   T25] audit: type=1400 audit(945.870:104): avc:  denied  { setattr } for  pid=3515 comm="syz.1.13" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  996.646157][   T25] audit: type=1400 audit(995.820:105): avc:  denied  { append } for  pid=3548 comm="syz.0.21" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1149.115060][ T3583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1149.346451][ T3583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1151.771902][ T3585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1152.055891][ T3585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1178.766829][ T3583] hsr_slave_0: entered promiscuous mode
[ 1178.874209][ T3583] hsr_slave_1: entered promiscuous mode
[ 1178.940508][ T3583] debugfs: 'hsr0' already exists in 'hsr'
[ 1178.949349][ T3583] Cannot create hsr debugfs directory
[ 1182.406650][ T3585] hsr_slave_0: entered promiscuous mode
[ 1182.524736][ T3585] hsr_slave_1: entered promiscuous mode
[ 1182.583616][ T3585] debugfs: 'hsr0' already exists in 'hsr'
[ 1182.620433][ T3585] Cannot create hsr debugfs directory
[ 1199.594816][ T3371] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1201.165941][ T3371] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1202.364741][ T3371] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1203.734905][ T3371] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1207.288928][ T3583] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1207.859361][ T3583] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1208.656932][ T3583] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1216.961340][ T3371] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1217.071704][ T3371] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1217.151370][ T3371] bond0 (unregistering): Released all slaves
[ 1217.534980][ T3583] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1218.882683][ T3371] hsr_slave_0: left promiscuous mode
[ 1219.000582][ T3371] hsr_slave_1: left promiscuous mode
[ 1219.373369][ T3371] veth1_macvtap: left promiscuous mode
[ 1219.382812][ T3371] veth0_macvtap: left promiscuous mode
[ 1219.421134][ T3371] veth1_vlan: left promiscuous mode
[ 1219.431252][ T3371] veth0_vlan: left promiscuous mode
[ 1236.177146][ T3585] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1236.644553][ T3585] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1237.150233][ T3585] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1237.574787][ T3585] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1238.872549][ T3417] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1239.983433][ T3417] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1241.069089][ T3417] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1242.552853][ T3417] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1264.151152][ T3417] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1264.664402][ T3417] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1264.951639][ T3417] bond0 (unregistering): Released all slaves
[ 1267.344177][ T3417] hsr_slave_0: left promiscuous mode
[ 1267.470791][ T3417] hsr_slave_1: left promiscuous mode
[ 1268.151435][ T3417] veth1_macvtap: left promiscuous mode
[ 1268.155048][ T3417] veth0_macvtap: left promiscuous mode
[ 1268.174255][ T3417] veth1_vlan: left promiscuous mode
[ 1268.190392][ T3417] veth0_vlan: left promiscuous mode
[ 1289.823114][ T3583] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1295.766037][ T3585] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1386.822860][ T3583] veth0_vlan: entered promiscuous mode
[ 1387.692346][ T3583] veth1_vlan: entered promiscuous mode
[ 1390.862881][ T3583] veth0_macvtap: entered promiscuous mode
[ 1391.482940][ T3583] veth1_macvtap: entered promiscuous mode
[ 1395.579774][ T3585] veth0_vlan: entered promiscuous mode
[ 1396.149129][ T3667] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1396.155299][ T3667] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1396.164726][ T3667] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1396.359583][ T3764] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1397.631181][ T3585] veth1_vlan: entered promiscuous mode
[ 1401.871342][ T3585] veth0_macvtap: entered promiscuous mode
[ 1402.363054][ T3585] veth1_macvtap: entered promiscuous mode
[ 1405.780939][ T3667] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1405.794782][ T3667] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1405.811797][ T3667] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1405.972584][   T42] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1785.432075][   T25] audit: type=1400 audit(1784.590:106): avc:  denied  { map } for  pid=4030 comm="syz.2.80" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1881.882896][ T3362] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1884.262260][ T3362] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1886.434782][ T3362] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1888.616903][ T3362] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1912.472686][ T3362] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1912.873688][ T3362] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1913.165608][ T3362] bond0 (unregistering): Released all slaves
[ 1915.891839][ T3362] hsr_slave_0: left promiscuous mode
[ 1916.046658][ T3362] hsr_slave_1: left promiscuous mode
[ 1916.974579][ T3362] veth1_macvtap: left promiscuous mode
[ 1917.046444][ T3362] veth0_macvtap: left promiscuous mode
[ 1917.075799][ T3362] veth1_vlan: left promiscuous mode
[ 1917.103968][ T3362] veth0_vlan: left promiscuous mode
[ 2021.986492][ T4083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2022.327043][ T4083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2030.858524][   T25] audit: type=1400 audit(2030.030:107): avc:  denied  { execute } for  pid=4174 comm="syz.3.100" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2065.550953][ T4083] hsr_slave_0: entered promiscuous mode
[ 2065.645746][ T4083] hsr_slave_1: entered promiscuous mode
[ 2087.062605][ T4083] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2087.524385][ T4083] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2087.913816][ T4083] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2088.327008][ T4083] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2129.053426][ T4083] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2299.840943][ T4083] veth0_vlan: entered promiscuous mode
[ 2301.320422][ T4083] veth1_vlan: entered promiscuous mode
[ 2305.612350][ T4083] veth0_macvtap: entered promiscuous mode
[ 2306.572997][ T4083] veth1_macvtap: entered promiscuous mode
[ 2311.465373][ T4248] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2311.466989][ T4248] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2311.492337][ T4248] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2311.493249][ T4248] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2435.530861][ T4434] debugfs: 'vgic-its-state@8080000' already exists in '4434-8'
[ 2607.580155][ T4448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2609.076899][ T4448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2652.922816][ T4248] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2654.982529][ T4248] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2656.634409][ T4248] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2662.226137][ T4248] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2671.896917][ T4457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2673.837099][ T4457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2697.364168][ T4248] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2697.743594][ T4248] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2698.281407][ T4248] bond0 (unregistering): Released all slaves
[ 2706.492646][ T4248] hsr_slave_0: left promiscuous mode
[ 2706.753980][ T4248] hsr_slave_1: left promiscuous mode
[ 2707.812712][ T4248] veth1_macvtap: left promiscuous mode
[ 2707.826972][ T4248] veth0_macvtap: left promiscuous mode
[ 2707.880350][ T4248] veth1_vlan: left promiscuous mode
[ 2707.902071][ T4248] veth0_vlan: left promiscuous mode
[ 2740.236482][ T4448] hsr_slave_0: entered promiscuous mode
[ 2740.436324][ T4448] hsr_slave_1: entered promiscuous mode
[ 2747.434927][ T4248] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2749.420197][ T4248] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2751.683079][ T4248] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2753.285249][ T4248] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2790.704135][ T4248] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2791.107264][ T4248] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2791.356255][ T4248] bond0 (unregistering): Released all slaves
[ 2794.701137][ T4248] hsr_slave_0: left promiscuous mode
[ 2794.772012][ T4248] hsr_slave_1: left promiscuous mode
[ 2795.492844][ T4248] veth1_macvtap: left promiscuous mode
[ 2795.514110][ T4248] veth0_macvtap: left promiscuous mode
[ 2795.516397][ T4248] veth1_vlan: left promiscuous mode
[ 2795.525510][ T4248] veth0_vlan: left promiscuous mode
[ 2818.792973][ T4457] hsr_slave_0: entered promiscuous mode
[ 2819.002461][ T4457] hsr_slave_1: entered promiscuous mode
[ 2819.160214][ T4457] debugfs: 'hsr0' already exists in 'hsr'
[ 2819.200568][ T4457] Cannot create hsr debugfs directory
[ 2825.304724][ T4448] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2826.290172][ T4448] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2826.756556][ T4448] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2828.542687][ T4448] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2854.713548][ T4457] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2855.592864][ T4457] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2857.257144][ T4457] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2858.713141][ T4457] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2879.823747][ T4448] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2893.006580][ T4457] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3034.402218][ T4448] veth0_vlan: entered promiscuous mode
[ 3035.634609][ T4448] veth1_vlan: entered promiscuous mode
[ 3039.264716][ T4448] veth0_macvtap: entered promiscuous mode
[ 3039.922025][ T4448] veth1_macvtap: entered promiscuous mode
[ 3043.545437][ T3659] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3043.546731][ T3659] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3043.560590][ T3659] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3043.600270][ T3659] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3050.426751][ T4457] veth0_vlan: entered promiscuous mode
[ 3051.716329][ T4457] veth1_vlan: entered promiscuous mode
[ 3055.810884][ T4457] veth0_macvtap: entered promiscuous mode
[ 3056.743945][ T4457] veth1_macvtap: entered promiscuous mode
[ 3061.829017][ T4462] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3061.842463][ T4462] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3061.894011][ T4483] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3062.063329][   T42] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3305.244414][ T4715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3305.746889][ T4715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3329.431906][ T4725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3330.033525][ T4725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3366.799350][ T4715] hsr_slave_0: entered promiscuous mode
[ 3367.012513][ T4715] hsr_slave_1: entered promiscuous mode
[ 3367.219873][ T4715] debugfs: 'hsr0' already exists in 'hsr'
[ 3367.223898][ T4715] Cannot create hsr debugfs directory
[ 3384.625537][ T4483] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3387.271506][ T4483] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3390.016466][ T4483] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3392.615544][ T4483] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3398.376491][ T4725] hsr_slave_0: entered promiscuous mode
[ 3398.493800][ T4725] hsr_slave_1: entered promiscuous mode
[ 3398.632588][ T4725] debugfs: 'hsr0' already exists in 'hsr'
[ 3398.639145][ T4725] Cannot create hsr debugfs directory
[ 3425.061893][ T4483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3425.355870][ T4483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3425.583555][ T4483] bond0 (unregistering): Released all slaves
[ 3428.713402][ T4483] hsr_slave_0: left promiscuous mode
[ 3428.759467][ T4483] hsr_slave_1: left promiscuous mode
[ 3429.151863][ T4483] veth1_macvtap: left promiscuous mode
[ 3429.153084][ T4483] veth0_macvtap: left promiscuous mode
[ 3429.155181][ T4483] veth1_vlan: left promiscuous mode
[ 3429.156624][ T4483] veth0_vlan: left promiscuous mode
[ 3456.371058][ T4715] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 3457.864732][ T4715] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 3458.930749][ T4715] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 3460.281452][ T4715] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 3465.473362][ T4483] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3467.377051][ T4483] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3470.360560][ T4483] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3473.041597][ T4483] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3476.682085][ T4725] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 3477.501491][ T4725] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 3479.302613][ T4725] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 3479.843659][ T4725] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 3505.216278][ T4483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3505.719377][ T4483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3506.160626][ T4483] bond0 (unregistering): Released all slaves
[ 3508.964451][ T4483] hsr_slave_0: left promiscuous mode
[ 3509.161611][ T4483] hsr_slave_1: left promiscuous mode
[ 3510.129033][ T4483] veth1_macvtap: left promiscuous mode
[ 3510.132480][ T4483] veth0_macvtap: left promiscuous mode
[ 3510.194827][ T4483] veth1_vlan: left promiscuous mode
[ 3510.266189][ T4483] veth0_vlan: left promiscuous mode
[ 3553.035173][ T4715] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3572.275446][ T4725] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3722.570237][ T4715] veth0_vlan: entered promiscuous mode
[ 3724.070936][ T4715] veth1_vlan: entered promiscuous mode
[ 3728.192052][ T4715] veth0_macvtap: entered promiscuous mode
[ 3728.925296][ T4715] veth1_macvtap: entered promiscuous mode
[ 3733.545864][ T4483] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3733.553647][ T4483] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3733.603488][ T4483] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3733.702990][ T4483] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3745.244864][ T4725] veth0_vlan: entered promiscuous mode
[ 3747.030538][ T4725] veth1_vlan: entered promiscuous mode
[ 3752.514623][ T4725] veth0_macvtap: entered promiscuous mode
[ 3753.752845][ T4725] veth1_macvtap: entered promiscuous mode
[ 3759.125228][ T4086] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3759.159603][ T4842] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3759.193340][ T4842] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3759.264239][ T4842] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3857.810546][ T4823] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3860.390954][ T4823] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3862.563348][ T4823] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3865.094040][ T4823] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3893.529674][ T4823] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3894.186281][ T4823] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3894.694385][ T4823] bond0 (unregistering): Released all slaves
[ 3897.664725][ T4823] hsr_slave_0: left promiscuous mode
[ 3897.716729][ T4823] hsr_slave_1: left promiscuous mode
[ 3898.290162][ T4823] veth1_macvtap: left promiscuous mode
[ 3898.299733][ T4823] veth0_macvtap: left promiscuous mode
[ 3898.330392][ T4823] veth1_vlan: left promiscuous mode
[ 3898.345664][ T4823] veth0_vlan: left promiscuous mode
[ 3938.511047][ T3764] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3941.236745][ T3764] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3944.743336][ T3764] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3946.517089][ T3764] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3974.286798][ T3764] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3974.719133][ T3764] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3975.032223][ T3764] bond0 (unregistering): Released all slaves
[ 3978.561615][ T3764] hsr_slave_0: left promiscuous mode
[ 3978.808861][ T3764] hsr_slave_1: left promiscuous mode
[ 3979.838208][ T3764] veth1_macvtap: left promiscuous mode
[ 3979.922185][ T3764] veth0_macvtap: left promiscuous mode
[ 3979.950540][ T3764] veth1_vlan: left promiscuous mode
[ 3979.990545][ T3764] veth0_vlan: left promiscuous mode
[ 4035.576867][ T4990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4036.069312][ T4990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4047.652880][ T5001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4048.064370][ T5001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4077.071640][ T4990] hsr_slave_0: entered promiscuous mode
[ 4077.146654][ T4990] hsr_slave_1: entered promiscuous mode
[ 4091.284037][ T5001] hsr_slave_0: entered promiscuous mode
[ 4091.432699][ T5001] hsr_slave_1: entered promiscuous mode
[ 4091.574707][ T5001] debugfs: 'hsr0' already exists in 'hsr'
[ 4091.578971][ T5001] Cannot create hsr debugfs directory
[ 4108.519461][ T4990] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 4110.509639][ T4990] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 4112.424351][ T4990] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 4113.324785][ T4990] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 4134.012960][ T5001] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 4134.615566][ T5001] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 4135.121814][ T5001] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 4135.690036][ T5001] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 4160.486393][ T4990] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4178.053587][ T5001] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4329.310061][ T5001] veth0_vlan: entered promiscuous mode
[ 4330.761297][ T5001] veth1_vlan: entered promiscuous mode
[ 4334.930498][ T5001] veth0_macvtap: entered promiscuous mode
[ 4335.672309][ T5001] veth1_macvtap: entered promiscuous mode
[ 4339.999507][ T3764] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4340.030305][ T4842] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4340.070151][ T5222] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4340.129489][ T5010] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4347.464282][ T4990] veth0_vlan: entered promiscuous mode
[ 4349.852269][ T4990] veth1_vlan: entered promiscuous mode
[ 4354.722311][ T4990] veth0_macvtap: entered promiscuous mode
[ 4355.641694][ T4990] veth1_macvtap: entered promiscuous mode
[ 4361.408583][ T5010] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4361.440328][ T5010] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4361.504445][ T5010] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4361.511077][ T5010] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5382.781709][ T5619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5383.453577][ T5619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5405.144426][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5405.914032][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5450.873200][ T5619] hsr_slave_0: entered promiscuous mode
[ 5451.063332][ T5619] hsr_slave_1: entered promiscuous mode
[ 5451.204123][ T5619] debugfs: 'hsr0' already exists in 'hsr'
[ 5451.309264][ T5619] Cannot create hsr debugfs directory
[ 5479.515983][ T5626] hsr_slave_0: entered promiscuous mode
[ 5479.645466][ T5626] hsr_slave_1: entered promiscuous mode
[ 5479.849553][ T5626] debugfs: 'hsr0' already exists in 'hsr'
[ 5479.884881][ T5626] Cannot create hsr debugfs directory
[ 5530.162738][ T5619] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 5536.971942][ T5619] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 5540.784348][ T5619] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 5545.992030][ T5619] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 5571.255481][ T5626] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 5572.602667][ T5626] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 5573.580433][ T5626] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 5574.907119][ T5626] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 5621.142582][   T27] INFO: task syz.9.221:5607 blocked for more than 430 seconds.
[ 5621.144211][   T27]       Not tainted syzkaller #0
[ 5621.156315][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 5621.181827][   T27] task:syz.9.221       state:D stack:0     pid:5607  tgid:5607  ppid:4990   task_flags:0x400040 flags:0x00000019
[ 5621.183700][   T27] Call trace:
[ 5621.184295][   T27]  __switch_to+0x584/0xb20 (T)
[ 5621.186573][   T27]  __schedule+0x1eec/0x33a4
[ 5621.362229][   T27]  schedule+0xac/0x27c
[ 5621.403265][   T27]  schedule_timeout+0x5c/0x1e4
[ 5621.404191][   T27]  do_wait_for_common+0x28c/0x444
[ 5621.404879][   T27]  wait_for_completion+0x44/0x5c
[ 5621.405452][   T27]  __synchronize_srcu+0x2a4/0x320
[ 5621.405998][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 5621.406542][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 5621.407125][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 5621.561551][   T27]  kvm_vm_release+0x58/0x78
[ 5621.562370][   T27]  __fput+0x4ac/0x980
[ 5621.562937][   T27]  ____fput+0x20/0x58
[ 5621.563416][   T27]  task_work_run+0x1bc/0x254
[ 5621.563883][   T27]  do_notify_resume+0x1bc/0x270
[ 5621.564354][   T27]  el0_svc+0xb8/0x164
[ 5621.564804][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 5621.565273][   T27]  el0t_64_sync+0x198/0x19c
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5621.817257][   T27] 
[ 5621.817257][   T27] Showing all locks held in the system:
[ 5621.869398][   T27] 1 lock held by khungtaskd/27:
[ 5621.870037][   T27]  #0: ffff800087806858 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 5621.872820][   T27] 3 locks held by kworker/u4:3/42:
[ 5621.873399][   T27] 2 locks held by getty/3180:
[ 5621.873799][   T27]  #0: 5af0000011d0a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 5621.875673][   T27]  #1: f3ff80008c54b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 5622.002540][   T27] 2 locks held by syz-executor/3311:
[ 5622.003074][   T27] 3 locks held by kworker/u4:5/3362:
[ 5622.003423][   T27] 3 locks held by kworker/u4:6/3371:
[ 5622.003742][   T27] 3 locks held by kworker/u4:10/3764:
[ 5622.004145][   T27] 2 locks held by kworker/u4:8/4646:
[ 5622.004465][   T27]  #0: 14f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5622.006351][   T27]  #1: ffff80008e817c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5622.150964][   T27] 3 locks held by kworker/u4:14/4842:
[ 5622.151367][   T27] 2 locks held by kworker/u4:12/5007:
[ 5622.151691][   T27]  #0: 14f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5622.153514][   T27]  #1: ffff80008ec37c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5622.155367][   T27] 2 locks held by kworker/u4:15/5010:
[ 5622.155756][   T27] 3 locks held by kworker/u4:0/5147:
[ 5622.156111][   T27] 3 locks held by kworker/u4:2/5222:
[ 5622.156448][   T27] 2 locks held by syz.0.219/5596:
[ 5622.156792][   T27] 3 locks held by kworker/u4:9/5631:
[ 5622.157229][   T27] 3 locks held by kworker/u4:13/5725:
[ 5622.350388][   T27] 1 lock held by modprobe/5751:
[ 5622.350967][   T27] 2 locks held by dhcpcd-run-hook/5753:
[ 5622.396747][   T27] 
[ 5622.422398][   T27] =============================================
[ 5622.422398][   T27] 
[ 5622.423487][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 5622.432082][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 5622.435202][   T27] Hardware name: linux,dummy-virt (DT)
[ 5622.437297][   T27] Call trace:
[ 5622.439013][   T27]  show_stack+0x2c/0x3c (C)
[ 5622.441029][   T27]  __dump_stack+0x30/0x40
[ 5622.442894][   T27]  dump_stack_lvl+0x30/0x12c
[ 5622.444753][   T27]  dump_stack+0x1c/0x28
[ 5622.446541][   T27]  vpanic+0x22c/0x59c
[ 5622.448299][   T27]  vpanic+0x0/0x59c
[ 5622.449950][   T27]  hung_task_panic+0x0/0x2c
[ 5622.451739][   T27]  kthread+0x794/0x9a0
[ 5622.453443][   T27]  ret_from_fork+0x10/0x20
[ 5622.456273][   T27] Kernel Offset: disabled
[ 5622.457963][   T27] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 5622.460063][   T27] Memory Limit: none
[ 5622.463572][   T27] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:55:27  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000804e1fac X00=0000000000000001 X01=ffff8000870e1a82
X02=0000000000000001 X03=ffff80008045d46c X04=0000000000000001
X05=0000000000000001 X06=0000000000000000 X07=ffff8000819942b8
X08=0000000100010002 X09=0000000000000078 X10=0fff000000d9b9d8
X11=0000000000010002 X12=0000000000010003 X13=00000000000000d9
X14=0000000000004000 X15=00000000000000ff X16=ffff800080000000
X17=fff07fffeb6e6000 X18=00000000000000ff X19=0000000000000001
X20=fff0000072d70930 X21=0000000000000078 X22=00000000000003c4
X23=fff0000072d70040 X24=fff0000072d70050 X25=00000000000000c0
X26=fff0000072d70930 X27=0000000000000001 X28=0000051c9cecfc80
X29=ffff800080007cd0 X30=ffff8000804e1f08  SP=ffff800080007cd0
PSTATE=604020c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=65642f000a732520:7325207334362e25
Z02=6c62617369642022:736365735f74756f Z03=000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:000f00f00f00000f Z05=745f676e75682f6c:656e72656b2f7379
Z06=656e72656b2f7379:732f636f72702f20 Z07=656d69745f6b7361:745f676e75682f6c
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffcb7a50b0:0000ffffcb7a50b0 Z17=ffffff80ffffffd0:0000ffffcb7a5080
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000