last executing test programs:

22m24.853328924s ago: executing program 0 (id=18):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@mrs={0xbe, 0x18, {0x603000000013c520}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r7, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r7, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e9d000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r10 = eventfd2(0x9, 0x80000)
r11 = eventfd2(0x5, 0x80000)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000080)={r10, 0x8, 0x2, r11})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0)

22m11.151483951s ago: executing program 0 (id=19):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x3)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0x80087601, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x8)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r5, 0x4018aee2, &(0x7f0000000140)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x7})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_bitmap={0x6070000000160002, 0x0})
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r11, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r11, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

22m4.071759164s ago: executing program 1 (id=21):
eventfd2(0x3, 0x0) (async)
r0 = eventfd2(0x3, 0x0)
write$eventfd(r0, &(0x7f0000000400)=0xfffffffffffffffc, 0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_GET_REGS(r4, 0x8360ae81, 0x0)
write$eventfd(r0, &(0x7f0000000480)=0x8c49, 0x8) (async)
write$eventfd(r0, &(0x7f0000000480)=0x8c49, 0x8)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0xfffffffffffffffe)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000300)={0x1, 0x0, [{0x800, 0x2, 0x1, 0x0, @irqchip={0xe, 0x8}}]})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x35)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f00000001c0)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013addb, 0x7}}], 0x20}, 0x0, 0x0) (async)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000001c0)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013addb, 0x7}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, &(0x7f0000000000)={0x8, 0x8}) (async)
ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, &(0x7f0000000000)={0x8, 0x8})

22m0.852735688s ago: executing program 0 (id=22):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x8, 0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x83)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2e)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f00000000c0)=0x1})
ioctl$KVM_CREATE_VM(r7, 0x800454cf, 0x200000000000000)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000ffe000/0x1000)=nil})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r15, 0x4010ae68, &(0x7f00000000c0)={0xffff1000, 0x6000, 0x80001})
r16 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r16, 0x4018aee2, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f00000000c0)=0x19})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0xdddd0000, 0x2000})

21m54.931300336s ago: executing program 1 (id=23):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r2})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x1, 0x2004, 0x2, r2})
close(r2)

21m48.02943914s ago: executing program 1 (id=24):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r4 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x0, &(0x7f00000002c0)=0x2c172c22})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_ARM_VCPU_FINALIZE(r6, 0x4004aec2, &(0x7f0000000000)=0x4)

21m34.738862754s ago: executing program 0 (id=25):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x50000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x8000})
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c024, &(0x7f00000000c0)})

21m34.738328634s ago: executing program 1 (id=26):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013df64, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df7f, 0x8000}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r8, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x4, 0x500, 0x0})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000240)={0x4, 0x9, 0x1}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000100)={0x0, 0x2, 0xdddd1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r11, 0xae03, 0x51)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r11, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x1})
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000140)={0x10, 0x1f}})
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_MP_STATE(r15, 0x4004ae99, &(0x7f0000000100)=0x3)

21m25.199437006s ago: executing program 0 (id=27):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1954c0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000000)=0x7})
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r11})
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r10, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r11})
r12 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = eventfd2(0x4, 0x80000)
r14 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r14, 0x1, 0x100)
ioctl$KVM_IRQFD(r14, 0x4020ae76, &(0x7f00000000c0)={r13, 0x3})
write$eventfd(r13, &(0x7f0000000140)=0x3, 0x8)
r15 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000080)=[@featur2], 0x1)

21m20.639388397s ago: executing program 1 (id=28):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x23)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21m4.422874292s ago: executing program 1 (id=29):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, 0x0})

21m4.087434638s ago: executing program 0 (id=30):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000600)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0xb400001c, [0x0, 0x7f, 0x3, 0xcc2, 0x100000000]}}, @uexit={0x0, 0x18}, @msr={0x14, 0x20, {0x603000000013e099, 0x200}}, @smc={0x1e, 0x40, {0xc5000021, [0x312, 0x4, 0x7, 0x7, 0x6]}}, @hvc={0x32, 0x40, {0x400, [0x0, 0x7, 0x7fff, 0x3, 0x8]}}, @svc={0x122, 0x40, {0x84000050, [0x5, 0x1, 0x0, 0x278, 0x487]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1600, 0x0, 0x8}}, @msr={0x14, 0x20, {0x603000000013debe, 0xfffffffffffffffb}}, @eret={0xe6, 0x18, 0x8}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xd00, 0x10000, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x8, 0x8, 0xc}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x3, 0x4, 0x7fff, 0x960, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x3f5}}, @code={0xa, 0x6c, {"00e4005f000008d5000000d8007008d5205a94d20080b8f2410080d2c20180d2a30180d2c40180d2020000d40000206a0004002f008008d5000028d5004781d200c0b0f2410180d2a20180d2e30080d2840180d2020000d4"}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x20f}}, @mrs={0xbe, 0x18, {0x603000000013e6d1}}, @mrs={0xbe, 0x18, {0x603000000013df7a}}, @hvc={0x32, 0x40, {0x6000000, [0x0, 0x9, 0x5, 0x10c, 0x5]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x201}}, @msr={0x14, 0x20, {0x603000000013e281}}, @code={0xa, 0x84, {"e0039fdac0a186d200c0b0f2210180d2020080d2a30080d2640180d2020000d400a0e00d40879ad200a0b8f2e10080d2c20180d2030080d2040180d2020000d4008008d5008008d50000679e007008d5006784d200c0b0f2010080d2e20080d2430080d2840080d2020000d4008008d5"}}, @svc={0x122, 0x40, {0x84000005, [0x10, 0x8, 0x0, 0x56b0, 0x1ff]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0xb, 0x5, 0x1, 0x3}}, @eret={0xe6, 0x18, 0x3}, @smc={0x1e, 0x40, {0x4000, [0x7, 0xa79, 0xfffffffffffffffc, 0x3, 0x7f]}}, @mrs={0xbe, 0x18, {0x6030000000138010}}, @mrs={0xbe, 0x18, {0x6030000000138024}}, @eret={0xe6, 0x18, 0xdf77}, @irq_setup={0x46, 0x18, {0x3, 0xfd}}, @msr={0x14, 0x20, {0x603000000013dea0, 0x6}}, @code={0xa, 0x54, {"007008d500a0a00d00a4c00d0000029e007008d5602194d20060b0f2c10180d2820180d2830180d2440180d2020000d4000028d50000611e00004078000c8078"}}, @msr={0x14, 0x20, {0x603000000013f102, 0x4}}], 0x5d4}, &(0x7f0000000640)=[@featur2={0x1, 0x80}], 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000840)={0x0, &(0x7f0000000680)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x140, 0x101}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x9, 0x7ff, 0x2, 0x3}}, @smc={0x1e, 0x40, {0x1000, [0xb3a, 0x200000000000000, 0x40000000, 0x2e, 0x2]}}, @smc={0x1e, 0x40, {0x20, [0xffffffffffffffff, 0x101, 0xc12d, 0x0, 0x5]}}, @code={0xa, 0x54, {"00e4a02e008008d50000301e000008d5007008d5007008d5007008d5007008d5600890d20060b8f2410180d2a20180d2c30080d2440180d2020000d40080c008"}}, @irq_setup={0x46, 0x18, {0x0, 0x117}}, @irq_setup={0x46, 0x18, {0x2, 0x272}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x1bc}}], 0x184}, &(0x7f0000000880)=[@featur1={0x1, 0x48}], 0x1)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3c)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f00000008c0)={0x3, 0xfffffffffffeffff})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfe000/0x400000)=nil)
ioctl$KVM_SET_SREGS(r0, 0x4000ae84, &(0x7f0000000900)={{0xffff1000, 0x0, 0x3, 0x8, 0x5, 0x0, 0xe, 0x0, 0x2, 0xc, 0x8, 0xc1}, {0x3000, 0x4000, 0xd, 0x44, 0x1, 0xb, 0x9, 0x4, 0x3, 0x8, 0x9, 0x6}, {0xeeef0000, 0x100000, 0x8, 0x9, 0x6, 0x7, 0x9, 0x6, 0x1, 0x2e, 0x46, 0x7}, {0xeeee8000, 0x5000, 0x0, 0xd3, 0x1, 0x7f, 0x9, 0xc, 0x0, 0xfb, 0x3b, 0xe}, {0xf000, 0xdddd0000, 0xc, 0xc, 0x6, 0xff, 0x6, 0x47, 0x20, 0x6, 0x4, 0xa2}, {0x4, 0xeeef0000, 0xb, 0x40, 0x0, 0x4, 0x7, 0xb, 0x0, 0x51, 0xc, 0x7}, {0x8080000, 0xeeee8000, 0xc, 0x60, 0x8, 0xfc, 0x7, 0x3, 0x8, 0x1, 0x60}, {0x8011a800, 0x2000, 0xf, 0x0, 0x5, 0x6, 0x9, 0x8, 0x0, 0x3, 0x8, 0x9}, {0x4000, 0x5}, {0xdddd0000, 0x6}, 0x20000008, 0x0, 0x100000, 0x20040, 0x6, 0x4501, 0x8000000, [0x9da9, 0x2, 0x7, 0xf]})
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000bc0)={0x0, &(0x7f0000000a40)=[@irq_setup={0x46, 0x18, {0x0, 0xd6}}, @msr={0x14, 0x20, {0x603000000013c2a8, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e719}}, @mrs={0xbe, 0x18, {0x603000000013e6ce}}, @hvc={0x32, 0x40, {0x80, [0xfe6, 0x2, 0x9, 0x81, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x5670033aa994ea9e, 0xd, 0x9}}, @eret={0xe6, 0x18, 0x6}, @smc={0x1e, 0x40, {0xc5000020, [0x7, 0x3ff, 0x8001, 0x12bd9d5a, 0x4]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x1b}}], 0x158}, &(0x7f0000000c00)=[@featur1={0x1, 0x14}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000c80)=@attr_other={0x0, 0x1e8d, 0x5, &(0x7f0000000c40)=0xf})
ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000cc0))
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000d00)={0x1, 0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000d40)={0x100000, 0x11a000, 0x1})
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f0000000d80)={0x6000, 0x101000})
r6 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000001100)={0x0, &(0x7f0000000dc0)=[@mrs={0xbe, 0x18, {0x603000000013ff12}}, @svc={0x122, 0x40, {0xc4000001, [0x2, 0x40000000, 0x4, 0x0, 0x9]}}, @eret={0xe6, 0x18, 0x4}, @eret={0xe6, 0x18, 0x800}, @svc={0x122, 0x40, {0x84000006, [0x3, 0x3ff, 0x1179, 0x4e6d8102, 0x80000001]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x6, 0x1, 0x8a8, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0x1, 0x9, 0x1, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013809c}}, @memwrite={0x6e, 0x30, @generic={0x0, 0x37, 0x6, 0x8}}, @msr={0x14, 0x20, {0x603000000013de94, 0x4}}, @uexit={0x0, 0x18, 0x8}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0xa, 0x6, 0x6, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x11}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x46}}, @uexit={0x0, 0x18, 0x5}, @svc={0x122, 0x40, {0xc4000053, [0x8, 0x8, 0xe2, 0xfffffffffffffffd, 0x5]}}, @uexit={0x0, 0x18, 0xffffffff}, @uexit={0x0, 0x18, 0x8}, @smc={0x1e, 0x40, {0x40, [0x0, 0x8, 0x1, 0x3, 0x1]}}, @irq_setup={0x46, 0x18, {0x4, 0x30d}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x1000, 0x5}}], 0x320}, &(0x7f0000001140)=[@featur2={0x1, 0x42}], 0x1)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f0000001180)={0x38, 0x1000})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000011c0)={0x4, 0x4000, 0x1, 0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000001200)=@arm64={0xfa, 0x6, 0x6, '\x00', 0xa3})
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000001240))
r7 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000001540)={0x0, &(0x7f0000001280)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x21c}}, @irq_setup={0x46, 0x18, {0x3, 0x52}}, @msr={0x14, 0x20, {0x603000000013c64b, 0x9}}, @code={0xa, 0x6c, {"0000803c002cc09a0048200e0090200e002b95d20080b0f2610180d2220080d2030080d2a40080d2020000d40000c0ad00849f0de0039fda0004007c00bf99d20000b0f2610180d2620180d2030180d2640180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013c082}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x1, 0xd}}, @eret={0xe6, 0x18, 0xc}, @msr={0x14, 0x20, {0x603000000013df6d, 0x5}}, @svc={0x122, 0x40, {0x84000007, [0xc, 0x9, 0x200, 0x4, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013f081}}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x8400000c, [0x7, 0x101, 0xf4ec, 0x6d, 0x5a1]}}, @mrs={0xbe, 0x18, {0x603000000013f200}}, @hvc={0x32, 0x40, {0xc4000011, [0x0, 0x3, 0x7, 0x0, 0x9]}}, @eret={0xe6, 0x18, 0x9}, @msr={0x14, 0x20, {0x6030000000138004}}, @msr={0x14, 0x20, {0x603000000013c4ca, 0x5}}], 0x2ac}, &(0x7f0000001580)=[@featur2={0x1, 0x59}], 0x1)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r7, 0x4018aee2, &(0x7f0000001600)=@attr_other={0x0, 0x0, 0x3, &(0x7f00000015c0)=0x1})
r8 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000001b00)={0x0, &(0x7f0000001640)=[@hvc={0x32, 0x40, {0x40000005, [0x4, 0xc, 0x1, 0x3, 0x3]}}, @msr={0x14, 0x20, {0x603000000013dead, 0x8}}, @msr={0x14, 0x20, {0x603000000013e64b, 0xf}}, @msr={0x14, 0x20, {0x603000000013d920, 0x8f5}}, @eret={0xe6, 0x18, 0x6}, @smc={0x1e, 0x40, {0x8400000e, [0x6, 0x0, 0x3, 0x4, 0x7]}}, @code={0xa, 0xe4, {"c01b80d20060b0f2210080d2c20180d2030180d2440180d2020000d440d795d200e0b0f2c10080d2020180d2430080d2a40080d2020000d4007008d5e04797d20080b0f2810180d2820180d2030180d2640180d2020000d4e08386d200c0b8f2210080d2a20080d2430180d2e40080d2020000d4000028d5e07f99d200e0b8f2010080d2e20080d2a30080d2840180d2020000d4007008d5203d98d200c0b0f2610080d2020180d2230180d2040180d2020000d4a02689d20020b0f2810180d2a20080d2e30180d2c40080d2020000d4"}}, @its_setup={0x82, 0x28, {0x1}}, @msr={0x14, 0x20, {0x6030000000131a02, 0xf}}, @eret={0xe6, 0x18, 0x5}, @hvc={0x32, 0x40, {0xc4000004, [0x4800000000000000, 0x1, 0x9, 0x5]}}, @eret={0xe6, 0x18}, @irq_setup={0x46, 0x18, {0x0, 0x1d4}}, @code={0xa, 0x84, {"000028d5c08795d20060b0f2610080d2820180d2030080d2040180d2020000d41f2003d5007008d560d282d200c0b0f2810080d2620080d2e30180d2c40180d2020000d4008008d5000000da006c202e000008d5c0e28ed20020b8f2e10180d2a20180d2e30180d2440180d2020000d4"}}, @code={0xa, 0x9c, {"000008d500209f0d001ca02ee0ec86d200e0b0f2010180d2620180d2a30080d2e40080d2020000d4401b9ad20060b8f2210080d2620180d2a30180d2e40180d2020000d440d69fd20040b0f2610080d2620180d2e30080d2a40080d2020000d4c03488d200c0b0f2c10180d2020180d2830080d2840180d2020000d4000008d50060000e002c207e"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x4, 0xc}}, @msr={0x14, 0x20, {0x603000000013df7b}}, @eret={0xe6, 0x18, 0x2}, @msr={0x14, 0x20, {0x6030000000130203, 0xc0}}, @eret={0xe6, 0x18, 0x8}, @hvc={0x32, 0x40, {0x4600001d, [0x8, 0x3, 0xa, 0x7, 0x4]}}], 0x4ac}, &(0x7f0000001b40)=[@featur1={0x1, 0x2}], 0x1)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r8, 0x4010aeab, &(0x7f0000001b80)={0x8, 0xeeee0000})
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000001c00)=@attr_other={0x0, 0x10001, 0x8, &(0x7f0000001bc0)=0x3})
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000001c40)={0x7fff})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001c80), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x32)
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000001cc0)={0xfffffffffffffff9, 0x8})
ioctl$KVM_S390_VCPU_FAULT(r8, 0x4008ae52, &(0x7f0000001d00)=0x5)

20m18.040012327s ago: executing program 32 (id=29):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, 0x0})

20m13.830723901s ago: executing program 33 (id=30):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000600)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0xb400001c, [0x0, 0x7f, 0x3, 0xcc2, 0x100000000]}}, @uexit={0x0, 0x18}, @msr={0x14, 0x20, {0x603000000013e099, 0x200}}, @smc={0x1e, 0x40, {0xc5000021, [0x312, 0x4, 0x7, 0x7, 0x6]}}, @hvc={0x32, 0x40, {0x400, [0x0, 0x7, 0x7fff, 0x3, 0x8]}}, @svc={0x122, 0x40, {0x84000050, [0x5, 0x1, 0x0, 0x278, 0x487]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1600, 0x0, 0x8}}, @msr={0x14, 0x20, {0x603000000013debe, 0xfffffffffffffffb}}, @eret={0xe6, 0x18, 0x8}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xd00, 0x10000, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x8, 0x8, 0xc}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x3, 0x4, 0x7fff, 0x960, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x3f5}}, @code={0xa, 0x6c, {"00e4005f000008d5000000d8007008d5205a94d20080b8f2410080d2c20180d2a30180d2c40180d2020000d40000206a0004002f008008d5000028d5004781d200c0b0f2410180d2a20180d2e30080d2840180d2020000d4"}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x20f}}, @mrs={0xbe, 0x18, {0x603000000013e6d1}}, @mrs={0xbe, 0x18, {0x603000000013df7a}}, @hvc={0x32, 0x40, {0x6000000, [0x0, 0x9, 0x5, 0x10c, 0x5]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x201}}, @msr={0x14, 0x20, {0x603000000013e281}}, @code={0xa, 0x84, {"e0039fdac0a186d200c0b0f2210180d2020080d2a30080d2640180d2020000d400a0e00d40879ad200a0b8f2e10080d2c20180d2030080d2040180d2020000d4008008d5008008d50000679e007008d5006784d200c0b0f2010080d2e20080d2430080d2840080d2020000d4008008d5"}}, @svc={0x122, 0x40, {0x84000005, [0x10, 0x8, 0x0, 0x56b0, 0x1ff]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0xb, 0x5, 0x1, 0x3}}, @eret={0xe6, 0x18, 0x3}, @smc={0x1e, 0x40, {0x4000, [0x7, 0xa79, 0xfffffffffffffffc, 0x3, 0x7f]}}, @mrs={0xbe, 0x18, {0x6030000000138010}}, @mrs={0xbe, 0x18, {0x6030000000138024}}, @eret={0xe6, 0x18, 0xdf77}, @irq_setup={0x46, 0x18, {0x3, 0xfd}}, @msr={0x14, 0x20, {0x603000000013dea0, 0x6}}, @code={0xa, 0x54, {"007008d500a0a00d00a4c00d0000029e007008d5602194d20060b0f2c10180d2820180d2830180d2440180d2020000d4000028d50000611e00004078000c8078"}}, @msr={0x14, 0x20, {0x603000000013f102, 0x4}}], 0x5d4}, &(0x7f0000000640)=[@featur2={0x1, 0x80}], 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000840)={0x0, &(0x7f0000000680)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x140, 0x101}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x9, 0x7ff, 0x2, 0x3}}, @smc={0x1e, 0x40, {0x1000, [0xb3a, 0x200000000000000, 0x40000000, 0x2e, 0x2]}}, @smc={0x1e, 0x40, {0x20, [0xffffffffffffffff, 0x101, 0xc12d, 0x0, 0x5]}}, @code={0xa, 0x54, {"00e4a02e008008d50000301e000008d5007008d5007008d5007008d5007008d5600890d20060b8f2410180d2a20180d2c30080d2440180d2020000d40080c008"}}, @irq_setup={0x46, 0x18, {0x0, 0x117}}, @irq_setup={0x46, 0x18, {0x2, 0x272}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x1bc}}], 0x184}, &(0x7f0000000880)=[@featur1={0x1, 0x48}], 0x1)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3c)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f00000008c0)={0x3, 0xfffffffffffeffff})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfe000/0x400000)=nil)
ioctl$KVM_SET_SREGS(r0, 0x4000ae84, &(0x7f0000000900)={{0xffff1000, 0x0, 0x3, 0x8, 0x5, 0x0, 0xe, 0x0, 0x2, 0xc, 0x8, 0xc1}, {0x3000, 0x4000, 0xd, 0x44, 0x1, 0xb, 0x9, 0x4, 0x3, 0x8, 0x9, 0x6}, {0xeeef0000, 0x100000, 0x8, 0x9, 0x6, 0x7, 0x9, 0x6, 0x1, 0x2e, 0x46, 0x7}, {0xeeee8000, 0x5000, 0x0, 0xd3, 0x1, 0x7f, 0x9, 0xc, 0x0, 0xfb, 0x3b, 0xe}, {0xf000, 0xdddd0000, 0xc, 0xc, 0x6, 0xff, 0x6, 0x47, 0x20, 0x6, 0x4, 0xa2}, {0x4, 0xeeef0000, 0xb, 0x40, 0x0, 0x4, 0x7, 0xb, 0x0, 0x51, 0xc, 0x7}, {0x8080000, 0xeeee8000, 0xc, 0x60, 0x8, 0xfc, 0x7, 0x3, 0x8, 0x1, 0x60}, {0x8011a800, 0x2000, 0xf, 0x0, 0x5, 0x6, 0x9, 0x8, 0x0, 0x3, 0x8, 0x9}, {0x4000, 0x5}, {0xdddd0000, 0x6}, 0x20000008, 0x0, 0x100000, 0x20040, 0x6, 0x4501, 0x8000000, [0x9da9, 0x2, 0x7, 0xf]})
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000bc0)={0x0, &(0x7f0000000a40)=[@irq_setup={0x46, 0x18, {0x0, 0xd6}}, @msr={0x14, 0x20, {0x603000000013c2a8, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e719}}, @mrs={0xbe, 0x18, {0x603000000013e6ce}}, @hvc={0x32, 0x40, {0x80, [0xfe6, 0x2, 0x9, 0x81, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x5670033aa994ea9e, 0xd, 0x9}}, @eret={0xe6, 0x18, 0x6}, @smc={0x1e, 0x40, {0xc5000020, [0x7, 0x3ff, 0x8001, 0x12bd9d5a, 0x4]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x1b}}], 0x158}, &(0x7f0000000c00)=[@featur1={0x1, 0x14}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000c80)=@attr_other={0x0, 0x1e8d, 0x5, &(0x7f0000000c40)=0xf})
ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000cc0))
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000d00)={0x1, 0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000d40)={0x100000, 0x11a000, 0x1})
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f0000000d80)={0x6000, 0x101000})
r6 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000001100)={0x0, &(0x7f0000000dc0)=[@mrs={0xbe, 0x18, {0x603000000013ff12}}, @svc={0x122, 0x40, {0xc4000001, [0x2, 0x40000000, 0x4, 0x0, 0x9]}}, @eret={0xe6, 0x18, 0x4}, @eret={0xe6, 0x18, 0x800}, @svc={0x122, 0x40, {0x84000006, [0x3, 0x3ff, 0x1179, 0x4e6d8102, 0x80000001]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x6, 0x1, 0x8a8, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0x1, 0x9, 0x1, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013809c}}, @memwrite={0x6e, 0x30, @generic={0x0, 0x37, 0x6, 0x8}}, @msr={0x14, 0x20, {0x603000000013de94, 0x4}}, @uexit={0x0, 0x18, 0x8}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0xa, 0x6, 0x6, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x11}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x46}}, @uexit={0x0, 0x18, 0x5}, @svc={0x122, 0x40, {0xc4000053, [0x8, 0x8, 0xe2, 0xfffffffffffffffd, 0x5]}}, @uexit={0x0, 0x18, 0xffffffff}, @uexit={0x0, 0x18, 0x8}, @smc={0x1e, 0x40, {0x40, [0x0, 0x8, 0x1, 0x3, 0x1]}}, @irq_setup={0x46, 0x18, {0x4, 0x30d}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x1000, 0x5}}], 0x320}, &(0x7f0000001140)=[@featur2={0x1, 0x42}], 0x1)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f0000001180)={0x38, 0x1000})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000011c0)={0x4, 0x4000, 0x1, 0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000001200)=@arm64={0xfa, 0x6, 0x6, '\x00', 0xa3})
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000001240))
r7 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000001540)={0x0, &(0x7f0000001280)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x21c}}, @irq_setup={0x46, 0x18, {0x3, 0x52}}, @msr={0x14, 0x20, {0x603000000013c64b, 0x9}}, @code={0xa, 0x6c, {"0000803c002cc09a0048200e0090200e002b95d20080b0f2610180d2220080d2030080d2a40080d2020000d40000c0ad00849f0de0039fda0004007c00bf99d20000b0f2610180d2620180d2030180d2640180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013c082}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x1, 0xd}}, @eret={0xe6, 0x18, 0xc}, @msr={0x14, 0x20, {0x603000000013df6d, 0x5}}, @svc={0x122, 0x40, {0x84000007, [0xc, 0x9, 0x200, 0x4, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013f081}}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x8400000c, [0x7, 0x101, 0xf4ec, 0x6d, 0x5a1]}}, @mrs={0xbe, 0x18, {0x603000000013f200}}, @hvc={0x32, 0x40, {0xc4000011, [0x0, 0x3, 0x7, 0x0, 0x9]}}, @eret={0xe6, 0x18, 0x9}, @msr={0x14, 0x20, {0x6030000000138004}}, @msr={0x14, 0x20, {0x603000000013c4ca, 0x5}}], 0x2ac}, &(0x7f0000001580)=[@featur2={0x1, 0x59}], 0x1)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r7, 0x4018aee2, &(0x7f0000001600)=@attr_other={0x0, 0x0, 0x3, &(0x7f00000015c0)=0x1})
r8 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000001b00)={0x0, &(0x7f0000001640)=[@hvc={0x32, 0x40, {0x40000005, [0x4, 0xc, 0x1, 0x3, 0x3]}}, @msr={0x14, 0x20, {0x603000000013dead, 0x8}}, @msr={0x14, 0x20, {0x603000000013e64b, 0xf}}, @msr={0x14, 0x20, {0x603000000013d920, 0x8f5}}, @eret={0xe6, 0x18, 0x6}, @smc={0x1e, 0x40, {0x8400000e, [0x6, 0x0, 0x3, 0x4, 0x7]}}, @code={0xa, 0xe4, {"c01b80d20060b0f2210080d2c20180d2030180d2440180d2020000d440d795d200e0b0f2c10080d2020180d2430080d2a40080d2020000d4007008d5e04797d20080b0f2810180d2820180d2030180d2640180d2020000d4e08386d200c0b8f2210080d2a20080d2430180d2e40080d2020000d4000028d5e07f99d200e0b8f2010080d2e20080d2a30080d2840180d2020000d4007008d5203d98d200c0b0f2610080d2020180d2230180d2040180d2020000d4a02689d20020b0f2810180d2a20080d2e30180d2c40080d2020000d4"}}, @its_setup={0x82, 0x28, {0x1}}, @msr={0x14, 0x20, {0x6030000000131a02, 0xf}}, @eret={0xe6, 0x18, 0x5}, @hvc={0x32, 0x40, {0xc4000004, [0x4800000000000000, 0x1, 0x9, 0x5]}}, @eret={0xe6, 0x18}, @irq_setup={0x46, 0x18, {0x0, 0x1d4}}, @code={0xa, 0x84, {"000028d5c08795d20060b0f2610080d2820180d2030080d2040180d2020000d41f2003d5007008d560d282d200c0b0f2810080d2620080d2e30180d2c40180d2020000d4008008d5000000da006c202e000008d5c0e28ed20020b8f2e10180d2a20180d2e30180d2440180d2020000d4"}}, @code={0xa, 0x9c, {"000008d500209f0d001ca02ee0ec86d200e0b0f2010180d2620180d2a30080d2e40080d2020000d4401b9ad20060b8f2210080d2620180d2a30180d2e40180d2020000d440d69fd20040b0f2610080d2620180d2e30080d2a40080d2020000d4c03488d200c0b0f2c10180d2020180d2830080d2840180d2020000d4000008d50060000e002c207e"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x4, 0xc}}, @msr={0x14, 0x20, {0x603000000013df7b}}, @eret={0xe6, 0x18, 0x2}, @msr={0x14, 0x20, {0x6030000000130203, 0xc0}}, @eret={0xe6, 0x18, 0x8}, @hvc={0x32, 0x40, {0x4600001d, [0x8, 0x3, 0xa, 0x7, 0x4]}}], 0x4ac}, &(0x7f0000001b40)=[@featur1={0x1, 0x2}], 0x1)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r8, 0x4010aeab, &(0x7f0000001b80)={0x8, 0xeeee0000})
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000001c00)=@attr_other={0x0, 0x10001, 0x8, &(0x7f0000001bc0)=0x3})
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000001c40)={0x7fff})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001c80), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x32)
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000001cc0)={0xfffffffffffffff9, 0x8})
ioctl$KVM_S390_VCPU_FAULT(r8, 0x4008ae52, &(0x7f0000001d00)=0x5)

13m56.374620191s ago: executing program 2 (id=34):
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x14)
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000000)={0x1fe, 0x0, &(0x7f0000d73000/0x4000)=nil})
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x20282, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r5, 0x40a0ae49, &(0x7f0000000280)={0x2710, 0x0, 0x8000000, 0x1000, &(0x7f0000f6c000/0x1000)=nil, 0x2000000800000000})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfd000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000240)=@arm64_bitmap={0x6030000000160002, &(0x7f00000000c0)=0x3})
mmap$KVM_VCPU(&(0x7f0000511000/0x2000)=nil, r1, 0x2000000, 0x12, r2, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x1a4030, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

13m54.404040443s ago: executing program 3 (id=35):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0x40086602, 0x110e22ffff)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
r4 = eventfd2(0xfffffffa, 0x80001)
write$eventfd(r4, &(0x7f0000000200)=0x8, 0x8)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000)
ioctl$KVM_CHECK_EXTENSION(r3, 0x40086602, 0x110e227ffe)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x18000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x2, 0x8000000, 0x1000, &(0x7f0000d3b000/0x1000)=nil})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x100000c, 0x4d832, 0xffffffffffffffff, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r6, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0a00000000000000cc00000000000000e0ef9ad200c0b8f2410080d2e20080d2430080d2e40180d2020000d4e0be9cd20040b0f2210080d2620080d2630180d2840180d2020000d40000681e0000000b0000399e003c202ea04c8ad200e0b0f2610180d2c20180d2a30080d2640180d2020000d4c0ed81d20000b8f2810180d2820180d2a30180d2640080d2020000d4a0a189d20060b0f2410180d2820180d2230080d2240180d2020000d4804e82d20020b0f2810180d2020180d2830180d2a40080d2020000d4c0035fd6aa00000000000000280000000000000003010400000000000000090000000e0000000000000000003200000000000000400000000000000000000006000000000000000000010000f70000000000000800000000000000030000000000000009000000000000001e0000000000000040000000000000000900008400000000050000000000000010000000000000007f0d0000000000000010000000000000050000000000000046000000000000001800000000000000000000005a000000be00000000000000180000000000000028981300000030601400000000000000200000000000000085c01300000030600100000001000000320000000000000040000000000000000d0000c400000000ffffffff000000000001000000000000060000000000000007000000000000000000000000000080320000000000000040000000000000000b000084000000000400000000000000080000000000000006000000000000000600000000000000dd00000000000000be000000000000001800000000000000fe7700000000000000"], 0x25c}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

13m39.489564629s ago: executing program 2 (id=36):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r2, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r4, 0x894c, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
eventfd2(0x6, 0x1)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x35)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x2, 0x100)
r10 = eventfd2(0x1, 0x80001)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r10, 0x3})
ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1})

13m38.375578047s ago: executing program 3 (id=37):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x604941, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000240)=ANY=[@ANYBLOB="a400"])
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3f, 0x0)

13m24.338211879s ago: executing program 3 (id=38):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x800000002)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000080)={0x5000, 0x8000})
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013c800}}], 0x18}, 0x0, 0xfffffffffffffffb)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

13m20.559379252s ago: executing program 2 (id=39):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) (async, rerun: 64)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async, rerun: 64)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async, rerun: 32)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (rerun: 32)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x0, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (rerun: 32)
syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@eret={0xe6, 0x18, 0x3ff}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xd00, 0x544, 0xe}}, @msr={0x14, 0x20, {0x603000000013de92, 0xfffffffffffffffb}}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013c214}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x332}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10074, 0x9, 0x8}}, @code={0xa, 0x84, {"00001fd6000028d50038212e40fc88d20020b0f2010180d2c20180d2030180d2a40080d2020000d4007008d5c0dd8bd20000b8f2010180d2420080d2a30080d2640180d2020000d4000028d50000007c00ab99d20000b0f2810080d2020180d2e30180d2840080d2020000d4007008d5"}}, @msr={0x14, 0x20, {0x603000000013e6d1, 0x5}}, @code={0xa, 0x84, {"007008d5004280d200a0b8f2a10180d2420080d2230180d2840080d2020000d4007008d5008008d5008008d5409a8fd200e0b8f2a10180d2020080d2a30180d2c40180d2020000d4604f90d200a0b0f2c10180d2820080d2430080d2e40080d2020000d4000400380044c01a000008d5"}}, @hvc={0x32, 0x40, {0x0, [0x7, 0x1, 0xbcb6, 0x2, 0x7d]}}, @uexit={0x0, 0x18}, @svc={0x122, 0x40, {0x400, [0x6, 0x5, 0x3, 0xd2c3, 0x7]}}, @uexit={0x0, 0x18, 0x4380000000000000}, @irq_setup={0x46, 0x18, {0x3, 0x262}}, @uexit={0x0, 0x18, 0x1}, @its_send_cmd={0xaa, 0x28, {0x0, 0x1, 0x2, 0x0, 0x5, 0x6, 0x3}}, @hvc={0x32, 0x40, {0x80008000, [0x0, 0x200000000, 0x9, 0x4, 0x2]}}, @svc={0x122, 0x40, {0x8400000f, [0x9, 0x4, 0xf7a7, 0xffffffffffff1019, 0x5]}}, @code={0xa, 0x84, {"00c8215e601a94d200a0b8f2410080d2220180d2c30080d2440080d2020000d4000008d5007008d5007008d5000028d5007008d5007008d5c0f48bd200c0b8f2e10080d2620080d2230180d2840080d2020000d4604980d200c0b8f2010080d2820180d2e30180d2040080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x1, 0x276}}, @mrs={0xbe, 0x18, {0x603000000013e6df}}, @svc={0x122, 0x40, {0x80003fff, [0x8, 0xfff, 0x3, 0x3, 0xa]}}, @irq_setup={0x46, 0x18, {0x3, 0xf1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ff}}], 0x4d4}, &(0x7f0000000580)=[@featur1={0x1, 0xc4}], 0x1)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

13m8.864580361s ago: executing program 3 (id=40):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x60, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x3, 0x7ffffffd}})
r2 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) (async)
close(r5) (async, rerun: 64)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2e) (async, rerun: 64)
close(r5)
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, r8, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x31)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
r12 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x0, 0x3, 0x20010, r11, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0) (async, rerun: 64)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r13, 0x40086602, 0x8000000400000004)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x2e)
r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r15, r16, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)

13m8.290482132s ago: executing program 2 (id=41):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x2000) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000240)={0x0, &(0x7f0000000280)=[@code={0xa, 0xb4, {"408c97d200c0b0f2a10080d2620080d2430180d2040080d2020000d40000802900000018e05686d20040b0f2010180d2e20180d2230080d2640180d2020000d4008008d5c0bd99d20080b8f2c10080d2420080d2830180d2a40180d2020000d400b793d200e0b8f2010080d2220180d2430080d2040180d2020000d40000ff0dc01a94d20060b0f2610180d2220180d2830180d2c40180d2020000d40038000e"}}], 0xb4}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x802, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000001c0)=@arm64_extra={0x603000000013c035, &(0x7f0000000340)=0x3c})
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async, rerun: 32)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x80a00, 0x0) (rerun: 32)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x31)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d1, 0x0}) (async)
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r17 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r17, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r18, 0x2000000, 0x14012, r16, 0x0) (async)
r19 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r19, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_REG_LIST(r19, 0xc008aeb0, &(0x7f0000000140)={0x4, [0xc, 0x3, 0x3, 0x9]}) (async, rerun: 64)
ioctl$KVM_GET_ONE_REG(r19, 0x4010aeab, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000200)=0xa}) (async, rerun: 64)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12m46.181548643s ago: executing program 3 (id=42):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x200180, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x88)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000140)={0xfffffffffffffff8, 0x4, 0x0, 0xffffffffffffffff, 0xf})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000180)={0x5000})
r6 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x7, <r10=>0xffffffffffffffff})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000140)={0x101ff, 0x0, &(0x7f0000e41000/0x3000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000080)={0x1, 0xf000})
syz_kvm_vgic_v3_setup(r2, 0x3, 0x40)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000f54000/0x4000)=nil, r11, 0x1000002, 0x16831, 0xffffffffffffffff, 0x0)
r12 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r12, 0xbffffffb, 0x1, r12})
r13 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)

12m45.612082654s ago: executing program 2 (id=43):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)

12m30.697538254s ago: executing program 2 (id=44):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xcd) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)

12m28.089656005s ago: executing program 3 (id=45):
r0 = openat$kvm(0x0, &(0x7f0000000180), 0xa0080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x100)
close(r1)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000280)=0x3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
close(r2)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x400400, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r7, 0x100000d, 0x20010, 0xffffffffffffffff, 0x0)
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000780)={0x0, &(0x7f0000000640)=[@smc={0x1e, 0x40, {0x4000, [0x2, 0x8, 0x8001, 0x1b0c000000000000, 0xfffffffffffffffa]}}, @smc={0x1e, 0x40, {0x80003fff, [0x3, 0x3, 0xf46, 0x5, 0x3413]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x36}}, @code={0xa, 0x6c, {"00ed9dd200e0b8f2610080d2020080d2a30080d2240080d2020000d4003c004e000cc0da008008d5007008d5007008d500e0c00d007008d540c992d20060b8f2610180d2c20080d2630080d2040080d2020000d4000008d5"}}], 0x114}, &(0x7f00000007c0)=[@featur2={0x1, 0xc1}], 0x1)
mmap$KVM_VCPU(&(0x7f0000e5f000/0x2000)=nil, 0x930, 0x2000007, 0x80010, r8, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000080)=[@msr={0x14, 0x20, {0x603000000013f100, 0x6}}, @msr={0x14, 0x20, {0x603000000013df67, 0x3}}, @msr={0x14, 0x20, {0x603000000013df5a, 0x9}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x9, 0x4}}, @hvc={0x32, 0x40, {0x30000002, [0x100000001, 0x1, 0x1, 0x5, 0x5]}}, @smc={0x1e, 0x40, {0x84000003, [0x5, 0xef8, 0xe, 0x2, 0x2]}}, @code={0xa, 0x54, {"007008d50000206b0088212e000028d5008008d5c0a390d200c0b8f2e10080d2a20080d2030180d2240080d2020000d4007008d50000006c007008d50004809a"}}, @mrs={0xbe, 0x18, {0x603000000013e641}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x35}}, @code={0xa, 0xb4, {"002c205ec0908fd200c0b0f2410080d2420180d2830180d2a40180d2020000d4405487d20040b8f2e10180d2820080d2630180d2c40080d2020000d4007008d5000008d5405484d200c0b8f2210180d2c20180d2e30180d2e40080d2020000d40048c01a00a0bf0de0578cd200e0b0f2210180d2620080d2e30180d2240080d2020000d4e0a086d200c0b0f2010080d2e20180d2e30180d2040080d2020000d4"}}, @code={0xa, 0x9c, {"000008d5000008d50098202e008008d5000028d500c8210e60c699d200c0b0f2810080d2e20080d2a30180d2640080d2020000d4e0a083d20040b8f2010180d2e20180d2630080d2a40180d2020000d440b997d200a0b8f2a10080d2420080d2c30080d2a40180d2020000d420159ed20060b8f2a10080d2220180d2630080d2c40080d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013e5f3, 0x8}}, @eret={0xe6, 0x18, 0xffffffffffffffba}, @msr={0x14, 0x20, {0x603000000013e100, 0x3}}, @uexit={0x0, 0x18, 0x3901}, @eret={0xe6, 0x18, 0x6}, @svc={0x122, 0x40, {0x84000053, [0x10000, 0x4, 0x0, 0x7, 0x8]}}, @code={0xa, 0xb4, {"007008d5a09d91d200a0b0f2c10180d2c20080d2430180d2440180d2020000d4e06989d200a0b8f2610180d2a20080d2a30080d2840180d2020000d4007008d520b180d200a0b8f2e10180d2020180d2a30180d2c40080d2020000d4007008d5007008d5007008d5407285d20000b0f2610180d2620180d2e30080d2240080d2020000d460039bd20020b8f2610080d2020080d2a30180d2c40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8120000, 0x300, 0x9, 0xa}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x29b}}, @eret={0xe6, 0x18, 0x7}, @smc={0x1e, 0x40, {0x84000052, [0x81, 0x8, 0xd, 0x5, 0x3]}}, @eret={0xe6, 0x18}], 0x538}, &(0x7f0000000600)=[@featur1={0x1, 0x48}], 0x1)
mmap$KVM_VCPU(&(0x7f0000f0a000/0x4000)=nil, 0x930, 0x100000c, 0x20010, r9, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_DIRTY_LOG(r11, 0x4010ae42, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000dcb000/0x4000)=nil})

11m42.614566688s ago: executing program 34 (id=44):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xcd) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)

11m34.311156949s ago: executing program 35 (id=45):
r0 = openat$kvm(0x0, &(0x7f0000000180), 0xa0080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x100)
close(r1)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000280)=0x3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
close(r2)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x400400, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r7, 0x100000d, 0x20010, 0xffffffffffffffff, 0x0)
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000780)={0x0, &(0x7f0000000640)=[@smc={0x1e, 0x40, {0x4000, [0x2, 0x8, 0x8001, 0x1b0c000000000000, 0xfffffffffffffffa]}}, @smc={0x1e, 0x40, {0x80003fff, [0x3, 0x3, 0xf46, 0x5, 0x3413]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x36}}, @code={0xa, 0x6c, {"00ed9dd200e0b8f2610080d2020080d2a30080d2240080d2020000d4003c004e000cc0da008008d5007008d5007008d500e0c00d007008d540c992d20060b8f2610180d2c20080d2630080d2040080d2020000d4000008d5"}}], 0x114}, &(0x7f00000007c0)=[@featur2={0x1, 0xc1}], 0x1)
mmap$KVM_VCPU(&(0x7f0000e5f000/0x2000)=nil, 0x930, 0x2000007, 0x80010, r8, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000080)=[@msr={0x14, 0x20, {0x603000000013f100, 0x6}}, @msr={0x14, 0x20, {0x603000000013df67, 0x3}}, @msr={0x14, 0x20, {0x603000000013df5a, 0x9}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x9, 0x4}}, @hvc={0x32, 0x40, {0x30000002, [0x100000001, 0x1, 0x1, 0x5, 0x5]}}, @smc={0x1e, 0x40, {0x84000003, [0x5, 0xef8, 0xe, 0x2, 0x2]}}, @code={0xa, 0x54, {"007008d50000206b0088212e000028d5008008d5c0a390d200c0b8f2e10080d2a20080d2030180d2240080d2020000d4007008d50000006c007008d50004809a"}}, @mrs={0xbe, 0x18, {0x603000000013e641}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x35}}, @code={0xa, 0xb4, {"002c205ec0908fd200c0b0f2410080d2420180d2830180d2a40180d2020000d4405487d20040b8f2e10180d2820080d2630180d2c40080d2020000d4007008d5000008d5405484d200c0b8f2210180d2c20180d2e30180d2e40080d2020000d40048c01a00a0bf0de0578cd200e0b0f2210180d2620080d2e30180d2240080d2020000d4e0a086d200c0b0f2010080d2e20180d2e30180d2040080d2020000d4"}}, @code={0xa, 0x9c, {"000008d5000008d50098202e008008d5000028d500c8210e60c699d200c0b0f2810080d2e20080d2a30180d2640080d2020000d4e0a083d20040b8f2010180d2e20180d2630080d2a40180d2020000d440b997d200a0b8f2a10080d2420080d2c30080d2a40180d2020000d420159ed20060b8f2a10080d2220180d2630080d2c40080d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013e5f3, 0x8}}, @eret={0xe6, 0x18, 0xffffffffffffffba}, @msr={0x14, 0x20, {0x603000000013e100, 0x3}}, @uexit={0x0, 0x18, 0x3901}, @eret={0xe6, 0x18, 0x6}, @svc={0x122, 0x40, {0x84000053, [0x10000, 0x4, 0x0, 0x7, 0x8]}}, @code={0xa, 0xb4, {"007008d5a09d91d200a0b0f2c10180d2c20080d2430180d2440180d2020000d4e06989d200a0b8f2610180d2a20080d2a30080d2840180d2020000d4007008d520b180d200a0b8f2e10180d2020180d2a30180d2c40080d2020000d4007008d5007008d5007008d5407285d20000b0f2610180d2620180d2e30080d2240080d2020000d460039bd20020b8f2610080d2020080d2a30180d2c40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8120000, 0x300, 0x9, 0xa}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x29b}}, @eret={0xe6, 0x18, 0x7}, @smc={0x1e, 0x40, {0x84000052, [0x81, 0x8, 0xd, 0x5, 0x3]}}, @eret={0xe6, 0x18}], 0x538}, &(0x7f0000000600)=[@featur1={0x1, 0x48}], 0x1)
mmap$KVM_VCPU(&(0x7f0000f0a000/0x4000)=nil, 0x930, 0x100000c, 0x20010, r9, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_DIRTY_LOG(r11, 0x4010ae42, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000dcb000/0x4000)=nil})

3m5.037314555s ago: executing program 5 (id=50):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f00000002c0)={0xe1, 0x0, 0x10000})
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0x40086602, 0x110e22ffff)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
r6 = eventfd2(0xfffffffa, 0x80001)
write$eventfd(r6, &(0x7f0000000200)=0x8, 0x8)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000)
ioctl$KVM_CHECK_EXTENSION(r5, 0x40086602, 0x110e227ffe)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x11)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r8, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0a00000000000000cc00000000000000e0ef9ad200c0b8f2410080d2e20080d2430080d2e40180d2020000d4e0be9cd20040b0f2210080d2620080d2630180d2840180d2020000d40000681e0000000b0000399e003c202ea04c8ad200e0b0f2610180d2c20180d2a30080d2640180d2020000d4c0ed81d20000b8f2810180d2820180d2a30180d2640080d2020000d4a0a189d20060b0f2410180d2820180d2230080d2240180d2020000d4804e82d20020b0f2810180d2020180d2830180d2a40080d2020000d4c0035fd6aa00000000000000280000000000000003010400000000000000090000000e0000000000000000003200000000000000400000000000000000000006000000000000000000000000f7780000000000000800000000000000030000000000000009000000000000001e0000000000000040000000000000000900008400000000050000000000000010000000000000007f0d000000000000001000000000000005000000000000004600000000000000180000000000000000be00000000000000180000000000000028981300000030601400000000000000200000000000000085c01300000030600100000001000000320000000000000040000000000000000d0000c400000000ffffffff000000000001000000100000060000000000000007000000000000000000000000000080320000000000000040000000000000000b000084000000000400000000000000080000000000000006000000000000000600000000000000dd00000000000000be000000000000001800000000000000fe7700"/604], 0x25c}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)

2m44.031116986s ago: executing program 5 (id=52):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000140)={0xb1})

2m35.092648377s ago: executing program 4 (id=53):
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r0 = eventfd2(0xaf7, 0x80000)
write$eventfd(r0, &(0x7f0000000000)=0xfffffffffffffffa, 0x8)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2c)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x29)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) (async, rerun: 32)
openat$kvm(0x3f, &(0x7f0000000040), 0x0, 0x0) (async)
r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100018, &(0x7f0000000000)=0x7fffffffffffffff}) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x28)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r12, 0x4004ae8b, &(0x7f00000000c0))
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, <r15=>0xffffffffffffffff, 0x1})
r16 = ioctl$KVM_CREATE_VM(r15, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r16, 0x40305839, 0x0) (async)
ioctl$KVM_PRE_FAULT_MEMORY(r12, 0xc040aed5, &(0x7f0000000040)={0x3000, 0x5000})

2m23.88189822s ago: executing program 5 (id=54):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000280)=0x400000080a0000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8, <r8=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0})
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000980)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b80)={0x0, 0x0}, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000280)=0x400000080a0000}) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async)
ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0}) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000980)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b80)={0x0, 0x0}, 0x0, 0x0) (async)

2m12.393856569s ago: executing program 4 (id=55):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r2, 0x2, 0x100)
r5 = eventfd2(0x1, 0x80001)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r5, 0x3}) (async)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) (async, rerun: 32)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (rerun: 32)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r6, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f0000000140)=[@svc={0x122, 0x40, {0x40, [0x8, 0x7d0f, 0x401, 0x200, 0x3]}}, @msr={0x14, 0x20, {0x6030000000138054, 0x52}}, @msr={0x14, 0x20, {0x301800000009faa4, 0x10}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x3, 0xf, 0xc, 0x3, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013804c}}, @hvc={0x32, 0x40, {0x84000009, [0x5, 0x5, 0x0, 0x2, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x48, 0xc0000, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x395}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x240000, 0x2}}, @irq_setup={0x46, 0x18, {0x3, 0x287}}, @svc={0x122, 0x40, {0x300001d, [0xffffffffffff8001, 0x5, 0x7, 0x100000000, 0x9]}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x2fa}}, @eret={0xe6, 0x18, 0x1}, @hvc={0x32, 0x40, {0x4000000, [0x0, 0x8, 0x2000400, 0x100, 0xfffffffffffffffa]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x0, 0x5, 0x2}}, @smc={0x1e, 0x40, {0x40000000, [0x101, 0x1, 0x0, 0x4cd94bcc, 0x80000000]}}, @hvc={0x32, 0x40, {0x8400000c, [0xcdaf, 0x800000000000, 0xffff, 0x3c9, 0x2]}}, @svc={0x122, 0x40, {0x2000003, [0x0, 0x6, 0x9, 0xb, 0x5]}}, @irq_setup={0x46, 0x18, {0x3, 0x2a1}}, @smc={0x1e, 0x40, {0x84000002, [0x0, 0xbf2, 0x8000000000000001, 0x6, 0x2]}}, @irq_setup={0x46, 0x18, {0x4, 0x54}}, @irq_setup={0x46, 0x18, {0x3, 0x5f}}, @eret={0xe6, 0x18, 0x3876}, @smc={0x1e, 0x40, {0x8400000e, [0x5, 0x7ff, 0x1e40, 0x8e, 0x10000]}}, @irq_setup={0x46, 0x18, {0x2, 0x14f}}, @smc={0x1e, 0x40, {0x84000006, [0xfffffffffffffff0, 0x5, 0xffff, 0x5, 0xcb8]}}, @smc={0x1e, 0x40, {0x8400000e, [0x6, 0xffff, 0xbd0, 0x2b6]}}, @eret={0xe6, 0x18, 0x80000000}], 0x4e0}], 0x1, 0x0, &(0x7f0000000080)=[@featur1={0x1, 0x5}], 0x1) (async, rerun: 32)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) (rerun: 32)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) (async)
ioctl$KVM_GET_REG_LIST(r7, 0xc008aeb0, &(0x7f0000000000)={0x1, [0x5]})

1m58.217528449s ago: executing program 5 (id=56):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x1, 0xe000, 0x1})
eventfd2(0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x3000, 0x122000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000001480)={0xfdfd, 0x13000, 0x1})

1m53.753440064s ago: executing program 4 (id=57):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, 0x0)
r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CAP_PTP_KVM(r8, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x1, 0xffffffff, &(0x7f0000000080)=0xd2})
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000001c0)={0x3000, 0xdddd1000, 0x4, 0x0, 0x2})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000280)=0x3})
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r13, 0xae03, 0x62)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r8, 0x4068aea3, &(0x7f0000000200)={0xe4, 0x0, 0x5})

1m36.29961501s ago: executing program 5 (id=58):
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000fe2000/0x2000)=nil, 0x0, 0x0, 0x10, 0xffffffffffffffff, 0x1000000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138010, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160000, &(0x7f00000000c0)=0x1})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7, <r10=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x9, 0xfffffffffffffff9, 0x0})
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000) (async)
mmap$KVM_VCPU(&(0x7f0000fe2000/0x2000)=nil, 0x0, 0x0, 0x10, 0xffffffffffffffff, 0x1000000) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138010, 0x8000}}], 0x20}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160000, &(0x7f00000000c0)=0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7}) (async)
ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x9, 0xfffffffffffffff9, 0x0}) (async)

1m26.761483939s ago: executing program 4 (id=59):
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000000000))

1m14.884714447s ago: executing program 4 (id=60):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000001c0)=[@memwrite={0x6e, 0x30, @generic={0x4000, 0x868, 0xaa, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x300, 0x76a1, 0xa}}, @smc={0x1e, 0x40, {0x84000007, [0x8, 0x0, 0x5, 0x2, 0x8]}}, @msr={0x14, 0x20, {0x5c6c, 0x8}}, @code={0xa, 0x84, {"007008d50070400ca0a984d20000b8f2610180d2820080d2e30080d2e40180d2020000d400e0400d803d8ed20020b0f2010080d2a20180d2830080d2440080d2020000d40060800c008008d5007008d50000789e401192d200a0b8f2e10080d2220080d2030180d2c40180d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0x4, 0x8, 0x6, 0x4}}, @hvc={0x32, 0x40, {0x3006049, [0xffff, 0x3, 0x1, 0x9, 0x4]}}, @msr={0x14, 0x20, {0x603000000013e66e}}, @hvc={0x32, 0x40, {0x84000012, [0x1ff, 0x8001, 0x29, 0x6, 0x8]}}, @msr={0x14, 0x20, {0x603000000013c110, 0xd}}, @hvc={0x32, 0x40, {0x20, [0x5, 0x7fff, 0x6, 0x9, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x2}}, @msr={0x14, 0x20, {0x603000000013df78, 0x3}}, @eret={0xe6, 0x18, 0x1}, @eret={0xe6, 0x18, 0x3}, @uexit={0x0, 0x18, 0x6c58000}, @irq_setup={0x46, 0x18, {0x0, 0x206}}, @uexit={0x0, 0x18, 0x3}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x40, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x3b}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x18, 0x1, 0xa}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0xa, 0x5, 0x10001, 0x3}}, @hvc={0x32, 0x40, {0x86000001, [0x100, 0x2ae3, 0xfff, 0xfffffffffffff52a, 0x10001]}}, @msr={0x14, 0x20, {0x603000000013df74, 0x400}}, @smc={0x1e, 0x40, {0xc500103b, [0x18ac, 0x9, 0x79, 0x0, 0x10]}}, @mrs={0xbe, 0x18, {0x603000000013df6f}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x2, 0x7, 0x6, 0x2}}, @code={0xa, 0xe4, {"007008d50004c038604688d20060b8f2010080d2a20180d2030080d2440080d2020000d4c09e9ad20000b0f2c10080d2220080d2c30180d2a40080d2020000d4801c9bd20080b8f2c10080d2620080d2230180d2240180d2020000d440c986d200a0b0f2a10180d2c20180d2030180d2840180d2020000d4204783d200a0b0f2210080d2c20080d2e30180d2240080d2020000d40084800dc0f183d20020b8f2410080d2420180d2430080d2e40180d2020000d460758ed20020b8f2a10180d2620180d2e30080d2a40080d2020000d4"}}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0xdf8, 0xffffffffffff7fff, 0x8}}, @msr={0x14, 0x20, {0x603000000013dee5, 0xf}}, @eret={0xe6, 0x18, 0x2}], 0x600}], 0x1, 0x0, &(0x7f0000000100)=[@featur2={0x1, 0x10}], 0x1)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0x86000000, [0x2, 0x1, 0x2, 0x3, 0x3]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = syz_kvm_vgic_v3_setup(r1, 0x4000000000000001, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x7, 0x1, 0x0})

1m10.979207491s ago: executing program 5 (id=61):
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1})
r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x3f0}}, @code={0xa, 0x84, {"00004078a05b99d200c0b8f2e10080d2a20180d2e30180d2c40180d2020000d4007008d5802c84d20020b0f2610080d2820080d2a30080d2e40080d2020000d4806d86d200a0b0f2010080d2e20080d2e30180d2440180d2020000d4000028d5000860f80000001b000400bc007008d5"}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x2cb96f51aa37d1c6, 0x6, 0x8}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x258}}, @svc={0x122, 0x40, {0x40000000, [0x8, 0x8, 0x100000001]}}, @smc={0x1e, 0x40, {0x80007fff, [0x800, 0xfffffffeffffffff, 0x4e, 0x8, 0x7]}}, @code={0xa, 0x84, {"c0ec83d20080b8f2610180d2820180d2830180d2e40080d2020000d4007008d5007008d5007008d5001ca00e0084ff0d0000003c000008d5c0539dd20000b8f2c10080d2e20180d2430180d2240080d2020000d4401382d200c0b0f2010080d2a20080d2230080d2040080d2020000d4"}}, @smc={0x1e, 0x40, {0xc4000053, [0x484d, 0x81, 0x10000, 0x800, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013e6c5}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x3}}, @uexit={0x0, 0x18}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x1, 0x3, 0xe, 0xa9d}}, @code={0xa, 0xcc, {"e06385d20000b0f2010080d2420180d2630180d2c40080d2020000d4a0329dd20000b0f2c10180d2620180d2e30180d2640080d2020000d40004403800f79dd20000b0f2610080d2620180d2a30080d2a40180d2020000d420049ad200e0b8f2410180d2a20180d2c30080d2a40180d2020000d4e08c96d200a0b0f2210080d2a20180d2430080d2e40180d2020000d4007008d50004c05a003693d200c0b0f2210080d2a20180d2e30180d2640180d2020000d4000c407c"}}], 0x3b4}, &(0x7f0000000440)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_SREGS(r7, 0x4000ae84, &(0x7f0000000480)={{0x1000, 0x80b4000, 0xe, 0x2b, 0x4, 0x5b, 0x3, 0x8, 0x66, 0xc, 0x0, 0x82}, {0x8000000, 0xd000, 0xa, 0x6, 0x8, 0x2, 0x2, 0x80, 0x8, 0x8, 0x3, 0x7}, {0xeeee8000, 0xf000, 0x4, 0x11, 0xb, 0xb, 0x8, 0x8, 0x9, 0x2, 0x4, 0x6}, {0x11111001, 0x0, 0xd, 0x5, 0x2, 0x3, 0x7, 0x3, 0xff, 0x2, 0x1, 0x4}, {0x0, 0x0, 0xf, 0x4, 0x5, 0x7, 0x4, 0x9, 0xc1, 0x9, 0x58, 0x7}, {0x8080000, 0xffff1000, 0x8, 0x2, 0x4, 0x0, 0x40, 0xb, 0x81, 0x5, 0x8, 0xc}, {0xf000, 0x0, 0x10, 0x2, 0x45, 0xe7, 0x0, 0x7, 0x40, 0x6, 0x9, 0xb}, {0x1000, 0xd000, 0xf, 0x1, 0x4, 0x3, 0x6, 0xf, 0xa, 0x3, 0xff, 0x9}, {0x1000, 0x9}, {0x2000, 0x9e2d}, 0x60010031, 0x0, 0xeb12c6d2665c6098, 0x6008, 0x2, 0x3e01, 0x2, [0x8, 0x2, 0x2, 0x1]})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r9, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)

49.411178904s ago: executing program 4 (id=62):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfd000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x25)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r10, 0x4208ae9b, &(0x7f0000000400)={0x1, 0x0, {[0xfffffffffffffffb, 0x3ff, 0x1000, 0xe26f, 0x3, 0x6, 0x9, 0x0, 0x4, 0x5, 0x7, 0x81, 0x0, 0x7fffffffffffffff, 0x1, 0x2], [0x80000001, 0x8, 0x34f, 0x80000003, 0x8000000000000000, 0xfffffffffffffffb, 0x8, 0x5, 0x7ff, 0x6, 0xa87c, 0x0, 0x5, 0x7fffffffffffffff, 0x9, 0x7fffffff], [0x6, 0x2, 0x3, 0xfff, 0xe7, 0x2, 0x100000001, 0x0, 0x8, 0x3ff, 0xb, 0x401, 0x3, 0x40, 0x100000001], [0xe, 0xffffffffffff37a5, 0x80000000, 0x54435a02, 0x2, 0x2, 0x4, 0xff, 0xa4c, 0x2, 0x400, 0x1, 0xfffffffff14d8e2e, 0x44, 0x400, 0xfffffffffffff2f2]}})
r11 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r13, 0x40000)
r14 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x400000000000007, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c025, &(0x7f00000000c0)=0x6})
r15 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r16, 0x8, 0x110, r15, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
syz_kvm_setup_cpu$arm64(r3, r15, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="3200ffffffff0000400000000000000001ff008600000000070000000000000009000000000000000800000000000000f8ffffffffffffff00010000000000005cebf4bde0e2a457e7701532f73c58b23a0e3bcfe9fa6a3d9726d2a3c0c773a9939c"], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
r17 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r17, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r17, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

22.734083155s ago: executing program 36 (id=61):
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1})
r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x3f0}}, @code={0xa, 0x84, {"00004078a05b99d200c0b8f2e10080d2a20180d2e30180d2c40180d2020000d4007008d5802c84d20020b0f2610080d2820080d2a30080d2e40080d2020000d4806d86d200a0b0f2010080d2e20080d2e30180d2440180d2020000d4000028d5000860f80000001b000400bc007008d5"}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x2cb96f51aa37d1c6, 0x6, 0x8}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x258}}, @svc={0x122, 0x40, {0x40000000, [0x8, 0x8, 0x100000001]}}, @smc={0x1e, 0x40, {0x80007fff, [0x800, 0xfffffffeffffffff, 0x4e, 0x8, 0x7]}}, @code={0xa, 0x84, {"c0ec83d20080b8f2610180d2820180d2830180d2e40080d2020000d4007008d5007008d5007008d5001ca00e0084ff0d0000003c000008d5c0539dd20000b8f2c10080d2e20180d2430180d2240080d2020000d4401382d200c0b0f2010080d2a20080d2230080d2040080d2020000d4"}}, @smc={0x1e, 0x40, {0xc4000053, [0x484d, 0x81, 0x10000, 0x800, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013e6c5}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x3}}, @uexit={0x0, 0x18}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x1, 0x3, 0xe, 0xa9d}}, @code={0xa, 0xcc, {"e06385d20000b0f2010080d2420180d2630180d2c40080d2020000d4a0329dd20000b0f2c10180d2620180d2e30180d2640080d2020000d40004403800f79dd20000b0f2610080d2620180d2a30080d2a40180d2020000d420049ad200e0b8f2410180d2a20180d2c30080d2a40180d2020000d4e08c96d200a0b0f2210080d2a20180d2430080d2e40180d2020000d4007008d50004c05a003693d200c0b0f2210080d2a20180d2e30180d2640180d2020000d4000c407c"}}], 0x3b4}, &(0x7f0000000440)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_SREGS(r7, 0x4000ae84, &(0x7f0000000480)={{0x1000, 0x80b4000, 0xe, 0x2b, 0x4, 0x5b, 0x3, 0x8, 0x66, 0xc, 0x0, 0x82}, {0x8000000, 0xd000, 0xa, 0x6, 0x8, 0x2, 0x2, 0x80, 0x8, 0x8, 0x3, 0x7}, {0xeeee8000, 0xf000, 0x4, 0x11, 0xb, 0xb, 0x8, 0x8, 0x9, 0x2, 0x4, 0x6}, {0x11111001, 0x0, 0xd, 0x5, 0x2, 0x3, 0x7, 0x3, 0xff, 0x2, 0x1, 0x4}, {0x0, 0x0, 0xf, 0x4, 0x5, 0x7, 0x4, 0x9, 0xc1, 0x9, 0x58, 0x7}, {0x8080000, 0xffff1000, 0x8, 0x2, 0x4, 0x0, 0x40, 0xb, 0x81, 0x5, 0x8, 0xc}, {0xf000, 0x0, 0x10, 0x2, 0x45, 0xe7, 0x0, 0x7, 0x40, 0x6, 0x9, 0xb}, {0x1000, 0xd000, 0xf, 0x1, 0x4, 0x3, 0x6, 0xf, 0xa, 0x3, 0xff, 0x9}, {0x1000, 0x9}, {0x2000, 0x9e2d}, 0x60010031, 0x0, 0xeb12c6d2665c6098, 0x6008, 0x2, 0x3e01, 0x2, [0x8, 0x2, 0x2, 0x1]})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r9, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)

0s ago: executing program 37 (id=62):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfd000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x25)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r10, 0x4208ae9b, &(0x7f0000000400)={0x1, 0x0, {[0xfffffffffffffffb, 0x3ff, 0x1000, 0xe26f, 0x3, 0x6, 0x9, 0x0, 0x4, 0x5, 0x7, 0x81, 0x0, 0x7fffffffffffffff, 0x1, 0x2], [0x80000001, 0x8, 0x34f, 0x80000003, 0x8000000000000000, 0xfffffffffffffffb, 0x8, 0x5, 0x7ff, 0x6, 0xa87c, 0x0, 0x5, 0x7fffffffffffffff, 0x9, 0x7fffffff], [0x6, 0x2, 0x3, 0xfff, 0xe7, 0x2, 0x100000001, 0x0, 0x8, 0x3ff, 0xb, 0x401, 0x3, 0x40, 0x100000001], [0xe, 0xffffffffffff37a5, 0x80000000, 0x54435a02, 0x2, 0x2, 0x4, 0xff, 0xa4c, 0x2, 0x400, 0x1, 0xfffffffff14d8e2e, 0x44, 0x400, 0xfffffffffffff2f2]}})
r11 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r13, 0x40000)
r14 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x400000000000007, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c025, &(0x7f00000000c0)=0x6})
r15 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r16, 0x8, 0x110, r15, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
syz_kvm_setup_cpu$arm64(r3, r15, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="3200ffffffff0000400000000000000001ff008600000000070000000000000009000000000000000800000000000000f8ffffffffffffff00010000000000005cebf4bde0e2a457e7701532f73c58b23a0e3bcfe9fa6a3d9726d2a3c0c773a9939c"], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
r17 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r17, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r17, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

kernel console output (not intermixed with test programs):

[  443.343695][ T3152] 8021q: adding VLAN 0 to HW filter on device bond0
[  502.731952][ T3152] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:21497' (ED25519) to the list of known hosts.
[  692.753768][   T25] audit: type=1400 audit(691.870:61): avc:  denied  { name_bind } for  pid=3314 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  694.375857][   T25] audit: type=1400 audit(693.510:62): avc:  denied  { execute } for  pid=3315 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  694.405319][   T25] audit: type=1400 audit(693.540:63): avc:  denied  { execute_no_trans } for  pid=3315 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  721.484447][   T25] audit: type=1400 audit(720.620:64): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  721.522634][   T25] audit: type=1400 audit(720.650:65): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  721.614010][ T3315] cgroup: Unknown subsys name 'net'
[  721.670174][   T25] audit: type=1400 audit(720.800:66): avc:  denied  { unmount } for  pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  722.094373][ T3315] cgroup: Unknown subsys name 'cpuset'
[  722.204365][ T3315] cgroup: Unknown subsys name 'rlimit'
[  723.243997][   T25] audit: type=1400 audit(722.380:67): avc:  denied  { setattr } for  pid=3315 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  723.274595][   T25] audit: type=1400 audit(722.410:68): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  723.319817][   T25] audit: type=1400 audit(722.450:69): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  724.645040][ T3318] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  724.665423][   T25] audit: type=1400 audit(723.800:70): avc:  denied  { relabelto } for  pid=3318 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  724.694651][   T25] audit: type=1400 audit(723.830:71): avc:  denied  { write } for  pid=3318 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  724.885500][   T25] audit: type=1400 audit(724.020:72): avc:  denied  { read } for  pid=3315 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  724.904383][   T25] audit: type=1400 audit(724.040:73): avc:  denied  { open } for  pid=3315 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  724.958264][ T3315] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  780.983064][   T25] audit: type=1400 audit(780.120:74): avc:  denied  { execmem } for  pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  785.925752][   T25] audit: type=1400 audit(785.060:75): avc:  denied  { read } for  pid=3321 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  785.946970][   T25] audit: type=1400 audit(785.080:76): avc:  denied  { open } for  pid=3321 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  786.046125][   T25] audit: type=1400 audit(785.180:77): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  786.358892][   T25] audit: type=1400 audit(785.460:78): avc:  denied  { module_request } for  pid=3322 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  786.360234][   T25] audit: type=1400 audit(785.470:79): avc:  denied  { module_request } for  pid=3321 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  787.595630][   T25] audit: type=1400 audit(786.710:80): avc:  denied  { sys_module } for  pid=3322 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  833.859687][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  834.152332][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  836.826975][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  837.094531][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  860.149287][ T3321] hsr_slave_0: entered promiscuous mode
[  860.184046][ T3321] hsr_slave_1: entered promiscuous mode
[  861.554722][ T3322] hsr_slave_0: entered promiscuous mode
[  861.596381][ T3322] hsr_slave_1: entered promiscuous mode
[  861.646698][ T3322] debugfs: 'hsr0' already exists in 'hsr'
[  861.663063][ T3322] Cannot create hsr debugfs directory
[  868.811121][   T25] audit: type=1400 audit(867.930:81): avc:  denied  { create } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  868.871739][   T25] audit: type=1400 audit(868.000:82): avc:  denied  { write } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  868.942030][   T25] audit: type=1400 audit(868.070:83): avc:  denied  { read } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  869.159845][ T3321] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  869.635753][ T3321] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  870.150676][ T3321] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  871.575336][ T3321] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  876.023946][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  876.303110][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  876.712356][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  877.035187][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  903.562788][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0
[  910.246322][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1010.736687][ T3321] veth0_vlan: entered promiscuous mode
[ 1011.761611][ T3321] veth1_vlan: entered promiscuous mode
[ 1015.492745][ T3322] veth0_vlan: entered promiscuous mode
[ 1016.094957][ T3321] veth0_macvtap: entered promiscuous mode
[ 1016.625923][ T3321] veth1_macvtap: entered promiscuous mode
[ 1017.121482][ T3322] veth1_vlan: entered promiscuous mode
[ 1021.102032][ T3204] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1021.146195][ T3204] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1021.169270][ T3204] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1021.389547][ T3204] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1022.662960][ T3322] veth0_macvtap: entered promiscuous mode
[ 1024.003904][ T3322] veth1_macvtap: entered promiscuous mode
[ 1031.221699][   T25] audit: type=1400 audit(1030.210:84): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1032.468553][   T25] audit: type=1400 audit(1031.380:85): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/syzkaller.jKcbQN/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1034.264610][   T25] audit: type=1400 audit(1033.120:86): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1036.505671][   T25] audit: type=1400 audit(1035.640:87): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/syzkaller.jKcbQN/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1036.770765][   T25] audit: type=1400 audit(1035.880:88): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/syzkaller.jKcbQN/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3799 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 1037.059648][ T3375] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1037.062901][ T3375] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1037.151893][ T3375] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1037.184747][ T3375] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1038.475102][   T25] audit: type=1400 audit(1037.590:89): avc:  denied  { unmount } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1038.923211][   T25] audit: type=1400 audit(1038.060:90): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 1039.159473][   T25] audit: type=1400 audit(1038.280:91): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="gadgetfs" ino=3811 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1040.215272][   T25] audit: type=1400 audit(1039.230:92): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1040.561116][   T25] audit: type=1400 audit(1039.570:93): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 1040.684616][   T25] audit: type=1400 audit(1039.700:94): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1042.824620][ T3321] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 1044.431769][   T25] audit: type=1400 audit(1043.540:95): avc:  denied  { read write } for  pid=3321 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1044.482490][   T25] audit: type=1400 audit(1043.590:96): avc:  denied  { open } for  pid=3321 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1044.531279][   T25] audit: type=1400 audit(1043.660:97): avc:  denied  { ioctl } for  pid=3321 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1060.958962][   T25] audit: type=1400 audit(1060.080:98): avc:  denied  { read } for  pid=3482 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1061.013725][   T25] audit: type=1400 audit(1060.150:99): avc:  denied  { open } for  pid=3482 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1061.719695][   T25] audit: type=1400 audit(1060.820:100): avc:  denied  { ioctl } for  pid=3482 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1069.921832][   T25] audit: type=1400 audit(1069.050:101): avc:  denied  { execute } for  pid=3484 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3897 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1131.632639][   T25] audit: type=1400 audit(1130.750:102): avc:  denied  { write } for  pid=3513 comm="syz.1.8" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1136.202829][   T25] audit: type=1400 audit(1135.280:103): avc:  denied  { setattr } for  pid=3513 comm="syz.1.8" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1179.770039][   T25] audit: type=1400 audit(1178.900:104): avc:  denied  { map } for  pid=3534 comm="syz.0.13" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1179.869038][   T25] audit: type=1400 audit(1178.950:105): avc:  denied  { execute } for  pid=3534 comm="syz.0.13" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1420.325577][ T3375] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1421.531130][ T3375] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1422.804159][ T3375] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1424.155208][ T3375] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1424.563561][ T3593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1425.412406][ T3593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1427.211335][ T3595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1427.590646][ T3595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1444.392323][ T3375] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1444.640240][ T3375] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1444.781292][ T3375] bond0 (unregistering): Released all slaves
[ 1447.920717][ T3375] hsr_slave_0: left promiscuous mode
[ 1448.290710][ T3375] hsr_slave_1: left promiscuous mode
[ 1449.213552][ T3375] veth1_macvtap: left promiscuous mode
[ 1449.226004][ T3375] veth0_macvtap: left promiscuous mode
[ 1449.261216][ T3375] veth1_vlan: left promiscuous mode
[ 1449.290817][ T3375] veth0_vlan: left promiscuous mode
[ 1469.574994][ T3375] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1470.992566][ T3375] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1472.364433][ T3375] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1473.522519][ T3375] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1490.440480][ T3375] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1490.573317][ T3375] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1490.679391][ T3375] bond0 (unregistering): Released all slaves
[ 1493.150613][ T3375] hsr_slave_0: left promiscuous mode
[ 1493.349500][ T3375] hsr_slave_1: left promiscuous mode
[ 1493.889055][ T3375] veth1_macvtap: left promiscuous mode
[ 1493.899006][ T3375] veth0_macvtap: left promiscuous mode
[ 1493.901320][ T3375] veth1_vlan: left promiscuous mode
[ 1493.902937][ T3375] veth0_vlan: left promiscuous mode
[ 1508.284581][ T3595] hsr_slave_0: entered promiscuous mode
[ 1508.364714][ T3595] hsr_slave_1: entered promiscuous mode
[ 1510.269072][ T3593] hsr_slave_0: entered promiscuous mode
[ 1510.332664][ T3593] hsr_slave_1: entered promiscuous mode
[ 1510.373013][ T3593] debugfs: 'hsr0' already exists in 'hsr'
[ 1510.379682][ T3593] Cannot create hsr debugfs directory
[ 1523.403486][ T3595] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1524.072093][ T3595] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1524.501350][ T3595] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1524.982157][ T3595] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1529.151670][ T3593] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1529.587053][ T3593] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1530.024684][ T3593] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1530.325442][ T3593] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1553.249960][ T3595] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1559.833394][ T3593] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1663.700361][ T3595] veth0_vlan: entered promiscuous mode
[ 1664.590011][ T3595] veth1_vlan: entered promiscuous mode
[ 1668.133828][ T3595] veth0_macvtap: entered promiscuous mode
[ 1668.704713][ T3595] veth1_macvtap: entered promiscuous mode
[ 1672.282861][ T3593] veth0_vlan: entered promiscuous mode
[ 1674.570750][ T3593] veth1_vlan: entered promiscuous mode
[ 1675.306258][ T3354] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1675.315727][ T3354] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1675.329108][ T3354] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1675.335138][ T3354] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1680.672033][ T3593] veth0_macvtap: entered promiscuous mode
[ 1681.832282][ T3593] veth1_macvtap: entered promiscuous mode
[ 1686.350293][   T51] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1686.395854][ T3354] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1686.438726][ T3375] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1686.455921][ T3355] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1876.077084][ T3734] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1879.994112][ T3734] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1881.776047][ T3734] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1883.539548][ T3734] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1907.220353][ T3734] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1907.548853][ T3734] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1907.744334][ T3734] bond0 (unregistering): Released all slaves
[ 1911.409528][ T3734] hsr_slave_0: left promiscuous mode
[ 1911.882164][ T3734] hsr_slave_1: left promiscuous mode
[ 1913.354451][ T3734] veth1_macvtap: left promiscuous mode
[ 1913.379319][ T3734] veth0_macvtap: left promiscuous mode
[ 1913.402631][ T3734] veth1_vlan: left promiscuous mode
[ 1913.426431][ T3734] veth0_vlan: left promiscuous mode
[ 1948.346234][ T3715] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1949.794794][ T3715] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1951.132231][ T3715] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1952.380995][ T3715] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1973.534998][ T3715] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1973.969996][ T3715] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1974.224398][ T3715] bond0 (unregistering): Released all slaves
[ 1976.661244][ T3715] hsr_slave_0: left promiscuous mode
[ 1976.740122][ T3715] hsr_slave_1: left promiscuous mode
[ 1977.329069][ T3715] veth1_macvtap: left promiscuous mode
[ 1977.332699][ T3715] veth0_macvtap: left promiscuous mode
[ 1977.350283][ T3715] veth1_vlan: left promiscuous mode
[ 1977.385593][ T3715] veth0_vlan: left promiscuous mode
[ 2038.722575][ T3903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2039.206077][ T3903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2042.693392][ T3907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2043.081744][ T3907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2071.546951][ T3903] hsr_slave_0: entered promiscuous mode
[ 2071.604531][ T3903] hsr_slave_1: entered promiscuous mode
[ 2075.443681][ T3907] hsr_slave_0: entered promiscuous mode
[ 2075.531266][ T3907] hsr_slave_1: entered promiscuous mode
[ 2075.563302][ T3907] debugfs: 'hsr0' already exists in 'hsr'
[ 2075.571622][ T3907] Cannot create hsr debugfs directory
[ 2093.133670][ T3903] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2094.240591][ T3903] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2095.164917][ T3903] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2096.560752][ T3903] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2102.503497][ T3907] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2103.111486][ T3907] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2103.613403][ T3907] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2104.263375][ T3907] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2134.366278][ T3903] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2140.533962][ T3907] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2300.654700][ T3903] veth0_vlan: entered promiscuous mode
[ 2302.044959][ T3903] veth1_vlan: entered promiscuous mode
[ 2307.407906][ T3903] veth0_macvtap: entered promiscuous mode
[ 2308.332841][ T3907] veth0_vlan: entered promiscuous mode
[ 2308.945226][ T3903] veth1_macvtap: entered promiscuous mode
[ 2310.811535][ T3907] veth1_vlan: entered promiscuous mode
[ 2315.151265][ T3715] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2315.152832][ T3715] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2315.154088][ T3715] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2315.154949][ T3715] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2318.015524][ T3907] veth0_macvtap: entered promiscuous mode
[ 2319.420101][ T3907] veth1_macvtap: entered promiscuous mode
[ 2324.663162][ T3375] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2324.751355][ T3375] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2324.800015][ T3715] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2324.835773][ T3715] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2381.639982][   T25] audit: type=1400 audit(2380.680:106): avc:  denied  { append } for  pid=4190 comm="syz.4.51" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2686.956841][ T4259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2687.523742][ T4259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2709.426060][ T4270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2710.123290][ T4270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2747.116137][ T4259] hsr_slave_0: entered promiscuous mode
[ 2747.254766][ T4259] hsr_slave_1: entered promiscuous mode
[ 2747.432216][ T4259] debugfs: 'hsr0' already exists in 'hsr'
[ 2747.440348][ T4259] Cannot create hsr debugfs directory
[ 2773.479935][ T4270] hsr_slave_0: entered promiscuous mode
[ 2773.595195][ T4270] hsr_slave_1: entered promiscuous mode
[ 2773.751578][ T4270] debugfs: 'hsr0' already exists in 'hsr'
[ 2773.770055][ T4270] Cannot create hsr debugfs directory
[ 2791.020188][ T4259] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2791.666855][ T4259] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2793.450314][ T4259] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2794.144882][ T4259] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2817.734235][ T4270] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 2818.651847][ T4270] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 2819.619414][ T4270] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 2820.481282][ T4270] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 2862.686382][ T4259] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2880.501721][ T4270] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2953.040267][   T27] INFO: task syz.4.62:4249 blocked for more than 430 seconds.
[ 2953.140045][   T27]       Not tainted syzkaller #0
[ 2953.170305][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 2953.170976][   T27] task:syz.4.62        state:D stack:0     pid:4249  tgid:4249  ppid:3903   task_flags:0x400040 flags:0x00000011
[ 2953.172561][   T27] Call trace:
[ 2953.173112][   T27]  __switch_to+0x584/0xb20 (T)
[ 2953.175264][   T27]  __schedule+0x1eec/0x33a4
[ 2953.175912][   T27]  schedule+0xac/0x27c
[ 2953.176462][   T27]  schedule_timeout+0x5c/0x1e4
[ 2953.176972][   T27]  do_wait_for_common+0x28c/0x444
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 2953.420549][   T27]  wait_for_completion+0x44/0x5c
[ 2953.421556][   T27]  __synchronize_srcu+0x2a4/0x320
[ 2953.422164][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 2953.422693][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 2953.423263][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 2953.423718][   T27]  kvm_vm_release+0x58/0x78
[ 2953.424233][   T27]  __fput+0x4ac/0x980
[ 2953.424720][   T27]  ____fput+0x20/0x58
[ 2953.425227][   T27]  task_work_run+0x1bc/0x254
[ 2953.425701][   T27]  do_notify_resume+0x1bc/0x270
[ 2953.426208][   T27]  el0_svc+0xb8/0x164
[ 2953.426667][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 2953.530337][   T27]  el0t_64_sync+0x198/0x19c
[ 2953.561967][   T27] 
[ 2953.561967][   T27] Showing all locks held in the system:
[ 2953.562640][   T27] 1 lock held by khungtaskd/27:
[ 2953.563104][   T27]  #0: ffff800087806858 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 2953.565836][   T27] 2 locks held by getty/3182:
[ 2953.566245][   T27]  #0: d9f0000011d068a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 2953.710257][   T27]  #1: 8bff80008c54b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 2953.712070][   T27] 3 locks held by kworker/u4:0/3204:
[ 2953.712442][   T27] 2 locks held by syz-executor/3315:
[ 2953.712816][   T27] 1 lock held by kworker/u4:7/3413:
[ 2953.713193][   T27] 2 locks held by kworker/u4:9/3477:
[ 2953.713538][   T27]  #0: 28f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 2953.715345][   T27]  #1: ffff80008ffa7c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 2953.889726][   T27] 2 locks held by kworker/u4:8/3715:
[ 2953.898831][   T27]  #0: 28f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 2953.900941][   T27]  #1: ffff80008e687c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 2953.902924][   T27] 4 locks held by kworker/0:5/4166:
[ 2953.903300][   T27] 2 locks held by syz.5.61/4242:
[ 2953.903665][   T27] 3 locks held by kworker/u4:5/4277:
[ 2953.904068][   T27] 3 locks held by kworker/u4:13/4403:
[ 2953.904417][   T27] 2 locks held by cmp/4430:
[ 2953.904761][   T27] 1 lock held by modprobe/4431:
[ 2953.905104][   T27] 1 lock held by modprobe/4432:
[ 2954.081280][   T27] 
[ 2954.093521][   T27] =============================================
[ 2954.093521][   T27] 
[ 2954.094536][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 2954.099543][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 2954.101184][   T27] Hardware name: linux,dummy-virt (DT)
[ 2954.102238][   T27] Call trace:
[ 2954.103169][   T27]  show_stack+0x2c/0x3c (C)
[ 2954.104304][   T27]  __dump_stack+0x30/0x40
[ 2954.105331][   T27]  dump_stack_lvl+0x30/0x12c
[ 2954.106331][   T27]  dump_stack+0x1c/0x28
[ 2954.107212][   T27]  vpanic+0x22c/0x59c
[ 2954.108070][   T27]  vpanic+0x0/0x59c
[ 2954.108823][   T27]  hung_task_panic+0x0/0x2c
[ 2954.109773][   T27]  kthread+0x794/0x9a0
[ 2954.110714][   T27]  ret_from_fork+0x10/0x20
[ 2954.112634][   T27] Kernel Offset: disabled
[ 2954.113449][   T27] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 2954.114708][   T27] Memory Limit: none
[ 2954.117077][   T27] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:13:53  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800080012904 X00=fff07fffeb6e6000 X01=ffff8000870c9b57
X02=ffff800080007f80 X03=0000000000000010 X04=0000000000000001
X05=0000000000000001 X06=0000000000000000 X07=ffff800080499ca0
X08=0000000000000852 X09=000000000000009f X10=000000000000009f
X11=000000000000009f X12=0000000000010001 X13=0000000000000028
X14=0000000000004000 X15=e6ff80008039fc50 X16=ffff800080000000
X17=fff07fffeb6e6000 X18=00000000000000ff X19=efff800000000000
X20=9ff000000d9bbb00 X21=ffff80008768624c X22=ffff800080010e20
X23=9ff000000d9bbb10 X24=ffff800087699c00 X25=0000000000000008
X26=9ff000000d9bbb08 X27=000000000000009f X28=9ff000000d9bbb00
X29=ffff800080007f80 X30=ffff8000802cf6c8  SP=ffff800080007f00
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=696d5f6d61706269:6c2f343662696c2f Z01=00302e6f732e6373:696d5f6d61706269
Z02=0000000000000000:fffffffff0000000 Z03=0000000000000000:0000000000000000
Z04=3333333333333333:3333333333333333 Z05=0000000000000000:00000000c0000000
Z06=0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000