last executing test programs:

42m16.027514052s ago: executing program 1 (id=2):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x400, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f00000000c0)={0x5, [0xeef3, 0x81, 0x9, 0x5, 0x7]})
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r7, 0x3000004, 0x32, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r9 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000140)={0x1ff, 0xdddc1000, 0x0, r9, 0x4})
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x9e)

42m12.552563215s ago: executing program 0 (id=1):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0)

41m56.342795068s ago: executing program 0 (id=3):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x0, 0x2000, &(0x7f0000fb0000/0x2000)=nil}) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x4, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000fd3000/0x1000)=nil}) (async, rerun: 64)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) (rerun: 64)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x8, 0x3, &(0x7f0000000000)=0x3})

41m53.951239997s ago: executing program 1 (id=4):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000080)={0x4, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, 0xffffffffffffffff) (async)
r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000100)=@arm64={0x4e, 0x2, 0x0, '\x00', 0x4})
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
r10 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r8, 0x4, 0x780) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000000000)=@arm64) (async)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0x9e)

41m48.098012808s ago: executing program 0 (id=5):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x200000000000001}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000680)=[@irq_setup={0x46, 0x18, {0x2, 0xe7}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x1, 0x8}}, @eret={0xe6, 0x18, 0xfffffffffffffffb}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x3, 0x4}}, @msr={0x14, 0x20, {0x603000000013c2b0, 0x4}}, @irq_setup={0x46, 0x18, {0x1, 0x28}}, @code={0xa, 0x6c, {"a0449ad20060b8f2210080d2a20080d2430080d2840080d2020000d4007008d5007008d50000209b007008d500c981d200a0b0f2610180d2620080d2630080d2640180d2020000d4000008d5007008d5007008d50000af9e"}}, @eret={0xe6, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013c65d, 0xed8e}}, @hvc={0x32, 0x40, {0xc5000021, [0xc2a2, 0xa, 0x5, 0x81, 0xb6f]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x0, 0x8}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x15a}}, @eret={0xe6, 0x18, 0x7f}, @msr={0x14, 0x20, {0x603000000013c2a9, 0x22e1988e}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x306}}, @hvc={0x32, 0x40, {0x8400000e, [0x0, 0x7, 0x2, 0x707, 0x5]}}, @svc={0x122, 0x40, {0x0, [0xfffffffffffffff9, 0x4, 0x9, 0x5, 0x10]}}, @irq_setup={0x46, 0x18, {0x4, 0x13a}}, @svc={0x122, 0x40, {0x86000001, [0x2, 0xfffffffffffffffc, 0x1, 0x2, 0x80]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x4, 0x10, 0xffff, 0x100}}, @eret={0xe6, 0x18, 0x1f}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x77}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x120}}, @hvc={0x32, 0x40, {0x80007fff, [0x9, 0x7e6d, 0x233e6777, 0x3b7b, 0x5]}}, @eret={0xe6, 0x18}], 0x424}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

41m45.555592193s ago: executing program 1 (id=6):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0xfffffe1a, 0xfffffffffffffffc, 0x0})
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0xfffffffffffffdb3, {0x603000000013dce9, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013c521, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000000, 0x4f831, 0xffffffffffffffff, 0x0)

40m59.693623493s ago: executing program 32 (id=5):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x200000000000001}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000680)=[@irq_setup={0x46, 0x18, {0x2, 0xe7}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x1, 0x8}}, @eret={0xe6, 0x18, 0xfffffffffffffffb}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x3, 0x4}}, @msr={0x14, 0x20, {0x603000000013c2b0, 0x4}}, @irq_setup={0x46, 0x18, {0x1, 0x28}}, @code={0xa, 0x6c, {"a0449ad20060b8f2210080d2a20080d2430080d2840080d2020000d4007008d5007008d50000209b007008d500c981d200a0b0f2610180d2620080d2630080d2640180d2020000d4000008d5007008d5007008d50000af9e"}}, @eret={0xe6, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013c65d, 0xed8e}}, @hvc={0x32, 0x40, {0xc5000021, [0xc2a2, 0xa, 0x5, 0x81, 0xb6f]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x0, 0x8}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x15a}}, @eret={0xe6, 0x18, 0x7f}, @msr={0x14, 0x20, {0x603000000013c2a9, 0x22e1988e}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x306}}, @hvc={0x32, 0x40, {0x8400000e, [0x0, 0x7, 0x2, 0x707, 0x5]}}, @svc={0x122, 0x40, {0x0, [0xfffffffffffffff9, 0x4, 0x9, 0x5, 0x10]}}, @irq_setup={0x46, 0x18, {0x4, 0x13a}}, @svc={0x122, 0x40, {0x86000001, [0x2, 0xfffffffffffffffc, 0x1, 0x2, 0x80]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x4, 0x10, 0xffff, 0x100}}, @eret={0xe6, 0x18, 0x1f}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x77}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x120}}, @hvc={0x32, 0x40, {0x80007fff, [0x9, 0x7e6d, 0x233e6777, 0x3b7b, 0x5]}}, @eret={0xe6, 0x18}], 0x424}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

40m58.309790357s ago: executing program 33 (id=6):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0xfffffe1a, 0xfffffffffffffffc, 0x0})
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0xfffffffffffffdb3, {0x603000000013dce9, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013c521, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000000, 0x4f831, 0xffffffffffffffff, 0x0)

34m4.980075273s ago: executing program 3 (id=19):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x40000)

33m52.630550424s ago: executing program 3 (id=21):
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bfd000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x400000000000007, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r11, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c025, &(0x7f00000000c0)=0x6})
ioctl$KVM_CREATE_VM(r2, 0x800454d3, 0xfffffffffffffffa)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r12 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) (async)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r15, 0x603000000013df11, 0x8000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x20010, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x20010, 0xffffffffffffffff, 0x0)

33m9.439693107s ago: executing program 3 (id=24):
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x46)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000c0e000/0x1000)=nil, 0x930, 0x8, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x0, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x4)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000200)=@arm64_fw={0x6030000000140000, &(0x7f0000000240)=0x10001})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r6, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

32m46.183539858s ago: executing program 3 (id=26):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x27)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0xfffffffe, 0x0, 0x6, 0x0, 0x20000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r10=>0xffffffffffffffff, 0x1})
write$eventfd(r10, &(0x7f00000001c0)=0xffffff7f, 0xff25)
r11 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c000})
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000240)={0x10200, 0x0, &(0x7f0000d66000/0x1000)=nil})
ioctl$KVM_CHECK_EXTENSION(r13, 0xae03, 0xab)
syz_kvm_setup_cpu$arm64(r12, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013c600, 0xfefefee0}}], 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c600, &(0x7f0000000140)})

32m25.483057044s ago: executing program 3 (id=28):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x311200, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x3, 0x7c}}], 0x28}, 0x0, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x5, <r7=>0xffffffffffffffff, 0x1}) (async)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x40)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, <r12=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r12, 0x400454da, 0x1)
ioctl$KVM_CHECK_EXTENSION_VM(r9, 0xae03, 0x29) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) (async)
r15 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x8)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r15, 0x4008ae73, &(0x7f0000000140)={0x4, 0xffff})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r14, 0x4018aee3, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000000)=0x8090000})
r16 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
r18 = ioctl$KVM_CREATE_VCPU(r17, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r18, 0x4040aea0, 0xfffffffffffffffe) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x7})

32m10.348329168s ago: executing program 3 (id=30):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x108040, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, 0xffffffffffffffff)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x10200, 0x0, &(0x7f0000ffa000/0x4000)=nil})
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x31)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r13 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f0000000340)={0x1000, "6b02485d5fdbcb6ea8ccf0abbcf0959cf6906edfc198e7bc0d49dc89b5aa48896d47009aaca3c5569ae13e9376850e275f5ea7b17dcef8d80e7e4366a268bef43e4ea9fc249c57c2318edf56652ae7eb19c5ce42cc81aefc9ca4cadee8162ece9eda308317278eab40b98ff2436245cb61ef490dbf46068aa8895d76eacfdcfebec135809e74bf1b44af0cac2a8b65a53eb5e8c3aa2e03dd331e1652f760db2d75168de82783ab7bfb38f77b5573135f568b74227331be304bbccbd9bf108b5b9c494ea9600b103787a5c9bfc246e261b735a4fa74e92c82d98938bd56cd5031c0330f2781da5fb2fba8dcb3626ea4a8820210e0c475cdc21c9c76d42a3114f528811c93845fb28a089da5ed608abf419acac344d26ee173f647daedf9f021cd7b52d6d63ac69c996b6b1af7db23e6a1ff2e41bfaf50ff4e394bd320376b5af255d3bc5b7dc30b87e47ac8b3f1c743ff7ef56f6ae8aca4daaba6fcc75bb32e5626ef27d1109682934ceb85f1f295c16d2dcf56b5f821e1831688fa25a002b9b9c1647d2a23b5bc22b00e8d88e4c37d519ef6c9bc9cd8e7af113b38578e1e15ff4bfe3b90260e0593a15cbc5c93f1359dff4bdd0844f22b6332de5c8a6fd5b29f22d51e59efaabd0c04416026526a143b7f599fa1381f909c61881bb52a9333388a48be0baf6f3d8a850f3611f50916e949bede63d5feff514049bb76a617406d3b0d8a26b770d54536befbdda3b2d0098cfb9825f545102c76adf721af32a6ba767f948564b937a8d432dfa3f0d426e20556e0a9de9d8cd6289bbca06920b9a91dcbf22e283f533319b5956e91adb33b2664339200a0daad7b8ed98de0d124af02c753cf45b31b4da79c52b9b8f04f24e695cee869f7538fdd29753b9c3b1f2eb52e690359be777b65541c71aaae2a19176816faf91b8dcba1f4752ff0a2b8bba047f2ed58f39a183df1919e8276092fc419400812d40aa1376b3ba472c2c0d4782fcff430d39d6c1cc2d1a0edb4a1148e6be3dd9ff634659561b74af52f69d2fcb4d93d15f83ad54b6d354541903872ed730b6839b24d70a89c612d72d1368c00d7a705e6807afb8a38c511eab97797f8af2ffe5876a021020298baed2f0e6d53dba4f930067d98d23f6cba6792935def1b79086e903c10310cf035714105e716157d61843e4f877e054e1f0e0ec93bab2dabb7a4f5026fcf9089bf9fa5a2dbbc43f7b8f1b22ae34a217c3a189f12bf79c50b253d2727129482894ba9dabecb77bc6b08af0691bffaf720515f83dc1e5df6ee1954590cb1c6387553dc05a17fedd3c494bd04a272456aa767f634a237b10fb1da9afdce46bf3ab8ec51b0cc301eebeb519e9468578cbd5d2d3a3330eda3cee5c7151157b4f417e772a2a66d62790b9606935b19e57422e99b0e738107c8c6707616fca74c1084c5c363578f8470290332773e45eecd64f8f51fa86f36d7dddfebf812e3addae6c234e79c589a6c16081ea91682a4636229eb25016a8dc6f27cdd18c1a2de21eef5964e9aca1ea6ad262978ab1bc21f671ee53f872a4ea6f4785260849090d1397cf4374e7b044835546327793a392ecb6d2d7270af2fd75468ecfe02dfa19042422b6cbe59893e0e4a6fdf74cffb4573257a1fd0bcc32157664aa53bdcba5ab7978a71182cfae950251659a78c26665ba606019040c8e32065c53598b21e011ef788381be3a4fe05def78eb54b75e211f371dda1d5b3c6ecd45549f224458001f8f9685962e51b0dd23f858d8dbc0810889221ccc085cb8f058f222127bbdaea52da3ec72e214fbab3c969b015e53da122473a6d86539db131150781e07d5908096bb7e07ce765a7d110bf957eff6fac87b0e988b1e6054ff3a715de7b18061aad1f1a8fd36742a03092d55296ee4c56333627870cb891b21560dcc51cc35f809590b776132a264dfa5ed2db801ac9964b66adaee573b47734acdac89b3d3bc6855a5c80dd020a7c4d99f27b9ab2e1fcfda9beff1c48a4b816b9001c85010835a996bb25b7d2d89eb8eb88f5c35abfa9d7a5983a53d7289507c90b5b175cb6f01b46aca46cfc0bdbd85777607bfd3f7d590f274bda5c690a2a1c1fb5c7dff76c5d9c4b9b6c4c6f31f5835bdab11f3da152577c4577bfdc09262698923e53f47e646497c24cad589024c394c5936c258251490ee0ffe03001954ec738f7d41ff68e73f8069ea43f8903d0aa6fd86c3bb635439fe8cd1fb64b6ee722164a7216571e295657eb2af29c5687032fc4f03befb6bc929b979b2db216468f7c9fa672111a978db60b7de195e58d9e22b3e9285876b53926aceb080539f271b6885a018ccb320306485189bd96ddc25d6dfe9f65b1ab5bc60ea4f58759665a955abba0d6934b43881ec3f5cbe18e651cdea468271be91ee6735dc751f1196f198694943c9d0ef4133f9b0d7cf92f4346954527231d8eb65bd3435174c8d65957020c4081a8c5ce81d4186bb47a0a90efb10c531de77c6c085f8ea3d67c9abf37940cd7d52bc46fa840610f021f7fce25b8a5af9b8566f5d88a30cdbd55595b47e3948b1d0a8a64f285fee50ff8230312addae612686b14ceb9649113de4cc2cfb5596e33b09e9c01cde92c898af474afd253839fe93ff617dcb7baf82c78a82bea9eda8dcaf583c0bde656e17c80f7a561dd4895595404140aa82f12abed0e7fa00cf132c32e95b50e1292d916f888efb5f806883cb4bab5ec4ea17d65abbb3e7573194c84cc3a2f2d504525192eb8f084a612d40dbbd25040af760b2bbe5481df3e25fdb7d25f311199abc1afc4f4f0334f2bdfa24bbcd986f3124229d4f8de83d10cad7e790e945ddec09f0dba51f409e3093d2a66c5ebca79d0816d7b2615f0b942fdb3a3a124da372c5cc10590829254b5ae7bc3ffc28068f717cc2bdbe5816e95cae2310a62d4960ba614cdbad7442311e42c32d63e4fee08102b18d8cbf1a54643afb407811a29968696392674eff2fac18b2ce414c0a9f253af2387b302c7d1e804810143c43447debbc13e3b9710202cd7d8d683a1eee7ec2f43b8ee7981d3d608525aa3b9493233e2555ce7ecdbc32775621662d5c45e01c1380fd262cc5024b1930ba6dfdfebf70469db7f2fb162cf081668d1cb5b035b6ca9ab5897f6b82c6b9b71dece21445c98cae0076b08969bb2f0f90c1d199fe5b3207a7d4a34dbf612a651052b10b0a81fec3165dc2236bd58d9401d38526519056850abb0aaba9d896eefe3afc044b210d29705ba59e05de6d1891582a1881e76311e1617269053bd6fd73e5e8ee5f1470f71702ba992b258998cdea6260ad37c6e24bce385a5baaafbb3aa56baa2831abc0889d845c22ec01cbc660fbe0012215671ba80c6c82586fbd52476d0ac12d37e483f58b263564ef9598c7392f29d38170822d0232d2ab73bca5b8286fde00f335566c860943c421d2014074a5c107fa52512415b0f73c61264e34b024de8f635e7e125e56b3a64a8aae75d9ad71770ad94c61e0a3f2dc58cd725b7223c80dc644e0d35df8b128170af7c87fe34ef49a74981145c3a5ac947a6071faff3b6de3c10307651bc17abcd5b3e53cd8d1654db2ba7d8f56fba8a93096e6e7d787f48be59d452c27ec8585cbe309325cb6f7065537643e056983046039baf2d6338e26b2151664306339e7a495d3270d10ec53feef5423757102c672de9bc66c5188ece622ea0edc2cf2170e77e24273c10fe41d2f8431a4276d16140969e3c1bc117b2d8030e367543e985be568d6de7783eae64caaeed7c4587595b2e227f38076af2ee4d45e2075a5d8d791a498a9629f8e8fe470b0fa343f0499e3b3e9dd1f349a61914053b1c9b9faa27248d3e55fd0c7de8eaa9f7ce6fbb65eb6f1ca47992d8aee82bd63e3616069b0f78139e0e6bc39552c88f09b69464dc1468c5b9311745a68f355cd784b0bde0aa7bcb7db1b4eeed0e72fcc6756eaab6733b1d3ec4927f305b5a583bc578d0f265d4c971d9e428f416f0cb0befea63c93a8d52d7826439516cbe7fda7b09892a5320b44f1316595ce86c86413a18d9f07f746de319f1fbf6a5cb1878f5b0ea6c85663c2280cb80df7a13d85b8a4c3e1153963e68d94de295468d51237829475a77c338275a92f335c8f02a9f8932b2c0c41ce5725e2f88af1f8f7340a0d5df143701552c53b5758fafd2d2ea9cb2561138d0d4ec0eb1e60072d68dcd3d6360acb0aef93eaff349bb619adbcd60a39675cf9df43951287b54bd419c0d4d1d6914f25f010f42b2aae1d0b94e0469ee51d1f791fe117f1e9f19fb1b282345f9b284f01bb322c9b0bc6bb8d0906c4b4bc221c4f57d1966a7ead6cf34586800d917559ed0d5f456353f13f67a6498688a04a8171df605f1b64876024cd0571d705b1346c18b86c7cb0c83d2811bb93545502f3172d0a805f1526a8d5fbd4259e5e5342ed341fbf96dcc279e7ec187327f43f3dbf3e4b4a1c989d9b3ccd55723e2a9fd41e6bc0ad74ab2360c8a6da8bca86f4bf527f09b5f3dfd14872f3330d228acfb1df68db681246e76a561c6ca50cd3d0cfdf4681a44e283d8bd4fbf95babe223d8f5cf710fd0cf2b9f9b6f1cf430fc5a1424eea15ffc6a522be70d15010492854cb5c0bdcb28fd7df1e6b2f1952d576c54314df3a16aca4992f169b565ec77ccaeb401c953b77079d60072bcc67354350bf2fb984151357d57fbd0cad07ebf5ea465134d2167224d3c1782b26d8bb3f03c4bb754f872fe3283ecdb89baf6f2614202bbc0571b54b9b3f915587ec814d6f7c0b7bbc9d0d719cb82f59a069f226fbaafdef815df4de61dc8a2533b1039c58704c12068e789d2881f7ba86000371a9c7a465bd99cabda0ca7ed8c54287ace48a94be3e6e119c1ff58b65e9b145d2c26caa7704b2b99ae6810d706d48ab182b708bd9a6a77c1a1441bddabb7a3a3ac2733a16e8e6c5c1feec96aa49e2f9d076d3cdc5d15ddfa139464bda69f98b693d647b7545a7f3fc6e12e90f5a82c30aec70b1ce6a0b3a3ff66e91acd0ef32e9adc7984133ef8c3b546b02003809b4d8b59abf2d2b4722787a74edd4692fc7e1f3ffb96d68775fceb8705a8b6c509d60c5873a8b85fb92c6e1145e85794442d03162c5cab7013111b4e28dd1228a00401da61f3c3b2310ce47b767b59a819e063e8a2f2d446d5978296d499ba4eb2c14eaf02816552847cbad9535f2260dc8583b294641683bce8b94a2e68f231104ac89c6beaa5774e141c0ec9bd6f5369d9bf2a5161a85097b946ea011459a2f027404353c537df5052427453e50c9532de047ffb187d21474a3b89203450d3bbe2e15b657eeb8b16f9e74cbc2eece2c8bf6125c90d79d1b0f16adc4b4f4961269d75f645516d582a508839d4619e1832ebe27e3fe67508e7ab1e458355cfd9d2c3fe7a12fb386157365f9a32b97bbf72bf1671292cf2a3739db723065bd1878f5682441e9cf6d2f1c828d2841aa9bb679f22c2193173e14d271e44d4477d84eba07134642ffe164a6ca40ca7de430e906cb2b5ec3b578b22bae2f4fe2331ccfc4efc56d44b44357c52ff8e779f6a38fe1165a3c25fb2dc84c1b8d25c05ccbe24ccb1df69e95c8981ff7ca625b813e923819ccb482c31c0cc07d80514122c277830c17fe21d2b8937b174d9df9b2ae8d55fd1f0224bdb071d36600b16a7101cdef86509311b8164ab29c25af4c8a4511ac67f6b91b1587826f0f69f3a3873056d86f80a61bce46aeb72e0c38299da5dbe52c430adb59c88e1c8b89900db4618c9b5a2fb3bca40f"})
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r14, 0x40049409, 0x13)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000000)=ANY=[])
r15 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x1d)
r16 = ioctl$KVM_CREATE_GUEST_MEMFD(r10, 0xc040aed4, &(0x7f0000000240)={0xfffffffffffff15a, 0x9})
ioctl$KVM_SET_USER_MEMORY_REGION2(r15, 0x40a0ae49, &(0x7f0000000280)={0x1fd, 0x0, 0x100000, 0x1000, &(0x7f0000f60000/0x1000)=nil, 0xffffffff, r16})

31m21.787673706s ago: executing program 34 (id=30):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x108040, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, 0xffffffffffffffff)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000040)={0x10200, 0x0, &(0x7f0000ffa000/0x4000)=nil})
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x31)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r13 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f0000000340)={0x1000, "6b02485d5fdbcb6ea8ccf0abbcf0959cf6906edfc198e7bc0d49dc89b5aa48896d47009aaca3c5569ae13e9376850e275f5ea7b17dcef8d80e7e4366a268bef43e4ea9fc249c57c2318edf56652ae7eb19c5ce42cc81aefc9ca4cadee8162ece9eda308317278eab40b98ff2436245cb61ef490dbf46068aa8895d76eacfdcfebec135809e74bf1b44af0cac2a8b65a53eb5e8c3aa2e03dd331e1652f760db2d75168de82783ab7bfb38f77b5573135f568b74227331be304bbccbd9bf108b5b9c494ea9600b103787a5c9bfc246e261b735a4fa74e92c82d98938bd56cd5031c0330f2781da5fb2fba8dcb3626ea4a8820210e0c475cdc21c9c76d42a3114f528811c93845fb28a089da5ed608abf419acac344d26ee173f647daedf9f021cd7b52d6d63ac69c996b6b1af7db23e6a1ff2e41bfaf50ff4e394bd320376b5af255d3bc5b7dc30b87e47ac8b3f1c743ff7ef56f6ae8aca4daaba6fcc75bb32e5626ef27d1109682934ceb85f1f295c16d2dcf56b5f821e1831688fa25a002b9b9c1647d2a23b5bc22b00e8d88e4c37d519ef6c9bc9cd8e7af113b38578e1e15ff4bfe3b90260e0593a15cbc5c93f1359dff4bdd0844f22b6332de5c8a6fd5b29f22d51e59efaabd0c04416026526a143b7f599fa1381f909c61881bb52a9333388a48be0baf6f3d8a850f3611f50916e949bede63d5feff514049bb76a617406d3b0d8a26b770d54536befbdda3b2d0098cfb9825f545102c76adf721af32a6ba767f948564b937a8d432dfa3f0d426e20556e0a9de9d8cd6289bbca06920b9a91dcbf22e283f533319b5956e91adb33b2664339200a0daad7b8ed98de0d124af02c753cf45b31b4da79c52b9b8f04f24e695cee869f7538fdd29753b9c3b1f2eb52e690359be777b65541c71aaae2a19176816faf91b8dcba1f4752ff0a2b8bba047f2ed58f39a183df1919e8276092fc419400812d40aa1376b3ba472c2c0d4782fcff430d39d6c1cc2d1a0edb4a1148e6be3dd9ff634659561b74af52f69d2fcb4d93d15f83ad54b6d354541903872ed730b6839b24d70a89c612d72d1368c00d7a705e6807afb8a38c511eab97797f8af2ffe5876a021020298baed2f0e6d53dba4f930067d98d23f6cba6792935def1b79086e903c10310cf035714105e716157d61843e4f877e054e1f0e0ec93bab2dabb7a4f5026fcf9089bf9fa5a2dbbc43f7b8f1b22ae34a217c3a189f12bf79c50b253d2727129482894ba9dabecb77bc6b08af0691bffaf720515f83dc1e5df6ee1954590cb1c6387553dc05a17fedd3c494bd04a272456aa767f634a237b10fb1da9afdce46bf3ab8ec51b0cc301eebeb519e9468578cbd5d2d3a3330eda3cee5c7151157b4f417e772a2a66d62790b9606935b19e57422e99b0e738107c8c6707616fca74c1084c5c363578f8470290332773e45eecd64f8f51fa86f36d7dddfebf812e3addae6c234e79c589a6c16081ea91682a4636229eb25016a8dc6f27cdd18c1a2de21eef5964e9aca1ea6ad262978ab1bc21f671ee53f872a4ea6f4785260849090d1397cf4374e7b044835546327793a392ecb6d2d7270af2fd75468ecfe02dfa19042422b6cbe59893e0e4a6fdf74cffb4573257a1fd0bcc32157664aa53bdcba5ab7978a71182cfae950251659a78c26665ba606019040c8e32065c53598b21e011ef788381be3a4fe05def78eb54b75e211f371dda1d5b3c6ecd45549f224458001f8f9685962e51b0dd23f858d8dbc0810889221ccc085cb8f058f222127bbdaea52da3ec72e214fbab3c969b015e53da122473a6d86539db131150781e07d5908096bb7e07ce765a7d110bf957eff6fac87b0e988b1e6054ff3a715de7b18061aad1f1a8fd36742a03092d55296ee4c56333627870cb891b21560dcc51cc35f809590b776132a264dfa5ed2db801ac9964b66adaee573b47734acdac89b3d3bc6855a5c80dd020a7c4d99f27b9ab2e1fcfda9beff1c48a4b816b9001c85010835a996bb25b7d2d89eb8eb88f5c35abfa9d7a5983a53d7289507c90b5b175cb6f01b46aca46cfc0bdbd85777607bfd3f7d590f274bda5c690a2a1c1fb5c7dff76c5d9c4b9b6c4c6f31f5835bdab11f3da152577c4577bfdc09262698923e53f47e646497c24cad589024c394c5936c258251490ee0ffe03001954ec738f7d41ff68e73f8069ea43f8903d0aa6fd86c3bb635439fe8cd1fb64b6ee722164a7216571e295657eb2af29c5687032fc4f03befb6bc929b979b2db216468f7c9fa672111a978db60b7de195e58d9e22b3e9285876b53926aceb080539f271b6885a018ccb320306485189bd96ddc25d6dfe9f65b1ab5bc60ea4f58759665a955abba0d6934b43881ec3f5cbe18e651cdea468271be91ee6735dc751f1196f198694943c9d0ef4133f9b0d7cf92f4346954527231d8eb65bd3435174c8d65957020c4081a8c5ce81d4186bb47a0a90efb10c531de77c6c085f8ea3d67c9abf37940cd7d52bc46fa840610f021f7fce25b8a5af9b8566f5d88a30cdbd55595b47e3948b1d0a8a64f285fee50ff8230312addae612686b14ceb9649113de4cc2cfb5596e33b09e9c01cde92c898af474afd253839fe93ff617dcb7baf82c78a82bea9eda8dcaf583c0bde656e17c80f7a561dd4895595404140aa82f12abed0e7fa00cf132c32e95b50e1292d916f888efb5f806883cb4bab5ec4ea17d65abbb3e7573194c84cc3a2f2d504525192eb8f084a612d40dbbd25040af760b2bbe5481df3e25fdb7d25f311199abc1afc4f4f0334f2bdfa24bbcd986f3124229d4f8de83d10cad7e790e945ddec09f0dba51f409e3093d2a66c5ebca79d0816d7b2615f0b942fdb3a3a124da372c5cc10590829254b5ae7bc3ffc28068f717cc2bdbe5816e95cae2310a62d4960ba614cdbad7442311e42c32d63e4fee08102b18d8cbf1a54643afb407811a29968696392674eff2fac18b2ce414c0a9f253af2387b302c7d1e804810143c43447debbc13e3b9710202cd7d8d683a1eee7ec2f43b8ee7981d3d608525aa3b9493233e2555ce7ecdbc32775621662d5c45e01c1380fd262cc5024b1930ba6dfdfebf70469db7f2fb162cf081668d1cb5b035b6ca9ab5897f6b82c6b9b71dece21445c98cae0076b08969bb2f0f90c1d199fe5b3207a7d4a34dbf612a651052b10b0a81fec3165dc2236bd58d9401d38526519056850abb0aaba9d896eefe3afc044b210d29705ba59e05de6d1891582a1881e76311e1617269053bd6fd73e5e8ee5f1470f71702ba992b258998cdea6260ad37c6e24bce385a5baaafbb3aa56baa2831abc0889d845c22ec01cbc660fbe0012215671ba80c6c82586fbd52476d0ac12d37e483f58b263564ef9598c7392f29d38170822d0232d2ab73bca5b8286fde00f335566c860943c421d2014074a5c107fa52512415b0f73c61264e34b024de8f635e7e125e56b3a64a8aae75d9ad71770ad94c61e0a3f2dc58cd725b7223c80dc644e0d35df8b128170af7c87fe34ef49a74981145c3a5ac947a6071faff3b6de3c10307651bc17abcd5b3e53cd8d1654db2ba7d8f56fba8a93096e6e7d787f48be59d452c27ec8585cbe309325cb6f7065537643e056983046039baf2d6338e26b2151664306339e7a495d3270d10ec53feef5423757102c672de9bc66c5188ece622ea0edc2cf2170e77e24273c10fe41d2f8431a4276d16140969e3c1bc117b2d8030e367543e985be568d6de7783eae64caaeed7c4587595b2e227f38076af2ee4d45e2075a5d8d791a498a9629f8e8fe470b0fa343f0499e3b3e9dd1f349a61914053b1c9b9faa27248d3e55fd0c7de8eaa9f7ce6fbb65eb6f1ca47992d8aee82bd63e3616069b0f78139e0e6bc39552c88f09b69464dc1468c5b9311745a68f355cd784b0bde0aa7bcb7db1b4eeed0e72fcc6756eaab6733b1d3ec4927f305b5a583bc578d0f265d4c971d9e428f416f0cb0befea63c93a8d52d7826439516cbe7fda7b09892a5320b44f1316595ce86c86413a18d9f07f746de319f1fbf6a5cb1878f5b0ea6c85663c2280cb80df7a13d85b8a4c3e1153963e68d94de295468d51237829475a77c338275a92f335c8f02a9f8932b2c0c41ce5725e2f88af1f8f7340a0d5df143701552c53b5758fafd2d2ea9cb2561138d0d4ec0eb1e60072d68dcd3d6360acb0aef93eaff349bb619adbcd60a39675cf9df43951287b54bd419c0d4d1d6914f25f010f42b2aae1d0b94e0469ee51d1f791fe117f1e9f19fb1b282345f9b284f01bb322c9b0bc6bb8d0906c4b4bc221c4f57d1966a7ead6cf34586800d917559ed0d5f456353f13f67a6498688a04a8171df605f1b64876024cd0571d705b1346c18b86c7cb0c83d2811bb93545502f3172d0a805f1526a8d5fbd4259e5e5342ed341fbf96dcc279e7ec187327f43f3dbf3e4b4a1c989d9b3ccd55723e2a9fd41e6bc0ad74ab2360c8a6da8bca86f4bf527f09b5f3dfd14872f3330d228acfb1df68db681246e76a561c6ca50cd3d0cfdf4681a44e283d8bd4fbf95babe223d8f5cf710fd0cf2b9f9b6f1cf430fc5a1424eea15ffc6a522be70d15010492854cb5c0bdcb28fd7df1e6b2f1952d576c54314df3a16aca4992f169b565ec77ccaeb401c953b77079d60072bcc67354350bf2fb984151357d57fbd0cad07ebf5ea465134d2167224d3c1782b26d8bb3f03c4bb754f872fe3283ecdb89baf6f2614202bbc0571b54b9b3f915587ec814d6f7c0b7bbc9d0d719cb82f59a069f226fbaafdef815df4de61dc8a2533b1039c58704c12068e789d2881f7ba86000371a9c7a465bd99cabda0ca7ed8c54287ace48a94be3e6e119c1ff58b65e9b145d2c26caa7704b2b99ae6810d706d48ab182b708bd9a6a77c1a1441bddabb7a3a3ac2733a16e8e6c5c1feec96aa49e2f9d076d3cdc5d15ddfa139464bda69f98b693d647b7545a7f3fc6e12e90f5a82c30aec70b1ce6a0b3a3ff66e91acd0ef32e9adc7984133ef8c3b546b02003809b4d8b59abf2d2b4722787a74edd4692fc7e1f3ffb96d68775fceb8705a8b6c509d60c5873a8b85fb92c6e1145e85794442d03162c5cab7013111b4e28dd1228a00401da61f3c3b2310ce47b767b59a819e063e8a2f2d446d5978296d499ba4eb2c14eaf02816552847cbad9535f2260dc8583b294641683bce8b94a2e68f231104ac89c6beaa5774e141c0ec9bd6f5369d9bf2a5161a85097b946ea011459a2f027404353c537df5052427453e50c9532de047ffb187d21474a3b89203450d3bbe2e15b657eeb8b16f9e74cbc2eece2c8bf6125c90d79d1b0f16adc4b4f4961269d75f645516d582a508839d4619e1832ebe27e3fe67508e7ab1e458355cfd9d2c3fe7a12fb386157365f9a32b97bbf72bf1671292cf2a3739db723065bd1878f5682441e9cf6d2f1c828d2841aa9bb679f22c2193173e14d271e44d4477d84eba07134642ffe164a6ca40ca7de430e906cb2b5ec3b578b22bae2f4fe2331ccfc4efc56d44b44357c52ff8e779f6a38fe1165a3c25fb2dc84c1b8d25c05ccbe24ccb1df69e95c8981ff7ca625b813e923819ccb482c31c0cc07d80514122c277830c17fe21d2b8937b174d9df9b2ae8d55fd1f0224bdb071d36600b16a7101cdef86509311b8164ab29c25af4c8a4511ac67f6b91b1587826f0f69f3a3873056d86f80a61bce46aeb72e0c38299da5dbe52c430adb59c88e1c8b89900db4618c9b5a2fb3bca40f"})
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r14, 0x40049409, 0x13)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000000)=ANY=[])
r15 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x1d)
r16 = ioctl$KVM_CREATE_GUEST_MEMFD(r10, 0xc040aed4, &(0x7f0000000240)={0xfffffffffffff15a, 0x9})
ioctl$KVM_SET_USER_MEMORY_REGION2(r15, 0x40a0ae49, &(0x7f0000000280)={0x1fd, 0x0, 0x100000, 0x1000, &(0x7f0000f60000/0x1000)=nil, 0xffffffff, r16})

24m55.422947911s ago: executing program 2 (id=59):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff8000/0x4000)=nil, 0x0, 0x3000005, 0x41812, r0, 0x0)

24m41.500618558s ago: executing program 2 (id=60):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x40086602, 0x110e22ffff)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
r3 = eventfd2(0xfffffffa, 0x80001)
write$eventfd(r3, &(0x7f0000000200)=0x8, 0x8)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)
ioctl$KVM_CHECK_EXTENSION(r2, 0x40086602, 0x110e227ffe) (async)
ioctl$KVM_CHECK_EXTENSION(r2, 0x40086602, 0x110e227ffe)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r5, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0a00000000000000cc00000000000000e0ef9ad200c0b8f2410080d2e20080d2430080d2e40180d2020000d4e0be9cd20040b0f2210080d2620080d2630180d2840180d2020000d40000681e0000000b0000399e003c202ea04c8ad200e0b0f2610180d2c20180d2a30080d2640180d2020000d4c0ed81d20000b8f2810180d2820180d2a30180d2640080d2020000d4a0a189d20060b0f2410180d2820180d2230080d2240180d2020000d4804e82d20020b0f2810180d2020180d2830180d2a40080d2020000d4c0035fd6aa00000000000000280000000000000003010400000000000000090000000e0000000000000000003200000000000000400000000000000000000006000000000000000000000000f7780000000000000800000000000000030000000000000009fdffffff0000001e0000000000000040000000000000000900008400000000050000000000000010000000000000007f0d0000000000000010000000000000050000000000000046000000000000001800000000000000000000005a000000be00000000000000180000000000000028981300000030601400000000000000200000000000000085c01300000030600100000001000000320000000000000040000000000000000b000084000000000400000000000000080000000000000006000000000000000600000000000000dd00000000000000be000000000000001800000000000000fe77000000000000"], 0x21c}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xe5)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)

24m28.465386712s ago: executing program 2 (id=61):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@msr={0x14, 0x20, {0x603000000013c521, 0x9}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x27)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8001})
ioctl$KVM_CREATE_VM(r7, 0x401c5820, 0x20000000)
r8 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x86000001, [0x1, 0x401, 0x5, 0x1, 0x2]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)

24m9.649200106s ago: executing program 2 (id=62):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)
ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000000340)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000002c0)={0x6, 0x0, 0x1}})
r6 = ioctl$KVM_CREATE_VM(r5, 0x40086602, 0x20000000)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0x8, 0x0, &(0x7f0000000300)=0x137})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_DIRTY_TLB(r8, 0x4010aeaa, &(0x7f0000000140)={0x2, 0x4})
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r10, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0xc400000d, [0x99b, 0x100000003, 0x5, 0x101]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r10, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x7, 0x88000002}})
ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, &(0x7f00000003c0)={0x1000020, 0x5})

24m8.692475605s ago: executing program 4 (id=32):
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x8, 0x1}) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2c)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
mmap$KVM_VCPU(&(0x7f0000dac000/0x3000)=nil, 0x0, 0xf, 0x80010, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (rerun: 32)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000100)={0x0, &(0x7f0000000340)=[@code={0xa, 0xb4, {"e00300fa007008d5000028d5007008d5008c9bd20040b0f2410180d2c20180d2630080d2c40180d2020000d400000088203593d20060b8f2210180d2a20080d2030080d2440180d2020000d480b08bd20080b8f2610080d2e20080d2630180d2440180d2020000d4605395d200a0b8f2e10180d2220080d2e30180d2040080d2020000d460cd91d20000b8f2010080d2020080d2630080d2e40180d2020000d4"}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x34b}}, @hvc={0x32, 0x40, {0xc4000001, [0xea70, 0x7, 0x1, 0x8, 0x7fffffffffffffff]}}, @irq_setup={0x46, 0x18, {0x0, 0x38a}}, @code={0xa, 0x9c, {"000008d5e0f785d20020b8f2610080d2e20180d2030080d2a40080d2020000d4406792d20000b8f2c10180d2620180d2430180d2e40180d2020000d40010202e0040df0c007008d560d79cd20080b0f2e10180d2e20080d2630080d2c40180d2020000d4000008d540d496d20000b0f2e10180d2420080d2e30180d2c40180d2020000d40090805f"}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x0, 0x6, 0x8001, 0xff, 0x1}}, @uexit={0x0, 0x18, 0x16}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x4, 0x7, 0x7fffffff, 0x4, 0x3}}, @svc={0x122, 0x40, {0x8000, [0x4, 0x1c00000, 0x1, 0x6, 0x2]}}, @svc={0x122, 0x40, {0x80000001, [0x16a, 0x8, 0xfffffffffffffffd, 0x60000000000, 0x3]}}, @irq_setup={0x46, 0x18, {0x2, 0x35}}, @uexit={0x0, 0x18, 0xb}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1600, 0x1, 0x4}}, @msr={0x14, 0x20, {0x603000000013de87}}, @msr={0x14, 0x20, {0x603000000013df06}}, @mrs={0xbe, 0x18, {0x603000000013dcf3}}, @mrs={0xbe, 0x18, {0x603000000013f518}}, @mrs={0xbe, 0x18, {0x603000000013c212}}, @mrs={0xbe, 0x18, {0x603000000013deff}}, @mrs={0xbe, 0x18, {0x603000000013e6d3}}, @hvc={0x32, 0x40, {0x80000000, [0x9, 0x400, 0x5, 0x3, 0x4]}}, @msr={0x14, 0x20, {0x603000000013e711, 0x4}}, @msr={0x14, 0x20, {0x603000000013c213, 0x10001}}, @mrs={0xbe, 0x18, {0x603000000013c110}}, @hvc={0x32, 0x40, {0xc4000007, [0x48b8, 0x40, 0x3, 0x8, 0x5]}}], 0x4a8}, &(0x7f0000000180)=[@featur2={0x1, 0x9}], 0x1) (async)
r8 = openat$kvm(0x0, &(0x7f0000000200), 0x200, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x3e)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1000002)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@other={0x8, &(0x7f00000001c0)}) (async)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000040)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000000)=0xe}) (async)
r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x29)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r13, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
mmap$KVM_VCPU(&(0x7f0000d7a000/0x1000)=nil, r15, 0x3000007, 0x810, r13, 0x0) (async)
openat$kvm(0x3f, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x141000, 0x0) (async)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, r16, 0x2000009, 0x10, 0xffffffffffffffff, 0x0)

23m51.959612182s ago: executing program 2 (id=63):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000000000000000000002"]) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000400), &(0x7f0000000440)=[@featur2={0x1, 0x24}], 0x1)
ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000000)=0x3ff)
ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000480)) (async)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000626000/0x1000)=nil})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

23m51.520468788s ago: executing program 4 (id=64):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c021}}], 0x18}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r8, 0x4208ae9b, &(0x7f0000000240)={0x20003, 0x0, {[0x97ab, 0x10001, 0x3, 0xc08d, 0x8, 0xffffffff00400001, 0x3b880, 0x3ff, 0x5, 0x2, 0x6, 0x5, 0x2, 0x7f, 0x6, 0x7ffc], [0x45e1, 0x7ffd, 0x5d2, 0xfff, 0xbb9, 0x0, 0x5, 0xe, 0x100000001, 0x8, 0x4d681830, 0x9, 0x3, 0x10000, 0x7, 0xfffffffffffffff6], [0x80000002, 0xfffffffffffffffe, 0xa3, 0x0, 0x8, 0x81, 0x6, 0xfda8, 0x401, 0x5fd6, 0x101, 0x0, 0x40, 0x4, 0x0, 0x9], [0x3, 0x6, 0xe99, 0xe, 0xc, 0x7, 0x8, 0x0, 0xb, 0x2, 0xf, 0x4, 0x9, 0x9, 0xc, 0x6]}})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000480)=@attr_other={0x0, 0x80000000, 0x6, &(0x7f0000000100)})
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x40086602, 0x110e22ffff)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
r9 = eventfd2(0xfffffffa, 0x80001)
write$eventfd(r9, &(0x7f0000000200)=0x8, 0x8)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)

23m36.712447204s ago: executing program 2 (id=65):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454d0, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454d0, 0x1)

23m4.25104281s ago: executing program 35 (id=64):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c021}}], 0x18}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r8, 0x4208ae9b, &(0x7f0000000240)={0x20003, 0x0, {[0x97ab, 0x10001, 0x3, 0xc08d, 0x8, 0xffffffff00400001, 0x3b880, 0x3ff, 0x5, 0x2, 0x6, 0x5, 0x2, 0x7f, 0x6, 0x7ffc], [0x45e1, 0x7ffd, 0x5d2, 0xfff, 0xbb9, 0x0, 0x5, 0xe, 0x100000001, 0x8, 0x4d681830, 0x9, 0x3, 0x10000, 0x7, 0xfffffffffffffff6], [0x80000002, 0xfffffffffffffffe, 0xa3, 0x0, 0x8, 0x81, 0x6, 0xfda8, 0x401, 0x5fd6, 0x101, 0x0, 0x40, 0x4, 0x0, 0x9], [0x3, 0x6, 0xe99, 0xe, 0xc, 0x7, 0x8, 0x0, 0xb, 0x2, 0xf, 0x4, 0x9, 0x9, 0xc, 0x6]}})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000480)=@attr_other={0x0, 0x80000000, 0x6, &(0x7f0000000100)})
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x40086602, 0x110e22ffff)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
r9 = eventfd2(0xfffffffa, 0x80001)
write$eventfd(r9, &(0x7f0000000200)=0x8, 0x8)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)

22m47.580101058s ago: executing program 36 (id=65):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454d0, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454d0, 0x1)

14m21.673694221s ago: executing program 6 (id=75):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@msr={0x14, 0x20, {0x139f, 0x10007}}, @svc={0x122, 0x40, {0x40, [0x5, 0x8, 0x1, 0x8c, 0x100]}}, @eret={0xe6, 0x18, 0x80000000}, @hvc={0x32, 0x40, {0x84000001, [0x3, 0x1, 0x0, 0x4, 0x7]}}, @eret={0xe6, 0x18, 0x6}], 0xd0}, &(0x7f0000000100)=[@featur1={0x1, 0xa1}], 0x1)
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000003c0)={0x4, 0x0, [{0x5, 0x4, 0x1, 0x0, @sint={0x4, 0x41}}, {0xe0d5, 0x2, 0x1, 0x0, @adapter={0x200, 0xb, 0xb88, 0x2}}, {0x10001, 0x5, 0x1, 0x0, @irqchip={0xc0000000, 0x6}}, {0x5, 0x2, 0x1, 0x0, @adapter={0x7f, 0x9000000000, 0x1, 0x9, 0x7}}]})
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000008, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0)
r7 = ioctl$KVM_GET_STATS_FD_cpu(r6, 0xaece)
ioctl$KVM_RESET_DIRTY_RINGS(r7, 0xaec7)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r12, 0xaec7)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x21)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)
r16 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r15, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r16, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r15, 0x0)
r17 = openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0)
ioctl$KVM_CHECK_EXTENSION(r17, 0x40086602, 0x110c230000)

14m20.860145145s ago: executing program 5 (id=76):
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async, rerun: 32)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_RUN(r0, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x600000f, 0x80031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000080)=@arm64_sys={0x603000000013c03a, &(0x7f00000000c0)=0x6}) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

14m8.718283434s ago: executing program 5 (id=77):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x1, 0x100010, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r5 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r4, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x49c802, 0x0)

13m51.023167254s ago: executing program 6 (id=78):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140001, &(0x7f0000000000)=0x7})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x4f)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x7, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000240)=0xfffffffffffffffe})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x1, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000080)=[@featur1={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r13, 0xae03, 0xd8)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x2000006, 0x13, r4, 0x0)

13m47.188564609s ago: executing program 5 (id=79):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, 0x0)
ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, 0xffffffffffffffff)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x20000000002c)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000000)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000100)=0xfffffffffffffffe})
r11 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

13m24.398152073s ago: executing program 6 (id=80):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x7})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x102000000000000f)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0x400009, 0x0, 0x80, 0xfffffffd}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x4, 0x1, 0xffff1000, 0x2000, &(0x7f0000cb2000/0x2000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xfff)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000340)={0x1, <r10=>0xffffffffffffffff})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000380))
ioctl$KVM_CREATE_VM(r10, 0x400454cc, 0xffffffffffffffff)
write$eventfd(0xffffffffffffffff, &(0x7f0000000200)=0x8, 0x8)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000300)={0xffffffffffffffff, 0x4, 0x3})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(0x0, 0x8660)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0)

13m24.147934499s ago: executing program 5 (id=81):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x90)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3a)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000000000000ffff00000100000000000000000000007028000009000000000000000000000000000000000000000000000000000000090000000308d3c9a600000000000000ffffffff0300"/104])
r2 = openat$kvm(0x0, &(0x7f00000001c0), 0x80, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=ANY=[@ANYRESDEC=r1], 0x30}], 0x1, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f00000011c0)=@arm64={0x5, 0xff, 0xc, '\x00', 0x1e00000000000})
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80000001, [0xfffffffffffffde5, 0x3ff, 0x1, 0x4, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
close(r3)
close(r4)
r13 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000d4b000/0x4000)=nil, 0x0, 0x2000009, 0x1010, r13, 0x0)

13m3.821543149s ago: executing program 6 (id=82):
openat$kvm(0x0, &(0x7f0000000000), 0x68081, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x68081, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0x40086602, 0x110e22ffff)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000600)={0x0, &(0x7f0000000040)}, &(0x7f0000000640)=[@featur1={0x1, 0x30}], 0x1)

12m58.343543432s ago: executing program 5 (id=83):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xf)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x717a00, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000bc0)=[@memwrite={0x6e, 0x30, @generic={0xd000, 0x859, 0x5, 0x8}}, @memwrite={0x6e, 0x30, @generic={0xeeee0000, 0x910, 0x4, 0x6}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x74}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x2, 0x3, 0x4, 0x8, 0x1}}, @svc={0x122, 0x40, {0x80000000, [0x100, 0x0, 0x8000, 0x7fffffffffffffff, 0x4]}}, @hvc={0x32, 0x40, {0x80000002, [0x1ff, 0x6, 0x7f, 0x7, 0x7fffffffffffffff]}}, @uexit={0x0, 0x18, 0x2}, @uexit={0x0, 0x18, 0x80}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x4, 0x2, 0x37fe7736, 0xfffffff6}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1a00, 0x9, 0x8}}, @code={0xa, 0x6c, {"007008d5005499d200e0b8f2210080d2420080d2030080d2a40080d2020000d4df3003d5008c202e000028d5005c205e00a0004f40fb99d20060b0f2a10080d2a20180d2230080d2c40180d2020000d41f00202b007008d5"}}, @smc={0x1e, 0x40, {0x4000, [0x9, 0x100, 0xffff, 0x7, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0xc, 0x40, 0x4, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013df00}}, @mrs={0xbe, 0x18, {0x603000000013df63}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x0, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x4, 0x1, 0xa0, 0xffff, 0x4}}, @irq_setup={0x46, 0x18, {0x2, 0x1bf}}, @smc={0x1e, 0x40, {0x8000, [0x8, 0x8000000000000001, 0x3, 0x7f, 0x7]}}, @hvc={0x32, 0x40, {0x8400000a, [0xf73, 0x1ff, 0x0, 0x1ff, 0x8ec6]}}, @svc={0x122, 0x40, {0x0, [0xfd0a, 0x3, 0x28, 0x1, 0x2]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x2b4}}, @mrs={0xbe, 0x18, {0x603000000013e4c8}}, @mrs={0xbe, 0x18, {0x603000000013c017}}, @irq_setup={0x46, 0x18, {0x0, 0x277}}], 0x45c}, &(0x7f0000000240)=[@featur1={0x1, 0x84}], 0x1)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xb8000, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x2f)
r4 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0)
r9 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
ioctl$KVM_CHECK_EXTENSION(r9, 0x541b, 0xac)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x2, 0x100)

12m52.130248871s ago: executing program 6 (id=84):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@msr={0x14, 0x20, {0x603000000013c65d, 0xf}}], 0x20}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0xa8)
r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x2, 0x7c}}], 0x28}, 0x0, 0x0)
r10 = syz_kvm_vgic_v3_setup(r5, 0xffffffffffbffffc, 0x120)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000000)=0x6})

12m30.584097846s ago: executing program 5 (id=85):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0xfffffffffffffffe, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x2, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r8 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
r11 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_REG_LIST(r12, 0xc008aeb0, &(0x7f0000000000)={0x1, [0xa19]})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
ioctl$KVM_RUN(r15, 0x8000ae8c, 0x0)

12m22.301990497s ago: executing program 6 (id=86):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000ba7000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f0000000180))
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000139828, 0x7fff}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

11m45.662180423s ago: executing program 37 (id=85):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0xfffffffffffffffe, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x2, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r8 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
r11 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_REG_LIST(r12, 0xc008aeb0, &(0x7f0000000000)={0x1, [0xa19]})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
ioctl$KVM_RUN(r15, 0x8000ae8c, 0x0)

11m35.530847144s ago: executing program 38 (id=86):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000ba7000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f0000000180))
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000139828, 0x7fff}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

2m31.998404373s ago: executing program 7 (id=91):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f00000003c0)=[@smc={0x1e, 0x40, {0xc5000021, [0x1, 0x4c3, 0xd16, 0x0, 0x80000001]}}, @irq_setup={0x46, 0x18, {0x1, 0x84}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xc00, 0x987, 0x2}}, @code={0xa, 0x6c, {"008008d50020202e0000001b007008d5007008d5c00b88d200a0b0f2a10180d2620180d2230080d2e40080d2020000d420c09ad20060b8f2a10080d2620080d2630180d2040180d2020000d4008008d5000000f1008008d5"}}, @msr={0x14, 0x20, {0x603000000013e602, 0xe}}, @svc={0x122, 0x40, {0x84000003, [0x8, 0x2, 0x5, 0x0, 0xe000000000000000]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x100, 0xfffffffffffffffc, 0x8}}, @hvc={0x32, 0x40, {0x86000000, [0x8, 0x4, 0xa45, 0x401, 0x1]}}], 0x1c4}, &(0x7f0000000100)=[@featur2={0x1, 0x4}], 0x1)
mmap$KVM_VCPU(&(0x7f0000eee000/0x3000)=nil, 0x0, 0x3, 0x10010, r3, 0x0)
r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x39d}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0xffffffffffbffffc, 0x120)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0})

2m31.293861526s ago: executing program 8 (id=92):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x17) (async)
r4 = syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x401, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x9, 0x9, 0x80, 0x1}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async)
r10 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0x84000014, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @hvc={0x32, 0x40, {0x84000051, [0x0, 0x1, 0x2, 0x3, 0x6]}}], 0x80}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

2m12.411196102s ago: executing program 7 (id=93):
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xc0045878, 0x20000000)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)

2m10.820072625s ago: executing program 8 (id=94):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x7f) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x8040aeb6, 0x0)

1m57.721379969s ago: executing program 7 (id=95):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x29)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r4, 0x2, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = syz_kvm_vgic_v3_setup(r6, 0x4, 0xa0)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x3, 0x5})
r8 = eventfd2(0x0, 0x801)
close(r8)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000040)={0xdddd0000, 0x8080000, 0x7, 0x0, 0x8})
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000540)=[{0x0, 0x0, 0x51c}], 0x1, 0x0, 0x0, 0x0)

1m51.66240951s ago: executing program 8 (id=96):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x228140, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 32)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) (async, rerun: 32)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m34.40484908s ago: executing program 8 (id=97):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r4, 0x2000003, 0x11, r2, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r4, 0x2000009, 0x11, r2, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@arm64={0x7f, 0x3, 0xfb, '\x00', 0x5})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x8000000, 0x1e000})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

1m29.794062953s ago: executing program 7 (id=98):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x8030aeb4, 0xffffffffffffffff) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f0000000740)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xb0, 0x14, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0xdf}}], 0x48}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m12.144320002s ago: executing program 8 (id=99):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000000)={0x2, [0x6, 0x7]})
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000480)={0x0, &(0x7f0000000040)=[@svc={0x122, 0x40, {0x84000007, [0x7, 0x8, 0xffff, 0x2, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xa, 0x3, 0x9, 0x2}}, @smc={0x1e, 0x40, {0xc4000053, [0x4, 0x0, 0xffff, 0x5, 0x1]}}, @eret={0xe6, 0x18, 0x1}, @svc={0x122, 0x40, {0x4000, [0xb762, 0xa, 0x0, 0x9, 0x8000000000000001]}}, @hvc={0x32, 0x40, {0x2000000, [0x2, 0x7, 0x3, 0x9, 0x9]}}, @svc={0x122, 0x40, {0x84000050, [0x8, 0xfffffffffffffff7, 0x6, 0x7, 0x872]}}, @hvc={0x32, 0x40, {0x84000011, [0x3, 0x7fffffffffffffff, 0x11, 0xfffffffffffffff7, 0x1000]}}, @uexit={0x0, 0x18, 0x1}, @svc={0x122, 0x40, {0xc4000005, [0xfffffffffffffffa, 0x7, 0x8, 0x20080000000000, 0xfff]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x10, 0x7, 0x200, 0x4}}, @mrs={0xbe, 0x18, {0x4174}}, @hvc={0x32, 0x40, {0xc5000021, [0x5, 0x8, 0x2f2, 0x2, 0x2]}}, @eret={0xe6, 0x18, 0x9}, @hvc={0x32, 0x40, {0xc4000011, [0x1, 0x1, 0x7, 0x7, 0x7fff]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0x7, 0x3, 0x8, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x182}}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013df61}}, @msr={0x14, 0x20, {0x603000000013dee5, 0x4}}, @code={0xa, 0x6c, {"007008d50000289e007008d5007008d5c05b9dd20080b0f2c10180d2a20180d2430180d2040080d2020000d4a0e994d20040b8f2a10180d2020080d2430080d2840180d2020000d4007008d5000008d5008008d5000c8078"}}, @irq_setup={0x46, 0x18, {0x2, 0x345}}, @irq_setup={0x46, 0x18, {0x3, 0x2d}}], 0x42c}, &(0x7f00000004c0)=[@featur1={0x1, 0x40}], 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r1, 0x8040ae9f, &(0x7f0000000500)=@arm64)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x10)
r3 = eventfd2(0x0, 0x40001)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000540)={0x400, 0x1000, 0x2, r3, 0x3})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000580)={0x100000, 0x14000, 0x1})
ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0)
close(r2)
r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bfd000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000006c0)={0x0, &(0x7f00000005c0)=[@irq_setup={0x46, 0x18, {0x0, 0x7d}}, @hvc={0x32, 0x40, {0x8000, [0x6, 0x3, 0x1, 0xcd26, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0xfffffffffffffffb, 0x2}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0x331, 0xffffffffffffff7f, 0x9}}, @eret={0xe6, 0x18, 0x1ff}], 0xd0}, &(0x7f0000000700)=[@featur1={0x1, 0x5c}], 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r5, 0x4004ae8b, &(0x7f0000000740))
r6 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x200)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000007c0)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000780)=0x9})
ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f0000000800)={0xc0, 0x0, 0x4000})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000880)={0x8, 0x6000, 0x0, 0xffffffffffffffff, 0xb})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f00000008c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x7f})
r7 = mmap$KVM_VCPU(&(0x7f0000e12000/0x1000)=nil, 0x0, 0x5, 0x8010, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000900)="b587d8e4f9ce0202bf0e12e6b73bd2afa58863ff65708703d4e6f3894b56a2dfefc78d77dd33cb1363c85f6b812ada67132011ebf9ddccf30a251860234796349ca6c739b05024a1", 0x0, 0x48)
ioctl$KVM_GET_SREGS(r5, 0x8000ae83, &(0x7f0000000980))
r8 = eventfd2(0xfffff36f, 0x1)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000ac0)={0x3, 0x8080000, 0x0, r8, 0x1})
r9 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000e00)={0x0, &(0x7f0000000b00)=[@smc={0x1e, 0x40, {0xc4000001, [0x4, 0x6, 0x8, 0x3, 0x6]}}, @code={0xa, 0x84, {"000028d5009c85d20020b8f2c10180d2c20080d2830180d2840180d2020000d4008008d5007008d50098207e60209ed200c0b0f2c10080d2a20080d2030180d2040080d2020000d4007008d500000038000008d5c0d380d20040b0f2210080d2820080d2830080d2a40080d2020000d4"}}, @eret={0xe6, 0x18, 0x9a}, @code={0xa, 0xb4, {"a01386d20000b0f2210180d2020080d2630180d2c40180d2020000d40090805f60e997d200e0b8f2810080d2220080d2e30080d2c40080d2020000d4008008d50094000fa09398d20060b0f2610180d2820180d2e30080d2a40180d2020000d4e0248bd200a0b8f2a10080d2020080d2430180d2640080d2020000d400e4002f007008d5a0cb90d200a0b0f2410080d2620180d2830180d2c40080d2020000d4"}}, @mrs={0xbe, 0x18, {0x6030000000138057}}, @hvc={0x32, 0x40, {0x2000000, [0x1, 0x6, 0x6, 0x100000000, 0x1]}}, @code={0xa, 0x6c, {"0040c00d000028d5e0c48dd200c0b8f2210080d2c20180d2230080d2a40080d2020000d400a4006f007008d580068cd20040b0f2a10180d2220180d2e30180d2c40080d2020000d4007008d50020400d00ac200e0000319e"}}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x5000000, [0xfb, 0xd, 0x80000000, 0x9a]}}, @mrs={0xbe, 0x18, {0x603000000013e6c9}}], 0x2c4}, &(0x7f0000000e40)=[@featur2={0x1, 0x1c}], 0x1)
ioctl$KVM_GET_MP_STATE(r9, 0x8004ae98, &(0x7f0000000e80))
r10 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000001080)={0x0, &(0x7f0000000ec0)=[@code={0xa, 0xcc, {"007008d5605289d20020b8f2810080d2420180d2830080d2c40180d2020000d4000008d5007008d560f084d20020b8f2010080d2220080d2e30180d2e40180d2020000d4407089d20060b8f2010180d2220180d2030080d2840080d2020000d40000003360cc8ad20080b8f2810080d2e20180d2a30180d2e40180d2020000d440608ed20060b0f2610180d2e20180d2c30180d2240180d2020000d440d59bd200e0b0f2810080d2220180d2e30080d2a40080d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013e6c0}}, @uexit={0x0, 0x18}, @irq_setup={0x46, 0x18, {0x0, 0x2e}}, @eret={0xe6, 0x18, 0x2}, @hvc={0x32, 0x40, {0xc4000007, [0xd, 0x5, 0xffffffffffffffff, 0x100000001, 0x9]}}, @hvc={0x32, 0x40, {0x3b008012, [0x8001, 0x65, 0xb25, 0x8000, 0x3]}}], 0x1ac}, &(0x7f00000010c0)=[@featur2={0x1, 0x90}], 0x1)
ioctl$KVM_GET_API_VERSION(r2, 0xae00, 0x0)

1m8.440809382s ago: executing program 7 (id=100):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000140)=0x8)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x0, 0xf3}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x300)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x10004075, 0x4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000000)=@arm64)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000100))

57.815598552s ago: executing program 8 (id=101):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000000)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bde000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
eventfd2(0x0, 0x0)

50.651818286s ago: executing program 7 (id=102):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x1, 0xe000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x3000, 0x122000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000001480)={0xfdfd, 0x13000, 0x1})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r6, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000200)=@arm64={0x1, 0x2, 0x1, '\x00', 0x2})
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
r10 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r9, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f00000001c0)=[@uexit={0x0, 0x18}], 0x18}], 0x1, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_GET_REG_LIST(r12, 0xc008aeb0, &(0x7f0000000000))
r13 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r13, r14, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c024, &(0x7f00000000c0)})

10.700741823s ago: executing program 39 (id=101):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000000)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bde000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
eventfd2(0x0, 0x0)

0s ago: executing program 40 (id=102):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x1, 0xe000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x3000, 0x122000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000001480)={0xfdfd, 0x13000, 0x1})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r6, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000200)=@arm64={0x1, 0x2, 0x1, '\x00', 0x2})
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
r10 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r9, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f00000001c0)=[@uexit={0x0, 0x18}], 0x18}], 0x1, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_GET_REG_LIST(r12, 0xc008aeb0, &(0x7f0000000000))
r13 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r13, r14, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c024, &(0x7f00000000c0)})

kernel console output (not intermixed with test programs):

[  385.961900][ T3155] 8021q: adding VLAN 0 to HW filter on device bond0
[  421.386638][ T3155] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:27975' (ED25519) to the list of known hosts.
[  599.536069][   T25] audit: type=1400 audit(598.750:61): avc:  denied  { name_bind } for  pid=3308 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  601.426170][   T25] audit: type=1400 audit(600.640:62): avc:  denied  { execute } for  pid=3309 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  601.479603][   T25] audit: type=1400 audit(600.670:63): avc:  denied  { execute_no_trans } for  pid=3309 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  622.793179][   T25] audit: type=1400 audit(622.010:64): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  622.820430][   T25] audit: type=1400 audit(622.030:65): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  622.909578][ T3309] cgroup: Unknown subsys name 'net'
[  622.961941][   T25] audit: type=1400 audit(622.180:66): avc:  denied  { unmount } for  pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  623.347184][ T3309] cgroup: Unknown subsys name 'cpuset'
[  623.453262][ T3309] cgroup: Unknown subsys name 'rlimit'
[  624.474683][   T25] audit: type=1400 audit(623.690:67): avc:  denied  { setattr } for  pid=3309 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  624.514091][   T25] audit: type=1400 audit(623.710:68): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  624.530518][   T25] audit: type=1400 audit(623.740:69): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  626.026609][ T3312] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  626.046377][   T25] audit: type=1400 audit(625.260:70): avc:  denied  { relabelto } for  pid=3312 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.073567][   T25] audit: type=1400 audit(625.290:71): avc:  denied  { write } for  pid=3312 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  626.255376][   T25] audit: type=1400 audit(625.470:72): avc:  denied  { read } for  pid=3309 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.274179][   T25] audit: type=1400 audit(625.480:73): avc:  denied  { open } for  pid=3309 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.321611][ T3309] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  677.547500][   T25] audit: type=1400 audit(676.760:74): avc:  denied  { execmem } for  pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  682.140675][   T25] audit: type=1400 audit(681.350:75): avc:  denied  { read } for  pid=3315 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  682.157026][   T25] audit: type=1400 audit(681.370:76): avc:  denied  { open } for  pid=3315 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  682.273173][   T25] audit: type=1400 audit(681.490:77): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  682.560087][   T25] audit: type=1400 audit(681.750:78): avc:  denied  { module_request } for  pid=3316 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  683.684675][   T25] audit: type=1400 audit(682.900:79): avc:  denied  { sys_module } for  pid=3315 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  712.143030][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  712.315491][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  713.435370][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  713.555451][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  725.446997][ T3316] hsr_slave_0: entered promiscuous mode
[  725.474996][ T3316] hsr_slave_1: entered promiscuous mode
[  726.336193][ T3315] hsr_slave_0: entered promiscuous mode
[  726.400458][ T3315] hsr_slave_1: entered promiscuous mode
[  726.433735][ T3315] debugfs: 'hsr0' already exists in 'hsr'
[  726.450020][ T3315] Cannot create hsr debugfs directory
[  731.823576][   T25] audit: type=1400 audit(731.040:80): avc:  denied  { create } for  pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  731.876217][   T25] audit: type=1400 audit(731.090:81): avc:  denied  { write } for  pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  731.907470][   T25] audit: type=1400 audit(731.120:82): avc:  denied  { read } for  pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  732.050134][ T3316] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  732.406852][ T3316] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  732.735034][ T3316] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  732.943214][ T3316] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  734.642914][ T3315] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  734.805076][ T3315] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  734.996087][ T3315] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  735.127234][ T3315] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  747.926151][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0
[  750.216361][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0
[  811.106800][ T3316] veth0_vlan: entered promiscuous mode
[  811.544534][ T3316] veth1_vlan: entered promiscuous mode
[  813.622869][ T3315] veth0_vlan: entered promiscuous mode
[  813.777704][ T3316] veth0_macvtap: entered promiscuous mode
[  814.123611][ T3316] veth1_macvtap: entered promiscuous mode
[  814.523578][ T3315] veth1_vlan: entered promiscuous mode
[  816.513186][ T3388] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  816.676285][ T3388] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  816.681845][ T3388] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  816.799895][ T3388] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  817.013443][ T3315] veth0_macvtap: entered promiscuous mode
[  817.771059][ T3315] veth1_macvtap: entered promiscuous mode
[  820.341046][   T25] audit: type=1400 audit(819.540:83): avc:  denied  { mount } for  pid=3316 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  820.616592][   T25] audit: type=1400 audit(819.830:84): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/syzkaller.0b7Tnn/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  820.910083][   T25] audit: type=1400 audit(820.100:85): avc:  denied  { mount } for  pid=3316 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  821.460216][   T25] audit: type=1400 audit(820.620:86): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/syzkaller.0b7Tnn/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  821.655678][   T25] audit: type=1400 audit(820.870:87): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/syzkaller.0b7Tnn/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3779 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  821.741677][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  821.744000][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  821.852991][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  821.856863][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  822.645038][   T25] audit: type=1400 audit(821.780:88): avc:  denied  { unmount } for  pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  822.960161][   T25] audit: type=1400 audit(822.170:89): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  823.096913][   T25] audit: type=1400 audit(822.310:90): avc:  denied  { mount } for  pid=3316 comm="syz-executor" name="/" dev="gadgetfs" ino=3790 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  823.722727][   T25] audit: type=1400 audit(822.900:91): avc:  denied  { mount } for  pid=3316 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  823.886076][   T25] audit: type=1400 audit(823.100:92): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  825.453863][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  826.945261][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  826.946110][   T25] audit: type=1400 audit(826.150:94): avc:  denied  { read write } for  pid=3316 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  827.020625][   T25] audit: type=1400 audit(826.200:95): avc:  denied  { open } for  pid=3316 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  827.063145][   T25] audit: type=1400 audit(826.270:96): avc:  denied  { ioctl } for  pid=3316 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  838.501670][   T25] audit: type=1400 audit(837.720:97): avc:  denied  { read } for  pid=3473 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  838.515339][   T25] audit: type=1400 audit(837.730:98): avc:  denied  { open } for  pid=3473 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  839.039840][   T25] audit: type=1400 audit(838.240:99): avc:  denied  { append } for  pid=3473 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  839.159926][   T25] audit: type=1400 audit(838.360:100): avc:  denied  { ioctl } for  pid=3473 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  842.550626][   T25] audit: type=1400 audit(841.710:101): avc:  denied  { execute } for  pid=3473 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3898 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  861.402110][ T3491] kvm [3491]: Failed to find VMA for hva 0x20c01000
[  863.314231][ T3491] kvm [3491]: Failed to find VMA for hva 0x20c01000
[  974.660323][ T3497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  975.430862][ T3497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  975.957251][ T3499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  976.662991][ T3499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  998.650230][ T3497] hsr_slave_0: entered promiscuous mode
[  998.703348][ T3497] hsr_slave_1: entered promiscuous mode
[  998.741519][ T3497] debugfs: 'hsr0' already exists in 'hsr'
[  998.771190][ T3497] Cannot create hsr debugfs directory
[ 1000.677836][ T3499] hsr_slave_0: entered promiscuous mode
[ 1000.785127][ T3499] hsr_slave_1: entered promiscuous mode
[ 1000.840055][ T3499] debugfs: 'hsr0' already exists in 'hsr'
[ 1000.850833][ T3499] Cannot create hsr debugfs directory
[ 1018.762919][ T3497] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1019.812193][ T3497] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1020.444886][ T3497] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1021.452444][ T3497] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1027.435126][ T3499] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1027.920670][ T3499] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1028.317544][ T3499] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1028.892936][ T3499] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1037.831977][   T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1039.016815][   T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1040.262851][   T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1041.407618][   T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1056.386351][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1056.494759][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1056.592621][   T52] bond0 (unregistering): Released all slaves
[ 1058.051508][   T52] hsr_slave_0: left promiscuous mode
[ 1058.104641][   T52] hsr_slave_1: left promiscuous mode
[ 1058.512573][   T52] veth1_macvtap: left promiscuous mode
[ 1058.516795][   T52] veth0_macvtap: left promiscuous mode
[ 1058.602894][   T52] veth1_vlan: left promiscuous mode
[ 1058.622702][   T52] veth0_vlan: left promiscuous mode
[ 1085.107598][   T52] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1086.046664][   T52] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1086.975292][   T52] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1087.916194][   T52] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1089.842598][ T3499] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1091.083356][ T3497] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1105.777023][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1105.882901][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1105.940414][   T52] bond0 (unregistering): Released all slaves
[ 1107.505047][   T52] hsr_slave_0: left promiscuous mode
[ 1107.565008][   T52] hsr_slave_1: left promiscuous mode
[ 1108.390652][   T52] veth1_macvtap: left promiscuous mode
[ 1108.392028][   T52] veth0_macvtap: left promiscuous mode
[ 1108.413857][   T52] veth1_vlan: left promiscuous mode
[ 1108.431771][   T52] veth0_vlan: left promiscuous mode
[ 1205.912288][ T3497] veth0_vlan: entered promiscuous mode
[ 1207.596366][ T3499] veth0_vlan: entered promiscuous mode
[ 1207.751468][ T3497] veth1_vlan: entered promiscuous mode
[ 1209.165219][ T3499] veth1_vlan: entered promiscuous mode
[ 1212.652279][ T3497] veth0_macvtap: entered promiscuous mode
[ 1213.537505][ T3497] veth1_macvtap: entered promiscuous mode
[ 1213.905402][ T3499] veth0_macvtap: entered promiscuous mode
[ 1214.874235][ T3499] veth1_macvtap: entered promiscuous mode
[ 1217.417324][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1217.429989][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1217.433766][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1217.444591][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.124479][ T3353] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.132548][ T3353] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.364008][ T3353] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.371649][ T3353] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1258.128802][   T25] audit: type=1400 audit(1257.330:102): avc:  denied  { write } for  pid=3716 comm="syz.3.12" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1260.454125][   T25] audit: type=1400 audit(1259.590:103): avc:  denied  { setattr } for  pid=3712 comm="syz.2.11" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1494.864024][   T25] audit: type=1400 audit(1494.060:104): avc:  denied  { map } for  pid=3845 comm="syz.2.33" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1495.003729][   T25] audit: type=1400 audit(1494.160:105): avc:  denied  { execute } for  pid=3845 comm="syz.2.33" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1509.652061][ T3339] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1511.915021][ T3339] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1514.647534][ T3339] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1517.176058][ T3339] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1540.561402][ T3339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1540.864677][ T3339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1541.231183][ T3339] bond0 (unregistering): Released all slaves
[ 1543.958915][ T3339] hsr_slave_0: left promiscuous mode
[ 1544.061025][ T3339] hsr_slave_1: left promiscuous mode
[ 1544.801599][ T3339] veth1_macvtap: left promiscuous mode
[ 1544.806346][ T3339] veth0_macvtap: left promiscuous mode
[ 1544.842513][ T3339] veth1_vlan: left promiscuous mode
[ 1544.854318][ T3339] veth0_vlan: left promiscuous mode
[ 1580.490716][   T25] audit: type=1400 audit(1579.700:106): avc:  denied  { ioctl } for  pid=3899 comm="syz.2.39" path="net:[4026532928]" dev="nsfs" ino=4026532928 ioctlcmd=0x582a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1644.420584][ T3852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1644.801678][ T3852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1680.656683][ T3852] hsr_slave_0: entered promiscuous mode
[ 1680.746914][ T3852] hsr_slave_1: entered promiscuous mode
[ 1702.793853][ T3852] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1703.267515][ T3852] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1703.547712][ T3852] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1703.983317][ T3852] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1735.882579][ T3852] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1895.907868][ T3852] veth0_vlan: entered promiscuous mode
[ 1897.023804][ T3852] veth1_vlan: entered promiscuous mode
[ 1900.372844][ T3852] veth0_macvtap: entered promiscuous mode
[ 1900.747480][ T3852] veth1_macvtap: entered promiscuous mode
[ 1904.166291][ T3592] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1904.171898][ T3592] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1904.235795][ T3592] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1904.256547][ T3592] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2056.213972][   T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2058.347617][   T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2060.065428][   T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2061.842875][   T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2079.724024][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2079.901876][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2080.031937][   T35] bond0 (unregistering): Released all slaves
[ 2082.092494][   T35] hsr_slave_0: left promiscuous mode
[ 2082.221923][   T35] hsr_slave_1: left promiscuous mode
[ 2082.642001][   T35] veth1_macvtap: left promiscuous mode
[ 2082.675058][   T35] veth0_macvtap: left promiscuous mode
[ 2082.686604][   T35] veth1_vlan: left promiscuous mode
[ 2082.717269][   T35] veth0_vlan: left promiscuous mode
[ 2109.631716][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2111.124191][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2112.572937][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2113.756409][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2131.450780][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2132.080705][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2132.522994][   T35] bond0 (unregistering): Released all slaves
[ 2134.797787][   T35] hsr_slave_0: left promiscuous mode
[ 2134.841392][   T35] hsr_slave_1: left promiscuous mode
[ 2135.160424][   T35] veth1_macvtap: left promiscuous mode
[ 2135.167615][   T35] veth0_macvtap: left promiscuous mode
[ 2135.190758][   T35] veth1_vlan: left promiscuous mode
[ 2135.200920][   T35] veth0_vlan: left promiscuous mode
[ 2150.116311][ T4166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2151.496777][ T4166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2170.553323][ T4177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2170.871864][ T4177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2183.030272][ T4166] hsr_slave_0: entered promiscuous mode
[ 2183.141189][ T4166] hsr_slave_1: entered promiscuous mode
[ 2197.270502][ T4177] hsr_slave_0: entered promiscuous mode
[ 2197.295506][ T4177] hsr_slave_1: entered promiscuous mode
[ 2197.345960][ T4177] debugfs: 'hsr0' already exists in 'hsr'
[ 2197.351060][ T4177] Cannot create hsr debugfs directory
[ 2200.815255][ T4166] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2201.266052][ T4166] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2202.332065][ T4166] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2203.094388][ T4166] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2215.647695][ T4177] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2216.243531][ T4177] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2216.795941][ T4177] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2217.299773][ T4177] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2239.716713][ T4166] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2251.265687][ T4177] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2384.256211][ T4166] veth0_vlan: entered promiscuous mode
[ 2385.424920][ T4166] veth1_vlan: entered promiscuous mode
[ 2388.621686][ T4166] veth0_macvtap: entered promiscuous mode
[ 2389.073194][ T4166] veth1_macvtap: entered promiscuous mode
[ 2393.182822][   T21] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2393.200269][   T21] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2393.229897][   T21] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2393.235798][   T21] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2398.810927][ T4177] veth0_vlan: entered promiscuous mode
[ 2400.798733][ T4177] veth1_vlan: entered promiscuous mode
[ 2405.145724][ T4177] veth0_macvtap: entered promiscuous mode
[ 2405.773237][ T4177] veth1_macvtap: entered promiscuous mode
[ 2410.312164][ T3460] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2410.337498][ T3460] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2410.413916][ T3460] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2410.519361][ T4302] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2707.304038][   T21] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2709.393719][   T21] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2711.353903][   T21] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2713.362122][   T21] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2742.484955][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2742.756435][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2743.041645][   T21] bond0 (unregistering): Released all slaves
[ 2744.973124][   T21] hsr_slave_0: left promiscuous mode
[ 2745.062287][   T21] hsr_slave_1: left promiscuous mode
[ 2745.621699][   T21] veth1_macvtap: left promiscuous mode
[ 2745.632283][   T21] veth0_macvtap: left promiscuous mode
[ 2745.641133][   T21] veth1_vlan: left promiscuous mode
[ 2745.700581][   T21] veth0_vlan: left promiscuous mode
[ 2782.705122][   T21] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2783.867555][   T21] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2785.820641][   T21] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2787.113936][   T21] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2808.154689][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2808.283503][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2808.389460][   T21] bond0 (unregistering): Released all slaves
[ 2811.641038][   T21] hsr_slave_0: left promiscuous mode
[ 2811.810913][   T21] hsr_slave_1: left promiscuous mode
[ 2813.120736][   T21] veth1_macvtap: left promiscuous mode
[ 2813.139848][   T21] veth0_macvtap: left promiscuous mode
[ 2813.152786][   T21] veth1_vlan: left promiscuous mode
[ 2813.250221][   T21] veth0_vlan: left promiscuous mode
[ 2860.036912][ T4539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2860.416318][ T4539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2865.493264][ T4544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2865.841166][ T4544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2896.484574][ T4539] hsr_slave_0: entered promiscuous mode
[ 2896.565224][ T4539] hsr_slave_1: entered promiscuous mode
[ 2903.559990][ T4544] hsr_slave_0: entered promiscuous mode
[ 2903.654017][ T4544] hsr_slave_1: entered promiscuous mode
[ 2903.775419][ T4544] debugfs: 'hsr0' already exists in 'hsr'
[ 2903.815173][ T4544] Cannot create hsr debugfs directory
[ 2918.256475][ T4539] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 2918.897521][ T4539] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 2919.533062][ T4539] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 2920.315987][ T4539] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 2926.461724][ T4544] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 2926.946294][ T4544] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 2927.570990][ T4544] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 2928.113071][ T4544] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 2962.067154][ T4539] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2969.763346][ T4544] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3135.805450][ T4539] veth0_vlan: entered promiscuous mode
[ 3137.347779][ T4539] veth1_vlan: entered promiscuous mode
[ 3142.612018][ T4539] veth0_macvtap: entered promiscuous mode
[ 3144.397824][ T4539] veth1_macvtap: entered promiscuous mode
[ 3145.024961][ T4544] veth0_vlan: entered promiscuous mode
[ 3147.516823][ T4544] veth1_vlan: entered promiscuous mode
[ 3151.439654][   T35] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3151.560743][ T4389] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3151.589603][ T4389] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3151.606286][ T4389] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3155.326756][ T4544] veth0_macvtap: entered promiscuous mode
[ 3157.124759][ T4544] veth1_macvtap: entered promiscuous mode
[ 3163.446445][ T4327] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3163.664697][ T3855] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3163.673992][ T3855] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3163.771666][ T3353] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3527.986942][ T4871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3528.701510][ T4871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3539.154056][ T4875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3539.812189][ T4875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3589.193709][ T4871] hsr_slave_0: entered promiscuous mode
[ 3589.323901][ T4871] hsr_slave_1: entered promiscuous mode
[ 3589.496340][ T4871] debugfs: 'hsr0' already exists in 'hsr'
[ 3589.531432][ T4871] Cannot create hsr debugfs directory
[ 3602.730599][ T4875] hsr_slave_0: entered promiscuous mode
[ 3602.929503][ T4875] hsr_slave_1: entered promiscuous mode
[ 3603.029930][ T4875] debugfs: 'hsr0' already exists in 'hsr'
[ 3603.030810][ T4875] Cannot create hsr debugfs directory
[ 3639.390270][ T4871] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 3643.541795][ T4871] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 3647.551464][ T4871] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 3648.746290][ T4871] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 3669.509694][ T4875] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 3670.291144][ T4875] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 3671.074248][ T4875] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 3672.211482][ T4875] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 3710.743887][ T4871] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3728.596710][ T4875] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3776.020900][   T27] INFO: task syz.7.102:4853 blocked for more than 430 seconds.
[ 3776.041093][   T27]       Not tainted syzkaller #0
[ 3776.074752][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3776.093856][   T27] task:syz.7.102       state:D stack:0     pid:4853  tgid:4853  ppid:4539   task_flags:0x400040 flags:0x00000019
[ 3776.095581][   T27] Call trace:
[ 3776.096092][   T27]  __switch_to+0x584/0xb20 (T)
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 3776.189200][   T27]  __schedule+0x1eec/0x33a4
[ 3776.227727][   T27]  schedule+0xac/0x27c
[ 3776.279911][   T27]  schedule_timeout+0x5c/0x1e4
[ 3776.280602][   T27]  do_wait_for_common+0x28c/0x444
[ 3776.281077][   T27]  wait_for_completion+0x44/0x5c
[ 3776.281633][   T27]  __synchronize_srcu+0x2a4/0x320
[ 3776.282101][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 3776.282574][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 3776.283038][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 3776.283469][   T27]  kvm_vm_release+0x58/0x78
[ 3776.283922][   T27]  __fput+0x4ac/0x980
[ 3776.284337][   T27]  ____fput+0x20/0x58
[ 3776.284752][   T27]  task_work_run+0x1bc/0x254
[ 3776.285210][   T27]  do_notify_resume+0x1bc/0x270
[ 3776.285701][   T27]  el0_svc+0xb8/0x164
[ 3776.286126][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 3776.286593][   T27]  el0t_64_sync+0x198/0x19c
[ 3776.461778][   T27] 
[ 3776.461778][   T27] Showing all locks held in the system:
[ 3776.502720][   T27] 2 locks held by kworker/u4:1/21:
[ 3776.503325][   T27]  #0: f1f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 3776.505821][   T27]  #1: ffff80008c667c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 3776.507786][   T27] 1 lock held by khungtaskd/27:
[ 3776.611896][   T27]  #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 3776.712325][   T27] 3 locks held by kworker/u4:2/35:
[ 3776.712830][   T27] 2 locks held by getty/3184:
[ 3776.713187][   T27]  #0: e3f0000011c4a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 3776.714850][   T27]  #1: 52ff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 3776.716572][   T27] 2 locks held by syz-executor/3309:
[ 3776.716923][   T27] 3 locks held by kworker/u4:4/3353:
[ 3776.717241][   T27] 3 locks held by kworker/u4:8/3460:
[ 3776.717577][   T27] 3 locks held by kworker/u4:9/3524:
[ 3776.849857][   T27] 3 locks held by kworker/u4:10/3592:
[ 3776.850599][   T27] 3 locks held by kworker/u4:13/4389:
[ 3776.850995][   T27] 2 locks held by kworker/0:5/4592:
[ 3776.851347][   T27] 2 locks held by kworker/u4:14/4701:
[ 3776.851673][   T27] 2 locks held by kworker/0:2/4782:
[ 3776.851982][   T27] 2 locks held by syz.8.101/4850:
[ 3776.852286][   T27] 1 lock held by syz-executor/4875:
[ 3776.852636][   T27] 3 locks held by kworker/u4:5/4907:
[ 3776.852971][   T27] 3 locks held by kworker/u4:11/4933:
[ 3776.853312][   T27] 2 locks held by kworker/u4:15/4980:
[ 3776.853679][   T27] 2 locks held by dhcpcd-run-hook/5032:
[ 3776.853998][   T27] 1 lock held by modprobe/5033:
[ 3776.854547][   T27] 
[ 3776.854826][   T27] =============================================
[ 3776.854826][   T27] 
[ 3797.162004][   T27] INFO: task syz.7.102:4853 blocked for more than 451 seconds.
[ 3797.181862][   T27]       Not tainted syzkaller #0
[ 3797.199741][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3797.200173][   T27] task:syz.7.102       state:D stack:0     pid:4853  tgid:4853  ppid:4539   task_flags:0x400040 flags:0x00000019
[ 3797.200993][   T27] Call trace:
[ 3797.201280][   T27]  __switch_to+0x584/0xb20 (T)
[ 3797.201879][   T27]  __schedule+0x1eec/0x33a4
[ 3797.202390][   T27]  schedule+0xac/0x27c
[ 3797.202873][   T27]  schedule_timeout+0x5c/0x1e4
[ 3797.203289][   T27]  do_wait_for_common+0x28c/0x444
[ 3797.203720][   T27]  wait_for_completion+0x44/0x5c
[ 3797.204202][   T27]  __synchronize_srcu+0x2a4/0x320
[ 3797.204685][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 3797.205171][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 3797.205671][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 3797.206074][   T27]  kvm_vm_release+0x58/0x78
[ 3797.206551][   T27]  __fput+0x4ac/0x980
[ 3797.206944][   T27]  ____fput+0x20/0x58
[ 3797.207347][   T27]  task_work_run+0x1bc/0x254
[ 3797.207769][   T27]  do_notify_resume+0x1bc/0x270
[ 3797.409706][   T27]  el0_svc+0xb8/0x164
[ 3797.410323][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 3797.410790][   T27]  el0t_64_sync+0x198/0x19c
[ 3797.411483][   T27] 
[ 3797.411483][   T27] Showing all locks held in the system:
[ 3797.411795][   T27] 1 lock held by khungtaskd/27:
[ 3797.412111][   T27]  #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 3797.413968][   T27] 2 locks held by getty/3184:
[ 3797.414292][   T27]  #0: e3f0000011c4a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 3797.415922][   T27]  #1: 52ff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 3797.417659][   T27] 3 locks held by kworker/u4:3/3339:
[ 3797.624486][   T27] 3 locks held by kworker/u4:4/3353:
[ 3797.629226][   T27] 2 locks held by kworker/u4:8/3460:
[ 3797.629699][   T27]  #0: f1f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 3797.631488][   T27]  #1: ffff8000a3c37c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 3797.633214][   T27] 2 locks held by kworker/u4:9/3524:
[ 3797.633560][   T27] 3 locks held by kworker/u4:10/3592:
[ 3797.633878][   T27] 3 locks held by kworker/u4:6/3855:
[ 3797.634204][   T27] 2 locks held by kworker/u4:7/4327:
[ 3797.634542][   T27]  #0: f1f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 3797.636199][   T27]  #1: ffff80008e907c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 3797.786929][   T27] 2 locks held by kworker/u4:13/4389:
[ 3797.793772][   T27] 3 locks held by kworker/u4:14/4701:
[ 3797.794241][   T27] 2 locks held by syz.8.101/4850:
[ 3797.794604][   T27] 2 locks held by syz-executor/4871:
[ 3797.794917][   T27] 2 locks held by syz-executor/4875:
[ 3797.795269][   T27] 2 locks held by rm/5037:
[ 3797.795597][   T27] 2 locks held by modprobe/5038:
[ 3797.795889][   T27] 1 lock held by modprobe/5039:
[ 3797.796248][   T27] 
[ 3797.796516][   T27] =============================================
[ 3797.796516][   T27] 

VM DIAGNOSIS:
13:28:47  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000802d051c X00=ffff8000873665ee X01=ffff80008712372d
X02=0000000000000001 X03=ffff80008045d478 X04=0000000000000001
X05=0000000000000001 X06=0000000000000000 X07=ffff800080499cac
X08=ffff8000865a61e4 X09=0000000000010001 X10=0000000000ff0100
X11=0000000000010001 X12=0000000000010002 X13=0000000000000028
X14=0000000000004000 X15=e6ff8000865c6854 X16=aa2345457591674d
X17=a79b65d223cc4c52 X18=00000000000000ff X19=0000000000000004
X20=ffff8000878830c0 X21=39f000000d9b9d88 X22=0000000000000039
X23=ffff800087751560 X24=ffff8000879bf808 X25=0000000000000039
X26=ffff8000878830c0 X27=39f000000d9bb370 X28=0000000000000028
X29=ffff80008c4f7a50 X30=ffff8000805a29d4  SP=ffff80008c4f7a40
PSTATE=604020c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=6572207265767265:730073250a0d0a0d
Z02=742065726f6d2072:6f662064656b636f Z03=0000000000000000:00ff00ff00000000
Z04=0000000000000000:000000000f0f0000 Z05=726f6d20726f6620:64656b636f6c6220
Z06=203a29315f657661:6c735f646e6f6220 Z07=206e612073612067:6e6976616c736e45
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffcc5ef5d0:0000ffffcc5ef5d0 Z17=ffffff80ffffffd8:0000ffffcc5ef5a0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000