last executing test programs:

1h12m30.200078742s ago: executing program 1 (id=2):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_CAP_PTP_KVM(r0, 0x4068aea3, &(0x7f0000000000))
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000080)={0xe4, 0x0, 0x8001})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x14)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000100)={0x2, 0x1000, 0x1})
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r0, 0x4010aeb5, &(0x7f0000000140)={0x10001, 0xfffffffffffffa96})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f0000000180))
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x0, 0x2, 0x100010, r0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000200)="b8c2f6f9efb2c3a0e1fea0ba3a3ca6a44d85b88d48df2a7ff1acae58a0daeba9e9eae0a95f309dee1a31dcc0b7c4813587cb290c1907c1a2394ce747459afb2d5a2d5d24bd2500a6", 0x0, 0x48)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x0, &(0x7f0000000280)=0x5})
ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f0000000300)={0xc0, 0x0, 0x9000})
r4 = eventfd2(0x1, 0x1)
write$eventfd(r4, &(0x7f0000000380)=0x2, 0x8)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f00000003c0)={0xfec00000, 0x0, 0x1})
ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000440)=@other={0x6, &(0x7f0000000400)})
r5 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r0, 0x4068aea3, &(0x7f0000000480))
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b40)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x603000000013e081}}, @smc={0x1e, 0x40, {0x8400000b, [0x250b, 0x6, 0x3, 0xd, 0x2]}}, @code={0xa, 0x54, {"007008d5000000130000201e0094006f000028d500c4200e0000431e809a99d200a0b0f2210080d2c20180d2230080d2440080d2020000d4008008d5007008d5"}}, @smc={0x1e, 0x40, {0x800, [0x1, 0x5, 0x64, 0xffffffffffffffff, 0x7a0]}}, @mrs={0xbe, 0x18, {0x603000000013de87}}, @hvc={0x32, 0x40, {0x400000e, [0x1, 0x53, 0xe, 0x101, 0xc80]}}, @code={0xa, 0x84, {"e003bfd6007008d5000040f8007008d50000629ec0de81d20020b0f2210080d2420180d2030180d2040180d2020000d4000c207ea0809ed20040b0f2210080d2420180d2e30080d2040080d2020000d480c09cd200e0b0f2e10180d2420080d2230180d2640080d2020000d40004006e"}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0xe, 0x9, 0x7, 0x4}}, @uexit={0x0, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x8, 0xe3b, 0xb}}, @eret={0xe6, 0x18, 0x6}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x3d}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x70, 0x5, 0x2}}, @eret={0xe6, 0x18, 0x6}, @code={0xa, 0x6c, {"0068202e007008d500e0df0d00c4a02e000008d5008008d5007008d50080c00d80d78ed20020b8f2810180d2420080d2230180d2e40080d2020000d4c01c81d200e0b0f2210180d2a20180d2e30180d2e40180d2020000d4"}}, @svc={0x122, 0x40, {0x84000005, [0x2103, 0x2, 0x5bc, 0x5, 0x9]}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0xdd}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x18050, 0x800, 0xa}}, @code={0xa, 0x9c, {"007008d5008008d500408cd20040b8f2c10080d2c20080d2c30180d2840080d2020000d4a0a885d20000b8f2410180d2c20180d2430180d2a40080d2020000d40090200ec07284d20040b0f2a10080d2c20180d2830180d2840080d2020000d4008008d5007008d580d691d200c0b0f2810080d2620180d2230180d2840180d2020000d40070800c"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0xf4ed, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x2, 0x3, 0x2, 0x4, 0x8}}, @irq_setup={0x46, 0x18, {0x1, 0x151}}, @uexit={0x0, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0xd, 0x3, 0x0, 0x1}}, @hvc={0x32, 0x40, {0x40000000, [0x0, 0x6, 0x9d, 0x5, 0x7]}}, @smc={0x1e, 0x40, {0xc4000007, [0xa796, 0xd, 0x5, 0x7fff, 0x9]}}, @irq_setup={0x46, 0x18, {0x2, 0x159}}, @hvc={0x32, 0x40, {0x86000000, [0xc, 0xffffffffffffffff, 0xb3, 0x3ff, 0x101]}}, @irq_setup={0x46, 0x18, {0x3, 0x268}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x1e0}}], 0x628}, &(0x7f0000000b80)=[@featur1={0x1, 0x80}], 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f0000000bc0)={0xad, "61b7ca43303be6d5e529f25e2d18ae63bb7fe39536082e9d97294d9214638f8392b4e2c7ff3c7dc8b368311d0c81f322171277daade2b0b99c064cd9ba1c76c86078cae788c7dc55aaa0481dd5ec710b78bb43774d97cc2abd4a5fef292a98e7fa66ea2a0e999e59b1efce38febffba33fd3904cbb6106d63239fac8040c42cb2abb2abbff19033becaaa018d75c356352300d5c40a2e6742afe3d42cacf75a1337cb52807637836a54475164e"})
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r0, 0x4018aee2, &(0x7f0000000cc0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000c80)=0x1a})
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000d00)={0x4, 0x9, 0x3})
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x6)
ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f0000000d40)={0x7, 0x6})
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2)
ioctl$KVM_SET_GSI_ROUTING(r9, 0x4008ae6a, &(0x7f0000000d80)={0x5, 0x0, [{0x4, 0x5, 0x1, 0x0, @irqchip={0x4, 0x3}}, {0x1, 0x3, 0x1, 0x0, @adapter={0x6, 0xa, 0x3e41, 0x401, 0xfffffff8}}, {0x79, 0x4, 0x0, 0x0, @sint={0x10000}}, {0xc3, 0x2, 0x1, 0x0, @irqchip={0x1, 0x1}}, {0x8, 0xb18ced0728967f6a, 0x1, 0x0, @adapter={0x5, 0x4, 0xd8c, 0x5, 0x4}}]})
r10 = eventfd2(0x6, 0x0)
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000e80)={r0, 0x10001, 0x1, r10})

1h12m18.973973947s ago: executing program 1 (id=4):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x32)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0xa, <r1=>0xffffffffffffffff, 0x1})
eventfd2(0xffff5392, 0x81801)
close(r1)
ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000040)={0xc0, 0x0, 0x10000})
r2 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bfd000/0x400000)=nil)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ddc000/0x1000)=nil, r3, 0x5, 0x100010, r4, 0x0)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000000c0)={0x6, 0xffffffffffffffff, 0x1})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000100)={0x10, 0xd7b})
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000180)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000140)=0xffffffff})
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e8d000/0x3000)=nil, r5, 0x8, 0x4010, r4, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, &(0x7f0000000200)=@attr_other={0x0, 0xaa2, 0x9, &(0x7f00000001c0)=0x80})
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000580)={0x0, &(0x7f0000000240)=[@irq_setup={0x46, 0x18, {0x1, 0x378}}, @code={0xa, 0x9c, {"007008d50000249e008008d580fa8fd20080b8f2e10180d2e20180d2230080d2840180d2020000d4007008d5c0c48fd20060b8f2210180d2e20080d2430080d2840180d2020000d4007008d5808982d200c0b8f2610080d2a20180d2630080d2240180d2020000d40020202ee07a87d20020b0f2a10080d2020080d2630180d2040080d2020000d4"}}, @eret={0xe6, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x4, 0x37d}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x8, 0x4, 0x5}}, @msr={0x14, 0x20, {0x603000000013e208, 0x6}}, @code={0xa, 0xb4, {"60b798d20040b8f2e10080d2220180d2830080d2a40180d2020000d40060400d000008d5007008d5c01a99d200c0b0f2e10180d2220080d2c30080d2e40180d2020000d4000008d500e0c00de0b98bd20000b0f2c10180d2620080d2a30080d2c40180d2020000d420b588d20000b8f2410080d2c20080d2430080d2240180d2020000d440d39cd200a0b8f2a10080d2620180d2a30080d2840180d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x3, 0x4, 0x6, 0xdc8e, 0x4}}, @smc={0x1e, 0x40, {0xffff, [0x7fffffffffffffff, 0xffffffff, 0x7, 0x0, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013c64a}}, @irq_setup={0x46, 0x18, {0x0, 0x3c2}}, @irq_setup={0x46, 0x18, {0x4, 0x304}}, @smc={0x1e, 0x40, {0x20, [0x5f, 0x1000, 0x49a56f55, 0x80000001, 0x5]}}, @irq_setup={0x46, 0x18, {0x2, 0x18}}, @memwrite={0x6e, 0x30, @generic={0x43000, 0xbf5, 0x9dc0, 0x5}}], 0x320}, &(0x7f00000005c0)=[@featur2={0x1, 0x25}], 0x1)
ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x8000)
r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000600)={0x8000000000000001, 0xd92e})
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f0000000640)={0x2710, 0x7, 0x26000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0xfffffffffffffff8, r6})
r7 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bff000/0x400000)=nil)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x232000, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
close(r6)
r9 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000840)={0x0, &(0x7f0000000740)=[@code={0xa, 0x6c, {"007008d50004002f007008d5c06296d20040b8f2410180d2c20080d2e30080d2040080d2020000d40008200ec0b986d200a0b0f2610080d2020180d2230080d2a40180d2020000d4007008d5000040a8003c207e00bc200e"}}, @irq_setup={0x46, 0x18, {0x4, 0xff}}, @smc={0x1e, 0x40, {0x8400000b, [0xa44, 0x3ff, 0x58d, 0xe, 0x2]}}], 0xc4}, &(0x7f0000000880)=[@featur1={0x1, 0x76}], 0x1)
syz_kvm_setup_cpu$arm64(r0, r9, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000d40)=[{0x0, &(0x7f00000008c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1c08, 0x2, 0x8}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x165}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x16}}, @uexit={0x0, 0x18, 0x381}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x387}}, @hvc={0x32, 0x40, {0x3f000000, [0x8, 0xd01, 0xffffffffffffff0e, 0x800, 0x78]}}, @msr={0x14, 0x20, {0x603000000013804e, 0x7}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x1, 0xc, 0xa7e7, 0x865b0d6}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1be}}, @svc={0x122, 0x40, {0x100, [0x5, 0x2, 0x8000000000000001, 0x80000001, 0x80]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x62}}, @code={0xa, 0x84, {"0000003600005fd6000008d5007008d5008008d5a01784d20080b0f2810080d2020080d2030180d2640080d2020000d4000280d200c0b8f2e10180d2420180d2430180d2640080d2020000d4e0a19dd200e0b8f2810180d2c20080d2030180d2840080d2020000d4000008d5008008d5"}}, @irq_setup={0x46, 0x18, {0x2, 0xd0}}, @msr={0x14, 0x20, {0x603000000013c010, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013c028}}, @uexit={0x0, 0x18, 0x3ff}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x3b3}}, @hvc={0x32, 0x40, {0x31000000, [0x8866, 0x7, 0x6, 0x9, 0x200]}}, @memwrite={0x6e, 0x30, @generic={0x8007000, 0x4c2, 0x4, 0x2}}, @hvc={0x32, 0x40, {0xc400000c, [0x401, 0x2, 0x100, 0x3, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf20, 0x8, 0x1}}, @uexit={0x0, 0x18, 0x65}, @hvc={0x32, 0x40, {0x84000013, [0x7, 0x4, 0xa, 0x40, 0x5c]}}, @msr={0x14, 0x20, {0x603000000013e641}}], 0x444}], 0x1, 0x0, &(0x7f0000000d80)=[@featur1={0x1, 0xa0}], 0x1)
mmap$KVM_VCPU(&(0x7f0000d58000/0x1000)=nil, r5, 0x1000006, 0x8010, r9, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f0000000e00)=@attr_other={0x0, 0x5, 0x3, &(0x7f0000000dc0)=0xa})
ioctl$KVM_SET_REGS(r4, 0x4360ae82, &(0x7f0000000e40)={[0x0, 0x1, 0x100000001, 0x6, 0xfffffffffffffff4, 0x893, 0x2, 0xc4f8, 0x8, 0x4, 0x3ff, 0xcd87, 0x8, 0x2, 0x6, 0x1], 0x60000, 0x4000})
ioctl$KVM_CLEAR_DIRTY_LOG(r6, 0xc018aec0, &(0x7f0000001300)={0x1fd, 0x1c0, 0x380, &(0x7f0000000f00)=[0x5, 0x6, 0x5, 0x4, 0x80000001, 0xffffffffffffffff, 0x10000, 0xb0, 0xb, 0x7, 0x1, 0xb18, 0x9, 0xffffffffffffffeb, 0x8, 0xfffffffffffffffc, 0x5, 0x3, 0x6, 0x3000000000000, 0x6, 0x80, 0x8000, 0xc78b, 0x4, 0x7ff, 0xffffffffffffffc8, 0x3, 0x9, 0x4, 0xffffffffffffffff, 0x101, 0x8, 0xdff8, 0x8, 0x5, 0x1, 0x3, 0x9, 0x7, 0x6, 0xa0000000000000, 0x798, 0x1, 0x24000000000000, 0x5, 0x4, 0x81, 0x2, 0x10, 0x6, 0xfffffffffffffffc, 0x4, 0x6ae, 0x9, 0x8, 0x7, 0x100, 0xef, 0xfffffffffffff000, 0x3, 0x2, 0x2f9e1eef, 0x7, 0x0, 0xe, 0x7fff, 0x6, 0x200, 0xffffffff, 0xa13f, 0x6, 0x3ff, 0x8, 0x819, 0x7, 0x5, 0xe, 0xffffffff, 0x0, 0xfffffffffffffeff, 0x7ff, 0x3, 0x800, 0x1800000000000, 0x3, 0xb75f, 0x1, 0x10, 0x3, 0x4, 0x4, 0x3, 0x1, 0x6, 0x3, 0x8, 0x5, 0x0, 0x7, 0x1ff, 0x1, 0x6, 0x4, 0x4, 0x8, 0x3, 0x6, 0x100000000, 0x400, 0x4, 0x80, 0x529, 0x2, 0x20400000, 0x2, 0x4, 0x8001, 0x9, 0xfff, 0x8, 0xaf3, 0x3, 0x7, 0x1, 0xe5b, 0x10, 0x4]})
ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000001380)=@attr_other={0x0, 0xfffffe0f, 0xdb, &(0x7f0000001340)=0xff})

1h12m13.400913385s ago: executing program 1 (id=5):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x3, 0x7aba30f9, 0x2}}) (async, rerun: 32)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (rerun: 32)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x9})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r4, 0xc018aec0, &(0x7f00000000c0)={0x1}) (async)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000300)=[@svc={0x122, 0x40, {0x1000, [0x100, 0x6, 0x0, 0x5, 0xdf67]}}, @uexit={0x0, 0x18, 0x78e0}, @msr={0x14, 0x20, {0xc437, 0x3}}, @hvc={0x32, 0x40, {0xc4000004, [0x7, 0x3, 0x4, 0x10001, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xd00, 0x7ef7}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x3ea}}, @eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0x2000, [0x7, 0xd, 0x400, 0x5, 0xca7a]}}, @uexit={0x0, 0x18, 0x156e}, @svc={0x122, 0x40, {0x80000000, [0x200, 0x8, 0x7, 0x2]}}, @uexit={0x0, 0x18, 0x10000}, @mrs={0xbe, 0x18, {0x603000000013e10a}}, @msr={0x14, 0x20, {0x603000000013df7a, 0x2}}, @code={0xa, 0xb4, {"208482d20060b0f2210180d2020080d2430080d2440180d2020000d4000008d50060e00d005199d20080b0f2c10180d2820080d2a30080d2440180d2020000d43f2003d50000002ba08b96d20040b0f2210180d2420080d2e30180d2040180d2020000d400e0200e80b29ad200c0b8f2210180d2020080d2230080d2e40080d2020000d4c0fe9dd20000b0f2810180d2420180d2630180d2e40180d2020000d4"}}, @code={0xa, 0x84, {"007008d50040005e00d8217e0000599ec02691d200e0b0f2010180d2e20180d2c30180d2e40180d2020000d4008008d5008008d5008008d5407c87d20040b0f2c10180d2620180d2430080d2a40180d2020000d4a0ea81d20000b0f2e10180d2620180d2630080d2c40180d2020000d4"}}, @mrs={0xbe, 0x18, {0x60300000001380a4}}, @uexit={0x0, 0x18, 0x8}, @svc={0x122, 0x40, {0x8400000f, [0x6, 0xfffffffffffffff8, 0x8, 0x7f, 0xd66d]}}, @smc={0x1e, 0x40, {0x80008000, [0x6, 0x2, 0x5, 0x5, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0xfbd}}, @irq_setup={0x46, 0x18, {0x4, 0x1f5}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x280, 0x0, 0x6}}, @irq_setup={0x46, 0x18, {0x4, 0x20}}, @hvc={0x32, 0x40, {0xc4000004, [0xa453, 0x7, 0x0, 0x3, 0x2]}}], 0x4c8}, &(0x7f00000000c0)=[@featur2={0x1, 0x21}], 0x1) (async)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f00000002c0)={0x200})

1h12m1.951876014s ago: executing program 1 (id=7):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r5, 0x4068aea3, &(0x7f00000001c0)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x10200, 0x4, 0xd000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x200)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000000)={0x0, 0x1})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000580)=0x10001})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x3, 0x0})

1h11m48.09442902s ago: executing program 1 (id=9):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r4, 0x200001fe0000)

1h11m7.608793557s ago: executing program 32 (id=8):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xa)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0xef)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x2, <r4=>0xffffffffffffffff})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil)
write$eventfd(r4, &(0x7f00000001c0), 0xfdef)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
close(r4)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = eventfd2(0x0, 0x80000)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r10, 0x4018aee3, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x1})
r11 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r8, 0x3})
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f00000000c0)={0x10000003, 0x9000, 0x2, r8, 0xf})
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000380)={0x80a0000, 0x124000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000240)={0xfff9d000, 0x2000})

1h11m0.799222806s ago: executing program 33 (id=9):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r4, 0x200001fe0000)

1h6m38.360178523s ago: executing program 2 (id=10):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20000000021)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x700001f, 0x13, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013e6ca, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @memwrite={0x6e, 0x30, @generic={0x2, 0x988, 0x9, 0x1}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @irq_setup={0x46, 0x18, {0x2, 0x290}}], 0x128}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x1)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000000)=[@featur1={0x1, 0x20}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r11 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000000c0)=0x8}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000000c0)=0x8})
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r12, 0x3, 0x11, r5, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8480, 0x0) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8480, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0xfffffffffffffffd) (async)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0xfffffffffffffffd)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r15 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r16, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff, 0x1})
ioctl$KVM_RUN(r16, 0xae80, 0x0)

1h6m24.811218644s ago: executing program 2 (id=12):
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x30, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x401054d6, 0x1)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, 0x0, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

1h6m4.34827718s ago: executing program 2 (id=14):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2200, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x39d}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0xffffffffffbffffc, 0x120)
r5 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000001c0)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000000)=0xfffffffffffffffd})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x8, 0x4, &(0x7f0000000280)=0x4f627b94})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x27)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x5, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4}}], 0x75}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r12 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x2f)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f00000001c0)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)})
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f00000000c0)={0x10000, 0x1, 0xb000, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r15 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20000)
ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r15, 0xae60)

1h5m34.649338297s ago: executing program 2 (id=16):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x401c5820, &(0x7f00000000c0)=@attr_other={0x0, 0x8dc, 0xfffffffffffffffd, 0x0})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c02a, &(0x7f0000000180)})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x27)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x6, 0x4000000, 0x4}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x1, 0x180)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r13, 0xae80, 0x0)

1h4m49.248025439s ago: executing program 34 (id=16):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x401c5820, &(0x7f00000000c0)=@attr_other={0x0, 0x8dc, 0xfffffffffffffffd, 0x0})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c02a, &(0x7f0000000180)})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x27)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x6, 0x4000000, 0x4}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x1, 0x180)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r13, 0xae80, 0x0)

1h1m55.908740263s ago: executing program 3 (id=32):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x301080, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3c)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xc6)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x2, 0x0})
ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000140)=0x6})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = syz_kvm_vgic_v3_setup(r1, 0x3, 0x100)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, 0xffffffffffffffff)
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0xc, &(0x7f0000000240)=0x80000001})

1h1m44.723351128s ago: executing program 3 (id=33):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x6, 0x1, &(0x7f0000000100)=0x1})
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x107, &(0x7f0000000340)=0xfffffffffffffffc})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000a3a000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r6, 0xc018aec0, &(0x7f0000000000)={0x2, 0x380, 0x2c0, 0x0})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000140)={0xbf6, 0x7})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2f)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r6], 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r7, 0x40a0ae49, &(0x7f0000000140)={0x10002, 0x4, 0xeeee0000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000bfd000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x121002, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})

1h1m19.428069127s ago: executing program 3 (id=34):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x7f) (async)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x7f)
ioctl$KVM_RUN(r2, 0x8000ae8c, 0x0) (async)
ioctl$KVM_RUN(r2, 0x8000ae8c, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r2, 0x4208ae9b, &(0x7f0000000380)={0x20001, 0x0, {[0x3, 0x6, 0x5, 0x1, 0x8, 0x4, 0x2, 0x0, 0x2, 0x5, 0xffff, 0xae, 0x84, 0x0, 0x4, 0x5], [0x2, 0x7, 0xffffffff, 0x7ff, 0xa2a, 0x6, 0x3, 0x7, 0x6, 0x5, 0x0, 0xec, 0x40, 0x34000, 0xfffffffffffff530, 0x8], [0xff, 0x8, 0x9, 0x9, 0x6, 0x1, 0x9, 0x3, 0x0, 0xe6f4, 0x7e6000000, 0x0, 0x0, 0x2, 0x2, 0x2], [0x3, 0x0, 0x400, 0xffffffff, 0x7fff, 0xd468, 0x8, 0x8, 0x80000001, 0x8, 0xa47, 0x0, 0x0, 0x7f, 0x3]}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
munmap(&(0x7f0000013000/0x1000)=nil, 0x1000)
r6 = ioctl$KVM_CREATE_VM(r5, 0x80111500, 0x20000000)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (async)
r10 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x29)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
r13 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
openat$kvm(0x3f, &(0x7f0000000040), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
close(r8) (async)
close(r8)
write$eventfd(r6, &(0x7f0000000000), 0xfffffdef) (async)
write$eventfd(r6, &(0x7f0000000000), 0xfffffdef)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)

1h1m3.681877835s ago: executing program 3 (id=35):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x30)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@hvc={0x32, 0x40, {0x84000015, [0xf6, 0x100, 0xffffffffffffffff, 0xee24, 0xfffffffffffeffff]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, 0xffffffffffffffff)

1h0m30.045920796s ago: executing program 3 (id=36):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)
ioctl$KVM_CREATE_VM(r1, 0x40086602, 0x20000000)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x180)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000040)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000000)=0x9})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f0000000240))
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1h0m17.198033876s ago: executing program 3 (id=37):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110000, 0x0})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000400)=@arm64_sys={0x603000000013c000, &(0x7f00000003c0)=0x3a5}) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x381900, 0x0) (async)
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x3d)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_VM(r9, 0x400454c9, 0x40)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x25)

59m29.799615132s ago: executing program 35 (id=37):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110000, 0x0})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000400)=@arm64_sys={0x603000000013c000, &(0x7f00000003c0)=0x3a5}) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x381900, 0x0) (async)
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x3d)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_VM(r9, 0x400454c9, 0x40)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x25)

43m2.898863068s ago: executing program 4 (id=132):
openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x90, &(0x7f0000000000)=0x10}) (async, rerun: 64)
close(0x3) (rerun: 64)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8902, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x69)

42m49.351302166s ago: executing program 4 (id=134):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3a)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000000)={0xf, 0x3})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000040)={0x9000, 0x18000})
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r0, 0x4010aeb5, &(0x7f0000000080)={0x1, 0x9c})
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f00000000c0)={0x37, 0x22})
ioctl$KVM_ARM_VCPU_FINALIZE(0xffffffffffffffff, 0x4004aec2, &(0x7f0000000100)=0x7)
r2 = eventfd2(0x740, 0x80001)
r3 = eventfd2(0xfffffff9, 0x0)
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000140)={r2, 0xfffffa80, 0x3, r3})
r4 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x3, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000001c0)={0x8, 0x8000}})
syz_kvm_vgic_v3_setup(r0, 0x3, 0x300)
ioctl$KVM_KVMCLOCK_CTRL(r1, 0xaead)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000300)=[{0x0, &(0x7f0000000240)=[@msr={0x14, 0x20, {0x603000000013de99, 0xb7}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x3e6}}, @irq_setup={0x46, 0x18, {0x4, 0x94}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x2, 0x1, 0xb87f}}], 0x88}], 0x1, 0x0, &(0x7f0000000340)=[@featur2={0x1, 0x10}], 0x1)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000380)={0x50000, 0x0, 0x1})
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x20)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_GET_API_VERSION(r5, 0xae00, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e46000/0x2000)=nil, r8, 0x2000008, 0x1010, r7, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000500)={0x0, &(0x7f00000003c0)=[@hvc={0x32, 0x40, {0x2000, [0x813, 0x101, 0x8, 0xffffffffffff0000, 0xffffffffffffffff]}}, @msr={0x14, 0x20, {0x603000000013deba, 0x8}}, @uexit={0x0, 0x18, 0x80000000}, @mrs={0xbe, 0x18, {0x603000000013c510}}, @smc={0x1e, 0x40, {0x84000001, [0x3, 0x4, 0x5, 0x400]}}, @msr={0x14, 0x20, {0x603000000013c020, 0x401}}, @mrs={0xbe, 0x18, {0x603000000013e533}}, @msr={0x14, 0x20, {0x603000000013f081, 0x9e}}, @mrs={0xbe, 0x18, {0x603000000013e6c6}}], 0x140}, &(0x7f0000000540)=[@featur2={0x1, 0x1}], 0x1)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x402, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x25)
syz_kvm_add_vcpu$arm64(r4, &(0x7f00000007c0)={0x0, &(0x7f00000005c0)=[@mrs={0xbe, 0x18, {0x603000000013807e}}, @svc={0x122, 0x40, {0x8400000e, [0x0, 0x1000, 0x5, 0xa0aa, 0x40]}}, @code={0xa, 0xe4, {"206485d20040b8f2610080d2820180d2e30180d2840180d2020000d4007008d5e07885d200e0b8f2010080d2820080d2430180d2040180d2020000d4606982d200a0b0f2810080d2820080d2030080d2a40080d2020000d400e980d20080b8f2010180d2c20080d2c30080d2040180d2020000d40008607c200085d20040b8f2a10080d2020080d2230080d2240080d2020000d4000008d580a68cd200e0b8f2410080d2a20180d2a30080d2640180d2020000d460f194d20080b0f2a10180d2820180d2e30080d2240080d2020000d4"}}, @mrs={0xbe, 0x18, {0x6030000000131a04}}, @svc={0x122, 0x40, {0x10800a116, [0x7, 0x9, 0x2, 0x4, 0x7f]}}, @smc={0x1e, 0x40, {0x80000000, [0x5, 0x3, 0x6, 0x15f3, 0x7]}}], 0x1d4}, &(0x7f0000000800)=[@featur2={0x1, 0x10}], 0x1)
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000840)={0x10200, 0x0, &(0x7f0000dc1000/0x1000)=nil})

42m33.244724071s ago: executing program 4 (id=136):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x200000080000)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x185000, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r12 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = ioctl$KVM_GET_STATS_FD_vm(r12, 0xaece)
write$eventfd(r14, &(0x7f0000000440)=0x7, 0x8)
syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x179}}, @irq_setup={0x46, 0x18, {0x4, 0x17f}}], 0x40}, 0x0, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r12, 0x4068aea3, &(0x7f00000002c0)={0xe4, 0x0, 0x8})
syz_kvm_vgic_v3_setup(r2, 0x1, 0x300)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000000)={0x8})

42m11.369257214s ago: executing program 4 (id=138):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x660c3, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r10, 0x3, 0x11, r9, 0x200000000000000) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r10, 0x1, 0x12, r4, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r11, 0x8, 0x13, r4, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r11, 0x1000001, 0x12, r4, 0x0) (async)
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000480)=[@code={0xa, 0xcc, {"0020000c007008d50000200d200287d20060b8f2810180d2620180d2a30180d2e40080d2020000d460f49ed20000b0f2c10180d2220080d2230180d2040080d2020000d4008008d500ae85d20060b0f2c10080d2220080d2230080d2640180d2020000d4604686d200a0b0f2c10080d2020080d2030080d2040180d2020000d4203c83d200e0b0f2610180d2e20080d2830080d2040180d2020000d480cd94d200e0b0f2a10180d2c20180d2a30080d2040080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x8, 0x2661e6bc, 0x3, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x1c, 0x1, 0x0, 0x10, 0x7fff, 0x7, 0x4}}, @eret={0xe6, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013e6cc}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x4, 0x1, 0x6, 0x101, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x4, 0xff, 0x2}}, @msr={0x14, 0x20, {0x603000000013d9e6, 0x6}}, @svc={0x122, 0x40, {0x80000000, [0x4, 0x1ff, 0x9, 0x7, 0x2f]}}], 0x204}, &(0x7f0000000200)=[@featur1={0x1, 0xa7}], 0x1) (async)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x30) (async)
r17 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x0)
r19 = syz_kvm_setup_syzos_vm$arm64(r18, &(0x7f0000c00000/0x400000)=nil)
r20 = syz_kvm_add_vcpu$arm64(r19, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r20, 0x4004ae8b, 0x0) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r16, 0x4010ae67, &(0x7f0000000000)={0x200000, 0x101000, 0x1}) (async)
syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)

41m37.702008662s ago: executing program 4 (id=140):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r2, 0x4208ae9b, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vm(r4, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x1}})
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r6, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r7, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="320000000000000040000000000000005000008400000000070000000000000009000000000000000800000000000000f8ffffffffffffff00010000000000005b984c7459dbe0079603bf068a842fe71f99f98e84a1a8ea0650cdca"], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x28)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r10=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x400454cb, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffe}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r14, 0xae80, 0x0)

41m24.046150263s ago: executing program 4 (id=142):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, 0xffffffffffffffff, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x145541, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f00005d2000/0x4000)=nil, 0x0, 0x1, 0x80010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00005e1000/0x3000)=nil, r4, 0x2000009, 0x213011, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r9 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x240)
syz_kvm_setup_cpu$arm64(r6, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0, 0x310}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x3, 0x0})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r11 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3)
ioctl$KVM_CREATE_GUEST_MEMFD(r10, 0xc040aed4, &(0x7f0000000000)={0x5, 0x9})
r12 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r11, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd940000c2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c8ad3e5952305abf0", 0x0, 0x48)

40m36.222867823s ago: executing program 36 (id=142):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, 0xffffffffffffffff, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x145541, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f00005d2000/0x4000)=nil, 0x0, 0x1, 0x80010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00005e1000/0x3000)=nil, r4, 0x2000009, 0x213011, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r9 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x240)
syz_kvm_setup_cpu$arm64(r6, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0, 0x310}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x3, 0x0})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r11 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3)
ioctl$KVM_CREATE_GUEST_MEMFD(r10, 0xc040aed4, &(0x7f0000000000)={0x5, 0x9})
r12 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r11, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd940000c2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c8ad3e5952305abf0", 0x0, 0x48)

30m18.247810429s ago: executing program 5 (id=195):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (rerun: 64)
openat$kvm(0x0, &(0x7f0000000080), 0x8081, 0x0) (async, rerun: 64)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (rerun: 64)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x40000000, [0xcba, 0x9, 0xabb1, 0x101, 0xd]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_GET_REGS(r4, 0x8360ae81, &(0x7f0000000580)) (async)
r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f00000004c0)=[@its_send_cmd={0xaa, 0x28, {0x0, 0x1, 0x3, 0x7, 0xd9, 0x80000001, 0x1}}, @mrs={0xbe, 0x18, {0xd228e46c7bc8ec76}}, @svc={0x122, 0x40, {0x84000052, [0x2, 0x7f, 0x9, 0x2, 0x86a7]}}, @uexit={0x0, 0x18, 0xffffffffffff2c00}], 0x98}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x31)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000680)={0x10000, 0x112000}) (async)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c029, &(0x7f00000000c0)=0x8}) (async, rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) (async, rerun: 64)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r12 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r11, 0x3, 0x11, r5, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
syz_kvm_assert_syzos_uexit$arm64(r12, 0xfffffffffffffffe)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_SET_GUEST_DEBUG_arm64(0xffffffffffffffff, 0x4208ae9b, &(0x7f0000000280)={0x1afb226fc03004d1, 0x0, {[0x2000000, 0x8000000000000000, 0x77, 0xf3a, 0xfffffffffffffff8, 0x4, 0x390, 0x80000001, 0x691c, 0xae5f, 0x1, 0x8, 0xb2, 0x7, 0x800, 0xfff], [0x8000000000000000, 0x1, 0x0, 0x1, 0x10000, 0x1, 0x3, 0xfffffffffffffff5, 0x8, 0x125, 0xff, 0x1, 0x8000000000000001, 0x9, 0xaa, 0xa], [0xbf7, 0xc77b, 0xffff, 0xd, 0x42, 0x7, 0x7, 0x6, 0x0, 0xfffffffffffffffd, 0x5, 0xf601, 0x81, 0x10, 0x5, 0x2], [0x3, 0x8, 0xfffffffffffffffb, 0x101, 0x7ff, 0x7fffffffffffffff, 0x4, 0x200, 0x7f, 0x1, 0x8, 0x5, 0x2, 0x0, 0x4, 0x1]}}) (async)
syz_kvm_assert_syzos_uexit$arm64(r12, 0xffffffffffffffff) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x38)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) (async, rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR_vm(r13, 0x8040aeb6, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) (rerun: 64)

30m5.63094142s ago: executing program 5 (id=197):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x80800, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x101fd, 0x2, 0xdddd1000, 0x1000, &(0x7f0000ecd000/0x1000)=nil})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x0)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r9 = mmap$KVM_VCPU(&(0x7f0000ee6000/0x1000)=nil, r8, 0xb, 0x11, r7, 0x40000)
syz_memcpy_off$KVM_EXIT_MMIO(r9, 0x20, &(0x7f0000000080)="173ea04e539f083b583a50e00fc16c4b72bd83875fa60766", 0x0, 0x18)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x6, 0x7fffffffffffffff, &(0x7f00000000c0)=0x5})
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur2={0x1, 0x20}], 0x1)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
r14 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r15 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r17, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140003, &(0x7f0000000000)=0x7})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000140)=0xffff})

29m50.529062181s ago: executing program 6 (id=198):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4}) (async)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
write$eventfd(r2, &(0x7f00000001c0)=0x9, 0x8)

29m45.981390999s ago: executing program 5 (id=199):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xeeef0000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0x8, 0x80800)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x21)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f00003db000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000100)={0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x8400000a, [0x1, 0x7, 0x9, 0x3, 0xffffffff00000003]}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x1d8}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0xb6}}, @eret={0xe6, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x2a7}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x1, 0x6, 0x9, 0x2}}, @smc={0x1e, 0x40, {0xc4000012, [0x8000000000000, 0xfffffffffffffff8, 0x3, 0x10001, 0x2]}}, @smc={0x1e, 0x40, {0x84000002, [0x9, 0x5, 0x6, 0x2, 0x4]}}, @uexit={0x0, 0x18, 0x1}, @svc={0x122, 0x40, {0x84000014, [0xffffffff, 0x9, 0x5, 0xc, 0x6]}}, @hvc={0x32, 0x40, {0x80, [0x27b6, 0x4, 0xd, 0x3, 0x293ab8fc]}}, @eret={0xe6, 0x18, 0x8}, @svc={0x122, 0x40, {0x80000002, [0x907, 0xd03b, 0x4, 0x100000001, 0x8]}}, @code={0xa, 0x84, {"000480b8a0f796d200e0b0f2a10180d2420180d2030080d2e40180d2020000d4007008d580c98ad20000b0f2610180d2c20180d2230180d2240180d2020000d4007008d5000028d50038207e007008d5007008d5e04385d20040b8f2a10080d2220180d2630080d2440080d2020000d4"}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x2d4}}, @svc={0x122, 0x40, {0x80003fff, [0x9, 0x5, 0xfffffffffffffffc, 0x80000001, 0x1]}}, @irq_setup={0x46, 0x18, {0x1, 0x1c1}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x8, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x16c}}, @code={0xa, 0x6c, {"0090805f0024c01a008008d50000403d008008d50008203840409dd200e0b8f2c10180d2420180d2430080d2640180d2020000d4a04a97d200e0b8f2010080d2620180d2e30180d2440180d2020000d4008008d50820601e"}}, @msr={0x14, 0x20, {0x603000000013deac, 0x100000001}}, @mrs={0xbe, 0x18, {0x603000000013df52}}, @msr={0x14, 0x20, {0x603000000013dea7, 0x1fc}}], 0x490}, &(0x7f0000000140)=[@featur2={0x1, 0xd3}], 0x1)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0x40086602, 0x110e227ffe)
ioctl$KVM_PPC_ALLOCATE_HTAB(r6, 0xc004aea7, &(0x7f0000000700)=0x1)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000800)={0x0, 0x0}, 0x0, 0x0)
r14 = syz_kvm_vgic_v3_setup(r13, 0x2, 0x80)
ioctl$KVM_GET_DEVICE_ATTR(r14, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x6, 0x3, 0x0})
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000840)=@arm64_sve={0x60800000001504a1, &(0x7f00000000c0)=0xca})
ioctl$KVM_CHECK_EXTENSION(r11, 0x40086602, 0x110e227ffe)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x48, 0xdddd1000, 0x0, r4})
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r15, 0xae03, 0xf5)

29m39.11690829s ago: executing program 6 (id=200):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) (async)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve={0x6080000000150377, 0x0}) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async)
r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df12, &(0x7f0000000000)=0x3}) (async)
ioctl$KVM_GET_MP_STATE(r5, 0x8004ae98, &(0x7f0000000140))

29m24.692063184s ago: executing program 6 (id=201):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x6}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r7 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0x10003, 0x0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

29m19.650127493s ago: executing program 5 (id=202):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce4, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x6)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r8, 0x400454ca, 0x110c230008)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x4, <r9=>0xffffffffffffffff, 0x2})
ioctl$KVM_CREATE_VM(r9, 0x894c, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x21)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
r13 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r12, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x5b7882, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x0, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xcb03, 0x0)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)

29m10.275851918s ago: executing program 6 (id=203):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x171681, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x0, {0x84000053, [0x1000009, 0x8000000000000001, 0xffffffffffffffff, 0x400, 0xfffffffffffff801]}}], 0xc7}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_GET_REGS(r4, 0x8360ae81, &(0x7f0000000580))
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100030, &(0x7f0000000000)=0x3ff})

29m3.592920352s ago: executing program 5 (id=204):
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x3, 0x100000, 0x1000, &(0x7f0000fd1000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x10000, 0x0, 0x100000, 0x1000, &(0x7f0000ec2000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_vgic_v3_setup(r1, 0x0, 0x120)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r6 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r7 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0x10000, 0x0, 0x100, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0x80086601, 0x1)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae03, 0xc3)
syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000003c0)=[{0x0, &(0x7f0000000240)=[@svc={0x122, 0x40, {0x84000052, [0x80000000, 0x4, 0x7fffffffffffffff, 0x0, 0x63]}}, @hvc={0x32, 0x40, {0x84000012, [0x9, 0x44a, 0x1, 0x0, 0x8075]}}, @hvc={0x32, 0x40, {0x80, [0x4d03, 0x9, 0xffffffff, 0x3, 0x5]}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x220, 0x2, 0x4}}, @eret={0xe6, 0x18, 0x1}, @hvc={0x32, 0x40, {0x200, [0x19, 0x7, 0x9, 0x0, 0x1]}}, @msr={0x14, 0x20, {0x603000000013df71}}], 0x168}], 0x1, 0x0, &(0x7f0000000400)=[@featur2={0x1, 0x3c}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)

28m59.068514888s ago: executing program 6 (id=205):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, 0xfffffffffffffffe)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f00000001c0)=[@smc={0x1e, 0x40, {0x32000000, [0xae9, 0x8, 0x8000000000000001, 0x0, 0x9]}}, @svc={0x122, 0x40, {0x84000002, [0xb651, 0x3, 0xf0b4, 0x5, 0x3]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0xe, 0xfffff001, 0xa, 0x2}}, @hvc={0x32, 0x40, {0x2000000, [0x3, 0x7, 0x0, 0x4, 0x7192]}}, @code={0xa, 0x84, {"808795d20020b0f2c10180d2220180d2c30180d2040080d2020000d400fc81d20060b0f2010080d2e20180d2230180d2a40180d2020000d4007008d500004069000028d50000709e208c87d200e0b0f2c10180d2820080d2a30080d2840180d2020000d4007008d5000008d50010206e"}}, @hvc={0x32, 0x40, {0xc5000021, [0x8001, 0x3, 0x101, 0x3, 0x7]}}, @eret={0xe6, 0x18, 0x7fffffff}, @hvc={0x32, 0x40, {0x84000011, [0x1, 0xfffffffffffffffe, 0x6, 0x100000001, 0x4c94]}}, @msr={0x14, 0x20, {0x26d3, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x5, 0x8}}, @eret={0xe6, 0x18, 0xa1}], 0x26c}, &(0x7f0000000100)=[@featur1={0x1, 0xa}], 0x1)
mmap$KVM_VCPU(&(0x7f000071c000/0x2000)=nil, r3, 0x8, 0x10010, r4, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000842000/0x1000)=nil, 0x930, 0x1000005, 0x5c1fd1b6164b3f1, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_REGS(0xffffffffffffffff, 0x8360ae81, &(0x7f0000000000))

28m49.649189718s ago: executing program 5 (id=206):
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0)
r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r2, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x21)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x32)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@uexit={0x0, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0xc, 0x8, 0xffffff01, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0x3a2}}, @smc={0x1e, 0x40, {0x108000018, [0x8, 0x5, 0x9, 0xe, 0x81]}}, @svc={0x122, 0x40, {0x8, [0x4, 0xf, 0x5, 0x2, 0x7fffffffffffffff]}}, @smc={0x1e, 0x40, {0x800, [0xff, 0x6bf5, 0x7ff, 0x4, 0x1]}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x16a}}, @hvc={0x32, 0x40, {0x1, [0xfffffffffffffffb, 0x2, 0x5, 0xb6, 0xffffffffffffffff]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xf, 0x5, 0x2}}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x8000, [0x42, 0x7d, 0x9, 0x1, 0x7fffffff]}}, @msr={0x14, 0x20, {0x603000000013e08b, 0x100}}, @hvc={0x32, 0x40, {0x80, [0x1, 0x1, 0x2, 0x8000000000000000, 0x3]}}, @smc={0x1e, 0x40, {0x4, [0x4, 0x401, 0xd7, 0x6, 0x3]}}, @smc={0x1e, 0x40, {0x80007fff, [0x1, 0x4, 0x2, 0x8001, 0x1]}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x26d}}, @hvc={0x32, 0x40, {0x0, [0x4, 0x1, 0x7fffffffffffffff, 0x7, 0x1]}}, @hvc={0x32, 0x40, {0x8, [0xbad, 0x6, 0x5, 0xfffffffffffffff9]}}, @svc={0x122, 0x40, {0x5000000, [0x100, 0x2, 0x7fffffff, 0x8, 0x1000]}}, @irq_setup={0x46, 0x18, {0x0, 0x2f5}}, @mrs={0xbe, 0x18, {0x603000000013e710}}, @code={0xa, 0x84, {"007008d5008008d560ca93d200a0b0f2c10080d2620080d2030080d2640180d2020000d400008092008008d5007008d5007008d5000028d5207d9ed20080b0f2c10180d2020080d2630080d2e40080d2020000d400c993d200a0b0f2610080d2e20180d2030180d2040080d2020000d4"}}, @memwrite={0x6e, 0x30, @generic={0xb000, 0x6f5, 0x3, 0x5}}], 0x4ac}, &(0x7f0000000540)=[@featur2={0x1, 0x19}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

28m43.569081292s ago: executing program 6 (id=207):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r3, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r3, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0, 0x40}], 0x1, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x3, 0x7c}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000000)=0x8090000})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r13 = syz_kvm_vgic_v3_setup(r6, 0x6, 0x60)
ioctl$KVM_GET_DEVICE_ATTR(r13, 0x4018aee2, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f00000000c0)})
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010004a, &(0x7f0000000000)=0x7f1})

28m3.389733748s ago: executing program 37 (id=206):
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0)
r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r2, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x21)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x32)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@uexit={0x0, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0xc, 0x8, 0xffffff01, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0x3a2}}, @smc={0x1e, 0x40, {0x108000018, [0x8, 0x5, 0x9, 0xe, 0x81]}}, @svc={0x122, 0x40, {0x8, [0x4, 0xf, 0x5, 0x2, 0x7fffffffffffffff]}}, @smc={0x1e, 0x40, {0x800, [0xff, 0x6bf5, 0x7ff, 0x4, 0x1]}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x16a}}, @hvc={0x32, 0x40, {0x1, [0xfffffffffffffffb, 0x2, 0x5, 0xb6, 0xffffffffffffffff]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xf, 0x5, 0x2}}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x8000, [0x42, 0x7d, 0x9, 0x1, 0x7fffffff]}}, @msr={0x14, 0x20, {0x603000000013e08b, 0x100}}, @hvc={0x32, 0x40, {0x80, [0x1, 0x1, 0x2, 0x8000000000000000, 0x3]}}, @smc={0x1e, 0x40, {0x4, [0x4, 0x401, 0xd7, 0x6, 0x3]}}, @smc={0x1e, 0x40, {0x80007fff, [0x1, 0x4, 0x2, 0x8001, 0x1]}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x26d}}, @hvc={0x32, 0x40, {0x0, [0x4, 0x1, 0x7fffffffffffffff, 0x7, 0x1]}}, @hvc={0x32, 0x40, {0x8, [0xbad, 0x6, 0x5, 0xfffffffffffffff9]}}, @svc={0x122, 0x40, {0x5000000, [0x100, 0x2, 0x7fffffff, 0x8, 0x1000]}}, @irq_setup={0x46, 0x18, {0x0, 0x2f5}}, @mrs={0xbe, 0x18, {0x603000000013e710}}, @code={0xa, 0x84, {"007008d5008008d560ca93d200a0b0f2c10080d2620080d2030080d2640180d2020000d400008092008008d5007008d5007008d5000028d5207d9ed20080b0f2c10180d2020080d2630080d2e40080d2020000d400c993d200a0b0f2610080d2e20180d2030180d2040080d2020000d4"}}, @memwrite={0x6e, 0x30, @generic={0xb000, 0x6f5, 0x3, 0x5}}], 0x4ac}, &(0x7f0000000540)=[@featur2={0x1, 0x19}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

27m54.426487894s ago: executing program 38 (id=207):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r3, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r3, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0, 0x40}], 0x1, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x3, 0x7c}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000000)=0x8090000})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r13 = syz_kvm_vgic_v3_setup(r6, 0x6, 0x60)
ioctl$KVM_GET_DEVICE_ATTR(r13, 0x4018aee2, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f00000000c0)})
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010004a, &(0x7f0000000000)=0x7f1})

18m33.338136027s ago: executing program 7 (id=216):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000180)=@arm64_sys={0x603000000013d801, &(0x7f0000000000)=0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0xfffffffffffffffd)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000140)={0x0, 0xa, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000040)={0x5})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x1, 0x810, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x3, 0x3ffffe, 0x1}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x57fd, 0x2}})
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000040)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x6030000000138002}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x10002, 0x6, 0x1, 0x2000, &(0x7f0000000000/0x2000)=nil})

18m25.486799014s ago: executing program 8 (id=217):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x101800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000700)={0x7})
syz_kvm_setup_cpu$arm64(r4, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f0000000400)=[@code={0xa, 0xcc, {"007008d5605a92d20080b0f2c10080d2620180d2430080d2040080d2020000d4c08584d200e0b0f2610080d2e20080d2230180d2640180d2020000d4801587d200c0b0f2810180d2620080d2830080d2040180d2020000d40000599e007008d5605680d20000b0f2e10080d2420080d2e30080d2e40180d2020000d4008f89d20080b8f2010080d2c20080d2a30180d2840180d2020000d40000002fa08180d200c0b8f2410080d2820180d2630180d2840080d2020000d4"}}, @svc={0x122, 0x40, {0xc4000005, [0x9, 0x7, 0x7, 0x473b6a2b, 0x2]}}, @msr={0x14, 0x20, {0x603000000013e102, 0xf}}, @eret={0xe6, 0x18, 0x8}, @code={0xa, 0x6c, {"007008d50050206e008008d5008008d50000403d601180d20040b8f2610180d2220080d2230180d2c40080d2020000d4008020c820ca88d200e0b8f2410180d2020180d2230080d2e40180d2020000d400a4200d007008d5"}}, @eret={0xe6, 0x18, 0x4}, @irq_setup={0x46, 0x18, {0x1, 0x9a}}, @smc={0x1e, 0x40, {0xc5000021, [0x6, 0x4, 0x5, 0x10001, 0x8]}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x30}}, @smc={0x1e, 0x40, {0x3000000, [0x6, 0x80000001, 0x9, 0x0, 0x8]}}, @uexit={0x0, 0x18, 0x400}, @hvc={0x32, 0x40, {0x7d00ff1c, [0x7fffffff, 0x5, 0x2, 0x4, 0x4]}}, @code={0xa, 0xb4, {"0054207e0020000d80af9bd20080b8f2010180d2e20080d2230180d2840180d2020000d4a03996d200a0b0f2c10080d2020080d2630180d2e40180d2020000d40080206e000028d500e4207e608294d200e0b0f2e10180d2420080d2a30080d2840080d2020000d4204a83d20040b0f2a10080d2a20080d2430080d2e40080d2020000d4800d98d20040b0f2c10180d2620080d2e30180d2e40180d2020000d4"}}, @hvc={0x32, 0x40, {0x84000052, [0x100, 0x5, 0x0, 0xf2, 0x3]}}, @msr={0x14, 0x20, {0x603000000013c2b1, 0x4}}, @svc={0x122, 0x40, {0x84000051, [0x0, 0x0, 0xfffffffffffffff1, 0x6689026c, 0x8]}}, @uexit={0x0, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x80, 0x1}}, @code={0xa, 0x9c, {"807c9ad200e0b0f2a10080d2420180d2230180d2240080d2020000d40020c09a20769ad200c0b0f2810180d2820080d2430180d2c40180d2020000d4030000d4e0f182d20020b0f2010080d2a20180d2a30180d2e40080d2020000d41004601e00a8210ee0c999d20040b8f2210080d2820080d2830180d2240180d2020000d4007008d5008008d5"}}, @code={0xa, 0xb4, {"80b59ad20080b0f2010080d2c20180d2830080d2a40080d2020000d460bc9fd20040b0f2610180d2220180d2c30080d2040180d2020000d4007008d5000008d5000028d5602e83d20040b8f2210080d2220180d2230080d2c40180d2020000d4007008d5408799d20080b8f2010080d2c20080d2c30180d2640180d2020000d40028201e200b86d20080b8f2410180d2020180d2830180d2440180d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013dee5, 0xbbf}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0xfffffffffffffff8, 0xc}}], 0x61c}], 0x1, 0x0, &(0x7f0000000080)=[@featur1={0x1, 0x4}], 0x1)
r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x4, 0x112}}, @msr={0x14, 0x20, {0x603000000013f088, 0x1}}, @msr={0x14, 0x20, {0x603000000013e722, 0x10000}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0xfc}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xc00, 0xd7a9, 0x8}}, @smc={0x1e, 0x40, {0x84000007, [0x8, 0x6, 0x8, 0x1ff, 0x1000]}}, @irq_setup={0x46, 0x18, {0x3, 0x1de}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x4, 0xb, 0x0, 0x1, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013c213}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x1, 0x8, 0x7, 0x5}}, @uexit={0x0, 0x18, 0x7}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1800, 0x3, 0x4}}, @uexit={0x0, 0x18, 0x3}, @smc={0x1e, 0x40, {0x4, [0x94e3, 0x3, 0x7, 0x4eb, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013f81c}}, @smc={0x1e, 0x40, {0xc4000001, [0x1c000000000, 0x1ff, 0xfffffffffffffffc, 0x3, 0x1000]}}, @irq_setup={0x46, 0x18, {0x4, 0x11e}}, @msr={0x14, 0x20, {0x603000000013c801, 0x10}}], 0x2a0}, &(0x7f0000000bc0)=[@featur2], 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c025, &(0x7f00000000c0)=0x6})

18m7.598286527s ago: executing program 7 (id=218):
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, 0xfffffffffffffffe)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000000)=0xfffffffa})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) (async)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, 0xfffffffffffffffe) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000000)=0xfffffffa}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async)

18m3.996219319s ago: executing program 8 (id=219):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r3, 0x4208ae9b, &(0x7f0000000240)={0x3, 0x0, {[0x729, 0x3, 0x7, 0xfffffffffffffffd, 0x4, 0xca, 0xc679, 0xff, 0x7fffffffffffffff, 0xd4b, 0xfffffffffffffffa, 0x6, 0x6, 0xc00000000000000, 0xffffffffffffffa8], [0x5000000000, 0x3, 0x7, 0x8, 0x7, 0x4, 0x1, 0x1, 0x100000001, 0x7ffffffc, 0x8001, 0x2, 0x1, 0x91f6, 0x0, 0x53], [0x80, 0xfffffffffffffff7, 0x7e, 0x0, 0x804e, 0x5f, 0x30000000000, 0x80, 0xe4, 0x7, 0x5, 0x80000001, 0x9, 0x35, 0x1, 0x1], [0x3, 0x6, 0x4, 0x2, 0x3, 0x100000000, 0x38000000, 0x8001, 0x6304, 0x8, 0x6, 0x2, 0x8, 0xf15, 0x0, 0xf]}}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

17m47.95140872s ago: executing program 8 (id=220):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = ioctl$KVM_CREATE_VM(r2, 0x894c, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x5, &(0x7f0000000000)=0x9})
ioctl$KVM_CREATE_VCPU(r3, 0x8004b707, 0x0)

17m47.060192146s ago: executing program 7 (id=221):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x22)
ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x5, 0x9, &(0x7f0000000000)=0x10001})
r1 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x7)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000080)={0xe4, 0x0, 0x8})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r1, 0xff, 0x3, r1})
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bff000/0x400000)=nil)
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x6, 0x7fff, &(0x7f0000000140)=0x1})
ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x7)
syz_kvm_setup_cpu$arm64(r4, r1, &(0x7f0000bfd000/0x400000)=nil, &(0x7f00000003c0)=[{0x0, &(0x7f00000001c0)=[@its_setup={0x82, 0x28, {0x2, 0x2, 0x26}}, @msr={0x14, 0x20, {0x603000000013808c, 0x2}}, @code={0xa, 0x6c, {"1820601e0010805f00004048000008d5607996d200c0b8f2010180d2820180d2430080d2e40180d2020000d40088207e00f8a12e002c200e0000709e209299d200e0b0f2a10180d2020080d2a30180d2440180d2020000d4"}}, @smc={0x1e, 0x40, {0x80003fff, [0x1, 0xff, 0x3, 0x0, 0x10]}}, @eret={0xe6, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x2, 0x3, 0xf, 0x80000001, 0x3}}, @svc={0x122, 0x40, {0x8400000a, [0x0, 0x8, 0x1, 0x3, 0x7fff]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xa0, 0x4, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013e658}}, @hvc={0x32, 0x40, {0x8400000d, [0xa000000000000000, 0xffffffff, 0x7eb, 0x3, 0x101]}}], 0x1fc}], 0x1, 0x0, &(0x7f0000000400)=[@featur2={0x1, 0x44}], 0x1)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000b8d000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000900)={0x0, &(0x7f0000000440)=[@mrs={0xbe, 0x18}, @msr={0x14, 0x20, {0x603000000013e660, 0x6}}, @svc={0x122, 0x40, {0x7200100d, [0x84, 0x1000000000, 0x6, 0x5, 0x98]}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x2b}}, @irq_setup={0x46, 0x18, {0x2, 0xd}}, @msr={0x14, 0x20, {0x0, 0x8}}, @eret={0xe6, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0xf, 0x1, 0x8, 0x3}}, @smc={0x1e, 0x40, {0x1000000, [0x4, 0x6, 0x6, 0x8, 0xf3]}}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0x6, 0x48, 0x2, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013c017}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x1, 0xc, 0x8, 0x2, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x190}}, @code={0xa, 0x6c, {"007008d5007008d5a00289d20080b0f2010080d2820080d2a30080d2a40080d2020000d4000008d500000038000000f8007008d5405f8ad20060b8f2c10180d2620080d2830180d2640080d2020000d400a4202e000008d5"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x80000001, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x1, 0x7, 0x9, 0x0, 0x1}}, @eret={0xe6, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013e6c0}}, @svc={0x122, 0x40, {0x84000009, [0x3ab, 0x4, 0xfffffffffffffe00, 0xfffffff000000000, 0x10]}}, @uexit={0x0, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x3, 0x361}}, @mrs={0xbe, 0x18, {0x603000000013a038}}, @msr={0x14, 0x20, {0x603000000013df7f, 0x3938}}, @msr={0x14, 0x20, {0x603000000013a78c, 0x3}}, @memwrite={0x6e, 0x30, @generic={0x0, 0x4ed, 0x6b, 0x203bf619f37f225b}}, @mrs={0xbe, 0x18, {0x603000000013df4e}}, @eret={0xe6, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x3, 0x123}}, @svc={0x122, 0x40, {0xc4000014, [0x3, 0x4b1e, 0x31a, 0x9, 0x9]}}, @svc={0x122, 0x40, {0x80000000, [0x2, 0xe, 0x7, 0x0, 0xee]}}], 0x4b4}, &(0x7f0000000940)=[@featur2={0x1, 0x34}], 0x1)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000980)=0x8)
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000a00)=@attr_other={0x0, 0x5, 0x8, &(0x7f00000009c0)=0xfffffffffffffffb})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1d)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r6, 0x4018aee3, &(0x7f0000000a80)=@attr_other={0x0, 0x5, 0x4, &(0x7f0000000a40)=0xf5})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000ac0)={0x1ff, 0x0, 0xffff1000, 0x1000, &(0x7f0000e15000/0x1000)=nil})
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x22)
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000b00)={r1, 0x40, 0x0, r1})
r8 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x40)
ioctl$KVM_CAP_ARM_USER_IRQ(r8, 0x4068aea3, &(0x7f0000000b40))
r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000bc0)={r1, 0x1000, 0x1, r1})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c00), 0x400, 0x0)
r10 = ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_vgic_v3_setup(r10, 0x2, 0xc0)

17m31.802090326s ago: executing program 7 (id=222):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000380)={0x9})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @memwrite={0x6e, 0x30, @generic={0x8000000, 0x9b6, 0x101, 0x1}}], 0x58}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000008, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_GET_SREGS(r9, 0x8000ae83, &(0x7f0000000500))
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000000000)={0xb6, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r7, 0x4018aee3, &(0x7f0000000240)=@attr_pmu_init)

17m30.273461268s ago: executing program 8 (id=223):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x603000000010000c, &(0x7f0000000100)=0xc5c5}) (async)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION2(r6, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0xa600000000000000, r7}) (async)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9) (async)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
mmap$KVM_VCPU(&(0x7f0000006000/0x4000)=nil, r10, 0xb, 0x12, r8, 0x0) (async, rerun: 64)
r11 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async, rerun: 64)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f00000002c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f00000000c0)=0x4})
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r13, 0x4010aeb5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)

17m6.995986193s ago: executing program 8 (id=224):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x400000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x90)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x22a142, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000140)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x6, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013804d}}, @mrs={0xbe, 0x18, {0x603000000013c647}}, @smc={0x1e, 0x40, {0x86000000, [0x200, 0x8001, 0x800000001, 0x2, 0xbbf4]}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ca}}, @code={0xa, 0x9c, {"c03583d20060b0f2e10080d2020080d2430080d2640180d2020000d40080800d00e4a02ec0e898d200e0b0f2410180d2820080d2030180d2240180d2020000d480e686d20060b0f2e10180d2e20080d2e30080d2440080d2020000d4e0f883d20080b0f2a10080d2820180d2830180d2c40080d2020000d4000020cb007008d500b4207e008008d5"}}], 0x164}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x4, 0x100)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x50)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r14, 0x0)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r15, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r16, 0x8, 0x4010, r5, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r16, 0x1000001, 0x12, r5, 0x0)
r17 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x204000, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r17, 0xae04)

17m4.379922462s ago: executing program 7 (id=225):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3a)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000240)={0x3, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

16m48.716145314s ago: executing program 8 (id=226):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r1, 0x7000005, 0x11, r2, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil}) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20000000021) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x120}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r12, 0x3, 0x11, r11, 0x0) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0xfffffffffffffffd)

16m48.288254004s ago: executing program 7 (id=227):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r3, 0xc018aec0, &(0x7f00000000c0)={0x1})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@svc={0x122, 0x40, {0x2000000, [0x66, 0x6, 0x4, 0x1, 0x2c01fa2e]}}, @uexit={0x0, 0x18}, @mrs={0xbe, 0x18, {0x60300000001383c6}}, @code={0xa, 0x84, {"000008d5208685d20060b0f2e10180d2e20080d2230180d2c40180d2020000d4007008d5007008d520f796d20000b0f2410080d2020180d2a30180d2e40080d2020000d4809783d200a0b8f2a10180d2420080d2230080d2640180d2020000d4005cc09a0000206e0000c09b008008d5"}}, @uexit={0x0, 0x18}, @eret={0xe6, 0x18}, @smc={0x1e, 0x40, {0xc4000012, [0x3, 0x35f, 0x8001, 0xb4f, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x1, 0x7, 0x0, 0x7, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013c2ab}}, @msr={0x14, 0x20, {0x0, 0x8}}, @smc={0x1e, 0x40, {0x84000012, [0x9, 0x8001, 0x7, 0x7, 0xe]}}, @its_send_cmd={0xaa, 0x28, {0x322557280b5d8b3b, 0x1, 0x2, 0xf, 0xf1f, 0xd, 0x3}}, @eret={0xe6, 0x18, 0x2}, @hvc={0x32, 0x40, {0x5000000, [0xffffffffffffff12, 0xe6, 0xe, 0x0, 0xfffffffffffff522]}}, @hvc={0x32, 0x40, {0x80000000, [0x0, 0x9, 0x6, 0xa0ae, 0xfff]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x1bc}}, @hvc={0x32, 0x40, {0x84000007, [0x0, 0xb, 0x1, 0x8]}}, @eret={0xe6, 0x18, 0x1f8}, @memwrite={0x6e, 0x30, @generic={0x7000, 0xb1e, 0x7, 0x8}}, @hvc={0x32, 0x40, {0x31000000, [0xf, 0x4, 0x7, 0x6, 0x6000]}}, @svc={0x122, 0x40, {0x80, [0x6, 0x5, 0x6, 0x8]}}, @irq_setup={0x46, 0x18, {0x4, 0x97}}, @hvc={0x32, 0x40, {0x3000000, [0x1, 0x1, 0xff, 0xa, 0x7]}}], 0x44c}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ea7000/0x3000)=nil, 0x0, 0xe, 0x40010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x88)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000001c0)="b3605637cea84073e0f8bd9e1ead5113e549353c7337639e3d492a97e4ba98d3efe60ba76a0bf28683158813832443901070d2ce4d9e944d35b24441430bd5ec95d37a6178ece905", 0x0, 0x48)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r12, 0x4010ae68, 0x0)
syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000000000002000000000000000002080d2a0bbbbf21f0042f9c0035fd6753eab60662a44d218f8bb6314566592cb188d09a5829cc4c329b971285c9172d6fab55b813a3148e2c3897fbd9cb23f15ac3fa5fea0f56d5088ea002e48c19375b171594d3e6bc12f3bf6b061736ed012928ed9b178eb7a1058ea01d1967efd7bf638fd3b51d720b47a170213046e347b259bae8af67850357f67a7729ec861f01c3a5f4dc6644ea77b7476f258e6f5d1"], 0x20}], 0x1, 0x0, 0x0, 0x0)

16m0.462097542s ago: executing program 39 (id=226):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r1, 0x7000005, 0x11, r2, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil}) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20000000021) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x120}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r12, 0x3, 0x11, r11, 0x0) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0xfffffffffffffffd)

15m54.538867154s ago: executing program 40 (id=227):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r3, 0xc018aec0, &(0x7f00000000c0)={0x1})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@svc={0x122, 0x40, {0x2000000, [0x66, 0x6, 0x4, 0x1, 0x2c01fa2e]}}, @uexit={0x0, 0x18}, @mrs={0xbe, 0x18, {0x60300000001383c6}}, @code={0xa, 0x84, {"000008d5208685d20060b0f2e10180d2e20080d2230180d2c40180d2020000d4007008d5007008d520f796d20000b0f2410080d2020180d2a30180d2e40080d2020000d4809783d200a0b8f2a10180d2420080d2230080d2640180d2020000d4005cc09a0000206e0000c09b008008d5"}}, @uexit={0x0, 0x18}, @eret={0xe6, 0x18}, @smc={0x1e, 0x40, {0xc4000012, [0x3, 0x35f, 0x8001, 0xb4f, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x1, 0x7, 0x0, 0x7, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013c2ab}}, @msr={0x14, 0x20, {0x0, 0x8}}, @smc={0x1e, 0x40, {0x84000012, [0x9, 0x8001, 0x7, 0x7, 0xe]}}, @its_send_cmd={0xaa, 0x28, {0x322557280b5d8b3b, 0x1, 0x2, 0xf, 0xf1f, 0xd, 0x3}}, @eret={0xe6, 0x18, 0x2}, @hvc={0x32, 0x40, {0x5000000, [0xffffffffffffff12, 0xe6, 0xe, 0x0, 0xfffffffffffff522]}}, @hvc={0x32, 0x40, {0x80000000, [0x0, 0x9, 0x6, 0xa0ae, 0xfff]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x1bc}}, @hvc={0x32, 0x40, {0x84000007, [0x0, 0xb, 0x1, 0x8]}}, @eret={0xe6, 0x18, 0x1f8}, @memwrite={0x6e, 0x30, @generic={0x7000, 0xb1e, 0x7, 0x8}}, @hvc={0x32, 0x40, {0x31000000, [0xf, 0x4, 0x7, 0x6, 0x6000]}}, @svc={0x122, 0x40, {0x80, [0x6, 0x5, 0x6, 0x8]}}, @irq_setup={0x46, 0x18, {0x4, 0x97}}, @hvc={0x32, 0x40, {0x3000000, [0x1, 0x1, 0xff, 0xa, 0x7]}}], 0x44c}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ea7000/0x3000)=nil, 0x0, 0xe, 0x40010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x88)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000001c0)="b3605637cea84073e0f8bd9e1ead5113e549353c7337639e3d492a97e4ba98d3efe60ba76a0bf28683158813832443901070d2ce4d9e944d35b24441430bd5ec95d37a6178ece905", 0x0, 0x48)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r12, 0x4010ae68, 0x0)
syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000000000002000000000000000002080d2a0bbbbf21f0042f9c0035fd6753eab60662a44d218f8bb6314566592cb188d09a5829cc4c329b971285c9172d6fab55b813a3148e2c3897fbd9cb23f15ac3fa5fea0f56d5088ea002e48c19375b171594d3e6bc12f3bf6b061736ed012928ed9b178eb7a1058ea01d1967efd7bf638fd3b51d720b47a170213046e347b259bae8af67850357f67a7729ec861f01c3a5f4dc6644ea77b7476f258e6f5d1"], 0x20}], 0x1, 0x0, 0x0, 0x0)

2m47.749862078s ago: executing program 9 (id=247):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (rerun: 64)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000680)=[@its_setup={0x82, 0x28, {0x3, 0x0, 0x16f}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x8, 0x8, 0x100}}], 0x50}, 0x0, 0x0) (async, rerun: 64)
syz_kvm_vgic_v3_setup(r1, 0x4, 0x220) (rerun: 64)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x2}}], 0x50}, 0x0, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async, rerun: 32)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) (rerun: 32)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef00000000fcffffffffffff1bf3a3b292e50d9600020000000100000003000000000000000400000000000000320000000000000040000000000000005200008400"], 0x80}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xc6)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000d19000/0x1000)=nil, 0x1000)

2m36.686417554s ago: executing program 0 (id=248):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r2, 0xc018aec0, &(0x7f0000000000)={0x10003, 0x3c0, 0x380, 0x0})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2c0800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x29)
ioctl$KVM_GET_SREGS(0xffffffffffffffff, 0x8000ae83, &(0x7f0000000280))
r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x3})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x17)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2e)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000100)={0x4})
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f00000000c0)={0x4})
r13 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x6243, 0x1}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
r14 = ioctl$KVM_CREATE_VM(r7, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r14, 0x5760, 0x2000001c)
ioctl$KVM_SET_USER_MEMORY_REGION2(r3, 0x40a0ae49, &(0x7f0000000180)={0x5, 0x4, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000, r6})

2m27.580454618s ago: executing program 9 (id=249):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x40000000, 0x80000)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001340)={0x0, 0x0, 0x2, r2, 0x3})
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000040)={0x9, 0xc7ad})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
close(r1)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x18)
r4 = eventfd2(0x0, 0x80800)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r7, 0x4018aee3, &(0x7f0000000180)=@attr_arm64={0x0, 0x4, 0x2, &(0x7f0000000080)=0xd450})
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x3, 0x2, r2})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x5, 0x0, 0x0, r2, 0xa})

2m10.706716641s ago: executing program 0 (id=250):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x65c585, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r12, 0x3, 0x11, r11, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r12, 0x1, 0x12, r6, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r13, 0x8, 0x13, r6, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r13, 0x1000001, 0x12, r6, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r14, 0x3, 0x11, r5, 0x0)

2m4.269345696s ago: executing program 9 (id=251):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000000)=@x86={0x1, 0xfe, 0x9, 0x0, 0xe2, 0xf0, 0x5, 0x56, 0x4, 0x9, 0xff, 0xc, 0x0, 0x0, 0x8, 0x1, 0x7f, 0xc, 0x0, '\x00', 0xd4, 0x3}) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xef) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0x40086602, 0x110e227ffe) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r8 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r10 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x29)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r13, 0x2, 0x11, r12, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) (async)
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r15, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r16, 0x3, 0x11, r14, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r14, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r7, 0x40086602, 0x110e227ffe)

1m50.030262912s ago: executing program 0 (id=252):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x2000006, 0x13, r3, 0x0)
r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160003, &(0x7f0000000000)=0x7})
openat$kvm(0x0, &(0x7f0000000140), 0x86000, 0x0)

1m40.5004255s ago: executing program 9 (id=253):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
r5 = eventfd2(0x0, 0x0)
close(r5)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000002, 0x13, r5, 0x0)
write$eventfd(r5, &(0x7f0000000180)=0x5, 0xfffffde3)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(r7, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x13, r8, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc0602, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
close(0x5)

1m30.876547778s ago: executing program 0 (id=254):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m21.068348875s ago: executing program 9 (id=255):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f00000001c0)=0x1, 0x11)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x3)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x0, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
write$eventfd(r5, &(0x7f00000001c0)=0x9, 0x1d)

1m5.564472586s ago: executing program 0 (id=256):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x10)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0xe32, 0x3})
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xc0189436, 0x172)

59.810457485s ago: executing program 9 (id=257):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xa)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r3 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x0, &(0x7f00000002c0)=0x2c172c22}) (async)
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x29) (async)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) (async)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000100)={0x4}) (async)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000140)={0x4, <r16=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r16, 0x894c, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, r11, 0x0, 0x11, r10, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000e7d000/0x4000)=nil, r11, 0x1, 0x30, r9, 0x0)

50.617849595s ago: executing program 0 (id=258):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xd, 0x5, 0xb, 0x0, 0x2, 0x6, 0x6, 0x9, 0x8, 0x89, 0x6, 0x2, 0x0, 0x6, 0x6, 0xe2, 0x3, 0x29, 0x0, '\x00', 0x10, 0x6})
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x2, <r5=>0xffffffffffffffff, 0x1})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x25)
ioctl$KVM_CAP_ARM_MTE(r7, 0x4068aea3, &(0x7f00000000c0)={0xf5})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2b)
write$eventfd(r5, &(0x7f00000001c0), 0xe80)

12.92670869s ago: executing program 41 (id=257):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xa)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r3 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x0, &(0x7f00000002c0)=0x2c172c22}) (async)
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x29) (async)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) (async)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000100)={0x4}) (async)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000140)={0x4, <r16=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r16, 0x894c, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, r11, 0x0, 0x11, r10, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000e7d000/0x4000)=nil, r11, 0x1, 0x30, r9, 0x0)

0s ago: executing program 42 (id=258):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xd, 0x5, 0xb, 0x0, 0x2, 0x6, 0x6, 0x9, 0x8, 0x89, 0x6, 0x2, 0x0, 0x6, 0x6, 0xe2, 0x3, 0x29, 0x0, '\x00', 0x10, 0x6})
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x2, <r5=>0xffffffffffffffff, 0x1})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x25)
ioctl$KVM_CAP_ARM_MTE(r7, 0x4068aea3, &(0x7f00000000c0)={0xf5})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2b)
write$eventfd(r5, &(0x7f00000001c0), 0xe80)

kernel console output (not intermixed with test programs):

[  378.433093][ T3166] 8021q: adding VLAN 0 to HW filter on device bond0
[  427.147207][ T3166] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:57429' (ED25519) to the list of known hosts.
[  586.404089][   T25] audit: type=1400 audit(585.620:61): avc:  denied  { name_bind } for  pid=3316 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  587.349415][   T25] audit: type=1400 audit(586.550:62): avc:  denied  { execute } for  pid=3317 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  587.367481][   T25] audit: type=1400 audit(586.590:63): avc:  denied  { execute_no_trans } for  pid=3317 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  610.300434][   T25] audit: type=1400 audit(609.520:64): avc:  denied  { mounton } for  pid=3317 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  610.360494][   T25] audit: type=1400 audit(609.580:65): avc:  denied  { mount } for  pid=3317 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  610.452203][ T3317] cgroup: Unknown subsys name 'net'
[  610.523519][   T25] audit: type=1400 audit(609.750:66): avc:  denied  { unmount } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  611.027720][ T3317] cgroup: Unknown subsys name 'cpuset'
[  611.160977][ T3317] cgroup: Unknown subsys name 'rlimit'
[  612.117611][   T25] audit: type=1400 audit(611.340:67): avc:  denied  { setattr } for  pid=3317 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  612.144765][   T25] audit: type=1400 audit(611.360:68): avc:  denied  { mounton } for  pid=3317 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  612.160331][   T25] audit: type=1400 audit(611.380:69): avc:  denied  { mount } for  pid=3317 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  613.221525][ T3321] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  613.241379][   T25] audit: type=1400 audit(612.460:70): avc:  denied  { relabelto } for  pid=3321 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  613.265630][   T25] audit: type=1400 audit(612.490:71): avc:  denied  { write } for  pid=3321 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  613.438130][   T25] audit: type=1400 audit(612.660:72): avc:  denied  { read } for  pid=3317 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  613.475275][   T25] audit: type=1400 audit(612.680:73): avc:  denied  { open } for  pid=3317 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  613.506543][ T3317] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  664.801104][   T25] audit: type=1400 audit(664.000:74): avc:  denied  { execmem } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  669.154296][   T25] audit: type=1400 audit(668.380:75): avc:  denied  { read } for  pid=3324 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  669.188032][   T25] audit: type=1400 audit(668.410:76): avc:  denied  { open } for  pid=3324 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  669.280003][   T25] audit: type=1400 audit(668.490:77): avc:  denied  { mounton } for  pid=3324 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  669.597664][   T25] audit: type=1400 audit(668.790:78): avc:  denied  { module_request } for  pid=3324 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  670.527497][   T25] audit: type=1400 audit(669.750:79): avc:  denied  { sys_module } for  pid=3325 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  692.181522][ T3325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  692.422090][ T3325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  692.484029][ T3324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  692.751434][ T3324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  708.625424][ T3325] hsr_slave_0: entered promiscuous mode
[  708.660830][ T3325] hsr_slave_1: entered promiscuous mode
[  709.494684][ T3324] hsr_slave_0: entered promiscuous mode
[  709.525238][ T3324] hsr_slave_1: entered promiscuous mode
[  709.564022][ T3324] debugfs: 'hsr0' already exists in 'hsr'
[  709.572683][ T3324] Cannot create hsr debugfs directory
[  714.992391][   T25] audit: type=1400 audit(714.210:80): avc:  denied  { create } for  pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  715.053469][   T25] audit: type=1400 audit(714.230:81): avc:  denied  { write } for  pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  715.122208][   T25] audit: type=1400 audit(714.290:82): avc:  denied  { read } for  pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  715.227735][ T3325] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  715.537349][ T3325] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  715.857511][ T3325] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  716.295343][ T3325] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  717.747837][ T3324] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  717.960988][ T3324] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  718.136796][ T3324] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  718.313679][ T3324] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  729.724375][ T3325] 8021q: adding VLAN 0 to HW filter on device bond0
[  731.823281][ T3324] 8021q: adding VLAN 0 to HW filter on device bond0
[  787.295454][ T3325] veth0_vlan: entered promiscuous mode
[  787.804270][ T3325] veth1_vlan: entered promiscuous mode
[  789.722412][ T3324] veth0_vlan: entered promiscuous mode
[  790.047519][ T3325] veth0_macvtap: entered promiscuous mode
[  790.472775][ T3324] veth1_vlan: entered promiscuous mode
[  790.544753][ T3325] veth1_macvtap: entered promiscuous mode
[  793.035240][ T3324] veth0_macvtap: entered promiscuous mode
[  793.091852][ T3296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  793.161813][ T3296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  793.165796][ T3296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  793.179709][ T3296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  793.482088][ T3324] veth1_macvtap: entered promiscuous mode
[  795.471529][   T25] audit: type=1400 audit(794.680:83): avc:  denied  { mount } for  pid=3325 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  795.781822][   T25] audit: type=1400 audit(795.000:84): avc:  denied  { mounton } for  pid=3325 comm="syz-executor" path="/syzkaller.oXrjfO/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  795.991020][   T25] audit: type=1400 audit(795.210:85): avc:  denied  { mount } for  pid=3325 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  796.466304][ T3296] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  796.474940][   T25] audit: type=1400 audit(795.670:86): avc:  denied  { mounton } for  pid=3325 comm="syz-executor" path="/syzkaller.oXrjfO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  796.486397][ T3296] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  796.535092][   T52] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  796.551814][   T52] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  796.636771][   T25] audit: type=1400 audit(795.860:87): avc:  denied  { mounton } for  pid=3325 comm="syz-executor" path="/syzkaller.oXrjfO/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  797.213578][   T25] audit: type=1400 audit(796.440:88): avc:  denied  { unmount } for  pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  797.545480][   T25] audit: type=1400 audit(796.770:89): avc:  denied  { mounton } for  pid=3325 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  797.726719][   T25] audit: type=1400 audit(796.950:90): avc:  denied  { mount } for  pid=3325 comm="syz-executor" name="/" dev="gadgetfs" ino=3770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  798.154437][   T25] audit: type=1400 audit(797.380:91): avc:  denied  { mount } for  pid=3325 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  798.197844][   T25] audit: type=1400 audit(797.420:92): avc:  denied  { mounton } for  pid=3325 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  799.268002][ T3325] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  808.891082][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  808.903779][   T25] audit: type=1400 audit(808.100:97): avc:  denied  { read } for  pid=3481 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  809.030563][   T25] audit: type=1400 audit(808.250:98): avc:  denied  { open } for  pid=3481 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  809.387246][   T25] audit: type=1400 audit(808.610:99): avc:  denied  { ioctl } for  pid=3481 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0x5820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  847.714397][   T25] audit: type=1400 audit(846.940:100): avc:  denied  { append } for  pid=3506 comm="syz.1.9" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  847.951583][   T25] audit: type=1400 audit(847.170:101): avc:  denied  { execute } for  pid=3506 comm="syz.1.9" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4299 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  908.024000][   T21] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.947072][   T21] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.982889][   T21] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  910.815273][   T21] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  922.627494][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  922.723946][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  922.780531][   T21] bond0 (unregistering): Released all slaves
[  924.281720][   T21] hsr_slave_0: left promiscuous mode
[  924.342268][   T21] hsr_slave_1: left promiscuous mode
[  924.607993][   T21] veth1_macvtap: left promiscuous mode
[  924.631454][   T21] veth0_macvtap: left promiscuous mode
[  924.650869][   T21] veth1_vlan: left promiscuous mode
[  924.662659][   T21] veth0_vlan: left promiscuous mode
[  943.361896][   T21] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  944.652940][   T21] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  945.980813][   T21] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  947.265765][   T21] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  963.465870][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  963.650838][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  963.771642][   T21] bond0 (unregistering): Released all slaves
[  964.706729][   T21] hsr_slave_0: left promiscuous mode
[  964.751226][   T21] hsr_slave_1: left promiscuous mode
[  965.137213][   T21] veth1_macvtap: left promiscuous mode
[  965.161180][   T21] veth0_macvtap: left promiscuous mode
[  965.183871][   T21] veth1_vlan: left promiscuous mode
[  965.190239][   T21] veth0_vlan: left promiscuous mode
[  987.713313][ T3512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  987.907036][ T3512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  994.457139][ T3516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  994.614885][ T3516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1007.161278][ T3512] hsr_slave_0: entered promiscuous mode
[ 1007.261859][ T3512] hsr_slave_1: entered promiscuous mode
[ 1016.705417][ T3516] hsr_slave_0: entered promiscuous mode
[ 1016.785294][ T3516] hsr_slave_1: entered promiscuous mode
[ 1016.822179][ T3516] debugfs: 'hsr0' already exists in 'hsr'
[ 1016.825282][ T3516] Cannot create hsr debugfs directory
[ 1022.821933][ T3512] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1023.389637][ T3512] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1023.799728][ T3512] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1023.967372][ T3512] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1030.913917][ T3516] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1031.234725][ T3516] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1031.507175][ T3516] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1031.805901][ T3516] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1046.145898][ T3512] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1052.653461][ T3516] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1133.523878][ T3512] veth0_vlan: entered promiscuous mode
[ 1134.444097][ T3512] veth1_vlan: entered promiscuous mode
[ 1137.714544][ T3512] veth0_macvtap: entered promiscuous mode
[ 1138.223472][ T3512] veth1_macvtap: entered promiscuous mode
[ 1141.922236][ T3516] veth0_vlan: entered promiscuous mode
[ 1143.462898][   T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1143.467223][   T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1143.660828][   T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1143.690409][   T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1143.952311][ T3516] veth1_vlan: entered promiscuous mode
[ 1149.944889][ T3516] veth0_macvtap: entered promiscuous mode
[ 1150.662633][ T3516] veth1_macvtap: entered promiscuous mode
[ 1154.544016][ T2132] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.731656][ T3373] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.745432][ T3373] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.824251][ T3373] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.020836][   T25] audit: type=1400 audit(1189.210:102): avc:  denied  { write } for  pid=3758 comm="syz.2.14" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1285.792308][ T3725] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1288.432789][ T3725] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1290.500658][ T3725] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1292.334862][ T3725] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1319.083450][ T3725] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1319.573329][ T3725] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1319.926871][ T3725] bond0 (unregistering): Released all slaves
[ 1323.186042][ T3725] hsr_slave_0: left promiscuous mode
[ 1323.334085][ T3725] hsr_slave_1: left promiscuous mode
[ 1324.251131][ T3725] veth1_macvtap: left promiscuous mode
[ 1324.267059][ T3725] veth0_macvtap: left promiscuous mode
[ 1324.311611][ T3725] veth1_vlan: left promiscuous mode
[ 1324.334966][ T3725] veth0_vlan: left promiscuous mode
[ 1350.667769][ T3845] kvm [3844]: Unsupported guest access at: eeef0000
[ 1350.667769][ T3845]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 1351.373291][ T3845] kvm [3845]: Failed to find VMA for hva 0x20d8d000
[ 1389.370386][   T25] audit: type=1400 audit(1388.570:103): avc:  denied  { setattr } for  pid=3867 comm="syz.3.28" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1414.676014][ T3809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1415.050719][ T3809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1451.987089][ T3809] hsr_slave_0: entered promiscuous mode
[ 1452.144195][ T3809] hsr_slave_1: entered promiscuous mode
[ 1470.844828][ T3809] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1471.316263][ T3809] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1471.810175][ T3809] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1472.277439][ T3809] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1505.155818][ T3809] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1602.367089][ T3725] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1604.035713][ T3725] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1605.437314][ T3725] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1607.254246][ T3725] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1628.390678][ T3725] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1628.926069][ T3725] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1629.295583][ T3725] bond0 (unregistering): Released all slaves
[ 1631.752676][ T3725] hsr_slave_0: left promiscuous mode
[ 1631.853943][ T3725] hsr_slave_1: left promiscuous mode
[ 1632.513768][ T3725] veth1_macvtap: left promiscuous mode
[ 1632.539833][ T3725] veth0_macvtap: left promiscuous mode
[ 1632.552991][ T3725] veth1_vlan: left promiscuous mode
[ 1632.576327][ T3725] veth0_vlan: left promiscuous mode
[ 1662.094425][ T3809] veth0_vlan: entered promiscuous mode
[ 1662.826345][ T3809] veth1_vlan: entered promiscuous mode
[ 1666.065821][ T3809] veth0_macvtap: entered promiscuous mode
[ 1666.533339][ T3809] veth1_macvtap: entered promiscuous mode
[ 1670.123807][ T3296] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1670.150461][ T3296] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1670.152625][ T3296] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1670.153437][ T3296] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1701.425948][ T4014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1701.867398][ T4014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1737.483314][ T4014] hsr_slave_0: entered promiscuous mode
[ 1737.604469][ T4014] hsr_slave_1: entered promiscuous mode
[ 1737.736664][ T4014] debugfs: 'hsr0' already exists in 'hsr'
[ 1737.784904][ T4014] Cannot create hsr debugfs directory
[ 1761.225596][ T4014] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1761.747020][ T4014] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1762.384855][ T4014] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1763.118131][ T4014] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1796.681505][ T4014] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1956.683818][ T4014] veth0_vlan: entered promiscuous mode
[ 1957.875826][ T4014] veth1_vlan: entered promiscuous mode
[ 1961.452733][ T4014] veth0_macvtap: entered promiscuous mode
[ 1961.984793][ T4014] veth1_macvtap: entered promiscuous mode
[ 1966.151126][ T3377] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1966.176558][ T3377] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1966.270954][ T3377] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1966.280592][ T3377] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2504.761132][   T25] audit: type=1400 audit(2503.960:104): avc:  denied  { execute } for  pid=4538 comm="syz.4.122" path="/sys/kernel/debug/kcov" dev="debugfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1
[ 2696.746925][ T4619] kvm [4619]: Failed to find VMA for hva 0x20c01000
[ 2736.401606][ T4021] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2738.084592][ T4021] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2739.793654][ T4021] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2741.316210][ T4021] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2771.206429][ T4021] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2771.695423][ T4021] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2771.975227][ T4021] bond0 (unregistering): Released all slaves
[ 2775.801283][ T4021] hsr_slave_0: left promiscuous mode
[ 2776.053956][ T4021] hsr_slave_1: left promiscuous mode
[ 2776.946337][ T4021] veth1_macvtap: left promiscuous mode
[ 2776.954896][ T4021] veth0_macvtap: left promiscuous mode
[ 2776.974163][ T4021] veth1_vlan: left promiscuous mode
[ 2777.005502][ T4021] veth0_vlan: left promiscuous mode
[ 2864.643274][   T25] audit: type=1400 audit(2863.780:105): avc:  denied  { create } for  pid=4694 comm="syz.5.158" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2878.985751][ T4628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2879.447642][ T4628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2920.027419][ T4628] hsr_slave_0: entered promiscuous mode
[ 2920.150624][ T4628] hsr_slave_1: entered promiscuous mode
[ 2944.977464][ T4628] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2945.574572][ T4628] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2946.216824][ T4628] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2946.875690][ T4628] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2984.937476][ T4628] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3161.900779][ T4628] veth0_vlan: entered promiscuous mode
[ 3163.202896][ T4628] veth1_vlan: entered promiscuous mode
[ 3167.244777][ T4628] veth0_macvtap: entered promiscuous mode
[ 3168.054286][ T4628] veth1_macvtap: entered promiscuous mode
[ 3172.786058][ T3951] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3172.836289][ T3373] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3172.900089][ T3373] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3173.094275][ T3373] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3497.557093][ T3373] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3500.417593][ T3373] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3502.312058][ T3373] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3504.703311][ T3373] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3523.597031][ T3373] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3523.752830][ T3373] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3523.884696][ T3373] bond0 (unregistering): Released all slaves
[ 3525.631274][ T3373] hsr_slave_0: left promiscuous mode
[ 3525.739816][ T3373] hsr_slave_1: left promiscuous mode
[ 3526.719681][ T3373] veth1_macvtap: left promiscuous mode
[ 3526.723377][ T3373] veth0_macvtap: left promiscuous mode
[ 3526.772035][ T3373] veth1_vlan: left promiscuous mode
[ 3526.803797][ T3373] veth0_vlan: left promiscuous mode
[ 3561.539860][ T3725] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3563.117365][ T3725] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3564.465235][ T3725] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3565.721916][ T3725] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3587.701294][ T3725] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3588.081059][ T3725] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3588.226988][ T3725] bond0 (unregistering): Released all slaves
[ 3590.192985][ T3725] hsr_slave_0: left promiscuous mode
[ 3590.241204][ T3725] hsr_slave_1: left promiscuous mode
[ 3590.765238][ T3725] veth1_macvtap: left promiscuous mode
[ 3590.802502][ T3725] veth0_macvtap: left promiscuous mode
[ 3590.817318][ T3725] veth1_vlan: left promiscuous mode
[ 3590.860353][ T3725] veth0_vlan: left promiscuous mode
[ 3648.496178][ T5011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3648.741600][ T5011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3654.752686][ T5015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3655.135526][ T5015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3683.767549][ T5011] hsr_slave_0: entered promiscuous mode
[ 3683.886049][ T5011] hsr_slave_1: entered promiscuous mode
[ 3689.556995][ T5015] hsr_slave_0: entered promiscuous mode
[ 3689.635323][ T5015] hsr_slave_1: entered promiscuous mode
[ 3689.741249][ T5015] debugfs: 'hsr0' already exists in 'hsr'
[ 3689.750010][ T5015] Cannot create hsr debugfs directory
[ 3704.796099][ T5011] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 3705.545668][ T5011] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 3706.113189][ T5011] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 3706.777645][ T5011] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 3712.702107][ T5015] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 3713.504710][ T5015] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 3714.176951][ T5015] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 3714.667149][ T5015] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 3746.555940][ T5011] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3754.504805][ T5015] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3911.515661][ T5011] veth0_vlan: entered promiscuous mode
[ 3913.073682][ T5011] veth1_vlan: entered promiscuous mode
[ 3917.754856][ T5015] veth0_vlan: entered promiscuous mode
[ 3920.505384][ T5015] veth1_vlan: entered promiscuous mode
[ 3920.956556][ T5011] veth0_macvtap: entered promiscuous mode
[ 3922.463637][ T5011] veth1_macvtap: entered promiscuous mode
[ 3928.302971][ T5015] veth0_macvtap: entered promiscuous mode
[ 3929.692201][ T5013] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3929.698025][ T5013] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3929.751071][ T5013] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3929.917234][ T5168] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3930.056631][ T5015] veth1_macvtap: entered promiscuous mode
[ 3938.001743][ T5013] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3938.010032][ T5013] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3938.027705][ T5013] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3938.151695][ T5168] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4236.493656][ T4263] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4238.877278][ T4263] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4241.211696][ T4263] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4243.565100][ T4263] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4277.776608][ T4263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4278.406078][ T4263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4278.710596][ T4263] bond0 (unregistering): Released all slaves
[ 4281.412719][ T4263] hsr_slave_0: left promiscuous mode
[ 4281.534504][ T4263] hsr_slave_1: left promiscuous mode
[ 4282.390001][ T4263] veth1_macvtap: left promiscuous mode
[ 4282.411043][ T4263] veth0_macvtap: left promiscuous mode
[ 4282.431337][ T4263] veth1_vlan: left promiscuous mode
[ 4282.512240][ T4263] veth0_vlan: left promiscuous mode
[ 4317.646558][ T5168] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4320.010499][ T5168] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4321.810752][ T5168] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4323.427226][ T5168] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4355.301279][ T5168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4355.787984][ T5168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4356.194209][ T5168] bond0 (unregistering): Released all slaves
[ 4357.651669][ T5168] hsr_slave_0: left promiscuous mode
[ 4357.750356][ T5168] hsr_slave_1: left promiscuous mode
[ 4358.047284][ T5168] veth1_macvtap: left promiscuous mode
[ 4358.090793][ T5168] veth0_macvtap: left promiscuous mode
[ 4358.095212][ T5168] veth1_vlan: left promiscuous mode
[ 4358.142803][ T5168] veth0_vlan: left promiscuous mode
[ 4427.271892][ T5387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4428.542612][ T5387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4428.807085][ T5384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4429.970522][ T5384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4469.974699][ T5384] hsr_slave_0: entered promiscuous mode
[ 4470.162948][ T5384] hsr_slave_1: entered promiscuous mode
[ 4474.042540][ T5387] hsr_slave_0: entered promiscuous mode
[ 4474.102954][ T5387] hsr_slave_1: entered promiscuous mode
[ 4474.172790][ T5387] debugfs: 'hsr0' already exists in 'hsr'
[ 4474.209464][ T5387] Cannot create hsr debugfs directory
[ 4493.940796][ T5384] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 4496.693218][ T5384] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 4499.770902][ T5384] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 4502.453400][ T5384] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 4514.063243][ T5387] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 4514.617128][ T5387] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 4515.307378][ T5387] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 4515.847214][ T5387] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 4544.043971][ T5384] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4554.432192][ T5387] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4699.836839][ T5387] veth0_vlan: entered promiscuous mode
[ 4701.363826][ T5387] veth1_vlan: entered promiscuous mode
[ 4706.067906][ T5387] veth0_macvtap: entered promiscuous mode
[ 4706.945169][ T5387] veth1_macvtap: entered promiscuous mode
[ 4711.681527][ T4263] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4711.902812][ T3649] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4712.059828][ T5013] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4712.062627][ T5013] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4722.034713][ T5384] veth0_vlan: entered promiscuous mode
[ 4723.795881][ T5384] veth1_vlan: entered promiscuous mode
[ 4729.105888][ T5384] veth0_macvtap: entered promiscuous mode
[ 4730.383727][ T5384] veth1_macvtap: entered promiscuous mode
[ 4735.411331][ T4021] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4735.576909][ T5031] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4735.579903][ T5031] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4735.642773][ T5031] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5054.469883][   T25] audit: type=1400 audit(5053.670:106): avc:  denied  { map } for  pid=5750 comm="syz.0.252" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 5054.620082][   T25] audit: type=1400 audit(5053.780:107): avc:  denied  { execute } for  pid=5750 comm="syz.0.252" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 5315.861227][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5316.437848][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5326.887212][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5327.626827][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5376.573477][ T5797] hsr_slave_0: entered promiscuous mode
[ 5376.845391][ T5797] hsr_slave_1: entered promiscuous mode
[ 5377.012551][ T5797] debugfs: 'hsr0' already exists in 'hsr'
[ 5377.025835][ T5797] Cannot create hsr debugfs directory
[ 5389.036038][ T5803] hsr_slave_0: entered promiscuous mode
[ 5389.195811][ T5803] hsr_slave_1: entered promiscuous mode
[ 5389.385971][ T5803] debugfs: 'hsr0' already exists in 'hsr'
[ 5389.386924][ T5803] Cannot create hsr debugfs directory
[ 5444.422722][ T5797] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 5445.591830][ T5797] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 5446.594427][ T5797] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 5450.011640][ T5797] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 5472.886847][ T5803] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 5473.606185][ T5803] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 5474.493529][ T5803] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 5475.462971][ T5803] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 5509.733742][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5527.124516][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5566.081278][   T27] INFO: task syz.0.258:5778 blocked for more than 430 seconds.
[ 5566.120318][   T27]       Not tainted syzkaller #0
[ 5566.155768][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 5566.165821][   T27] task:syz.0.258       state:D stack:0     pid:5778  tgid:5778  ppid:5387   task_flags:0x400040 flags:0x00000019
[ 5566.167494][   T27] Call trace:
[ 5566.168022][   T27]  __switch_to+0x584/0xb20 (T)
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5566.265104][   T27]  __schedule+0x1eec/0x33a4
[ 5566.302037][   T27]  schedule+0xac/0x27c
[ 5566.302742][   T27]  schedule_timeout+0x5c/0x1e4
[ 5566.303289][   T27]  do_wait_for_common+0x28c/0x444
[ 5566.303788][   T27]  wait_for_completion+0x44/0x5c
[ 5566.304234][   T27]  __synchronize_srcu+0x2a4/0x320
[ 5566.304730][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 5566.305189][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 5566.305634][   T27]  kvm_put_kvm+0x698/0xbe8
[ 5566.306039][   T27]  kvm_vm_release+0x58/0x78
[ 5566.306463][   T27]  __fput+0x4ac/0x980
[ 5566.306943][   T27]  ____fput+0x20/0x58
[ 5566.307423][   T27]  task_work_run+0x1bc/0x254
[ 5566.307886][   T27]  exit_to_user_mode_loop+0xfc/0x178
[ 5566.440934][   T27]  el0_svc+0x170/0x234
[ 5566.441614][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 5566.442140][   T27]  el0t_64_sync+0x198/0x19c
[ 5566.443698][   T27] 
[ 5566.443698][   T27] Showing all locks held in the system:
[ 5566.444170][   T27] 1 lock held by khungtaskd/27:
[ 5566.444534][   T27]  #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 5566.447010][   T27] 2 locks held by getty/3195:
[ 5566.447412][   T27]  #0: 8bf00000120328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 5566.581263][   T27]  #1: 94ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 5566.583031][   T27] 2 locks held by syz-executor/3317:
[ 5566.583396][   T27] 3 locks held by kworker/u4:9/3649:
[ 5566.583738][   T27] 3 locks held by kworker/u4:8/3951:
[ 5566.584082][   T27] 2 locks held by kworker/u4:12/4654:
[ 5566.584379][   T27]  #0: 0ef000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5566.585978][   T27]  #1: ffff80008e377c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5566.587661][   T27] 3 locks held by kworker/u4:1/5010:
[ 5566.588001][   T27] 3 locks held by kworker/u4:5/5013:
[ 5566.771847][   T27] 3 locks held by kworker/u4:13/5031:
[ 5566.772283][   T27] 3 locks held by kworker/u4:14/5168:
[ 5566.772623][   T27] 2 locks held by kworker/u4:3/5380:
[ 5566.772951][   T27]  #0: 0ef000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5566.774605][   T27]  #1: ffff80008ffc7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5566.776314][   T27] 3 locks held by kworker/u4:10/5731:
[ 5566.776659][   T27] 2 locks held by syz.9.257/5775:
[ 5566.777012][   T27] 2 locks held by modprobe/5953:
[ 5566.777303][   T27] 4 locks held by modprobe/5954:
[ 5566.777763][   T27] 
[ 5566.778019][   T27] =============================================
[ 5566.778019][   T27]