last executing test programs:

1h4m46.293718631s ago: executing program 1 (id=54):
r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000000)=0xd2)
ioctl$KVM_PRE_FAULT_MEMORY(r0, 0xc040aed5, &(0x7f0000000100)={0x0, 0x100000})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x12d322, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000040)={0x1, 0x3ff, 0x2}})
syz_kvm_vgic_v3_setup(r6, 0x1, 0x1ed)

1h4m38.908859032s ago: executing program 1 (id=55):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x240)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0) (async)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0x0, 0x0) (async)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x21)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2)
r14 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r13, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r13, 0x0)
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r15, 0x40086602, 0x110e227ffe) (async)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x2, 0x100) (async, rerun: 64)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) (rerun: 64)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r16, 0x3, 0x11, r10, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000d7b000/0x1000)=nil, 0x0, 0x1, 0x20010, r13, 0x0)

1h4m28.568901889s ago: executing program 1 (id=56):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x1, &(0x7f0000000140)})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101002, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013c800}}], 0x18}, 0x0, 0xfffffffffffffffb)
ioctl$KVM_CREATE_VM(r5, 0x40086602, 0x20000000)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffffffe)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000100)=@arm64_fw={0x6030000000140003, &(0x7f0000000240)=0x8000})
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x25)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@msr={0x14, 0x0, {0x603000000013c020, 0xffffffffffff0000}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x0, 0x0, 0x6, 0x2, 0x4}}], 0xd}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8})

1h4m16.162279408s ago: executing program 1 (id=59):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0x80111500, 0x20000000)
write$eventfd(r6, &(0x7f0000000000), 0xfffffdef)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000000c0)={0x1, 0x6}})
munmap(&(0x7f0000008000/0x1000)=nil, 0x200000)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000000))
ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, 0x0)
munmap(&(0x7f0000008000/0x3000)=nil, 0x3000)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xf1)

1h4m7.972317281s ago: executing program 1 (id=60):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x10000, 0x4000})
syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x603000000010003e, &(0x7f0000000100)=0x10})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1h4m0.419842538s ago: executing program 1 (id=62):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="3200000000000000fee9106b2b8ac0492b91e27c400000000000000007000084000000000e0600004cd13141ad118512c4a71b164400000000fbffffffffffffff040000000000008008001000000000000100000000000000aa000000000000001e0c31611f63acb2b883987ae0a028000000000000000a010100000001000000"], 0x68}], 0x1, 0x0, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r6, 0x4018aee3, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000800)=[@code={0xa, 0x54, {"0094004f007008d50060e00d000008d5008008d5000028d500a0600d40f387d200c0b0f2610180d2420080d2830080d2840180d2020000d400d4a07e007008d5"}}, @mrs={0xbe, 0x18, {0x603000000013e531}}, @msr={0x14, 0x20, {0x603000000013df4e, 0x200}}, @code={0xa, 0x84, {"0070005f0084400d00c0c00d000800b8a0a295d200e0b8f2e10180d2a20080d2c30080d2640080d2020000d40010200e20b682d200e0b8f2210080d2c20080d2430180d2040080d2020000d4204487d20020b8f2610080d2c20180d2830080d2440080d2020000d40084207e000028d5"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x2, 0x9}}, @irq_setup={0x46, 0x18, {0x3, 0xd1}}, @svc={0x122, 0x40, {0x8, [0x3, 0x0, 0x5, 0x3, 0x98a5]}}, @smc={0x1e, 0x40, {0x100, [0x101, 0x2, 0xffffffffffffffff, 0xe, 0x3]}}, @code={0xa, 0x9c, {"007008d5203895d200e0b8f2810180d2a20080d2030180d2640180d2020000d4007008d5000008d5004c200e80fa94d20080b8f2a10080d2a20080d2a30180d2840180d2020000d4604f9bd200c0b0f2410180d2420180d2430180d2640080d2020000d40060200e000c8038603c96d200c0b8f2810080d2e20180d2e30080d2440080d2020000d4"}}, @eret={0xe6, 0x18, 0x1000}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xd00, 0x3, 0x2}}, @uexit={0x0, 0x18, 0x2}, @smc={0x1e, 0x40, {0x80003fff, [0x4, 0x1, 0x2, 0x1, 0x6]}}, @irq_setup={0x46, 0x18, {0x1, 0xfc}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x3ce}}, @svc={0x122, 0x40, {0x40000000, [0x5, 0x184c, 0x8, 0xfffffffffffffff7, 0x3]}}], 0x394}], 0x1, 0x0, &(0x7f0000000380)=[@featur2={0x1, 0x7}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

1h3m21.359546189s ago: executing program 32 (id=61):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r4 = openat$kvm(0x0, &(0x7f0000000000), 0x20803, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fb6000/0x2000)=nil, r9, 0x2000000, 0x2b111, r8, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1h3m13.749492575s ago: executing program 33 (id=62):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="3200000000000000fee9106b2b8ac0492b91e27c400000000000000007000084000000000e0600004cd13141ad118512c4a71b164400000000fbffffffffffffff040000000000008008001000000000000100000000000000aa000000000000001e0c31611f63acb2b883987ae0a028000000000000000a010100000001000000"], 0x68}], 0x1, 0x0, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r6, 0x4018aee3, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000800)=[@code={0xa, 0x54, {"0094004f007008d50060e00d000008d5008008d5000028d500a0600d40f387d200c0b0f2610180d2420080d2830080d2840180d2020000d400d4a07e007008d5"}}, @mrs={0xbe, 0x18, {0x603000000013e531}}, @msr={0x14, 0x20, {0x603000000013df4e, 0x200}}, @code={0xa, 0x84, {"0070005f0084400d00c0c00d000800b8a0a295d200e0b8f2e10180d2a20080d2c30080d2640080d2020000d40010200e20b682d200e0b8f2210080d2c20080d2430180d2040080d2020000d4204487d20020b8f2610080d2c20180d2830080d2440080d2020000d40084207e000028d5"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x2, 0x9}}, @irq_setup={0x46, 0x18, {0x3, 0xd1}}, @svc={0x122, 0x40, {0x8, [0x3, 0x0, 0x5, 0x3, 0x98a5]}}, @smc={0x1e, 0x40, {0x100, [0x101, 0x2, 0xffffffffffffffff, 0xe, 0x3]}}, @code={0xa, 0x9c, {"007008d5203895d200e0b8f2810180d2a20080d2030180d2640180d2020000d4007008d5000008d5004c200e80fa94d20080b8f2a10080d2a20080d2a30180d2840180d2020000d4604f9bd200c0b0f2410180d2420180d2430180d2640080d2020000d40060200e000c8038603c96d200c0b8f2810080d2e20180d2e30080d2440080d2020000d4"}}, @eret={0xe6, 0x18, 0x1000}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xd00, 0x3, 0x2}}, @uexit={0x0, 0x18, 0x2}, @smc={0x1e, 0x40, {0x80003fff, [0x4, 0x1, 0x2, 0x1, 0x6]}}, @irq_setup={0x46, 0x18, {0x1, 0xfc}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x3ce}}, @svc={0x122, 0x40, {0x40000000, [0x5, 0x184c, 0x8, 0xfffffffffffffff7, 0x3]}}], 0x394}], 0x1, 0x0, &(0x7f0000000380)=[@featur2={0x1, 0x7}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

53m49.263702562s ago: executing program 3 (id=101):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f00000be000/0x1000)=nil, 0xffffffffdff41fff) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) (async)
r3 = eventfd2(0x8801, 0x800) (async)
r4 = eventfd2(0x3ff, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r3, 0x5, 0x2, r4}) (async)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r3, 0x1, 0x2, r4}) (async)
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000140)=[@its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x10, 0xa97b, 0x4, 0x1}}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4, 0x9, 0x2, 0x2, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x380, 0x8000000000000000, 0x10}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x3af}}, @smc={0x1e, 0x40, {0xc4000053, [0x1, 0xb6, 0x2, 0x3, 0x2]}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x1, 0x23}}, @uexit={0x0, 0x18, 0x2}, @eret={0xe6, 0x18, 0xfffffffffffffff8}], 0x160}, &(0x7f0000000300)=[@featur1={0x1, 0x38}], 0x1)
ioctl$KVM_GET_SREGS(r5, 0x8000ae83, &(0x7f0000000340))

53m40.819830065s ago: executing program 3 (id=102):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
r6 = ioctl$KVM_CREATE_VM(r5, 0x894c, 0x0)
r7 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x6030000000138064, &(0x7f00000000c0)=0x8000})
ioctl$KVM_CREATE_VCPU(r6, 0xb702, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000080), 0x141001, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = eventfd2(0x0, 0x0)
close(r12)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000140)={0x1ff, 0xdddc1000, 0x0, r12, 0x4})
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)={0x6, 0x0, 0x0, r12})
r13 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async)
r16 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@irq_setup={0x5, 0x18}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x2, 0x100) (async)
ioctl$KVM_RUN(r16, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
r17 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r18 = syz_kvm_add_vcpu$arm64(r17, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r18, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})

53m21.387015646s ago: executing program 3 (id=105):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@its_send_cmd={0xaa, 0x28, {0x4, 0x2, 0x2, 0x200009, 0x0, 0x80}}], 0x28}, 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r6, 0x603000000013df1a, 0x8000)
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x4)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138002, 0x7ffc}}], 0x20}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000dac000/0x2000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f0000de8000/0x1000)=nil, 0x0, 0x1000007, 0x9032, r6, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x10, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000200)=0x2})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)

53m5.250852656s ago: executing program 3 (id=106):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000002000/0x4000)=nil, r2, 0xd, 0x12, r1, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r3, 0x5421, 0x20004000)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_SREGS(r1, 0x4000ae84, &(0x7f0000000100)={{0x1000, 0xdddd1000, 0xb, 0x4, 0xdb, 0x9, 0x0, 0x3, 0x80, 0x83, 0x9}, {0x5000, 0x8080000, 0x4, 0x4, 0x2, 0x2, 0x0, 0x8, 0x9, 0x2, 0x3f, 0xd}, {0x1, 0x4, 0x9, 0x5, 0x2, 0x3e, 0x1, 0xfa, 0x4, 0xe1, 0xe, 0x3b}, {0xd000, 0x6000, 0xd, 0x8, 0xb, 0x3, 0x8, 0x85, 0x7, 0xe, 0x6, 0xff}, {0x10000, 0x100000, 0xf, 0xb9, 0x4, 0xf, 0x69, 0x4, 0x76, 0xcf, 0x9, 0x5}, {0x1000, 0xeeee8000, 0x0, 0x8, 0xc, 0x5, 0x5, 0x2, 0x7, 0x6, 0x2}, {0xeeee8000, 0x0, 0x8, 0x47, 0x1, 0x4, 0x13, 0xf, 0x40, 0xe, 0x4, 0xf}, {0x0, 0x0, 0x0, 0x3, 0x7, 0x4, 0x40, 0x4, 0x4, 0x13, 0x6, 0x8}, {0xeeef0000, 0x185}, {0x1, 0x2}, 0x2001001e, 0x0, 0x10000, 0x2000, 0xc, 0x3100, 0xdddd0000, [0x1, 0xfffffffffffffffd, 0x7fff, 0x9]})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r8, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454cc, 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
eventfd2(0x0, 0x0)
r10 = eventfd2(0x0, 0x0)
close(r10)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)

52m53.143844816s ago: executing program 3 (id=109):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r3, 0x0, 0x40032, 0xffffffffffffffff, 0x0)

52m43.332719699s ago: executing program 3 (id=111):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c029, &(0x7f00000000c0)=0x8})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004a, 0x0})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

51m56.01858705s ago: executing program 34 (id=111):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c029, &(0x7f00000000c0)=0x8})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004a, 0x0})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

50m25.746837486s ago: executing program 2 (id=121):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x169880, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0x5450, 0x0)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r2, 0x8, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)

50m12.61348769s ago: executing program 2 (id=122):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
ioctl$KVM_ARM_VCPU_FINALIZE(r3, 0x4004aec2, &(0x7f0000000000)=0x6)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000fa4000/0x1000)=nil, r7, 0x1000004, 0x4010, r8, 0x0)

50m2.698715966s ago: executing program 2 (id=123):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x100, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_vgic_v3_setup(r4, 0x2, 0x220)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1})
close(r0)
ioctl$KVM_GET_DEVICE_ATTR_vm(r4, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x1e, 0x8}})
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x78)

49m52.083001158s ago: executing program 2 (id=124):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r7, 0xc018aec0, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x2000000})
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140001, &(0x7f0000000000)=0x7})

49m39.328983425s ago: executing program 2 (id=125):
r0 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000ef0000/0x3000)=nil, r1, 0x3000002, 0x100010, r2, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = eventfd2(0x0, 0x80000)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000001340)={0x0, 0x0, 0x2, r8, 0x3})
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000140)={0x203, 0x0, 0x2, r8, 0xf})
r9 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x2, 0x100)
r10 = eventfd2(0x1, 0x80001)
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000200)={r8, 0xd, 0x0, r10})
r11 = openat$kvm(0x0, &(0x7f0000000000), 0x2, 0x0)
ioctl$KVM_GET_API_VERSION(r11, 0xae00, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, r14, 0x1, 0x2012, r13, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_DIRTY_TLB(r2, 0x4010aeaa, &(0x7f0000000000)={0x7fffffff, 0x1})

49m17.840790218s ago: executing program 2 (id=126):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7000007, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x5000002, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r5, 0x2, 0x80010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r7, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x3000005, 0x2010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)

48m30.026314978s ago: executing program 35 (id=126):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7000007, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x5000002, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r5, 0x2, 0x80010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r7, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x3000005, 0x2010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)

44m59.160915541s ago: executing program 4 (id=113):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000400)=@arm64_sys={0x603000000013c000, &(0x7f00000003c0)=0x3a5})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x212c06, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = eventfd2(0x0, 0x0)
write$eventfd(r6, 0xffffffffffffffff, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x800000000000026)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r8, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffff9c, 0x0, 0xa00f2, 0x408)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r9 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1c)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x541b, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000280)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000100)=0x80000001})
ioctl$KVM_SET_REGS(r8, 0x4360ae82, &(0x7f00000001c0)={[0x6bc, 0x8fff, 0x0, 0xfffffffffffffff7, 0xfffffffffffffff9, 0x7fff, 0x4, 0x9, 0x5, 0x3, 0x1, 0x9, 0x2, 0x8, 0x4, 0xc16e], 0xffff1000})

44m10.339351222s ago: executing program 36 (id=113):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000400)=@arm64_sys={0x603000000013c000, &(0x7f00000003c0)=0x3a5})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x212c06, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = eventfd2(0x0, 0x0)
write$eventfd(r6, 0xffffffffffffffff, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x800000000000026)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r8, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffff9c, 0x0, 0xa00f2, 0x408)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r9 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1c)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x541b, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000280)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000100)=0x80000001})
ioctl$KVM_SET_REGS(r8, 0x4360ae82, &(0x7f00000001c0)={[0x6bc, 0x8fff, 0x0, 0xfffffffffffffff7, 0xfffffffffffffff9, 0x7fff, 0x4, 0x9, 0x5, 0x3, 0x1, 0x9, 0x2, 0x8, 0x4, 0xc16e], 0xffff1000})

28m16.617946981s ago: executing program 5 (id=201):
openat$kvm(0x0, &(0x7f0000000240), 0x145301, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x145301, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="e60000000000000018000000000000000800000000000000ebfdabac8abe1c6f02"], 0x18}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="e60000000000000018000000000000000800000000000000ebfdabac8abe1c6f02"], 0x18}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x10)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x8000000105)
r2 = openat$kvm(0x0, &(0x7f0000000200), 0x7a9ac3, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xd)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xfffffffffffffffd)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r4, 0x4018aee3, &(0x7f0000000100)=@attr_irq_timer={0x0, 0x1, 0x0, 0x0})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x7, 0xffffffffffffffff, 0x1})
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x2ce803, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
r8 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0, 0x30, r5, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000140)=@x86={0x0, 0xb, 0xf, 0x0, 0x202, 0x7f, 0x0, 0x3, 0x6e, 0x4a, 0xa9, 0x0, 0x0, 0xb, 0x8, 0x9, 0x6, 0x10, 0x5, '\x00', 0x9, 0x3}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000140)=@x86={0x0, 0xb, 0xf, 0x0, 0x202, 0x7f, 0x0, 0x3, 0x6e, 0x4a, 0xa9, 0x0, 0x0, 0xb, 0x8, 0x9, 0x6, 0x10, 0x5, '\x00', 0x9, 0x3})
syz_kvm_setup_cpu$arm64(r1, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000000)=@arm64_ccsidr={0x6020000000110003, &(0x7f00000000c0)=0x800})
ioctl$KVM_CREATE_VM(r2, 0xae01, 0xd) (async)
r9 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xd)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) (async)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)

28m7.061594594s ago: executing program 5 (id=203):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
r6 = eventfd2(0x0, 0x0)
close(r6)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r7 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
write$eventfd(r6, &(0x7f0000000180)=0x5, 0xfffffde3)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r8 = eventfd2(0x8, 0x80800)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r8, 0x3})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r8, 0x9, 0x3, r8})

27m48.041464492s ago: executing program 5 (id=206):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@eret={0xe6, 0x18, 0x6}, @code={0xa, 0x84, {"a0b394d200a0b8f2210080d2c20080d2830080d2640080d2020000d460cf97d20040b8f2210180d2a20080d2c30080d2640180d2020000d40060206e0020c01a008008d5000028d5007008d50008c09a000440f860999fd20040b0f2e10080d2a20080d2e30080d2c40180d2020000d4"}}, @uexit={0x0, 0x18, 0x4}], 0xb4}, &(0x7f0000000100)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0) (async)
ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000140)={0x3, 0x89})
ioctl$KVM_ARM_VCPU_FINALIZE(r0, 0x4004aec2, &(0x7f0000000180)=0x7) (async)
ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000200)=@arm64_fw={0x6030000000140001, &(0x7f00000001c0)=0x7})
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000240)={0x1, [0x4]})
ioctl$KVM_SET_GUEST_DEBUG_arm64(r0, 0x4208ae9b, &(0x7f0000000280)={0x2, 0x0, {[0x6, 0x0, 0x881b, 0x8001, 0x4, 0x1, 0x6, 0x1000, 0x2, 0x430, 0xfffffffffffffffb, 0xe, 0x2, 0x10000, 0xaf, 0x8000000000000000], [0x7, 0x8, 0xffffffffffffda22, 0x1, 0x8, 0xa0e, 0xe, 0x5, 0x7, 0x0, 0x9, 0x7fff, 0x2, 0x80000001, 0x8001, 0xffffffffffff0000], [0x9, 0x9991, 0xffffffffffffff1f, 0x8, 0x80, 0x8, 0x14, 0x4110, 0xa3a, 0x1, 0x9, 0x100, 0xc17, 0xffffffffffffff5e], [0xb7, 0xfe3, 0x0, 0xf, 0x8, 0xe4f, 0x2, 0x40, 0x4e92, 0x7, 0x0, 0x7, 0xff, 0x8000, 0xfffffffffffffc03, 0x9]}}) (async)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_FINALIZE(r1, 0x4004aec2, &(0x7f00000004c0)=0x1) (async)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000b00)={0x0, &(0x7f0000000500)=[@code={0xa, 0xe4, {"60e49dd20040b0f2e10180d2420180d2a30080d2c40080d2020000d4a0c695d200a0b8f2a10180d2020080d2e30180d2040180d2020000d4203f9ed200c0b8f2810080d2a20180d2630180d2240180d2020000d4207999d20060b0f2610180d2a20180d2c30180d2640080d2020000d4000040bc208194d20040b8f2a10180d2c20180d2230080d2640080d2020000d40000601f007008d5c0fb8ed20040b8f2e10180d2c20080d2030180d2e40080d2020000d4805d8dd200a0b0f2810180d2820180d2430180d2240080d2020000d4"}}, @code={0xa, 0x6c, {"008008d500000092609582d20060b0f2010180d2220080d2030080d2640080d2020000d40004c05a200a83d20080b0f2810080d2c20080d2c30080d2e40180d2020000d400f8a12e008008d5000008d5007008d5008008d5"}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x3, 0xeb}}, @svc={0x122, 0x40, {0x0, [0x2, 0xd3, 0xc82, 0x0, 0x2]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0x2, 0xb, 0x1, 0x1}}, @mrs={0xbe, 0x18}, @mrs={0xbe, 0x18, {0x603000000013c4f1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x1c5}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x3, 0x0, 0x5, 0xc9, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x1e, 0x400, 0x8000, 0x9}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x3, 0x7, 0x101}}, @hvc={0x32, 0x40, {0x84000002, [0x3, 0x3, 0x9, 0x4, 0x5]}}, @eret={0xe6, 0x18, 0xdf9}, @smc={0x1e, 0x40, {0x84000012, [0x100, 0x4, 0x2, 0x4, 0x200]}}, @msr={0x14, 0x20, {0x603000000013deab, 0xffff}}, @eret={0xe6, 0x18, 0xffffffffffffff86}, @uexit={0x0, 0x18}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0x10e, 0x2c, 0xc}}, @its_setup={0x82, 0x28, {0x4, 0x2}}, @smc={0x1e, 0x40, {0x8000, [0x0, 0x71, 0x80000001, 0x401, 0xd842]}}, @code={0xa, 0x6c, {"008008d5008008d50068201ec03381d20000b8f2610180d2820080d2630180d2a40180d2020000d440ea8ed20060b8f2210080d2c20080d2c30080d2840080d2020000d4007008d5007008d50000200a000008d5007008d5"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x180, 0x60c9214f, 0x2}}, @hvc={0x32, 0x40, {0xc5000020, [0x9, 0x2, 0x7, 0x10, 0x2]}}, @hvc={0x32, 0x40, {0x8400000a, [0x100, 0xa1, 0x7ff, 0xe]}}, @smc={0x1e, 0x40, {0x8, [0x8000000000000001, 0x7, 0x1, 0x9, 0x2]}}, @irq_setup={0x46, 0x18, {0x0, 0x2f2}}, @smc={0x1e, 0x40, {0x84000013, [0xffff, 0x3, 0x8, 0x8, 0x100000001]}}], 0x5f4}, &(0x7f0000000b40)=[@featur1={0x1, 0x80}], 0x1)
ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000b80))
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x2, 0x20)
ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000bc0)={0x1, [0x2]}) (async)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x5)
ioctl$KVM_CAP_ARM_MTE(r3, 0x4068aea3, &(0x7f0000000c00)) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000dc0)=[{0x0, &(0x7f0000000c80)=[@uexit={0x0, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0x6, 0x0, 0x1, 0xe, 0x7, 0x7, 0x3}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x186}}, @hvc={0x32, 0x40, {0x80008000, [0xffffffffffffff80, 0x100, 0xff, 0x1, 0x2]}}, @msr={0x14, 0x20, {0x603000000013df57, 0x1}}, @hvc={0x32, 0x40, {0x8, [0x80, 0x6d7, 0xbbae, 0x76c5, 0x8000]}}], 0x108}], 0x1, 0x0, &(0x7f0000000e00)=[@featur1={0x1, 0x40}], 0x1) (async)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r3, 0x4018aee3, &(0x7f0000000e80)=@attr_other={0x0, 0xffff, 0x4, &(0x7f0000000e40)=0x2}) (async)
syz_kvm_vgic_v3_setup(r3, 0x4, 0xc0) (async, rerun: 32)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000f00)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000ec0)={0x6d7, 0x2}}) (rerun: 32)
ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f0000000f40)={[0x200, 0x1000, 0x0, 0xffff, 0x65e, 0xffffffff, 0x7, 0x6, 0x4, 0x5, 0x3, 0x0, 0xd68f, 0x0, 0x1f, 0x8], 0x80a0000, 0x800}) (async)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
close(r2) (async)
ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, &(0x7f0000001000)={0x88, "47551d8e3aacc2732d9b1acf2ae176b49a6081fea3b267af9b998d9ee699ca4559ecf02561c3f73b384566520c9627bec053a1f5dad51f1a1be1d9803e69be2441d474366bb8b55d2866f64c5ad6a57dc85bf96f45385022a7b5ecac2bacac22597bf236b8b9edc82770139aed3e23be84920b09b1bfe24c63bb078017040740735e97d4e36c464d"})
ioctl$KVM_ARM_PREFERRED_TARGET(r0, 0x8020aeaf, &(0x7f00000010c0))
ioctl$KVM_GET_REGS(r2, 0x8360ae81, &(0x7f0000001100))
ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000001200)=@attr_other={0x0, 0x1, 0x6, &(0x7f00000011c0)=0x100000000})
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f0000001280)=@arm64_core={0x6030000000100010, &(0x7f0000001240)})

27m39.760627061s ago: executing program 5 (id=207):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x3, 0x0, &(0x7f0000000240)=0x100})
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x701240, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000b32000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r7, 0x5761, 0x2000001c)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r4, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0x8000})

27m29.41954163s ago: executing program 5 (id=209):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000280)=[@featur2={0x1, 0xf}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x0, 0x4, 0x0})
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x32000000, [0x2, 0x40, 0x6, 0x5b1, 0x8]}}, @code={0xa, 0x9c, {"00000032008008d5206387d20000b0f2010180d2a20080d2a30080d2c40180d2020000d4000028d5001d98d200c0b0f2e10080d2020080d2e30180d2440180d2020000d40098200e007008d5a0c699d20060b8f2210180d2620080d2830080d2840080d2020000d4008008d540c696d200e0b8f2810080d2820080d2a30180d2840180d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013df7a, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x3, 0x1, 0xf}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x8, 0x86, 0x6, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x4, 0x80000000, 0xfffffffc, 0x4}}, @code={0xa, 0xb4, {"0000208a40bc97d20060b8f2410080d2220180d2e30080d2a40180d2020000d4007008d520e293d20060b8f2410080d2020080d2e30080d2840080d2020000d4007008d5202a86d20020b8f2610180d2220180d2030180d2440080d2020000d4000028d5000040d300a485d200c0b8f2010080d2420180d2030080d2440180d2020000d4c01f85d20040b8f2210080d2420180d2a30180d2840080d2020000d4"}}, @hvc={0x32, 0x40, {0xc400000e, [0x9, 0x3, 0x293d, 0x35, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013c111}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0xe, 0xffffffff, 0x3, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x0, 0xd, 0x2, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x1, 0xd, 0xf, 0x6, 0x2}}], 0x2f8}, &(0x7f0000000040), 0x1)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000000, 0x4d832, r5, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000000c0)={0xbbfbfe6201889764, 0xffffffffffffffff, 0x1})

27m14.988393199s ago: executing program 5 (id=211):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c03b})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x10}], 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x4, 0x10, 0x1}})
r12 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r14, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x2})
ioctl$KVM_RUN(r12, 0xae80, 0x0)

26m26.99401532s ago: executing program 37 (id=211):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c03b})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x10}], 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x4, 0x10, 0x1}})
r12 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r14, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x2})
ioctl$KVM_RUN(r12, 0xae80, 0x0)

24m49.021723982s ago: executing program 6 (id=222):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = ioctl$KVM_CREATE_VM(r2, 0x894c, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4)
ioctl$KVM_CREATE_VCPU(r3, 0x8004b707, 0x0)

24m41.570066067s ago: executing program 6 (id=223):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000200)=@arm64_core={0x603000000010003a, &(0x7f0000000000)=0xc0})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x27)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x1200000)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x1a)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100012, &(0x7f0000000000)=0x300000000000})

24m28.220675526s ago: executing program 6 (id=224):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000000c0)={0x7, 0x203}})
r4 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r9, 0x4004ae8b, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f0000000100)=@arm64_fw={0x6030000000140002, &(0x7f00000000c0)=0x372})
r13 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r14 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x4, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x2, 0x2, 0x209, 0xfffffffd, 0x80}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r15, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000180)={0x8, <r18=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r18, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r17, 0xae80, 0x0)
r19 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000003, [0x664b7dee, 0x2, 0xffffffffffffffff, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r19, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r19, 0xae80, 0x0)

24m3.214736638s ago: executing program 6 (id=225):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r4, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x3, 0x0})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)

23m49.931398129s ago: executing program 6 (id=226):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000080)={0x4, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, 0xffffffffffffffff)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x11})

23m29.083826356s ago: executing program 6 (id=227):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000100)={0x10003, 0x0, &(0x7f0000084000/0x4000)=nil})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f00000001c0)=0x7ffffff, 0xfdef)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f0000000200)=[@memwrite={0x6e, 0x30, @generic={0x1, 0xdfb, 0x9, 0x1}}], 0x30}, 0x0, 0x0)
r11 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@eret={0xe6, 0x18, 0x7fff}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)

22m41.348539048s ago: executing program 38 (id=227):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000100)={0x10003, 0x0, &(0x7f0000084000/0x4000)=nil})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f00000001c0)=0x7ffffff, 0xfdef)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f0000000200)=[@memwrite={0x6e, 0x30, @generic={0x1, 0xdfb, 0x9, 0x1}}], 0x30}, 0x0, 0x0)
r11 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@eret={0xe6, 0x18, 0x7fff}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)

15m11.472858736s ago: executing program 7 (id=234):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0xfe56)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0x8, 0x80800)
r7 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x7ffffffffffffffe, 0xeeee0000, 0x8, r7})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r6, 0x2})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x6000, 0x1, r6, 0x3})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfd000/0x400000)=nil)

14m53.343376877s ago: executing program 7 (id=235):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400001, 0x0) (async)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f0000000040)={0x0, 0x9}) (async)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r1, 0x4208ae9b, &(0x7f0000000080)={0xe2e4e84a81901eee, 0x0, {[0xf370, 0x6, 0xa, 0xffffffff, 0xba, 0x80, 0xd, 0x8, 0x93e8, 0x4, 0x5, 0x24, 0x7, 0x3, 0xca, 0x7fff], [0x5e07, 0x4, 0x2bfb, 0x40, 0xe040, 0xac43, 0x40, 0x0, 0x6a5e, 0x3, 0x0, 0x3c9e, 0x2, 0x5, 0x100, 0x6], [0x3, 0x1, 0x3f, 0x8000000000000001, 0x8, 0x134c, 0xfffffffffffffff7, 0xb, 0xff, 0xff, 0xa62, 0x4bb, 0x0, 0x6, 0x7, 0xfffffffffffffff7], [0x100000001, 0x1ff, 0xfffffffffffffff6, 0xd, 0x9, 0xffffffffffffffff, 0xa9f5, 0x101, 0x4, 0x3ff, 0xffff, 0x44b, 0x5, 0x0, 0x2, 0xfffffffffffffffb]}})
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000640)={0x0, &(0x7f00000002c0)=[@irq_setup={0x46, 0x18, {0x0, 0x21b}}, @eret={0xe6, 0x18, 0xfffffffffffffc00}, @smc={0x1e, 0x40, {0x84000000, [0x7, 0x1, 0x8, 0x7, 0xfbe1]}}, @eret={0xe6, 0x18, 0x9}, @eret={0xe6, 0x18, 0x650b}, @code={0xa, 0xb4, {"802c8fd20080b0f2210080d2a20080d2c30080d2840080d2020000d40020ff0d40fd9fd20000b0f2210080d2220080d2e30180d2840080d2020000d4c01881d20000b0f2810080d2820080d2c30080d2640080d2020000d4e04e88d20080b0f2c10080d2a20180d2030180d2840080d2020000d40000681e0014007f007008d5e0328dd200a0b0f2e10080d2020180d2e30180d2e40080d2020000d400f4a00e"}}, @irq_setup={0x46, 0x18, {0x2, 0x1b0}}, @mrs={0xbe, 0x18, {0x603000000013defc}}, @mrs={0xbe, 0x18, {0x6030000000138045}}, @irq_setup={0x46, 0x18, {0x4, 0x1c9}}, @msr={0x14, 0x20, {0x603000000013df12, 0x80000001}}, @svc={0x122, 0x40, {0xc4000004, [0x9, 0x1ff, 0x8, 0x8, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013def9}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x1, 0x3, 0x80000001, 0x10, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013f290}}, @irq_setup={0x46, 0x18, {0x2, 0x1bc}}, @hvc={0x32, 0x40, {0xc4000004, [0x8000, 0x7fffffff, 0xffffffffffffff17, 0xd, 0x3b]}}, @hvc={0x32, 0x40, {0x0, [0x672ee50d, 0x400, 0xaa5, 0x100, 0x66]}}, @svc={0x122, 0x40, {0x8400000b, [0x3da, 0x8000000000000000, 0x4, 0x4, 0x5]}}, @msr={0x14, 0x20, {0x603000000013e08c, 0x1}}], 0x364}, &(0x7f0000000680)=[@featur2={0x1, 0x50}], 0x1)
ioctl$KVM_DIRTY_TLB(r3, 0x4010aeaa, &(0x7f00000006c0)={0x7, 0x60000})
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x29)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000740)=@attr_other={0x0, 0x8, 0x7790, &(0x7f0000000700)=0x1ff}) (async)
ioctl$KVM_PRE_FAULT_MEMORY(r1, 0xc040aed5, &(0x7f0000000780)={0xeeef0000, 0x1d000}) (async)
ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f00000007c0)={0x3, [0x9, 0x7, 0x3ff]}) (async)
ioctl$KVM_PRE_FAULT_MEMORY(r1, 0xc040aed5, &(0x7f0000000800)={0xffff1000}) (async)
r5 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece)
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000880)=@attr_other={0x0, 0x3, 0x8, &(0x7f0000000840)=0x100000001})
r6 = ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000008c0)={0x1})
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) (async)
r8 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_GET_DEVICE_ATTR_vm(r8, 0x4018aee2, &(0x7f0000000940)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000900)={0x6, 0x960}}) (async)
ioctl$KVM_ARM_VCPU_FINALIZE(r8, 0x4004aec2, &(0x7f0000000980)=0x3)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r8, 0x4208ae9b, &(0x7f00000009c0)={0x0, 0x0, {[0x2f, 0x1, 0x2, 0x291, 0x5, 0x1, 0xfffffffffffffffb, 0x7f, 0x5, 0x1000, 0x0, 0x6, 0x5, 0xfff, 0x0, 0xffffffffffffff63], [0x8, 0x5, 0x2, 0x81, 0x2, 0x80000001, 0x45, 0x5, 0x6, 0x81, 0x9, 0x5a4, 0x200, 0x8, 0x4, 0xc4ba], [0x2, 0x800, 0x5, 0xfffffffffffffffd, 0x5, 0x1000, 0x0, 0xb600000, 0x6, 0x1200000, 0x5f, 0x6, 0x3, 0xd, 0x7, 0x1], [0xffffffffffffffff, 0x1, 0xfff, 0x2bdc, 0x3, 0x7fff, 0x4, 0xca63, 0xfffffffffffffeff, 0xc2, 0x4a7, 0xff, 0x4, 0xfadc, 0x19c65594, 0xfffffffffffffb5f]}}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c00), 0xa0800, 0x0) (async)
ioctl$KVM_GET_REG_LIST(r5, 0xc008aeb0, &(0x7f0000000c40)={0x5, [0x10, 0x101, 0x5, 0x100000001, 0x3]})
r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001340)={0x0, &(0x7f0000000c80)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x3}}, @code={0xa, 0x6c, {"0024c09a008008d5e003007a0048215e0034005f0094007fa08286d200a0b0f2610080d2420080d2c30180d2040080d2020000d40000ae9e008008d5c0b799d20020b8f2c10180d2a20080d2e30180d2e40080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x3, 0x6, 0x3, 0x9b, 0x2}}, @irq_setup={0x46, 0x18, {0x1, 0x38c}}, @hvc={0x32, 0x40, {0xc4000010, [0xffffffffffffff81, 0x6, 0x6, 0x9, 0x4]}}, @irq_setup={0x46, 0x18, {0x3, 0x385}}, @eret={0xe6, 0x18, 0xf08b}, @svc={0x122, 0x40, {0x6000000, [0x616, 0x9, 0x7, 0x100000000, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013c662}}, @msr={0x14, 0x20, {0x603000000013df56, 0xdf50}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0xc9}}, @code={0xa, 0xb4, {"007008d5201d87d20000b0f2410180d2820180d2a30080d2040180d2020000d400949fd200c0b8f2410180d2a20180d2a30180d2040080d2020000d40000400de0d29dd200a0b0f2a10180d2620080d2e30080d2240080d2020000d4e03f9ed20000b0f2010180d2820180d2230180d2440080d2020000d40004007c000028d5007008d560159bd20080b8f2e10180d2c20180d2430180d2640180d2020000d4"}}, @smc={0x1e, 0x40, {0x8400000c, [0x2, 0x1, 0x9, 0xfffffffeffffffff, 0x4]}}, @code={0xa, 0x6c, {"007008d5007008d5602693d20040b8f2810080d2020080d2c30180d2440080d2020000d4007008d5007008d5007008d5008008d5e0039fd6604a94d200e0b8f2610180d2c20080d2e30180d2240180d2020000d4007008d5"}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x1, 0x5, 0x0, 0x10001, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x0, 0x200, 0xf}}, @code={0xa, 0x9c, {"008008d5000008d5807782d20020b0f2e10080d2220080d2830080d2440080d2020000d4a08c8ed20020b8f2810180d2c20080d2a30080d2c40080d2020000d4007008d5e0c782d200a0b0f2e10080d2c20080d2c30080d2040080d2020000d400ab88d200e0b0f2e10080d2a20180d2830180d2640180d2020000d4007008d5000c007c008008d5"}}, @eret={0xe6, 0x18, 0xf54}, @svc={0x122, 0x40, {0xc4000004, [0xffffffffffffffff, 0x401, 0x1, 0x7fffffff, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0xb6d0}}, @uexit={0x0, 0x18, 0x4}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x187}}, @code={0xa, 0x84, {"20f895d200a0b8f2e10080d2420180d2a30180d2c40080d2020000d4000040780000803d008a86d200a0b0f2210080d2220180d2a30180d2240180d2020000d4000008d5008008d5e00481d200a0b0f2010080d2220180d2e30080d2840180d2020000d4008008d5000028d5007008d5"}}, @code={0xa, 0x9c, {"00c8215e008008d5e0b786d200e0b8f2010080d2620080d2030180d2e40180d2020000d420c183d20060b0f2810180d2420080d2830080d2840080d2020000d4605b8fd200c0b8f2810080d2a20080d2030180d2240080d2020000d4000008d50000189e20159bd20040b8f2a10180d2420080d2230180d2040080d2020000d4007008d50038601e"}}, @uexit={0x0, 0x18, 0xb}, @uexit={0x0, 0x18, 0x8}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x265}}, @smc={0x1e, 0x40, {0x32000000, [0x5, 0x710, 0x8, 0x3, 0x2]}}], 0x6c0}, &(0x7f0000001380)=[@featur2={0x1, 0x82}], 0x1)
ioctl$KVM_GET_REG_LIST(r9, 0xc008aeb0, &(0x7f00000013c0)={0x3, [0xfffffffffffffffa, 0xfffffffffffffffd, 0x6]}) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000001400)={0x9d, 0x8001})
ioctl$KVM_S390_VCPU_FAULT(r7, 0x4008ae52, &(0x7f0000001440)=0xffffffff)

14m40.790395377s ago: executing program 7 (id=236):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x8800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2f)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xb2)
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r7 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x300, &(0x7f0000000080)=0x4})
r8 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r9, 0x603000000013df11, 0x8000)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = eventfd2(0x5, 0x80001)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x28)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r15, 0xc018ae85, 0x0)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r12})
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f0000000180)={0x5000})
r16 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r16, 0xae80, 0x0)

14m20.131704008s ago: executing program 8 (id=228):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x101c01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f00000000c0)={0xeeee8000, 0x8000}) (async)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x9) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x8, 0x4, &(0x7f0000000040)=0x101})

13m57.782130407s ago: executing program 8 (id=237):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x7})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r1, 0x1000014, 0x5c1fd1b6565d2f2, r7, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r7, 0x4004ae8b, &(0x7f00000000c0)=ANY=[])

13m55.302542055s ago: executing program 7 (id=238):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
close(r1)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r7 = syz_kvm_vgic_v3_setup(r5, 0x3, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x4, &(0x7f0000000000)=0x4})
r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x3, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000e8a000/0x1000)=nil, r9, 0x1000009, 0x10, r10, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20800, 0x0)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r12, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)

13m34.899042696s ago: executing program 8 (id=239):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r6=>0xffffffffffffffff})
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
eventfd2(0xfe3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0})

13m24.990414046s ago: executing program 7 (id=240):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0xc4000012, [0x9, 0x6, 0xe, 0x7fff, 0xffff]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x0, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x78, 0x100000000, 0xb}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x2, 0x0, 0x73, 0x9}}, @hvc={0x32, 0x40, {0x80000000, [0x7fffffff, 0x0, 0x10001, 0x0, 0x2]}}], 0x108}, &(0x7f0000000180)=[@featur2={0x1, 0x80}], 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f00000001c0)=@arm64={0xf5, 0x80, 0x8, '\x00', 0x6})
mmap$KVM_VCPU(&(0x7f0000003000/0x2000)=nil, 0x0, 0x2, 0x10, r0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f0000000240)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000200)=0x1b})
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000280)={0x4, 0x0, 0xdddd1000, 0x2000, &(0x7f0000004000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x10003, 0x2, 0xeeee0000, 0x2000, &(0x7f0000003000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000004000/0x2000)=nil})
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000340)={0x296, 0x9})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000400)={0x0, &(0x7f0000000380)=[@irq_setup={0x46, 0x18, {0x3, 0xf7}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x18, 0xffffffffffffaef7, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x0, 0x3, 0xdada, 0xf62b}}], 0x70}, &(0x7f0000000440)=[@featur2={0x1, 0xa}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000480)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x42})
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x38)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f00000004c0)={0x7, 0x9})
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000540)=@arm64_fw={0x6030000000140001, &(0x7f0000000500)=0xffffffffffffff23})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x204080, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
ioctl$KVM_DIRTY_TLB(r5, 0x4010aeaa, &(0x7f00000005c0)={0x8, 0x9})
ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000600)={0x80a0000, 0x11000})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x149000, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000680)={0xdf, 0x0, 0x2e000})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f0000000700)={0x43, "e3a5e06ae5bb285f7dde221abb3f186df05ac9da9b7422c7a6a4c63f74a73f88e2a56382afa426d81b5002aa4bf8deb5cb357532e4613441c2e21c7e768b59e2081d90"})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000780)={0x2, 0x54})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000007c0)={0x5, <r7=>0xffffffffffffffff, 0x1})
close(r7)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x3e)
ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f0000000800)={0xb, 0x3})

13m13.415378522s ago: executing program 8 (id=241):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3}}], 0x68}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r7, 0xc008aeb0, &(0x7f0000000380)={0x20000135})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r12 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r11, 0x3, 0x11, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r12, 0xfffffffffffffffe)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r12, 0xffffffffffffffff)

13m10.021553981s ago: executing program 7 (id=242):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x6243, 0x5}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x40305839, &(0x7f0000000040)=@attr_other={0x1000000, 0xab, 0x7f, &(0x7f0000000240)=0x5})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x25)
ioctl$KVM_CLEAR_DIRTY_LOG(r8, 0xc018aec0, &(0x7f0000000000)={0x10201, 0x340, 0x340, &(0x7f0000000080)=[0x9, 0x4, 0x1d5, 0xcb3, 0xfffffffffffffff8, 0x1000, 0x7, 0x2, 0x95, 0xffffffffffffffff, 0x9, 0x2e42e2a1, 0x0, 0x6, 0x4, 0x8000, 0x5, 0xff, 0xa92, 0x1, 0x8, 0x5, 0x359a8871, 0x5, 0x8b, 0x8312, 0x50, 0x7fff, 0x9, 0x5c9, 0x6, 0x200, 0x7, 0x401, 0x0, 0x1, 0x1, 0x7, 0x8, 0x0, 0x4000e6e, 0x9, 0x3, 0x1, 0x6be, 0xc1, 0x5, 0x100, 0x7, 0x3, 0x1, 0x2, 0x8001, 0xffffffffffffff81, 0x6, 0xfff, 0xd6, 0x80, 0x7, 0x8000, 0x4cc, 0x4, 0x7fff, 0x4, 0x100, 0x3, 0xfffffffffffffec2, 0x7f, 0x41, 0x4, 0x6, 0x8, 0x3, 0xfffffffffffffff9, 0x7, 0x9b8, 0x2, 0x10, 0x3, 0x7, 0x9, 0x8001000000000, 0x0, 0x4, 0x2737, 0x8, 0x775, 0x6, 0x5dc, 0x6, 0x6, 0x80000001, 0x4, 0x1, 0x2, 0x8, 0xffffffffffffff00, 0x7f, 0x42, 0x3a9b, 0x6, 0x6, 0x800005, 0x8, 0x4800000000000, 0xfffffffffffffffb, 0x3, 0x9, 0x10000, 0x1, 0x9, 0x80000001, 0x3, 0x28, 0x6, 0x9c, 0x8, 0xffffffff, 0x6, 0x0, 0x4, 0x0, 0x4, 0x7, 0x0, 0x5, 0x7, 0x4]})

12m25.256760286s ago: executing program 39 (id=241):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3}}], 0x68}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r7, 0xc008aeb0, &(0x7f0000000380)={0x20000135})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r12 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r11, 0x3, 0x11, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r12, 0xfffffffffffffffe)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r12, 0xffffffffffffffff)

12m17.48674066s ago: executing program 40 (id=242):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x6243, 0x5}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x40305839, &(0x7f0000000040)=@attr_other={0x1000000, 0xab, 0x7f, &(0x7f0000000240)=0x5})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x25)
ioctl$KVM_CLEAR_DIRTY_LOG(r8, 0xc018aec0, &(0x7f0000000000)={0x10201, 0x340, 0x340, &(0x7f0000000080)=[0x9, 0x4, 0x1d5, 0xcb3, 0xfffffffffffffff8, 0x1000, 0x7, 0x2, 0x95, 0xffffffffffffffff, 0x9, 0x2e42e2a1, 0x0, 0x6, 0x4, 0x8000, 0x5, 0xff, 0xa92, 0x1, 0x8, 0x5, 0x359a8871, 0x5, 0x8b, 0x8312, 0x50, 0x7fff, 0x9, 0x5c9, 0x6, 0x200, 0x7, 0x401, 0x0, 0x1, 0x1, 0x7, 0x8, 0x0, 0x4000e6e, 0x9, 0x3, 0x1, 0x6be, 0xc1, 0x5, 0x100, 0x7, 0x3, 0x1, 0x2, 0x8001, 0xffffffffffffff81, 0x6, 0xfff, 0xd6, 0x80, 0x7, 0x8000, 0x4cc, 0x4, 0x7fff, 0x4, 0x100, 0x3, 0xfffffffffffffec2, 0x7f, 0x41, 0x4, 0x6, 0x8, 0x3, 0xfffffffffffffff9, 0x7, 0x9b8, 0x2, 0x10, 0x3, 0x7, 0x9, 0x8001000000000, 0x0, 0x4, 0x2737, 0x8, 0x775, 0x6, 0x5dc, 0x6, 0x6, 0x80000001, 0x4, 0x1, 0x2, 0x8, 0xffffffffffffff00, 0x7f, 0x42, 0x3a9b, 0x6, 0x6, 0x800005, 0x8, 0x4800000000000, 0xfffffffffffffffb, 0x3, 0x9, 0x10000, 0x1, 0x9, 0x80000001, 0x3, 0x28, 0x6, 0x9c, 0x8, 0xffffffff, 0x6, 0x0, 0x4, 0x0, 0x4, 0x7, 0x0, 0x5, 0x7, 0x4]})

2m50.631112592s ago: executing program 9 (id=243):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454cd, 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x40480, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000f7e000/0x3000)=nil, r4, 0x9, 0x13, r5, 0x0)
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000000)={0x0, &(0x7f0000000400)=[@hvc={0x32, 0x40, {0x84000053, [0x8, 0x8, 0x1, 0x8, 0x100]}}], 0x40}, 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r9, 0x5761, 0x2000001c)
r10 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000003c0)=[@hvc={0x32, 0x40, {0x86000001, [0xc, 0x5, 0x2, 0xfffffffffffffffc, 0x52]}}], 0xffffffb5}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x302, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = eventfd2(0x8, 0x80800)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xeeef0000, 0x0, r13})
ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f0000000000)={0x800, 0x2000, 0x0, r13, 0xe})

2m49.038643189s ago: executing program 0 (id=245):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c00b}}], 0x18}, 0x0, 0x0)
r4 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
r5 = eventfd2(0x1, 0x800)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000080)=@arm64_ccsidr={0x6020000000110007, &(0x7f0000000040)=0x81})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r4, 0x8, 0x1, r5})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m30.629557075s ago: executing program 0 (id=246):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, 0x0}, 0x0, 0x5d)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="4600000000000000180000000000000001000000a0"], 0x18}], 0x1, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_GET_STATS_FD_vm(r5, 0xaece)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x13)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}})
r12 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r11, r6, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a0000000000000084000000000000000000809ae05593d200e0b8f2610080d2820080d2630180d2240180d2020000d40001000f40a297d20060b8f2a10180d2e20080d2a30080d2640080d2020000d400f8b07e0074202e0000ff0d008008d5000020caa08789d20020b0f2c10180d2820180d2c30180d2040080d2020000d4c0035fd6"], 0x84}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x1001, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}})
ioctl$KVM_CREATE_VM(r7, 0xae01, 0xffffffffffeffffe)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x82203, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)

2m26.843499006s ago: executing program 9 (id=247):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x403, 0x0)
r3 = eventfd2(0x6, 0x800)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000280)={r3, 0x9})
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000140)={r3, 0x74, 0x2, r3})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
close(r9)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8})
ioctl$KVM_GET_DEVICE_ATTR_vm(r9, 0x4018aee2, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r10 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x4, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000180)=0x40})
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x8})
ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000200)={0xdddd1000, 0x0, 0xfffffffc, 0x1, 0x7})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f0000000080)={0xb6, 0x0, 0x5})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)

2m3.396816426s ago: executing program 0 (id=248):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4360ae82, &(0x7f00000000c0)={[0xa9, 0x2, 0x3, 0x401, 0x1, 0x2, 0xffffffffffff6eab, 0x1, 0x8, 0x9, 0x5, 0x7f, 0x0, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff], 0x10000, 0x40})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000004, 0x2010, 0xffffffffffffffff, 0x0)

1m55.623838309s ago: executing program 9 (id=249):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x3, 0xfffffffd}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x3, 0xa0)
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x2000000000001}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m45.869405385s ago: executing program 0 (id=250):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r1 = eventfd2(0x2, 0x80000)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x0, 0x2}})
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1m32.450014901s ago: executing program 9 (id=251):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$eventfd(0xffffffffffffffff, 0x0, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3}) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x4010aeb5, &(0x7f00000000c0)={0x100, 0x8000}) (async)
r6 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m29.232019416s ago: executing program 0 (id=252):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x0, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000080)=@arm64)
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x8400000a, [0x74a, 0x939, 0xe, 0x9, 0x4]}}], 0x40}, &(0x7f0000000080)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m12.249943601s ago: executing program 9 (id=253):
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f00000001c0), 0x200002, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x20000000)
close(r3) (async)
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0xfffffffffffffec6) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r6, 0x541b, 0x10000000000000) (async)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000160003, &(0x7f0000000000)=0x8}) (async)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, 0x0, 0x2000003, 0x80010, 0xffffffffffffffff, 0x0) (async, rerun: 64)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async, rerun: 64)
r11 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0) (async)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x2c) (async)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) (async)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x8800, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x2f)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r15, 0x4008ae73, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xfffffffffffffff4) (async, rerun: 64)
r16 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r13, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (rerun: 64)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r16, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)

1m6.55058228s ago: executing program 0 (id=254):
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x0, 0x300000b, 0x40010, 0xffffffffffffffff, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x22500, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x10002, 0x2, 0x1, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xb)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0x0, &(0x7f0000000380), 0x410440, 0x0) (async, rerun: 32)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x23) (rerun: 32)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="46000000000000001800000000000000fdffffff39020000b5d250015185962f3da28abc8fc581ee0008054111a7dbcfc8791256da1ce72d133a4cadc03589cc45cac1ec1b278322910a39d151d0484409bcd1fbd6f28a483add68f481e54b61dc376cb60c3c6b29dae4ebb575332618c092ef133d1a43423ef37159c03bd231e2c5fd9c29ac30e8069b2111dd82766356a43dfc2c36c931018bd6391a57ca17e5749b6b90e58fc3b8daa257b5c9e0847f19d8e2155b412283d189428ae2923c6fd5f4a2049ade076f3ff6c2bed0d960354d89025ce5e02393d6c98a23d29aa225ce7c240596388941f43b16"], 0x18}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x180) (async, rerun: 32)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async, rerun: 32)
r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000580)=0x10001})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3000000000000008) (async)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async, rerun: 32)
r12 = eventfd2(0x8, 0x80800) (rerun: 32)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r12, 0x2}) (async, rerun: 64)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000340)={0x8000, 0x0, 0x4, r12, 0x3}) (async, rerun: 64)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r11, 0x4010ae74, &(0x7f0000000100)={0x3, 0x7f, 0xfffd})

51.556849309s ago: executing program 9 (id=255):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r4, 0x4018aee3, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x3})
syz_kvm_setup_cpu$arm64(r2, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6e0000000000000030000000000000000000000800000000100f000000000000f953000000000000020000000000000014000000f9680000200000000000000068df130000003060810000000000000014000000000000002000000000000000e1dc1300000030600900000000000000e60000000000000018000000000000001b000000000000001400000000000000200000000000000010e7130000003060fcffffffffffffff14000000000000002000000000000000e9de130000003060000000000000000000000000000000001800000000000000ff0300000000000014000000000000002000000000000000dea013000000306000020000000000007500000000000000280000000000000003000000000000000100000000000000780100000000000046000000000000001800000000000000030000001f0100006e0000000000000030000000000000000000000800000000000400000000000009000000000000000400000000000000aa0000000000000028000000000000000400030000000f00000007000000ffffff7f0200000000000000000000000000180080000000000000000000000000fe22010000000000004000000000000000070000c400000000000000000000000002000000000000000500000000000000070000000000000001000000000000008200000000000000280000000000000000000000000000000300000000000000d401000000000000"], 0x218}], 0x1, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x90}], 0x1)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2e)
r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x4})
r11 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r12 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r12})
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r11, 0x4010ae74, &(0x7f0000000400)={0x80, 0x9, 0x3})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x7})
r14 = ioctl$KVM_GET_STATS_FD_vm(r5, 0xaece)
ioctl$KVM_CHECK_EXTENSION(r14, 0xae03, 0x0)

18.417398516s ago: executing program 41 (id=254):
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x0, 0x300000b, 0x40010, 0xffffffffffffffff, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x22500, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x10002, 0x2, 0x1, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xb)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0x0, &(0x7f0000000380), 0x410440, 0x0) (async, rerun: 32)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x23) (rerun: 32)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="46000000000000001800000000000000fdffffff39020000b5d250015185962f3da28abc8fc581ee0008054111a7dbcfc8791256da1ce72d133a4cadc03589cc45cac1ec1b278322910a39d151d0484409bcd1fbd6f28a483add68f481e54b61dc376cb60c3c6b29dae4ebb575332618c092ef133d1a43423ef37159c03bd231e2c5fd9c29ac30e8069b2111dd82766356a43dfc2c36c931018bd6391a57ca17e5749b6b90e58fc3b8daa257b5c9e0847f19d8e2155b412283d189428ae2923c6fd5f4a2049ade076f3ff6c2bed0d960354d89025ce5e02393d6c98a23d29aa225ce7c240596388941f43b16"], 0x18}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x180) (async, rerun: 32)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async, rerun: 32)
r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000580)=0x10001})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3000000000000008) (async)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async, rerun: 32)
r12 = eventfd2(0x8, 0x80800) (rerun: 32)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r12, 0x2}) (async, rerun: 64)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000340)={0x8000, 0x0, 0x4, r12, 0x3}) (async, rerun: 64)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r11, 0x4010ae74, &(0x7f0000000100)={0x3, 0x7f, 0xfffd})

0s ago: executing program 42 (id=255):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r4, 0x4018aee3, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x3})
syz_kvm_setup_cpu$arm64(r2, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6e0000000000000030000000000000000000000800000000100f000000000000f953000000000000020000000000000014000000f9680000200000000000000068df130000003060810000000000000014000000000000002000000000000000e1dc1300000030600900000000000000e60000000000000018000000000000001b000000000000001400000000000000200000000000000010e7130000003060fcffffffffffffff14000000000000002000000000000000e9de130000003060000000000000000000000000000000001800000000000000ff0300000000000014000000000000002000000000000000dea013000000306000020000000000007500000000000000280000000000000003000000000000000100000000000000780100000000000046000000000000001800000000000000030000001f0100006e0000000000000030000000000000000000000800000000000400000000000009000000000000000400000000000000aa0000000000000028000000000000000400030000000f00000007000000ffffff7f0200000000000000000000000000180080000000000000000000000000fe22010000000000004000000000000000070000c400000000000000000000000002000000000000000500000000000000070000000000000001000000000000008200000000000000280000000000000000000000000000000300000000000000d401000000000000"], 0x218}], 0x1, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x90}], 0x1)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2e)
r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x4})
r11 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r12 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r12})
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r11, 0x4010ae74, &(0x7f0000000400)={0x80, 0x9, 0x3})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x7})
r14 = ioctl$KVM_GET_STATS_FD_vm(r5, 0xaece)
ioctl$KVM_CHECK_EXTENSION(r14, 0xae03, 0x0)

kernel console output (not intermixed with test programs):

[  380.153271][ T3150] 8021q: adding VLAN 0 to HW filter on device bond0
[  415.504098][ T3150] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:35059' (ED25519) to the list of known hosts.
[  590.677362][   T25] audit: type=1400 audit(589.910:60): avc:  denied  { name_bind } for  pid=3308 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  591.725912][   T25] audit: type=1400 audit(590.980:61): avc:  denied  { execute } for  pid=3309 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  591.745989][   T25] audit: type=1400 audit(591.000:62): avc:  denied  { execute_no_trans } for  pid=3309 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  614.153805][   T25] audit: type=1400 audit(613.400:63): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  614.186367][   T25] audit: type=1400 audit(613.440:64): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  614.279783][ T3309] cgroup: Unknown subsys name 'net'
[  614.352347][   T25] audit: type=1400 audit(613.600:65): avc:  denied  { unmount } for  pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  614.732640][ T3309] cgroup: Unknown subsys name 'cpuset'
[  614.834864][ T3309] cgroup: Unknown subsys name 'rlimit'
[  615.748632][   T25] audit: type=1400 audit(615.000:66): avc:  denied  { setattr } for  pid=3309 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  615.775309][   T25] audit: type=1400 audit(615.020:67): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  615.793246][   T25] audit: type=1400 audit(615.040:68): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  616.956535][ T3312] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  616.975887][   T25] audit: type=1400 audit(616.220:69): avc:  denied  { relabelto } for  pid=3312 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  617.000239][   T25] audit: type=1400 audit(616.250:70): avc:  denied  { write } for  pid=3312 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  617.178237][   T25] audit: type=1400 audit(616.430:71): avc:  denied  { read } for  pid=3309 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  617.198709][   T25] audit: type=1400 audit(616.450:72): avc:  denied  { open } for  pid=3309 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  617.246517][ T3309] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  667.422754][   T25] audit: type=1400 audit(666.670:73): avc:  denied  { execmem } for  pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  671.972288][   T25] audit: type=1400 audit(671.210:74): avc:  denied  { read } for  pid=3315 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  672.009838][   T25] audit: type=1400 audit(671.260:75): avc:  denied  { open } for  pid=3315 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  672.086715][   T25] audit: type=1400 audit(671.340:76): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  672.372536][   T25] audit: type=1400 audit(671.600:77): avc:  denied  { module_request } for  pid=3315 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  673.494944][   T25] audit: type=1400 audit(672.720:78): avc:  denied  { sys_module } for  pid=3315 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  698.602278][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  699.055914][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  699.149027][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  699.722489][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  714.854975][ T3315] hsr_slave_0: entered promiscuous mode
[  714.882472][ T3315] hsr_slave_1: entered promiscuous mode
[  715.955133][ T3316] hsr_slave_0: entered promiscuous mode
[  715.988733][ T3316] hsr_slave_1: entered promiscuous mode
[  716.023960][ T3316] debugfs: 'hsr0' already exists in 'hsr'
[  716.028038][ T3316] Cannot create hsr debugfs directory
[  721.298754][   T25] audit: type=1400 audit(720.550:79): avc:  denied  { create } for  pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  721.332651][   T25] audit: type=1400 audit(720.570:80): avc:  denied  { write } for  pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  721.393161][   T25] audit: type=1400 audit(720.630:81): avc:  denied  { read } for  pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  721.509844][ T3315] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  721.867052][ T3315] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  722.140181][ T3315] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  722.528098][ T3315] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  723.997188][ T3316] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  724.185483][ T3316] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  724.328246][ T3316] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  724.495729][ T3316] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  736.965461][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0
[  738.929237][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0
[  794.769933][ T3315] veth0_vlan: entered promiscuous mode
[  795.226543][ T3315] veth1_vlan: entered promiscuous mode
[  797.048189][ T3316] veth0_vlan: entered promiscuous mode
[  797.567734][ T3315] veth0_macvtap: entered promiscuous mode
[  797.845497][ T3316] veth1_vlan: entered promiscuous mode
[  798.066853][ T3315] veth1_macvtap: entered promiscuous mode
[  800.284130][ T3282] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  800.293475][ T3282] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  800.297226][ T3282] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  800.303704][ T3282] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  800.346738][ T3316] veth0_macvtap: entered promiscuous mode
[  800.763040][ T3316] veth1_macvtap: entered promiscuous mode
[  802.999716][   T25] audit: type=1400 audit(802.250:82): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  803.286117][   T25] audit: type=1400 audit(802.510:83): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/syzkaller.8CkmxQ/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  803.427232][   T25] audit: type=1400 audit(802.680:84): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  803.548962][   T50] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  803.556756][   T50] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  803.573438][   T50] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  803.584163][   T50] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  803.729955][   T25] audit: type=1400 audit(802.980:85): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/syzkaller.8CkmxQ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  803.837513][   T25] audit: type=1400 audit(803.090:86): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/syzkaller.8CkmxQ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3769 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  804.543571][   T25] audit: type=1400 audit(803.790:87): avc:  denied  { unmount } for  pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  804.820122][   T25] audit: type=1400 audit(804.060:88): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  804.949800][   T25] audit: type=1400 audit(804.200:89): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="gadgetfs" ino=3782 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  805.379160][   T25] audit: type=1400 audit(804.630:90): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  805.452420][   T25] audit: type=1400 audit(804.670:91): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  806.445304][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  815.224476][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  815.234158][   T25] audit: type=1400 audit(814.470:96): avc:  denied  { append } for  pid=3466 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  815.347279][   T25] audit: type=1400 audit(814.520:97): avc:  denied  { open } for  pid=3466 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  815.826258][   T25] audit: type=1400 audit(815.080:98): avc:  denied  { ioctl } for  pid=3466 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  816.492665][   T25] audit: type=1400 audit(815.740:99): avc:  denied  { read } for  pid=3466 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  817.513631][   T25] audit: type=1400 audit(816.750:100): avc:  denied  { write } for  pid=3466 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  830.261602][   T25] audit: type=1400 audit(829.410:101): avc:  denied  { execute } for  pid=3475 comm="syz.0.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4005 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  852.313870][   T25] audit: type=1400 audit(851.560:102): avc:  denied  { map } for  pid=3479 comm="syz.0.5" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  873.037463][ T3495] kvm [3495]: Failed to find VMA for hva 0x21016000
[  896.799438][   T25] audit: type=1400 audit(896.050:103): avc:  denied  { execute } for  pid=3504 comm="syz.1.13" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  905.601914][   T25] audit: type=1400 audit(904.840:104): avc:  denied  { setattr } for  pid=3511 comm="syz.1.16" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1010.869916][ T3584] kvm [3584]: Failed to find VMA for hva 0x21016000
[ 1272.862731][ T3667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1273.140347][ T3667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1283.455593][ T3674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1284.124175][ T3674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1296.879298][ T3667] hsr_slave_0: entered promiscuous mode
[ 1296.935499][ T3667] hsr_slave_1: entered promiscuous mode
[ 1297.003897][ T3667] debugfs: 'hsr0' already exists in 'hsr'
[ 1297.023714][ T3667] Cannot create hsr debugfs directory
[ 1310.535568][ T3674] hsr_slave_0: entered promiscuous mode
[ 1310.607517][ T3674] hsr_slave_1: entered promiscuous mode
[ 1310.628826][ T3674] debugfs: 'hsr0' already exists in 'hsr'
[ 1310.662135][ T3674] Cannot create hsr debugfs directory
[ 1314.188875][ T3667] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1314.569701][ T3667] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1314.918715][ T3667] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1315.279888][ T3667] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1329.454585][ T3674] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1329.846644][ T3674] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1330.248551][ T3674] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1330.687274][ T3674] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1346.939820][ T3739] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1347.910077][ T3739] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1348.976203][ T3739] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1350.125647][ T3739] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1351.849367][ T3667] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1363.744240][ T3739] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1364.023710][ T3739] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1364.177388][ T3739] bond0 (unregistering): Released all slaves
[ 1366.745016][ T3739] hsr_slave_0: left promiscuous mode
[ 1367.001228][ T3739] hsr_slave_1: left promiscuous mode
[ 1367.766235][ T3739] veth1_macvtap: left promiscuous mode
[ 1367.844587][ T3739] veth0_macvtap: left promiscuous mode
[ 1367.853676][ T3739] veth1_vlan: left promiscuous mode
[ 1367.855717][ T3739] veth0_vlan: left promiscuous mode
[ 1390.388368][ T3674] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1392.018572][ T3739] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1393.397027][ T3739] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1394.604416][ T3739] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1396.006962][ T3739] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1413.685325][ T3739] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1413.835632][ T3739] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1413.959615][ T3739] bond0 (unregistering): Released all slaves
[ 1415.532584][ T3739] hsr_slave_0: left promiscuous mode
[ 1415.928600][ T3739] hsr_slave_1: left promiscuous mode
[ 1416.631641][ T3739] veth1_macvtap: left promiscuous mode
[ 1416.635959][ T3739] veth0_macvtap: left promiscuous mode
[ 1416.650170][ T3739] veth1_vlan: left promiscuous mode
[ 1416.684817][ T3739] veth0_vlan: left promiscuous mode
[ 1491.904548][ T3667] veth0_vlan: entered promiscuous mode
[ 1492.726765][ T3667] veth1_vlan: entered promiscuous mode
[ 1495.736593][ T3667] veth0_macvtap: entered promiscuous mode
[ 1496.205650][ T3667] veth1_macvtap: entered promiscuous mode
[ 1499.083782][ T3362] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1499.161951][ T3362] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1499.177836][ T3739] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1499.203009][ T3739] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1505.218208][ T3674] veth0_vlan: entered promiscuous mode
[ 1506.384975][ T3674] veth1_vlan: entered promiscuous mode
[ 1509.555813][ T3674] veth0_macvtap: entered promiscuous mode
[ 1510.234382][ T3674] veth1_macvtap: entered promiscuous mode
[ 1513.844397][ T3362] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1513.877974][ T3362] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1513.879223][ T3362] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1513.880032][ T3362] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1909.819715][ T3642] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1912.018434][ T3642] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1913.958089][ T3642] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1915.968663][ T3642] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1945.096730][ T3642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1945.446641][ T3642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1945.687004][ T3642] bond0 (unregistering): Released all slaves
[ 1948.314311][ T3642] hsr_slave_0: left promiscuous mode
[ 1948.468625][ T3642] hsr_slave_1: left promiscuous mode
[ 1949.419229][ T3642] veth1_macvtap: left promiscuous mode
[ 1949.462640][ T3642] veth0_macvtap: left promiscuous mode
[ 1949.473836][ T3642] veth1_vlan: left promiscuous mode
[ 1949.475360][ T3642] veth0_vlan: left promiscuous mode
[ 2040.950170][ T4125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2041.395794][ T4125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2074.889504][ T4125] hsr_slave_0: entered promiscuous mode
[ 2074.989753][ T4125] hsr_slave_1: entered promiscuous mode
[ 2089.115259][ T4125] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2089.537405][ T4125] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2089.995487][ T4125] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2090.446515][ T4125] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2117.398353][ T4172] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2119.639072][ T4172] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2121.448302][ T4172] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2123.098345][ T4172] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2140.186573][ T4172] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2140.307000][ T4172] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2140.374337][ T4172] bond0 (unregistering): Released all slaves
[ 2142.155545][ T4172] hsr_slave_0: left promiscuous mode
[ 2142.363316][ T4172] hsr_slave_1: left promiscuous mode
[ 2142.971829][ T4172] veth1_macvtap: left promiscuous mode
[ 2142.975260][ T4172] veth0_macvtap: left promiscuous mode
[ 2143.016164][ T4172] veth1_vlan: left promiscuous mode
[ 2143.046012][ T4172] veth0_vlan: left promiscuous mode
[ 2163.215335][ T4125] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2213.484002][ T4263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2213.799278][ T4263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2247.253270][ T4263] hsr_slave_0: entered promiscuous mode
[ 2247.338855][ T4263] hsr_slave_1: entered promiscuous mode
[ 2247.454178][ T4263] debugfs: 'hsr0' already exists in 'hsr'
[ 2247.473522][ T4263] Cannot create hsr debugfs directory
[ 2264.206385][ T4263] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2264.697012][ T4263] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2265.157390][ T4263] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2265.716498][ T4263] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2285.685375][ T4125] veth0_vlan: entered promiscuous mode
[ 2286.649259][ T4125] veth1_vlan: entered promiscuous mode
[ 2290.279666][ T4125] veth0_macvtap: entered promiscuous mode
[ 2290.836187][ T4125] veth1_macvtap: entered promiscuous mode
[ 2295.216499][ T3642] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2295.218002][ T3642] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2295.252372][ T3739] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2295.308922][   T50] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2304.913696][ T4263] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2387.057925][ T3757] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2388.735173][ T3757] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2390.452890][ T3757] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2392.094013][ T3757] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2418.119052][ T3757] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2418.564800][ T3757] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2418.734710][ T3757] bond0 (unregistering): Released all slaves
[ 2420.836498][ T3757] hsr_slave_0: left promiscuous mode
[ 2420.974979][ T3757] hsr_slave_1: left promiscuous mode
[ 2421.638745][ T3757] veth1_macvtap: left promiscuous mode
[ 2421.682156][ T3757] veth0_macvtap: left promiscuous mode
[ 2421.694215][ T3757] veth1_vlan: left promiscuous mode
[ 2421.712425][ T3757] veth0_vlan: left promiscuous mode
[ 2477.783347][ T4263] veth0_vlan: entered promiscuous mode
[ 2478.759344][ T4263] veth1_vlan: entered promiscuous mode
[ 2482.126487][ T4263] veth0_macvtap: entered promiscuous mode
[ 2482.675481][ T4263] veth1_macvtap: entered promiscuous mode
[ 2485.850028][ T4266] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2485.894810][ T4266] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2485.923072][   T42] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2486.034017][   T42] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2492.535525][ T4423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2493.122216][ T4423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2538.583906][ T4423] hsr_slave_0: entered promiscuous mode
[ 2538.753954][ T4423] hsr_slave_1: entered promiscuous mode
[ 2563.045846][ T4423] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2563.625488][ T4423] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2564.137636][ T4423] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2564.537853][ T4423] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2606.098603][ T4423] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2790.206622][ T4423] veth0_vlan: entered promiscuous mode
[ 2791.744690][ T4423] veth1_vlan: entered promiscuous mode
[ 2795.995327][ T4423] veth0_macvtap: entered promiscuous mode
[ 2796.709042][ T4423] veth1_macvtap: entered promiscuous mode
[ 2800.434036][ T3282] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2800.439983][ T3282] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2800.712961][ T3282] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2801.054377][ T3677] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3444.217502][   T42] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3446.793800][   T42] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3449.199037][   T42] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3451.189647][   T42] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3477.535834][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3478.018772][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3478.378668][   T42] bond0 (unregistering): Released all slaves
[ 3481.713014][   T42] hsr_slave_0: left promiscuous mode
[ 3481.796701][   T42] hsr_slave_1: left promiscuous mode
[ 3482.684523][   T42] veth1_macvtap: left promiscuous mode
[ 3482.688513][   T42] veth0_macvtap: left promiscuous mode
[ 3482.735245][   T42] veth1_vlan: left promiscuous mode
[ 3482.747757][   T42] veth0_vlan: left promiscuous mode
[ 3521.644210][   T25] audit: type=1400 audit(3520.870:105): avc:  denied  { ioctl } for  pid=5032 comm="syz.6.222" path="net:[4026532698]" dev="nsfs" ino=4026532698 ioctlcmd=0xb707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 3609.050251][ T4997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3609.638183][ T4997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3652.236567][ T4997] hsr_slave_0: entered promiscuous mode
[ 3652.407764][ T4997] hsr_slave_1: entered promiscuous mode
[ 3652.578832][ T4997] debugfs: 'hsr0' already exists in 'hsr'
[ 3652.705190][ T4997] Cannot create hsr debugfs directory
[ 3680.852217][ T3642] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3682.887529][ T3642] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3685.095094][ T3642] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3687.053251][ T3642] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3694.765558][ T4997] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 3696.145585][ T4997] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 3697.443160][ T4997] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 3709.670079][ T3642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3709.817292][ T3642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3709.953757][ T3642] bond0 (unregistering): Released all slaves
[ 3710.832332][ T4997] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 3713.225745][ T3642] hsr_slave_0: left promiscuous mode
[ 3713.602488][ T3642] hsr_slave_1: left promiscuous mode
[ 3714.481599][ T3642] veth1_macvtap: left promiscuous mode
[ 3714.493117][ T3642] veth0_macvtap: left promiscuous mode
[ 3714.515341][ T3642] veth1_vlan: left promiscuous mode
[ 3714.516938][ T3642] veth0_vlan: left promiscuous mode
[ 3772.345429][ T4997] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3802.075192][ T5107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3802.689639][ T5107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3842.287723][ T5107] hsr_slave_0: entered promiscuous mode
[ 3842.386178][ T5107] hsr_slave_1: entered promiscuous mode
[ 3865.685059][ T5107] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 3866.236264][ T5107] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 3866.797971][ T5107] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 3867.368259][ T5107] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 3903.673231][ T5107] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3939.788748][ T4997] veth0_vlan: entered promiscuous mode
[ 3941.778299][ T4997] veth1_vlan: entered promiscuous mode
[ 3948.063800][ T4997] veth0_macvtap: entered promiscuous mode
[ 3949.028011][ T4997] veth1_macvtap: entered promiscuous mode
[ 3953.074838][ T5160] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3953.194678][ T3282] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3953.208815][ T3282] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3953.263091][ T3282] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4120.209345][ T5107] veth0_vlan: entered promiscuous mode
[ 4122.136483][ T5107] veth1_vlan: entered promiscuous mode
[ 4127.517565][ T5107] veth0_macvtap: entered promiscuous mode
[ 4128.713646][ T5107] veth1_macvtap: entered promiscuous mode
[ 4134.169978][ T4172] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4134.209563][ T3283] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4134.392049][ T4452] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4134.405409][ T4452] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4317.365310][ T4172] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4320.105418][ T4172] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4322.287742][ T4172] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4324.414234][ T4172] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4355.535251][ T4172] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4355.883126][ T4172] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4356.165743][ T4172] bond0 (unregistering): Released all slaves
[ 4359.113481][ T4172] hsr_slave_0: left promiscuous mode
[ 4359.292793][ T4172] hsr_slave_1: left promiscuous mode
[ 4360.213615][ T4172] veth1_macvtap: left promiscuous mode
[ 4360.236137][ T4172] veth0_macvtap: left promiscuous mode
[ 4360.238313][ T4172] veth1_vlan: left promiscuous mode
[ 4360.239728][ T4172] veth0_vlan: left promiscuous mode
[ 4410.728286][ T4172] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4412.323883][ T4172] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4414.139531][ T4172] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4415.695150][ T4172] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4444.224536][ T4172] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4444.540059][ T4172] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4444.705894][ T4172] bond0 (unregistering): Released all slaves
[ 4449.992845][ T4172] hsr_slave_0: left promiscuous mode
[ 4450.105613][ T4172] hsr_slave_1: left promiscuous mode
[ 4451.131598][ T4172] veth1_macvtap: left promiscuous mode
[ 4451.133052][ T4172] veth0_macvtap: left promiscuous mode
[ 4451.139288][ T4172] veth1_vlan: left promiscuous mode
[ 4451.204504][ T4172] veth0_vlan: left promiscuous mode
[ 4501.903424][ T5404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4502.326337][ T5404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4512.213664][ T5409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4512.666445][ T5409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4544.576007][ T5404] hsr_slave_0: entered promiscuous mode
[ 4544.696283][ T5404] hsr_slave_1: entered promiscuous mode
[ 4555.118712][ T5409] hsr_slave_0: entered promiscuous mode
[ 4555.259579][ T5409] hsr_slave_1: entered promiscuous mode
[ 4555.316540][ T5409] debugfs: 'hsr0' already exists in 'hsr'
[ 4555.345082][ T5409] Cannot create hsr debugfs directory
[ 4573.393231][ T5404] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 4574.099921][ T5404] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 4575.743685][ T5404] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 4576.287573][ T5404] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 4601.488756][ T5409] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 4602.218435][ T5409] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 4602.757591][ T5409] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 4603.279591][ T5409] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 4622.027390][ T5404] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4642.793866][ T5409] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4793.038561][ T5409] veth0_vlan: entered promiscuous mode
[ 4794.148809][ T5409] veth1_vlan: entered promiscuous mode
[ 4798.288946][ T5409] veth0_macvtap: entered promiscuous mode
[ 4799.175188][ T5409] veth1_macvtap: entered promiscuous mode
[ 4804.826145][ T5021] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4804.926670][ T4452] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4805.029247][ T5160] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4805.053762][ T5160] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4807.084495][ T5404] veth0_vlan: entered promiscuous mode
[ 4810.165326][ T5404] veth1_vlan: entered promiscuous mode
[ 4816.687586][ T5404] veth0_macvtap: entered promiscuous mode
[ 4817.646135][ T5404] veth1_macvtap: entered promiscuous mode
[ 4823.322703][ T3739] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4823.325109][ T3739] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4823.646166][ T3739] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4823.714537][ T3739] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5168.238138][ T5722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5168.876350][ T5722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5190.266761][ T5729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5190.879159][ T5729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5233.133899][ T5722] hsr_slave_0: entered promiscuous mode
[ 5233.295606][ T5722] hsr_slave_1: entered promiscuous mode
[ 5233.482360][ T5722] debugfs: 'hsr0' already exists in 'hsr'
[ 5233.515452][ T5722] Cannot create hsr debugfs directory
[ 5260.449004][ T5729] hsr_slave_0: entered promiscuous mode
[ 5260.559016][ T5729] hsr_slave_1: entered promiscuous mode
[ 5260.728269][ T5729] debugfs: 'hsr0' already exists in 'hsr'
[ 5260.743393][ T5729] Cannot create hsr debugfs directory
[ 5307.516144][ T5722] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 5308.889723][ T5722] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 5312.532123][ T5722] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 5315.768289][ T5722] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 5333.459555][ T5729] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 5334.404165][ T5729] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 5335.364211][ T5729] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 5336.363386][ T5729] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 5373.833087][ T5722] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5390.520008][ T5729] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5406.023722][   T27] INFO: task syz.9.255:5709 blocked for more than 430 seconds.
[ 5406.037483][   T27]       Not tainted syzkaller #0
[ 5406.062085][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 5406.062870][   T27] task:syz.9.255       state:D stack:0     pid:5709  tgid:5709  ppid:5404   task_flags:0x400040 flags:0x00000019
[ 5406.064419][   T27] Call trace:
[ 5406.064970][   T27]  __switch_to+0x584/0xb20 (T)
[ 5406.067024][   T27]  __schedule+0x1eec/0x33a4
[ 5406.067593][   T27]  schedule+0xac/0x27c
[ 5406.068111][   T27]  schedule_timeout+0x5c/0x1e4
[ 5406.068564][   T27]  do_wait_for_common+0x28c/0x444
[ 5406.069090][   T27]  wait_for_completion+0x44/0x5c
[ 5406.069575][   T27]  __synchronize_srcu+0x2a4/0x320
[ 5406.070064][   T27]  synchronize_srcu+0x3cc/0x4f0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5406.243527][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 5406.244238][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 5406.244733][   T27]  kvm_vm_release+0x58/0x78
[ 5406.245251][   T27]  __fput+0x4ac/0x980
[ 5406.245707][   T27]  ____fput+0x20/0x58
[ 5406.246182][   T27]  task_work_run+0x1bc/0x254
[ 5406.246622][   T27]  do_notify_resume+0x1bc/0x270
[ 5406.247103][   T27]  el0_svc+0xb8/0x164
[ 5406.247535][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 5406.247981][   T27]  el0t_64_sync+0x198/0x19c
[ 5406.383503][   T27] 
[ 5406.383503][   T27] Showing all locks held in the system:
[ 5406.404359][   T27] 1 lock held by khungtaskd/27:
[ 5406.404970][   T27]  #0: ffff800087806858 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 5406.407644][   T27] 1 lock held by syslogd/3109:
[ 5406.408080][   T27] 2 locks held by getty/3179:
[ 5406.408439][   T27]  #0: 4af0000011d068a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 5406.410253][   T27]  #1: 75ff80008c54b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 5406.555645][   T27] 3 locks held by kworker/u4:2/3283:
[ 5406.556124][   T27] 2 locks held by syz-executor/3309:
[ 5406.556534][   T27] 2 locks held by kworker/u4:4/4172:
[ 5406.556873][   T27]  #0: ebf000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5406.558715][   T27]  #1: ffff80008e557c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5406.742652][   T27] 2 locks held by kworker/u4:6/4953:
[ 5406.743119][   T27]  #0: ebf000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5406.745071][   T27]  #1: ffff80008ff17c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5406.746926][   T27] 3 locks held by kworker/u4:14/5021:
[ 5406.747292][   T27] 3 locks held by kworker/u4:5/5160:
[ 5406.747612][   T27] 3 locks held by kworker/u4:12/5253:
[ 5406.747960][   T27] 2 locks held by kworker/u4:15/5349:
[ 5406.748309][   T27] 2 locks held by kworker/0:7/5443:
[ 5406.748699][   T27] 2 locks held by kworker/u4:3/5561:
[ 5406.749068][   T27]  #0: ebf000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5406.923684][   T27]  #1: ffff80008c9d7c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5406.925789][   T27] 3 locks held by kworker/u4:7/5581:
[ 5406.926162][   T27] 2 locks held by syz.0.254/5705:
[ 5406.926511][   T27] 3 locks held by kworker/u4:10/5825:
[ 5406.926842][   T27] 1 lock held by modprobe/5870:
[ 5406.927178][   T27] 1 lock held by modprobe/5871:
[ 5407.007032][   T27] 
[ 5407.012048][   T27] =============================================
[ 5407.012048][   T27] 
[ 5407.013042][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 5407.018367][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 5407.020070][   T27] Hardware name: linux,dummy-virt (DT)
[ 5407.021215][   T27] Call trace:
[ 5407.022178][   T27]  show_stack+0x2c/0x3c (C)
[ 5407.023306][   T27]  __dump_stack+0x30/0x40
[ 5407.024081][   T27]  dump_stack_lvl+0x30/0x12c
[ 5407.025103][   T27]  dump_stack+0x1c/0x28
[ 5407.026037][   T27]  vpanic+0x22c/0x59c
[ 5407.026955][   T27]  vpanic+0x0/0x59c
[ 5407.027824][   T27]  hung_task_panic+0x0/0x2c
[ 5407.028831][   T27]  kthread+0x794/0x9a0
[ 5407.029791][   T27]  ret_from_fork+0x10/0x20
[ 5407.031770][   T27] Kernel Offset: disabled
[ 5407.032597][   T27] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 5407.033788][   T27] Memory Limit: none
[ 5407.036215][   T27] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:19:05  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008068f0a4 X00=ffff8000800075d0 X01=0000000000000000
X02=ffff800080007600 X03=0000000000000010 X04=0000000000000003
X05=0000000000000001 X06=0000000000000000 X07=ffff800081b54a9c
X08=0000000000000000 X09=000000000000001b X10=000000000000001b
X11=0000000000000101 X12=0000000000000102 X13=0000000000000001
X14=00000000ffff8000 X15=ffff800080007708 X16=ffff800080010e20
X17=0000000000000005 X18=00000000000000ff X19=ffff800080007828
X20=ffff8000800e8e94 X21=1bf000000d9b9d80 X22=0000000000000003
X23=ffff800080007870 X24=ffff8000800078a0 X25=ffff800080007768
X26=ffff8000876b5000 X27=00000000000000ff X28=0000000000000000
X29=ffff800080007700 X30=ffff80008656d3ec  SP=ffff800080007700
PSTATE=404020c9 -Z-- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=6572207265767265:730073250a0d0a0d
Z02=742065726f6d2072:6f662064656b636f Z03=0000000000000000:00ff00ff00000000
Z04=0000000000000000:000000000f0f0000 Z05=726f6d20726f6620:64656b636f6c6220
Z06=203a29315f657661:6c735f646e6f6220 Z07=206e612073612067:6e6976616c736e45
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffebad0900:0000ffffebad0900 Z17=ffffff80ffffffd8:0000ffffebad08d0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000