last executing test programs:

35m42.180825737s ago: executing program 1 (id=62):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur2={0x1, 0x12}], 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, 0xffffffffffffffff) (async)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x8, 0x40, &(0x7f0000000140)=0x2}) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2a0040, 0x0) (async)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_assert_reg(r17, 0x603000000013c4f1, 0x8000) (async)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r17, 0x4018aee3, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r18, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)

35m13.331083921s ago: executing program 0 (id=64):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138010, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138012, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138004, 0x8000}}, @msr={0x14, 0x20, {0x603000000013800c, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138014, 0x8000}}, @msr={0x14, 0x20, {0x603000000013801c, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138024, 0x8000}}, @msr={0x14, 0x20, {0x603000000013802c, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138005, 0x8000}}, @msr={0x14, 0x20, {0x603000000013800d, 0x8000}}], 0x140}, 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r5, 0xffffffffffffffff)
syz_kvm_assert_reg(r3, 0x6030000000138010, 0x8000)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x3, 0xa0)
r10 = eventfd2(0x6, 0x800)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000280)={r10, 0x9})
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000140)={r10, 0x74, 0x2, r10})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_assert_reg(r3, 0x6030000000138012, 0x8000)
write$eventfd(r10, &(0x7f0000000080)=0x6, 0x8)
syz_kvm_assert_reg(r3, 0x6030000000138004, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013800c, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138014, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013801c, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138024, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013802c, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138005, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013800d, 0x8000)

35m12.493312278s ago: executing program 1 (id=65):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, 0xffffffffffffffff)
r2 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x22300, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f00004e3000/0x2000)=nil, 0x930, 0xa, 0x2013, r7, 0x40000)
r8 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r8, 0xc008aeb0, &(0x7f0000000000))
ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f0000000000)={0x0, 0x15000})

35m4.431004562s ago: executing program 1 (id=66):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0x3})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x3d)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) (async)
ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, &(0x7f00000001c0)={0x1fe, 0x80, 0x280, 0x0}) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r7, 0xc008aeb0, &(0x7f0000000380)={0x20000135})
r8 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x40305839, &(0x7f0000000040)=@attr_other={0x1000000, 0xab, 0x7f, &(0x7f0000000240)=0x5}) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
r10 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r11 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) (async)
r12 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) (async)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x1a)
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r14, 0x4208ae9b, &(0x7f0000000240)={0x20003, 0x0, {[0x97ab, 0x10001, 0x3, 0xc08d, 0x8, 0xffffffff00000001, 0x3b880, 0x400, 0x5, 0xfffffffffffffffe, 0x6, 0x5, 0x2, 0x8, 0x6, 0x7fff], [0x45e1, 0x8000, 0x5d2, 0xfff, 0xbb9, 0x0, 0x8, 0xe, 0x51bb, 0x8, 0x4d681830, 0x9, 0x3, 0x10000, 0x7, 0xfffffffffffffff6], [0x80000001, 0xfffffffffffffffe, 0xa3, 0x0, 0x8, 0x81, 0x6, 0xfda8, 0x401, 0x1000000000005fd6, 0x3, 0x0, 0x40, 0x4, 0xffffffff, 0x9], [0x3, 0x6, 0xe99, 0xe, 0x9, 0x7, 0x8, 0x0, 0xb, 0x2, 0x10, 0x4, 0x9, 0x9, 0xc, 0x5]}}) (async)
ioctl$KVM_RUN(r14, 0xae80, 0x0)

35m3.916094873s ago: executing program 0 (id=67):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000100)={0x0, 0x5000, 0x0, 0xffffffffffffffff, 0xc})
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0xffffffff, 0x4, 0x0})

34m57.23945456s ago: executing program 0 (id=68):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x6)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000000)={0xddddc000, 0x102000, 0x1})
ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x81)
r1 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x10000, 0x100000, 0x1})
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x9)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000380)={0x0, &(0x7f0000000080)=[@mrs={0xbe, 0x18, {0x603000000013e208}}, @smc={0x1e, 0x40, {0x84000006, [0x7, 0x4, 0x7727d0dd, 0x88, 0x4]}}, @uexit={0x0, 0x18, 0x9}, @msr={0x14, 0x20, {0x603000000013df05, 0xffffffffffffe9b3}}, @smc={0x1e, 0x40, {0x80003fff, [0xfff, 0x2, 0x1, 0x3, 0x6]}}, @svc={0x122, 0x40, {0x84000050, [0x8000000000000001, 0x8, 0xf59, 0x70000000, 0x9]}}, @memwrite={0x6e, 0x30, @generic={0xeeee8000, 0xdbc, 0x0, 0x2}}, @msr={0x14, 0x20, {0x0, 0x2}}, @smc={0x1e, 0x40, {0x84000004, [0x354, 0x4, 0x6, 0x6c483637, 0x1]}}, @uexit={0x0, 0x18, 0xffff}, @irq_setup={0x46, 0x18, {0x0, 0x22f}}, @uexit={0x0, 0x18, 0x400}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x4, 0xb, 0xde, 0x401, 0x2}}, @uexit={0x0, 0x18, 0xfff}, @hvc={0x32, 0x40, {0x30000000, [0x4, 0x200b, 0x7, 0x4, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x280, 0x5, 0x8}}, @svc={0x122, 0x40, {0x20, [0x7f3b, 0x1, 0x7, 0x4, 0x4]}}, @irq_setup={0x46, 0x18, {0x4, 0x106}}], 0x2f0}, &(0x7f00000003c0)=[@featur2={0x1, 0x35}], 0x1)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r3, 0x4018aee2, &(0x7f0000000440)=@attr_other={0x0, 0xc, 0x10000, &(0x7f0000000400)=0xb})
r4 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bfd000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f00000004c0)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000480)=0x1d})
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000500)={r1, 0x7fff, 0x1, r1})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3e)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x101)
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000580)=@attr_other={0x0, 0x200, 0x2, &(0x7f0000000540)=0x4})
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x4)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xc)
ioctl$KVM_CAP_ARM_MTE(r6, 0x4068aea3, &(0x7f00000005c0))
ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000640)={0x1, 0x0, [{0x9, 0x3, 0x1, 0x0, @msi={0x7d261044, 0x3, 0x6, 0x80000000}}]})
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f00000006c0)=@arm64_fp={0x6040000000100074, &(0x7f0000000680)=0xe})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r5, 0x4008ae73, &(0x7f0000000700)={0x27, 0x1})
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r7, 0x4068aea3, &(0x7f0000000740)={0xdf, 0x0, 0x2000})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000c00)={0x0, &(0x7f00000007c0)=[@eret={0xe6, 0x18, 0x4}, @code={0xa, 0x84, {"007008d580d396d200a0b0f2e10080d2420080d2230080d2e40180d2020000d40070000c000008d5008008d5007008d560b687d20020b0f2610180d2e20080d2430080d2640080d2020000d4603b93d200a0b0f2610080d2c20180d2430180d2640080d2020000d4007008d50070df0c"}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @uexit={0x0, 0x18, 0x6}, @irq_setup={0x46, 0x18, {0x2, 0x32}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xb590, 0x2}}, @eret={0xe6, 0x18, 0x8000000000000001}, @mrs={0xbe, 0x18, {0x603000000013c000}}, @msr={0x14, 0x20, {0x603000000013c667, 0x9ba}}, @code={0xa, 0xb4, {"60718cd20040b8f2a10080d2020180d2030180d2040080d2020000d40088210e605f8fd200e0b8f2010180d2820080d2230080d2240180d2020000d4007008d5007008d50000001ce04882d20040b0f2c10180d2a20180d2c30080d2640180d2020000d40004c0da60ee99d200c0b0f2e10080d2c20080d2630180d2640080d2020000d4e0f89bd20000b0f2410080d2420180d2030080d2040080d2020000d4"}}, @code={0xa, 0xcc, {"0000c03d00e885d200e0b0f2a10080d2020080d2630180d2840180d2020000d4203b95d20000b0f2010180d2020080d2230080d2640180d2020000d4000000eac00192d20060b0f2e10180d2c20180d2c30080d2640080d2020000d4e0c284d200c0b8f2410080d2420180d2a30180d2a40080d2020000d4000008d50020ff0de0908ed20080b0f2610180d2c20180d2e30180d2640180d2020000d4c0e79dd20060b0f2410180d2e20080d2e30080d2040180d2020000d4"}}, @svc={0x122, 0x40, {0x5000000, [0x100000000, 0x4, 0xb, 0xbff, 0x6]}}, @irq_setup={0x46, 0x18, {0x3, 0xba}}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x40000000, [0x3ff, 0x8, 0x400, 0x9, 0x8]}}, @eret={0xe6, 0x18, 0x180000000000}, @msr={0x14, 0x20, {0x603000000013e65d}}, @uexit={0x0, 0x18, 0xc8db}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x1, 0x4, 0x400, 0x3}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x3df}}], 0x434}, &(0x7f0000000c40)=[@featur1={0x1, 0x9e}], 0x1)
r8 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x19)
syz_kvm_setup_cpu$arm64(r8, r1, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000001140)=[{0x0, &(0x7f0000000c80)=[@mrs={0xbe, 0x18, {0x603000000013c214}}, @svc={0x122, 0x40, {0xc4000001, [0x7fffffffffffffff, 0x3f83, 0x287, 0x364d]}}, @smc={0x1e, 0x40, {0x80003fff, [0xe, 0x800, 0x5, 0x400, 0x8]}}, @smc={0x1e, 0x40, {0x8600ff01, [0x8000, 0x100000000, 0xfffffffffffffffb, 0x8, 0x5]}}, @eret={0xe6, 0x18, 0x1ff}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x30}}, @svc={0x122, 0x40, {0x80, [0xa3, 0x1000, 0x40, 0x9, 0xb2]}}, @eret={0xe6, 0x18}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x1, 0xa, 0x3, 0xe2, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x0, 0xb, 0x9, 0x1, 0x1}}, @svc={0x122, 0x40, {0x86000000, [0xdd83, 0x5, 0x9563, 0x6965560b, 0xfffffffffffff801]}}, @mrs={0xbe, 0x18, {0x603000000013defb}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x80, 0xb99, 0xa}}, @code={0xa, 0x9c, {"0008207ca01991d200c0b0f2e10180d2820180d2230180d2440080d2020000d4007008d5000040a9007008d5007008d580279ad200c0b8f2410080d2a20180d2630080d2440180d2020000d480689cd20080b8f2410080d2c20180d2630080d2e40180d2020000d4c0be8cd20040b8f2010080d2420080d2c30180d2c40080d2020000d4007008d5"}}, @uexit={0x0, 0x18, 0x2}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18}, @uexit={0x0, 0x18, 0x9}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x8, 0x6}}, @eret={0xe6, 0x18}, @hvc={0x32, 0x40, {0x84000001, [0x8596, 0x200, 0x100000000, 0x3, 0x4]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x344}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0xed71, 0xa}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x3000, 0x7fffffffffffffff}}, @uexit={0x0, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x1, 0xa, 0x3, 0x6, 0x4}}], 0x494}], 0x1, 0x0, &(0x7f0000001180)=[@featur1={0x1, 0x10}], 0x1)
r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x7)
ioctl$KVM_IRQ_LINE_STATUS(r9, 0xc008ae67, &(0x7f00000011c0)={0x50, 0x1})
mmap$KVM_VCPU(&(0x7f0000e9b000/0x2000)=nil, 0x0, 0x1, 0x4000010, r3, 0x0)

34m56.797791342s ago: executing program 1 (id=69):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (rerun: 32)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f0000000640)=[@msr={0x14, 0x20, {0x603000000013c010, 0x8000}}, @uexit={0x0, 0x18, 0x10}, @msr={0x14, 0x20, {0x603000000013c230, 0x8000}}, @msr={0x14, 0x20, {0x603000000013800c, 0x8000}}, @eret={0xe6, 0x18, 0x795}, @msr={0x14, 0x20, {0x603000000013801c, 0x8000}}, @code={0xa, 0xe4, {"c0f29cd20000b0f2010180d2820180d2a30180d2e40180d2020000d4004c205e001b97d20060b8f2610080d2420180d2030080d2840180d2020000d420bb94d20080b0f2810180d2420080d2a30180d2a40080d2020000d40000c068406d94d200a0b0f2a10080d2a20080d2830080d2640180d2020000d4201793d20060b0f2210080d2420080d2230080d2640080d2020000d420048fd200a0b0f2810180d2820180d2430080d2e40180d2020000d41f0000b1e00c9dd20080b8f2c10080d2220080d2430080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0xc5000063, [0x1ff, 0x1, 0x7, 0x2, 0xffffffffffffffff]}}, @smc={0x1e, 0x40, {0xc4000001, [0x0, 0xd30c, 0x80000001, 0x6fa, 0xa]}}, @msr={0x14, 0x20, {0x603000000013800d, 0x8000}}], 0x234}, 0x0, 0x0) (async)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r8, 0x3, 0x11, r7, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
syz_kvm_assert_syzos_uexit$arm64(r9, 0xffffffffffffffff)
syz_kvm_assert_reg(r7, 0x6030000000138010, 0x8000)
syz_kvm_assert_reg(r7, 0x6030000000138012, 0x8000)
syz_kvm_assert_reg(r7, 0x6030000000138004, 0x8000) (async)
syz_kvm_assert_reg(r7, 0x603000000013800c, 0x8000) (async, rerun: 32)
syz_kvm_assert_reg(r7, 0x6030000000138014, 0x8000) (async, rerun: 32)
syz_kvm_assert_reg(r7, 0x603000000013801c, 0x8000) (async)
syz_kvm_assert_reg(r7, 0x6030000000138024, 0x8000) (async)
syz_kvm_assert_reg(r7, 0x603000000013802c, 0x8000) (async)
syz_kvm_assert_reg(r7, 0x6030000000138005, 0x8000) (async)
syz_kvm_assert_reg(r7, 0x603000000013800d, 0x8000)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x1, 0x6000, 0x9fff, 0xffffffffffffffff, 0x8}) (async)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xe3)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_assert_reg(r13, 0x603000000013dce0, 0x8000)

34m51.951735812s ago: executing program 0 (id=70):
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x5, 0x6, &(0x7f0000000000)=0x5})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x620180, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x15)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
r3 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000000c0)={0xb, 0xffffffffffffffff, 0x1})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x32)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r4, 0x4068aea3, &(0x7f0000000100)={0xe4, 0x0, 0xfffffffffffffc00})
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x8)
ioctl$KVM_GET_DEVICE_ATTR_vm(r5, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0x8, 0x3, 0x1}})
r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000200)={0x8, 0x2})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x381803, 0x0)
close(r2)
ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f00000002c0)=@attr_arm64={0x0, 0x6, 0x0, &(0x7f0000000280)=0x9})
close(r1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000380)=@arm64_fp={0x60400000001000a9, &(0x7f0000000340)=0x401})
r8 = ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece)
r9 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece)
ioctl$KVM_SET_USER_MEMORY_REGION2(r9, 0x40a0ae49, &(0x7f00000003c0)={0x1fd, 0x5, 0x6000, 0x2000, &(0x7f0000f41000/0x2000)=nil, 0x0, r6})
r10 = ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f0000000480)={0xa, 0x6})
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f00000004c0)={0x3, 0x4, 0x0, 0x1000, &(0x7f0000c96000/0x1000)=nil, 0x5, r10})
ioctl$KVM_ARM_VCPU_FINALIZE(r9, 0x4004aec2, &(0x7f0000000580)=0x6)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, &(0x7f0000000600)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000005c0)={0x4, 0x3, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000680)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000640)=0xfff})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000006c0)={0x5, 0x0, [{0x3, 0x1, 0x1, 0x0, @msi={0x5, 0xb3, 0x5, 0x8}}, {0x6, 0x7, 0x0, 0x0, @sint={0x9, 0x4}}, {0x2, 0x4, 0x1, 0x0, @sint={0x4, 0x9}}, {0x800, 0x4, 0x0, 0x0, @adapter={0x5, 0x3, 0x0, 0x0, 0x7}}, {0x0, 0x5, 0x0, 0x0, @adapter={0x6, 0x3, 0x200, 0x887, 0xfffffffb}}]})
ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, &(0x7f00000007c0)={0x7})

34m48.282476039s ago: executing program 1 (id=71):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x28)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x101fd, 0x2, 0xdddd1000, 0x1000, &(0x7f0000ecd000/0x1000)=nil})
r7 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
close(r2)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
close(r2)

34m46.678180541s ago: executing program 0 (id=72):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000500)={0x0, &(0x7f0000000000)=[@its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x4, 0xf, 0x4, 0x5, 0x4}}, @svc={0x122, 0x40, {0xc4000014, [0x9, 0x7, 0x1, 0x676c7315, 0x1]}}, @code={0xa, 0x9c, {"00fc205ea0c48dd200a0b8f2210180d2220080d2830180d2c40080d2020000d4000cc0da401a94d200a0b0f2410080d2e20080d2830080d2440180d2020000d4a0379bd20060b8f2410180d2c20080d2630180d2240180d2020000d4801986d20040b8f2410080d2420080d2830080d2440180d2020000d40000711e000028d5007008d50084200d"}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x2a7}}, @msr={0x14, 0x20, {0x603000000013c667, 0xb292}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x179}}, @msr={0x14, 0x20, {0x603000000013d921, 0x800}}, @uexit={0x0, 0x18, 0x5}, @svc={0x122, 0x40, {0xc400000c, [0x8, 0x3, 0x5, 0x8000000000000000, 0xbc6]}}, @msr={0x14, 0x20, {0x603000000013e6d0, 0x1}}, @its_setup={0x82, 0x28, {0x2, 0x8, 0x1de}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x2d8}}, @eret={0xe6, 0x18, 0xc}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x2df}}, @hvc={0x32, 0x40, {0x2, [0x4, 0x2, 0x3, 0x1, 0x4]}}, @eret={0xe6, 0x18, 0x800}, @uexit={0x0, 0x18, 0x1}, @hvc={0x32, 0x40, {0x80, [0x9, 0xff, 0xdb6b, 0x7, 0x7]}}, @svc={0x122, 0x40, {0x10, [0x3, 0x8, 0xffffffffffffffff, 0x0, 0x8]}}, @irq_setup={0x46, 0x18, {0x4, 0x1b}}, @irq_setup={0x46, 0x18, {0x1, 0xd}}, @irq_setup={0x46, 0x18, {0x4, 0x2a3}}, @svc={0x122, 0x40, {0xc4000005, [0x9, 0xff, 0x5ca, 0xf9, 0x4a]}}, @msr={0x14, 0x20, {0x603000000013807e, 0x13b}}, @code={0xa, 0x9c, {"008008d5007008d50000809280f086d200c0b8f2a10180d2220180d2830180d2440180d2020000d4000000f1406c92d200c0b0f2610080d2820180d2630180d2240180d2020000d440c99cd20000b8f2a10180d2420080d2c30180d2c40180d2020000d4000028d5808787d200e0b8f2e10080d2c20080d2e30080d2a40080d2020000d40060200e"}}], 0x4d0}, &(0x7f0000000540)=[@featur1={0x1, 0x3}], 0x1)
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000580)={0x6, [0x1, 0x9, 0x4, 0x3, 0x0, 0x7]})
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r0, 0x4018aee2, &(0x7f00000005c0)=@attr_pvtime_ipa)
r1 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x140)
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000640)=@attr_other={0x0, 0x8, 0x808000000, &(0x7f0000000600)=0xfffffffffffffffc})
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000009c0)={0x0, &(0x7f0000000680)=[@code={0xa, 0x54, {"0068000ee09885d200a0b0f2c10080d2a20180d2030180d2440180d2020000d40000409300a4200e007008d5000840b8000028d50070004f0050005e007008d5"}}, @uexit={0x0, 0x18}, @smc={0x1e, 0x40, {0x1000000, [0xfffffffffffffffc, 0xf05b, 0x5, 0xd7f, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0xb, 0x3, 0x1, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e65f}}, @svc={0x122, 0x40, {0x1, [0x6, 0xb, 0x101, 0x9, 0x8]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x6c}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x3e4}}, @smc={0x1e, 0x40, {0x84000004, [0x1ff, 0xbceb, 0x2, 0xfffffffffffffffa, 0x9]}}, @uexit={0x0, 0x18, 0x15d1fea}, @uexit={0x0, 0x18, 0x9}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x1fe}}, @smc={0x1e, 0x40, {0x8400000d, [0x200, 0x8c0a, 0x81, 0x3000000000000000, 0x3]}}, @eret={0xe6, 0x18, 0xfffffffffffffbff}, @mrs={0xbe, 0x18, {0x603000000013807f}}, @code={0xa, 0x84, {"0068214e0000c0da007008d50068603800c8a02e00b686d20000b0f2e10180d2020080d2a30180d2640080d2020000d4c0cb8bd200a0b8f2010180d2620180d2e30080d2040080d2020000d4807e85d20040b8f2210080d2020180d2e30180d2640080d2020000d400d0200e007008d5"}}], 0x308}, &(0x7f0000000a00)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000a80)=@arm64_ccsidr={0x602000000011000a, &(0x7f0000000a40)=0x8000})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000b00)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000ac0)=0x6})
r3 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000b40)=@x86={0x35, 0x10, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x23, 0x5, 0xf, 0x2, 0x0, 0x6, 0x6, 0xb, 0x81, 0x3, 0xd, '\x00', 0x7, 0x4})
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000b80)={0x10000, 0x0, &(0x7f0000fff000/0x1000)=nil})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000bc0), 0x82240, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x36)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r5, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000d80)=[{0x0, &(0x7f0000000c00)=[@mrs={0xbe, 0x18, {0x603000000013c687}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x3, 0x0, 0x5, 0xb, 0x4}}, @svc={0x122, 0x40, {0x8400000f, [0x3, 0x80000000, 0x1, 0x100000000, 0x81]}}, @memwrite={0x6e, 0x30, @generic={0x3000, 0xe6, 0x0, 0x2}}, @code={0xa, 0x84, {"000028d50020c00de0f597d200e0b8f2610080d2220180d2230180d2440180d2020000d40078207e008008d5400e95d20080b8f2410080d2c20080d2030080d2040180d2020000d4000008d5000028d5e05b81d200a0b8f2a10080d2620080d2630180d2440180d2020000d40008a038"}}, @svc={0x122, 0x40, {0x84000008, [0x7, 0x3ff, 0x6, 0x8000000000, 0x82]}}], 0x174}], 0x1, 0x0, &(0x7f0000000dc0)=[@featur2={0x1, 0x80}], 0x1)
munmap(&(0x7f0000f70000/0x1000)=nil, 0x1000)
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x35)
syz_kvm_setup_cpu$arm64(r6, r2, &(0x7f0000aae000/0x400000)=nil, &(0x7f0000001040)=[{0x0, &(0x7f0000000e00)=[@svc={0x122, 0x40, {0x20, [0x7fffffffffffffff, 0x6, 0x5, 0x7f, 0x9]}}, @msr={0x14, 0x20, {0x603000000013df5e, 0x1}}, @msr={0x14, 0x20, {0x603000000013c4c8, 0xfffffffffffffffe}}, @irq_setup={0x46, 0x18, {0x2, 0x1e9}}, @eret={0xe6, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013deff}}, @eret={0xe6, 0x18, 0xaead}, @mrs={0xbe, 0x18, {0x1d68}}, @svc={0x122, 0x40, {0x1, [0x2, 0x6, 0x7fff, 0x40, 0x7]}}, @code={0xa, 0x9c, {"00fa81d200e0b8f2e10080d2020080d2e30080d2040080d2020000d460d491d200a0b8f2410080d2420180d2c30080d2840080d2020000d4007008d500b8a12e20b48dd200e0b8f2610180d2220180d2830080d2a40080d2020000d4000028d5007008d500d8a05e60a69cd20080b8f2c10180d2820180d2630180d2240180d2020000d40000319e"}}, @eret={0xe6, 0x18, 0x1}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x9dc0, 0x3, 0x2}}], 0x21c}], 0x1, 0x0, &(0x7f0000001080)=[@featur1={0x1, 0x8c}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f0000001100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000010c0)={0x7, 0x8001, 0x1}})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r6, 0x4068aea3, &(0x7f0000001140)={0xe4, 0x0, 0x2})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f00000011c0)={0xe4, 0x0, 0x8})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r3, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000001900)=[{0x0, &(0x7f0000001240)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x80, 0x8001, 0x2}}, @svc={0x122, 0x40, {0x1000000, [0x5a, 0x8, 0x1, 0x3, 0x9]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0x3}}, @svc={0x122, 0x40, {0x4000, [0xffffffffffffffff, 0x79f, 0x2, 0x5, 0x1]}}, @svc={0x122, 0x40, {0x84000002, [0x8, 0x2, 0x2, 0x1, 0x829e]}}, @svc={0x122, 0x40, {0x84000000, [0x5, 0x1, 0x3, 0x5, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x8, 0x5, 0x6}}, @msr={0x14, 0x20, {0x603000000013df65, 0xc22}}, @smc={0x1e, 0x40, {0xc4000053, [0x7ff, 0xca0e, 0x7, 0xff, 0xa56]}}, @smc={0x1e, 0x40, {0xc5000020, [0x5, 0x7d, 0x0, 0x1, 0x1000]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x55}}, @smc={0x1e, 0x40, {0x8400ffde, [0x7, 0x9, 0xba, 0x7, 0x5]}}, @irq_setup={0x46, 0x18, {0x4, 0x27d}}, @mrs={0xbe, 0x18, {0x6030000000139828}}, @code={0xa, 0xb4, {"000028d5000080f2e0058fd20000b0f2810180d2a20080d2230080d2440180d2020000d400008092600a9ad20020b8f2e10080d2020080d2630180d2840180d2020000d4c00f9cd20080b0f2810080d2420180d2230180d2c40180d2020000d40020600d000008d5e0fa9cd20080b0f2610180d2e20080d2030180d2a40180d2020000d4402c9bd20020b8f2210180d2620180d2030080d2c40080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0x7, 0x6, 0x4, 0x1}}, @uexit={0x0, 0x18, 0x84}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x2, 0x7, 0xf3, 0x1, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x1ba}}, @irq_setup={0x46, 0x18, {0x3, 0x20f}}, @hvc={0x32, 0x40, {0x1000000, [0x200, 0x6, 0x913, 0xffffffffffffffff, 0x69]}}, @hvc={0x32, 0x40, {0x84000012, [0x6, 0xaff, 0xabf, 0x6, 0x7]}}, @code={0xa, 0x9c, {"007008d5007008d5000008d5a0778fd20040b8f2a10180d2c20180d2030180d2840180d2020000d400b4202e0004809aa06f98d200a0b0f2810080d2020180d2430080d2a40180d2020000d4007008d5207b8fd20040b8f2810180d2020080d2630180d2840080d2020000d4c0da8cd200a0b0f2210180d2020180d2830180d2440180d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3b, 0xf, 0x2, 0x0, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x42}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x400, 0xfffffffffffffffd, 0xa}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x8, 0x280000, 0x6, 0x1}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @eret={0xe6, 0x18, 0xa}, @mrs={0xbe, 0x18, {0x603000000013df53}}, @hvc={0x32, 0x40, {0xc400000d, [0x3ff, 0x4, 0x2, 0x2, 0x3]}}, @irq_setup={0x46, 0x18, {0x2, 0x316}}], 0x688}], 0x1, 0x0, &(0x7f0000001940)=[@featur1={0x1, 0x20}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000019c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000001980)=0xfcf8})
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r7, 0x4010aeab, &(0x7f0000001a00)={0x1, 0x8080000})
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000001a40)={0x3000, 0x2000, 0x1})

34m40.401280885s ago: executing program 0 (id=73):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0) (async)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000008000/0x2000)=nil, r5, 0x100000d, 0x8010, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000008000/0x2000)=nil, r5, 0x100000d, 0x8010, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x8, 0x1})
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x34)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)

34m33.127651763s ago: executing program 1 (id=74):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="be00000000000000180000000000000001c8"], 0x18}], 0x1, 0x0, 0x0, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x4, 0xffda, 0x1}})
r9 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x5edc}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000200)=0x5e})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_MP_STATE(r12, 0x4004ae99, &(0x7f00000001c0)=0x3)
ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, &(0x7f0000000100)=@x86={0x6, 0xff, 0x8, 0x0, 0x5d, 0x1, 0xf9, 0x7, 0x3, 0xff, 0x9, 0x2, 0x0, 0x8, 0x1d2b, 0x1, 0xf9, 0x9, 0x3, '\x00', 0x1, 0x7f})

33m54.847949718s ago: executing program 32 (id=73):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0) (async)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000008000/0x2000)=nil, r5, 0x100000d, 0x8010, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000008000/0x2000)=nil, r5, 0x100000d, 0x8010, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x8, 0x1})
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x34)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)

33m46.168235403s ago: executing program 33 (id=74):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="be00000000000000180000000000000001c8"], 0x18}], 0x1, 0x0, 0x0, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x4, 0xffda, 0x1}})
r9 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x5edc}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000200)=0x5e})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_MP_STATE(r12, 0x4004ae99, &(0x7f00000001c0)=0x3)
ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, &(0x7f0000000100)=@x86={0x6, 0xff, 0x8, 0x0, 0x5d, 0x1, 0xf9, 0x7, 0x3, 0xff, 0x9, 0x2, 0x0, 0x8, 0x1d2b, 0x1, 0xf9, 0x9, 0x3, '\x00', 0x1, 0x7f})

23m54.714528721s ago: executing program 2 (id=104):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xa2)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000100)={0x8, 0x6, 0x1}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r8, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x2})
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[@its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x1, 0x10, 0xc9, 0x6, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x80000000000006f}}, @hvc={0x32, 0x40, {0x84000014, [0xffff, 0x7, 0x129, 0x46b]}}, @code={0xa, 0x84, {"0098207e000028d5007008d540959ad20060b8f2810180d2220080d2230080d2a40080d2020000d4a00791d200a0b8f2a10080d2020180d2030080d2c40180d2020000d420108bd20020b0f2810080d2820180d2c30180d2240180d2020000d40010206e000c807800048038000028d5"}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x3, 0x2, 0x8, 0xe95, 0x4}}, @msr={0x14, 0x20, {0x6030000000138032, 0x5}}, @irq_setup={0x46, 0x18, {0x3, 0x190}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x270}}, @uexit={0x0, 0x18, 0x8}, @uexit={0x0, 0x18, 0x4}, @smc={0x1e, 0x40, {0x84000007, [0x3, 0x314, 0x162, 0x81, 0x6c]}}, @hvc={0x32, 0x40, {0x8400000e, [0xa, 0x0, 0x400, 0x5, 0xf6]}}, @hvc={0x32, 0x40, {0xc400000d, [0x6, 0xd, 0x2, 0x200, 0xd05d]}}, @code={0xa, 0x114, {"e04989d200a0b8f2210080d2820080d260ac82d20060b0f2210080d2420180d2030180d2240080d2020000d4640080d2020000d4c04d90d200a0b8f2610080d2e20080d2830180d2a40080d2020000d4800781d200c0b0f2610080d2a20180d2e30080d2a40080d2020000d4808784d20020b8f2a10180d2420180d2a30180d2e40080d2020000d4e0bf87d20080b8f2610180d2420080d2a30180d2640180d2020000d440b79dd200c0b0f2e10080d2820180d2e30180d2040080d2020000d4a07e9fd20040b0f2a10080d2020080d2e30080d2e40180d2020000d4000008d560019bd20060b0f2c10080d2a20080d2630180d2440180d2020000d4000008d5"}}, @uexit={0x0, 0x18, 0x83}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x4, 0xa, 0x4, 0xf1}}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0xf}, @uexit={0x0, 0x18, 0x1000}, @uexit={0x0, 0x18, 0x1}, @smc={0x1e, 0x40, {0x5000000, [0x1000, 0x87, 0xa, 0x1, 0x5]}}], 0x480}, &(0x7f0000000200)=[@featur2], 0x1)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000000)={0x7})
r12 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r12})
ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f00000000c0)={0x8})
ioctl$KVM_SIGNAL_MSI(r11, 0x4020aea5, &(0x7f0000000000)={0x6000})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0xffffffff, 0x8000000000000000, &(0x7f0000000000)=0xe5c0})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x4, 0x4, 0x0})
ioctl$KVM_GET_MP_STATE(r4, 0x8004ae98, &(0x7f00000000c0))

23m40.071604446s ago: executing program 2 (id=105):
openat$kvm(0x0, &(0x7f0000000080), 0x88000, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x490000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1e)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x8000000000028)
ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f0000000300)={0x1, [0x401]}) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) (async)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x4, 0x220) (async)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r11, 0xae80, 0x0) (async)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000980)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r6, 0xaec7) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x0, &(0x7f0000000000)=0x10})

23m29.390417683s ago: executing program 2 (id=107):
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r1, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x9, 0x0, 0x80}}], 0x50}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r1, 0x2, 0x4000010, r5, 0x0)

23m24.482917512s ago: executing program 3 (id=108):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110000, &(0x7f0000000000)=0x3})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x4010aeb5, 0x0)

23m15.801592083s ago: executing program 2 (id=109):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x0, 0xfffffffffffffffe})
ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f0000000200)={0xc0, 0x0, 0x4000})
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000280)={0x9, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r14 = eventfd2(0x8801, 0x800)
r15 = eventfd2(0x3ff, 0x0)
ioctl$KVM_IRQFD(r12, 0x4020ae76, &(0x7f00000000c0)={r15, 0x5, 0x2, r15})
ioctl$KVM_IRQFD(r12, 0x4020ae76, &(0x7f0000000000)={r14, 0x5, 0x2, r15})
r16 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r16, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x4, 0xffda, 0x1}})
r17 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x5edc}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r17, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r17, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f0000000b00)}, &(0x7f00000000c0)=[@featur2={0x1, 0x4}], 0x1)

23m10.436677203s ago: executing program 3 (id=110):
openat$kvm(0x0, &(0x7f0000000100), 0x24600, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2b)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0xfffffff8, 0xffff, 0x0}) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000bfd000/0x400000)=nil, &(0x7f00000004c0)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x240)
r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfe000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b00)={0x0, &(0x7f00000007c0)=[@mrs={0xbe, 0x18, {0x603000000013c2a4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x2, 0xffffffff, 0x9, 0x2}}, @svc={0x122, 0x40, {0x8400000d, [0x8000000000000000, 0x7, 0x7000, 0xaaf, 0x8000]}}, @hvc={0x32, 0x40, {0xc4000004, [0x7, 0x8, 0xc, 0x4]}}, @msr={0x14, 0x20, {0x603000000013e66b, 0x6}}], 0xe0}, 0x0, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) (async)
r6 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) (async)
r7 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) (async)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000f4d000/0x4000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) (async)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x4, 0x708})
r9 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)

22m59.996250927s ago: executing program 2 (id=111):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0xc}})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r5, 0x400000f, 0x10, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000012, [0x8, 0x939, 0xe, 0x7f, 0xd]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x80040, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000440)}, &(0x7f0000000140)=[@featur2={0x1, 0x11}], 0x1)
ioctl$KVM_GET_REGS(r12, 0x8360ae81, &(0x7f0000000280))
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x4})

22m56.969767305s ago: executing program 3 (id=112):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x400002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f00005b7000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0xa, 0x0})

22m49.040200588s ago: executing program 3 (id=113):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0xfffffffd, 0x239}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22m43.549974639s ago: executing program 2 (id=114):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
r8 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013e08d, &(0x7f00000000c0)=0x6db})
r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f00000000c0)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000080)=0x2})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, &(0x7f0000000440)=[@hvc={0x32, 0x40, {0x1000000, [0x40, 0xfffffffffffeffff, 0x100000000, 0x100, 0x5]}}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0xe2d, 0x7fff, 0x3}}, @irq_setup={0x46, 0x18, {0x2, 0x304}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0xd, 0x10001, 0x8, 0x2}}, @smc={0x1e, 0x40, {0x1000, [0xf3, 0xffffffffffffffff, 0x1, 0x6, 0x5]}}, @msr={0x14, 0x20, {0x603000000013dea6}}, @svc={0x122, 0x40, {0xc4000053, [0x2, 0x6, 0x80000001, 0x8000000000000000, 0xe65]}}], 0x150}, 0x0, 0x0)
ioctl$KVM_RUN(r17, 0xae80, 0x0)
r18 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r18, 0xc00caee0, &(0x7f0000000100)={0x7, <r19=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r19, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x80, 0x2, &(0x7f0000000200)=0x4})
ioctl$KVM_SET_DEVICE_ATTR(r19, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x6, 0x1})

22m38.270481345s ago: executing program 3 (id=115):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0xc)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f00000009c0)}, &(0x7f0000000040)=[@featur1={0x1, 0xec}], 0x1)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

22m30.39229194s ago: executing program 3 (id=116):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x538500, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x9) (async)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x9)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x2f)
r4 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r5 = eventfd2(0x0, 0x0)
close(r5) (async)
close(r5)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
write$eventfd(r5, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, 0x0, 0x0, 0x0) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000040)={0x9, 0x1})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
r8 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r10, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000000000000000000002000000ff"])
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

21m56.776722782s ago: executing program 34 (id=114):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
r8 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013e08d, &(0x7f00000000c0)=0x6db})
r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f00000000c0)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000080)=0x2})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, &(0x7f0000000440)=[@hvc={0x32, 0x40, {0x1000000, [0x40, 0xfffffffffffeffff, 0x100000000, 0x100, 0x5]}}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0xe2d, 0x7fff, 0x3}}, @irq_setup={0x46, 0x18, {0x2, 0x304}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0xd, 0x10001, 0x8, 0x2}}, @smc={0x1e, 0x40, {0x1000, [0xf3, 0xffffffffffffffff, 0x1, 0x6, 0x5]}}, @msr={0x14, 0x20, {0x603000000013dea6}}, @svc={0x122, 0x40, {0xc4000053, [0x2, 0x6, 0x80000001, 0x8000000000000000, 0xe65]}}], 0x150}, 0x0, 0x0)
ioctl$KVM_RUN(r17, 0xae80, 0x0)
r18 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r18, 0xc00caee0, &(0x7f0000000100)={0x7, <r19=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r19, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x80, 0x2, &(0x7f0000000200)=0x4})
ioctl$KVM_SET_DEVICE_ATTR(r19, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x6, 0x1})

21m40.857845218s ago: executing program 35 (id=116):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x538500, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x9) (async)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x9)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x2f)
r4 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r5 = eventfd2(0x0, 0x0)
close(r5) (async)
close(r5)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
write$eventfd(r5, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, 0x0, 0x0, 0x0) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000040)={0x9, 0x1})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
r8 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r10, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000000000000000000002000000ff"])
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

15m14.62892427s ago: executing program 4 (id=119):
r0 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) (async)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000003c0)=[@msr={0x14, 0x20, {0x603000000013807d, 0x7}}, @code={0xa, 0x6c, {"007008d540549bd20020b8f2410080d2220180d2c30180d2640180d2020000d40090805f0000609e401a98d20080b0f2610080d2a20180d2c30080d2240180d2020000d4000028d5000028d5000028d50070202e00000098"}}, @eret={0xe6, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x603000000013e65b}}, @msr={0x14, 0x20, {0x6030000000138017, 0x7fffffffffffffff}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x4, 0x1, 0xb32, 0x6, 0x3}}, @mrs={0xbe, 0x18, {0x6030000000138055}}, @mrs={0xbe, 0x18, {0x603000000013c800}}, @eret={0xe6, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x0, 0x390}}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x800, [0x3, 0x28f9, 0x1, 0x4, 0x1]}}, @svc={0x122, 0x40, {0x84000011, [0x8, 0x3, 0x292, 0x800, 0x744]}}], 0x1fc}, &(0x7f0000000040)=[@featur2={0x1, 0x4}], 0x1)
r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0x8010, r1, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)

15m4.569025338s ago: executing program 5 (id=120):
r0 = eventfd2(0x0, 0x0)
write$eventfd(r0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000004000000000000000ad770081000000000800000000000000010000000000000002000000000000000300000000000000040000000000000032000000000000004000000000000000530000c400"], 0x80}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8c40, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x244f01, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xf1)

15m2.66143474s ago: executing program 4 (id=121):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x80a0000, 0x37d03030d7a93616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000240)={0xdddd0000, 0x1000})
r3 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000080)={0xf17, 0x5, 0x2}})
r4 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r5 = ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece)
r6 = eventfd2(0x971a, 0x80800)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000140)={r6, 0x70000, 0x2, r3})
mmap$KVM_VCPU(&(0x7f0000f72000/0x1000)=nil, 0x930, 0x0, 0xe832, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

14m50.478207432s ago: executing program 5 (id=122):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x10001, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r1, 0x1000002, 0x10010, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f00006b6000/0x4000)=nil, r3, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

14m49.306155997s ago: executing program 4 (id=123):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x80000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x2000)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)={0x100, 0x10, 0x1}})
syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r5 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f0000000380)=@attr_other={0x0, 0x5, 0x0, 0x0})
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x3a)
r9 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x0, r9, 0x2})
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000040)={0x9, 0x100000, 0x0, r9, 0x2})
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x0, r9, 0xf})
r10 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000004c0)=[@msr={0x14, 0x20, {0x603000000013dcf0, 0x3}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

14m39.771785287s ago: executing program 5 (id=124):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x3, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0) (async)
r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x8, 0xffff, &(0x7f0000000040)=0x2}) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r12 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100042, &(0x7f00000000c0)}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, &(0x7f00000001c0)=@arm64={0xdb, 0x8, 0x3, '\x00', 0x1})

14m35.471587263s ago: executing program 4 (id=125):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x27)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000300)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x4, 0xd}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa2)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1a)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xdddd1000, 0x2000, &(0x7f0000fa4000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, &(0x7f00000000c0)={0x8, 0x7})
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f0000000680)}, 0x0, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)

14m22.591118786s ago: executing program 5 (id=126):
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async)
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r0, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r0, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a1e000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a1e000/0x400000)=nil)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r0, 0x2000000, 0x16831, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000040)=0x11})
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x21)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000a30000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000bde000/0x4000)=nil, r2, 0x2000008, 0x10, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000b6c000/0x1000)=nil, 0x1000)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r7, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r7, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

14m12.877846974s ago: executing program 4 (id=127):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_vgic_v3_setup(r4, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x9, 0x5660b638, 0x0})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160000, &(0x7f00000000c0)=0x1})
r12 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r12, 0x0)
syz_kvm_setup_cpu$arm64(r7, r12, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x61})
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000180)=@other={0x5, &(0x7f0000000140)=0x6})

14m8.219693467s ago: executing program 5 (id=128):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
close(r1)
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f00000002c0)={0x1, 0x2, 0x1000, 0x2000, &(0x7f0000f95000/0x2000)=nil, 0x10, r1})
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0xfffffffffffffffe, 0x0, 0xfffffffffffffee9)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
munmap(&(0x7f00000be000/0x1000)=nil, 0xffffffffdff41fff)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9, 0x0, 0x80}}], 0x50}, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x6)
ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, &(0x7f0000000000)={0xdddd1000, 0xeeef0000, 0x6, 0x1, 0x3})
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9)
r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r12, 0xb, 0x11, r10, 0x0)
r13 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r14 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x3a)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000040)={0x6, 0xffffffffffffffff, 0x1})

13m45.938777422s ago: executing program 5 (id=129):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x40, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2c)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000040)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000000)=0xe})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000100)=@other={0x3, &(0x7f00000000c0)=0x4})

13m45.111148949s ago: executing program 4 (id=130):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}], 0x80}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="3108e3dcda727dc1915f051fd6c6c2f2e9375df87e96815d61d15d9486ff9023dbaede6f1938adc7befee9d742312bd76c85b021554abc4cb72595c6e12f025cf0d600b249c982b5", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}], 0x80}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="3108e3dcda727dc1915f051fd6c6c2f2e9375df87e96815d61d15d9486ff9023dbaede6f1938adc7befee9d742312bd76c85b021554abc4cb72595c6e12f025cf0d600b249c982b5", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)

12m58.158085182s ago: executing program 36 (id=130):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}], 0x80}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="3108e3dcda727dc1915f051fd6c6c2f2e9375df87e96815d61d15d9486ff9023dbaede6f1938adc7befee9d742312bd76c85b021554abc4cb72595c6e12f025cf0d600b249c982b5", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}], 0x80}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="3108e3dcda727dc1915f051fd6c6c2f2e9375df87e96815d61d15d9486ff9023dbaede6f1938adc7befee9d742312bd76c85b021554abc4cb72595c6e12f025cf0d600b249c982b5", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)

12m52.090040501s ago: executing program 37 (id=129):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x40, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2c)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000040)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000000)=0xe})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000100)=@other={0x3, &(0x7f00000000c0)=0x4})

2m58.951086673s ago: executing program 7 (id=144):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3d)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3f, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x6, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x8001, 0x1, &(0x7f00000001c0)=0x80000000})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
r8 = ioctl$KVM_CREATE_VM(r7, 0x894c, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0x8004b707, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xdddd1000, 0x2000, &(0x7f0000fa4000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000240)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r12, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r10, 0x4068aea3, &(0x7f0000000100)={0xb6, 0x0, 0x81})
r13 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)

2m39.830602332s ago: executing program 6 (id=146):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f0000000180))
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x2800009, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r9 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0})
ioctl$KVM_CREATE_VM(r9, 0x401c5820, 0x20000006)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0x541b, 0xac)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x80000015)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x1012c0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r14, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x6030000000100038, &(0x7f0000000000)=0x78})
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r16 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r16, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})

2m36.68101582s ago: executing program 7 (id=147):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000300)={0x1, 0x0, [{0x2, 0x3, 0x0, 0x0, @irqchip={0x82, 0x4041}}]})
r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0})
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000240)={0x200002f})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)

2m16.197904245s ago: executing program 6 (id=148):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff8000/0x4000)=nil, 0x0, 0x3000005, 0x41812, r2, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4000ae84, &(0x7f0000000140)={{0x100000, 0xffff1000, 0x4, 0x6, 0x8, 0x8, 0x5, 0x9, 0x1, 0xdc, 0x7, 0xda}, {0xf000, 0x1, 0x3, 0x9, 0x6, 0x7, 0x4, 0x5, 0x4a, 0x0, 0x8, 0xc}, {0xd000, 0x2, 0xc, 0x7, 0x8, 0x5, 0x8, 0x7, 0x6, 0x40, 0x2, 0x1}, {0xdddd1000, 0xdddd1000, 0x0, 0x6, 0x8c, 0x6, 0x7, 0x8, 0x8, 0x0, 0x0, 0x1f}, {0x80a0000, 0x4, 0xf, 0x1, 0x5, 0x3, 0xf, 0x8, 0x4, 0x7f, 0x8, 0x22}, {0x100000, 0x4000, 0xd, 0xa9, 0x7, 0x6, 0x2, 0x6, 0x4, 0x9, 0xf, 0x1}, {0x2, 0x100000, 0xe, 0x3, 0x40, 0x4, 0x3, 0xad, 0x0, 0xf, 0x1, 0x6}, {0x100000, 0x8090000, 0x3, 0x5, 0xb, 0x2, 0x38, 0x0, 0xf, 0x0, 0x8, 0xc}, {0x4000, 0xfffe}, {0x0, 0x6}, 0x0, 0x0, 0x5000, 0x442000, 0x1, 0x800, 0xdddd1000, [0x3, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffd]})
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100034, &(0x7f0000000000)=0x9})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b1e000/0x400000)=nil)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)

2m9.858566631s ago: executing program 7 (id=149):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r4 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000001c0)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000001c0)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0x8000000000000000}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0x8000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_reg(r3, 0x603000000013dce8, 0x8000)

1m57.566342618s ago: executing program 6 (id=150):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x17})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x49)

1m52.343042638s ago: executing program 7 (id=151):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x0, &(0x7f00000002c0)=0x2c172c22})
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0})
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, 0xffffffffffffffff)
r13 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x242c83, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000100)={0x4, <r16=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r16, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0xf81e, 0x200, 0x0})
r17 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013df19, 0x8003}}], 0x20}, 0x0, 0x0)
eventfd2(0x0, 0x0)
r18 = eventfd2(0x0, 0x0)
close(r18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
ioctl$KVM_RUN(r17, 0xae80, 0x0)

1m30.023311248s ago: executing program 6 (id=152):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x80000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xffffffffffffffff)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r6, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x701603, 0x0)
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r8, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x2, 0x0, 0x0})
r9 = eventfd2(0x8801, 0x800)
munmap(&(0x7f0000005000/0x4000)=nil, 0x4000)
r10 = eventfd2(0x3ff, 0x0)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r9, 0x5, 0x0, r10})
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r9, 0x1, 0x2, r10})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0xf)
r11 = openat$kvm(0x0, &(0x7f0000000240), 0x24800, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r12, 0x1, 0x100)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r14, 0xae80, 0x0)

1m26.593422007s ago: executing program 7 (id=153):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x4, 0xf8}}, @msr={0x14, 0x20, {0x603000000013d40b, 0xfff}}, @code={0xa, 0x6c, {"0010800f203485d200e0b8f2810180d2420080d2c30180d2e40180d2020000d4007008d5c03490d200a0b8f2010080d2620080d2030180d2c40180d2020000d4008008d5008008d5000008d5008008d5007008d500b0200e"}}], 0xa4}, &(0x7f0000000200)=[@featur2={0x1, 0x3}], 0x1)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000240)={0x10002, 0x4, 0xdddd3000, 0x2000, &(0x7f00000d8000/0x2000)=nil})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r4, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x0, 0x1}})
syz_kvm_vgic_v3_setup(r2, 0x1, 0x0)

1m11.719947345s ago: executing program 6 (id=154):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x8)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x5, 0x2, 0x3]}}], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000002c0)={0x0, &(0x7f0000000200)=[@eret={0xe6, 0x18, 0xfffffffffffffffa}, @uexit={0x0, 0x18, 0x2}], 0x30}, &(0x7f0000000300)=[@featur2={0x1, 0x4}], 0x1)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0xb, 0x11, r2, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vm(r5, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x7, 0x1, 0x1}})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, r8, 0x1000009, 0x10010, r2, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)

1m10.227868628s ago: executing program 7 (id=155):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x2000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x3f)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x1ed)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000280)={0x100000, 0x6000, 0x0, 0x2000000})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x34)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x5, 0x3, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000000000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r11, r6, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x1000000, [0x0, 0xfff, 0x100000000, 0x72]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x48, 0x77bb941b, 0x1}}, @smc={0x1e, 0x40, {0x8400000c, [0xffff, 0xf47, 0xf, 0xa, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x1, 0x0, 0x0, 0xd9b, 0x3, 0x2}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x11c}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x100, 0xfff, 0xd}}, @mrs={0xbe, 0x18, {0x603000000013c020}}, @hvc={0x32, 0x40, {0xc7002019, [0x7, 0xebfa, 0x9, 0x59bd, 0x2]}}, @irq_setup={0x46, 0x18, {0x0, 0x13b}}, @irq_setup={0x46, 0x18, {0x1, 0x33d}}, @eret={0xe6, 0x18, 0x2}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xf, 0x9, 0x6, 0x1}}, @smc={0x1e, 0x40, {0xc4000003, [0x7, 0x274, 0xfffffffffffffff6, 0xb, 0xea4]}}, @svc={0x122, 0x40, {0xc4000014, [0xfffffffffffffffb, 0x4, 0x8, 0x715e, 0xe2b]}}, @smc={0x1e, 0x40, {0xc4000011, [0xb6d, 0xfffffffffffffffc, 0x1, 0x7, 0x7]}}, @eret={0xe6, 0x18, 0x5}, @irq_setup={0x46, 0x18, {0x0, 0x28c}}, @eret={0xe6, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013e64a}}, @eret={0xe6, 0x18, 0x4}, @smc={0x1e, 0x40, {0x84000050, [0x99, 0x1, 0x3, 0x1, 0x3]}}, @hvc={0x32, 0x40, {0x0, [0x0, 0x7, 0x7fff, 0x1000, 0xffffffffffffffff]}}, @svc={0x122, 0x40, {0xc400000c, [0xfffffffffffffff3, 0x3, 0x7fffffffffffffff, 0xffffffffffffb9d2, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0xe, 0x0, 0x5, 0x2}}, @smc={0x1e, 0x40, {0x8d6e7ee9817946b5, [0x0, 0x9, 0x9, 0x9, 0xb4]}}], 0x458}], 0x1, 0x0, &(0x7f00000000c0)=[@featur1={0x1, 0x1}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x5, 0x1, 0x8080000, 0x2000, &(0x7f0000d51000/0x2000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x8, 0x0, 0x0})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, 0xffffffffffffffff)

50.07902569s ago: executing program 6 (id=156):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xa)
ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x9000}) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x40, 0x14000, 0x0, 0xffffffffffffffff, 0x9})

22.513428506s ago: executing program 38 (id=155):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x2000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x3f)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x1ed)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000280)={0x100000, 0x6000, 0x0, 0x2000000})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x34)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x5, 0x3, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000000000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r11, r6, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x1000000, [0x0, 0xfff, 0x100000000, 0x72]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x48, 0x77bb941b, 0x1}}, @smc={0x1e, 0x40, {0x8400000c, [0xffff, 0xf47, 0xf, 0xa, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x1, 0x0, 0x0, 0xd9b, 0x3, 0x2}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x11c}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x100, 0xfff, 0xd}}, @mrs={0xbe, 0x18, {0x603000000013c020}}, @hvc={0x32, 0x40, {0xc7002019, [0x7, 0xebfa, 0x9, 0x59bd, 0x2]}}, @irq_setup={0x46, 0x18, {0x0, 0x13b}}, @irq_setup={0x46, 0x18, {0x1, 0x33d}}, @eret={0xe6, 0x18, 0x2}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xf, 0x9, 0x6, 0x1}}, @smc={0x1e, 0x40, {0xc4000003, [0x7, 0x274, 0xfffffffffffffff6, 0xb, 0xea4]}}, @svc={0x122, 0x40, {0xc4000014, [0xfffffffffffffffb, 0x4, 0x8, 0x715e, 0xe2b]}}, @smc={0x1e, 0x40, {0xc4000011, [0xb6d, 0xfffffffffffffffc, 0x1, 0x7, 0x7]}}, @eret={0xe6, 0x18, 0x5}, @irq_setup={0x46, 0x18, {0x0, 0x28c}}, @eret={0xe6, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013e64a}}, @eret={0xe6, 0x18, 0x4}, @smc={0x1e, 0x40, {0x84000050, [0x99, 0x1, 0x3, 0x1, 0x3]}}, @hvc={0x32, 0x40, {0x0, [0x0, 0x7, 0x7fff, 0x1000, 0xffffffffffffffff]}}, @svc={0x122, 0x40, {0xc400000c, [0xfffffffffffffff3, 0x3, 0x7fffffffffffffff, 0xffffffffffffb9d2, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0xe, 0x0, 0x5, 0x2}}, @smc={0x1e, 0x40, {0x8d6e7ee9817946b5, [0x0, 0x9, 0x9, 0x9, 0xb4]}}], 0x458}], 0x1, 0x0, &(0x7f00000000c0)=[@featur1={0x1, 0x1}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x5, 0x1, 0x8080000, 0x2000, &(0x7f0000d51000/0x2000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x8, 0x0, 0x0})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, 0xffffffffffffffff)

0s ago: executing program 39 (id=156):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xa)
ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x9000}) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x40, 0x14000, 0x0, 0xffffffffffffffff, 0x9})

kernel console output (not intermixed with test programs):

[  388.633048][ T3150] 8021q: adding VLAN 0 to HW filter on device bond0
[  439.054387][ T3150] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:41050' (ED25519) to the list of known hosts.
[  603.877314][   T25] audit: type=1400 audit(603.090:60): avc:  denied  { name_bind } for  pid=3304 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  604.835473][   T25] audit: type=1400 audit(604.050:61): avc:  denied  { execute } for  pid=3305 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  604.864679][   T25] audit: type=1400 audit(604.080:62): avc:  denied  { execute_no_trans } for  pid=3305 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  626.682912][   T25] audit: type=1400 audit(625.900:63): avc:  denied  { mounton } for  pid=3305 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  626.714722][   T25] audit: type=1400 audit(625.930:64): avc:  denied  { mount } for  pid=3305 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  626.801521][ T3305] cgroup: Unknown subsys name 'net'
[  626.851236][   T25] audit: type=1400 audit(626.070:65): avc:  denied  { unmount } for  pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  627.229901][ T3305] cgroup: Unknown subsys name 'cpuset'
[  627.326708][ T3305] cgroup: Unknown subsys name 'rlimit'
[  628.238019][   T25] audit: type=1400 audit(627.450:66): avc:  denied  { setattr } for  pid=3305 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  628.264027][   T25] audit: type=1400 audit(627.480:67): avc:  denied  { mounton } for  pid=3305 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  628.280996][   T25] audit: type=1400 audit(627.490:68): avc:  denied  { mount } for  pid=3305 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  629.856166][ T3308] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  629.875916][   T25] audit: type=1400 audit(629.090:69): avc:  denied  { relabelto } for  pid=3308 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  629.907672][   T25] audit: type=1400 audit(629.120:70): avc:  denied  { write } for  pid=3308 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  630.095201][   T25] audit: type=1400 audit(629.310:71): avc:  denied  { read } for  pid=3305 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  630.117179][   T25] audit: type=1400 audit(629.330:72): avc:  denied  { open } for  pid=3305 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  630.167853][ T3305] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  685.232964][   T25] audit: type=1400 audit(684.410:73): avc:  denied  { execmem } for  pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  689.883038][   T25] audit: type=1400 audit(689.080:74): avc:  denied  { read } for  pid=3316 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  689.897092][   T25] audit: type=1400 audit(689.110:75): avc:  denied  { open } for  pid=3316 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  690.015930][   T25] audit: type=1400 audit(689.230:76): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  690.290950][   T25] audit: type=1400 audit(689.500:77): avc:  denied  { module_request } for  pid=3316 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  691.446857][   T25] audit: type=1400 audit(690.660:78): avc:  denied  { sys_module } for  pid=3317 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  720.776033][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  721.017045][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  721.094420][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  721.549933][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  733.445603][ T3317] hsr_slave_0: entered promiscuous mode
[  733.474291][ T3317] hsr_slave_1: entered promiscuous mode
[  734.527258][ T3316] hsr_slave_0: entered promiscuous mode
[  734.563690][ T3316] hsr_slave_1: entered promiscuous mode
[  734.594778][ T3316] debugfs: 'hsr0' already exists in 'hsr'
[  734.611454][ T3316] Cannot create hsr debugfs directory
[  739.881609][   T25] audit: type=1400 audit(739.090:79): avc:  denied  { create } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  739.940292][   T25] audit: type=1400 audit(739.150:80): avc:  denied  { write } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  740.020442][   T25] audit: type=1400 audit(739.230:81): avc:  denied  { read } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  740.203807][ T3317] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  740.603241][ T3317] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  740.823186][ T3317] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  741.147882][ T3317] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  742.756531][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  743.037196][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  743.285783][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  743.537105][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  756.097885][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0
[  759.133685][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0
[  815.387516][ T3317] veth0_vlan: entered promiscuous mode
[  815.832286][ T3317] veth1_vlan: entered promiscuous mode
[  817.792608][ T3316] veth0_vlan: entered promiscuous mode
[  818.832722][ T3317] veth0_macvtap: entered promiscuous mode
[  818.952599][ T3316] veth1_vlan: entered promiscuous mode
[  819.404038][ T3317] veth1_macvtap: entered promiscuous mode
[  822.376515][ T3316] veth0_macvtap: entered promiscuous mode
[  822.910381][ T3387] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  822.945953][ T3316] veth1_macvtap: entered promiscuous mode
[  823.166542][ T3387] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  823.173629][ T3387] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  823.187306][ T3387] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  826.649947][   T25] audit: type=1400 audit(825.850:82): avc:  denied  { mount } for  pid=3317 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  826.749802][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  826.773651][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  826.789959][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  826.899231][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  826.937077][   T25] audit: type=1400 audit(826.150:83): avc:  denied  { mounton } for  pid=3317 comm="syz-executor" path="/syzkaller.eCfUWI/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  827.276639][   T25] audit: type=1400 audit(826.480:84): avc:  denied  { mount } for  pid=3317 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  828.101243][   T25] audit: type=1400 audit(827.270:85): avc:  denied  { mounton } for  pid=3317 comm="syz-executor" path="/syzkaller.eCfUWI/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  828.286683][   T25] audit: type=1400 audit(827.500:86): avc:  denied  { mounton } for  pid=3317 comm="syz-executor" path="/syzkaller.eCfUWI/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3791 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  829.462200][   T25] audit: type=1400 audit(828.610:87): avc:  denied  { unmount } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  829.745184][   T25] audit: type=1400 audit(828.960:88): avc:  denied  { mounton } for  pid=3317 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  829.879290][   T25] audit: type=1400 audit(829.090:89): avc:  denied  { mount } for  pid=3317 comm="syz-executor" name="/" dev="gadgetfs" ino=3801 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  830.182036][   T25] audit: type=1400 audit(829.360:90): avc:  denied  { mount } for  pid=3317 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  830.319690][   T25] audit: type=1400 audit(829.450:91): avc:  denied  { mounton } for  pid=3317 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  831.711873][ T3317] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  832.589775][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  832.603470][   T25] audit: type=1400 audit(831.780:93): avc:  denied  { read write } for  pid=3317 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  832.679798][   T25] audit: type=1400 audit(831.870:94): avc:  denied  { open } for  pid=3317 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  832.724812][   T25] audit: type=1400 audit(831.910:95): avc:  denied  { ioctl } for  pid=3317 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  841.720493][   T25] audit: type=1400 audit(840.930:96): avc:  denied  { read } for  pid=3468 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  841.790888][   T25] audit: type=1400 audit(841.000:97): avc:  denied  { open } for  pid=3468 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  841.937712][   T25] audit: type=1400 audit(841.150:98): avc:  denied  { ioctl } for  pid=3468 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  920.377667][   T25] audit: type=1400 audit(919.510:99): avc:  denied  { execute } for  pid=3516 comm="syz.1.15" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4566 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1080.765544][ T3632] FAULT_INJECTION: forcing a failure.
[ 1080.765544][ T3632] name failslab, interval 1, probability 0, space 0, times 1
[ 1080.790900][ T3632] CPU: 0 UID: 0 PID: 3632 Comm: syz.0.53 Not tainted syzkaller #0 PREEMPT 
[ 1080.791573][ T3632] Hardware name: linux,dummy-virt (DT)
[ 1080.792074][ T3632] Call trace:
[ 1080.792522][ T3632]  show_stack+0x2c/0x3c (C)
[ 1080.794391][ T3632]  __dump_stack+0x30/0x40
[ 1080.794679][ T3632]  dump_stack_lvl+0xd8/0x12c
[ 1080.794927][ T3632]  dump_stack+0x1c/0x28
[ 1080.795137][ T3632]  should_fail_ex+0x570/0x6e0
[ 1080.795430][ T3632]  should_failslab+0xb8/0xec
[ 1080.795711][ T3632]  __kmalloc_noprof+0xdc/0x4b8
[ 1080.795966][ T3632]  tomoyo_realpath_from_path+0xdc/0x628
[ 1080.796236][ T3632]  tomoyo_path_number_perm+0x13c/0x33c
[ 1080.796503][ T3632]  tomoyo_file_ioctl+0x2c/0x3c
[ 1080.796762][ T3632]  security_file_ioctl+0xe8/0x2f0
[ 1080.797032][ T3632]  __arm64_sys_ioctl+0xd0/0x244
[ 1080.797349][ T3632]  invoke_syscall+0x90/0x2b4
[ 1080.797661][ T3632]  el0_svc_common+0x180/0x2f4
[ 1080.797952][ T3632]  do_el0_svc+0x58/0x74
[ 1080.798236][ T3632]  el0_svc+0x58/0x164
[ 1080.798485][ T3632]  el0t_64_sync_handler+0x84/0x12c
[ 1080.798712][ T3632]  el0t_64_sync+0x198/0x19c
[ 1080.932722][ T3632] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1112.921914][   T25] audit: type=1400 audit(1112.130:100): avc:  denied  { append } for  pid=3658 comm="syz.1.61" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1151.822052][   T25] audit: type=1400 audit(1151.030:101): avc:  denied  { write } for  pid=3681 comm="syz.1.65" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1177.677748][ T3702] KVM: debugfs: duplicate directory 3702-5
[ 1289.942330][ T3711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1290.349379][ T3711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1304.132134][ T3719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1305.072512][ T3719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1320.235434][ T3711] hsr_slave_0: entered promiscuous mode
[ 1320.333212][ T3711] hsr_slave_1: entered promiscuous mode
[ 1320.402370][ T3711] debugfs: 'hsr0' already exists in 'hsr'
[ 1320.412868][ T3711] Cannot create hsr debugfs directory
[ 1335.362368][ T3719] hsr_slave_0: entered promiscuous mode
[ 1335.463733][ T3719] hsr_slave_1: entered promiscuous mode
[ 1335.533061][ T3719] debugfs: 'hsr0' already exists in 'hsr'
[ 1335.536373][ T3719] Cannot create hsr debugfs directory
[ 1339.722893][ T3711] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1340.116718][ T3711] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1341.441894][ T3711] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1341.697358][ T3711] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1348.544296][ T3387] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1349.747517][ T3387] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1351.343408][ T3387] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1352.327663][ T3387] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1355.341175][ T3719] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1356.086672][ T3719] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1356.992225][ T3719] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1357.812396][ T3719] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1369.642946][ T3387] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1370.042193][ T3387] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1370.475232][ T3387] bond0 (unregistering): Released all slaves
[ 1372.755736][ T3387] hsr_slave_0: left promiscuous mode
[ 1372.843222][ T3387] hsr_slave_1: left promiscuous mode
[ 1373.180237][ T3387] veth1_macvtap: left promiscuous mode
[ 1373.186049][ T3387] veth0_macvtap: left promiscuous mode
[ 1373.221758][ T3387] veth1_vlan: left promiscuous mode
[ 1373.226138][ T3387] veth0_vlan: left promiscuous mode
[ 1393.792249][ T3387] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1394.833129][ T3387] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1396.162641][ T3387] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1397.513877][ T3387] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1398.325016][ T3711] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1415.031189][ T3387] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1415.234107][ T3387] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1415.397535][ T3387] bond0 (unregistering): Released all slaves
[ 1416.815542][ T3387] hsr_slave_0: left promiscuous mode
[ 1417.082863][ T3387] hsr_slave_1: left promiscuous mode
[ 1417.729697][ T3387] veth1_macvtap: left promiscuous mode
[ 1417.733076][ T3387] veth0_macvtap: left promiscuous mode
[ 1417.771211][ T3387] veth1_vlan: left promiscuous mode
[ 1417.781654][ T3387] veth0_vlan: left promiscuous mode
[ 1443.883249][ T3719] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1516.343291][ T3711] veth0_vlan: entered promiscuous mode
[ 1517.103912][ T3711] veth1_vlan: entered promiscuous mode
[ 1519.552310][ T3711] veth0_macvtap: entered promiscuous mode
[ 1519.892119][ T3711] veth1_macvtap: entered promiscuous mode
[ 1522.589622][   T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1522.721831][   T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1522.724484][   T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1522.781402][   T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1535.400980][ T3719] veth0_vlan: entered promiscuous mode
[ 1536.312567][ T3719] veth1_vlan: entered promiscuous mode
[ 1538.715952][ T3719] veth0_macvtap: entered promiscuous mode
[ 1539.310412][ T3719] veth1_macvtap: entered promiscuous mode
[ 1542.212614][   T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1542.270083][ T3284] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1542.284497][ T3284] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1542.323225][ T3284] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1636.900164][   T25] audit: type=1400 audit(1636.090:102): avc:  denied  { setattr } for  pid=3967 comm="syz.2.86" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1646.971942][ T3972] debugfs: 'vgic-its-state@8080000' already exists in '3972-4'
[ 1979.613262][ T3721] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1982.903800][ T3721] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1984.670632][ T3721] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1986.356414][ T3721] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2006.795174][ T3721] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2006.894516][ T3721] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2006.996863][ T3721] bond0 (unregistering): Released all slaves
[ 2008.480903][ T3721] hsr_slave_0: left promiscuous mode
[ 2008.637348][ T3721] hsr_slave_1: left promiscuous mode
[ 2009.340885][ T3721] veth1_macvtap: left promiscuous mode
[ 2009.344279][ T3721] veth0_macvtap: left promiscuous mode
[ 2009.362482][ T3721] veth1_vlan: left promiscuous mode
[ 2009.381725][ T3721] veth0_vlan: left promiscuous mode
[ 2031.576898][ T3721] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2032.742688][ T3721] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2034.197917][ T3721] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2035.727313][ T3721] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2056.024647][ T3721] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2056.175204][ T3721] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2056.293843][ T3721] bond0 (unregistering): Released all slaves
[ 2057.276315][ T3721] hsr_slave_0: left promiscuous mode
[ 2057.320213][ T3721] hsr_slave_1: left promiscuous mode
[ 2057.566322][ T3721] veth1_macvtap: left promiscuous mode
[ 2057.604584][ T3721] veth0_macvtap: left promiscuous mode
[ 2057.614629][ T3721] veth1_vlan: left promiscuous mode
[ 2057.632745][ T3721] veth0_vlan: left promiscuous mode
[ 2092.935193][ T4157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2093.224273][ T4157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2102.144826][ T4167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2102.460656][ T4167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2122.382656][ T4157] hsr_slave_0: entered promiscuous mode
[ 2122.461376][ T4157] hsr_slave_1: entered promiscuous mode
[ 2129.596633][ T4167] hsr_slave_0: entered promiscuous mode
[ 2129.686927][ T4167] hsr_slave_1: entered promiscuous mode
[ 2129.717677][ T4167] debugfs: 'hsr0' already exists in 'hsr'
[ 2129.749959][ T4167] Cannot create hsr debugfs directory
[ 2140.217948][ T4157] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2140.985987][ T4157] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2141.495622][ T4157] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2141.850315][ T4157] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2148.537190][ T4167] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2149.014528][ T4167] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2149.493566][ T4167] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2149.937371][ T4167] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2173.894770][ T4157] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2181.695540][ T4167] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2311.970940][ T4157] veth0_vlan: entered promiscuous mode
[ 2312.747587][ T4157] veth1_vlan: entered promiscuous mode
[ 2315.902848][ T4157] veth0_macvtap: entered promiscuous mode
[ 2316.361546][ T4157] veth1_macvtap: entered promiscuous mode
[ 2320.361371][   T35] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2320.370431][   T35] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2320.779626][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2320.783773][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2321.051420][ T4167] veth0_vlan: entered promiscuous mode
[ 2322.681490][ T4167] veth1_vlan: entered promiscuous mode
[ 2328.087050][ T4167] veth0_macvtap: entered promiscuous mode
[ 2328.921240][ T4167] veth1_macvtap: entered promiscuous mode
[ 2333.112574][   T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2333.157758][ T4384] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2333.217189][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2333.220068][ T4170] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2505.725794][ T4171] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2508.877834][ T4171] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2510.313535][ T4171] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2512.233081][ T4171] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2537.070562][ T4171] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2537.308019][ T4171] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2537.470675][ T4171] bond0 (unregistering): Released all slaves
[ 2540.313612][ T4171] hsr_slave_0: left promiscuous mode
[ 2540.923682][ T4171] hsr_slave_1: left promiscuous mode
[ 2542.182957][ T4171] veth1_macvtap: left promiscuous mode
[ 2542.209764][ T4171] veth0_macvtap: left promiscuous mode
[ 2542.231123][ T4171] veth1_vlan: left promiscuous mode
[ 2542.281199][ T4171] veth0_vlan: left promiscuous mode
[ 2566.803656][ T3803] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2568.602707][ T3803] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2570.397569][ T3803] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2572.253743][ T3803] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2594.450486][ T3803] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2594.705659][ T3803] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2594.794655][ T3803] bond0 (unregistering): Released all slaves
[ 2597.155462][ T3803] hsr_slave_0: left promiscuous mode
[ 2597.530227][ T3803] hsr_slave_1: left promiscuous mode
[ 2598.384851][ T3803] veth1_macvtap: left promiscuous mode
[ 2598.409512][ T3803] veth0_macvtap: left promiscuous mode
[ 2598.441135][ T3803] veth1_vlan: left promiscuous mode
[ 2598.457483][ T3803] veth0_vlan: left promiscuous mode
[ 2667.151651][ T4501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2667.334898][ T4506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2667.496407][ T4501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2667.682079][ T4506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2700.982119][ T4506] hsr_slave_0: entered promiscuous mode
[ 2701.057295][ T4506] hsr_slave_1: entered promiscuous mode
[ 2703.706122][ T4501] hsr_slave_0: entered promiscuous mode
[ 2703.824138][ T4501] hsr_slave_1: entered promiscuous mode
[ 2703.949887][ T4501] debugfs: 'hsr0' already exists in 'hsr'
[ 2703.950676][ T4501] Cannot create hsr debugfs directory
[ 2723.570296][ T4506] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 2724.386681][ T4506] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 2724.987436][ T4506] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 2726.187664][ T4506] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 2730.310383][ T4501] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2730.675885][ T4501] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2731.166083][ T4501] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2731.677795][ T4501] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2761.463121][ T4506] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2767.786560][ T4501] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2923.662400][ T4506] veth0_vlan: entered promiscuous mode
[ 2924.643451][ T4506] veth1_vlan: entered promiscuous mode
[ 2929.621085][ T4501] veth0_vlan: entered promiscuous mode
[ 2930.326435][ T4506] veth0_macvtap: entered promiscuous mode
[ 2931.456115][ T4506] veth1_macvtap: entered promiscuous mode
[ 2932.259080][ T4501] veth1_vlan: entered promiscuous mode
[ 2937.750214][ T3676] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2937.776119][ T3676] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2937.909864][   T49] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2938.001160][   T49] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2939.821325][ T4501] veth0_macvtap: entered promiscuous mode
[ 2941.291995][ T4501] veth1_macvtap: entered promiscuous mode
[ 2948.190405][ T3803] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2948.211156][ T3803] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2948.256266][ T3803] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2948.281573][ T3803] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3389.937227][ T4897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3390.656529][ T4897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3410.903492][ T4908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3411.424923][ T4908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3446.963498][ T4897] hsr_slave_0: entered promiscuous mode
[ 3447.124183][ T4897] hsr_slave_1: entered promiscuous mode
[ 3447.321689][ T4897] debugfs: 'hsr0' already exists in 'hsr'
[ 3447.370731][ T4897] Cannot create hsr debugfs directory
[ 3471.090141][ T4908] hsr_slave_0: entered promiscuous mode
[ 3471.244210][ T4908] hsr_slave_1: entered promiscuous mode
[ 3471.297764][ T4908] debugfs: 'hsr0' already exists in 'hsr'
[ 3471.390688][ T4908] Cannot create hsr debugfs directory
[ 3488.670473][ T4897] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 3490.232299][ T4897] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 3490.967800][ T4897] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 3492.643551][ T4897] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 3514.216737][ T4908] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 3515.131559][ T4908] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 3515.882432][ T4908] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 3516.716089][ T4908] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 3555.405803][ T4897] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3573.172682][ T4908] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3656.991689][   T27] INFO: task syz.6.156:4884 blocked for more than 430 seconds.
[ 3657.002180][   T27]       Not tainted syzkaller #0
[ 3657.011527][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3657.012243][   T27] task:syz.6.156       state:D stack:0     pid:4884  tgid:4884  ppid:4501   task_flags:0x400040 flags:0x00000019
[ 3657.013486][   T27] Call trace:
[ 3657.013891][   T27]  __switch_to+0x584/0xb20 (T)
[ 3657.014481][   T27]  __schedule+0x1eec/0x33a4
[ 3657.015016][   T27]  schedule+0xac/0x27c
[ 3657.015546][   T27]  schedule_timeout+0x5c/0x1e4
[ 3657.015970][   T27]  do_wait_for_common+0x28c/0x444
[ 3657.016564][   T27]  wait_for_completion+0x44/0x5c
[ 3657.017052][   T27]  __synchronize_srcu+0x2a4/0x320
[ 3657.017550][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 3657.171246][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 3657.183934][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 3657.232677][   T27]  kvm_vm_release+0x58/0x78
[ 3657.249802][   T27]  __fput+0x4ac/0x980
[ 3657.250483][   T27]  ____fput+0x20/0x58
[ 3657.250991][   T27]  task_work_run+0x1bc/0x254
[ 3657.251470][   T27]  do_notify_resume+0x1bc/0x270
[ 3657.251925][   T27]  el0_svc+0xb8/0x164
[ 3657.252365][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 3657.252791][   T27]  el0t_64_sync+0x198/0x19c
[ 3657.254242][   T27] 
[ 3657.254242][   T27] Showing all locks held in the system:
[ 3657.254753][   T27] 1 lock held by khungtaskd/27:
[ 3657.255173][   T27]  #0: ffff800087806858 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 3657.257541][   T27] 3 locks held by kworker/u4:2/35:
[ 3657.257925][   T27] 3 locks held by kworker/u4:4/49:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 3657.411620][   T27]  #0: fff0000072d80d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2f0/0x33a4
[ 3657.413541][   T27]  #1: fff0000072d6c548 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x6c/0x6e8
[ 3657.415198][   T27]  #2: fff0000072d6de58 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x5c8/0xe7c
[ 3657.416976][   T27] 2 locks held by getty/3178:
[ 3657.417323][   T27]  #0: 3af00000121068a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 3657.521350][   T27]  #1: c1ff80008c54b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 3657.523043][   T27] 2 locks held by syz-executor/3305:
[ 3657.523458][   T27] 3 locks held by kworker/u4:8/4170:
[ 3657.523774][   T27] 3 locks held by kworker/u4:11/4173:
[ 3657.524082][   T27] 2 locks held by kworker/u4:12/4384:
[ 3657.524392][   T27]  #0: 87f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 3657.526041][   T27]  #1: ffff80008e8c7c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 3657.527864][   T27] 2 locks held by syz.7.155/4873:
[ 3657.707420][   T27] 2 locks held by kworker/u4:9/4916:
[ 3657.707873][   T27]  #0: 87f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 3657.724137][   T27]  #1: ffff80008fec7c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 3657.725960][   T27] 3 locks held by kworker/u4:14/4971:
[ 3657.726339][   T27] 1 lock held by modprobe/5062:
[ 3657.726674][   T27] 4 locks held by modprobe/5063:
[ 3657.849964][   T27] 
[ 3657.850615][   T27] =============================================
[ 3657.850615][   T27] 
[ 3657.851532][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 3657.856179][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 3657.857566][   T27] Hardware name: linux,dummy-virt (DT)
[ 3657.858507][   T27] Call trace:
[ 3657.859202][   T27]  show_stack+0x2c/0x3c (C)
[ 3657.860320][   T27]  __dump_stack+0x30/0x40
[ 3657.861190][   T27]  dump_stack_lvl+0x30/0x12c
[ 3657.862120][   T27]  dump_stack+0x1c/0x28
[ 3657.862973][   T27]  vpanic+0x22c/0x59c
[ 3657.863813][   T27]  vpanic+0x0/0x59c
[ 3657.864605][   T27]  hung_task_panic+0x0/0x2c
[ 3657.865520][   T27]  kthread+0x794/0x9a0
[ 3657.866386][   T27]  ret_from_fork+0x10/0x20
[ 3657.868276][   T27] Kernel Offset: disabled
[ 3657.869086][   T27] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 3657.870245][   T27] Memory Limit: none
[ 3657.872574][   T27] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:14:03  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008656cbdc X00=0000000000000101 X01=ffff800080550a18
X02=c9f000000d9b9d80 X03=0000000000000000 X04=0000000000000001
X05=0000000000000000 X06=0000000000000000 X07=ffff800085338d00
X08=ffff800080007680 X09=efff800000000000 X10=ffff800080007678
X11=0000000000000035 X12=00000000000000ff X13=0000000000000035
X14=0ffff80008000768 X15=0000000000000035 X16=0000000000000000
X17=fff07fffeb6e6000 X18=00000000000000ff X19=ffff8000800079c0
X20=ffff8000800079c0 X21=0000000000000010 X22=ffff800080007568
X23=ffff800082f33390 X24=ffff800080007ce0 X25=ffff8000800075b8
X26=ffff8000876b5000 X27=00000000000000ff X28=0000000000000000
X29=ffff800080007530 X30=ffff8000800e2fd8  SP=ffff800080007560
PSTATE=40402009 -Z-- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=65642f000a732520:7325207334362e25
Z02=742065726f6d2072:6f662064656b636f Z03=000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:000f00f00f00000f Z05=64656b636f6c6220:343838343a363531
Z06=203a29315f657661:6c735f646e6f6220 Z07=206e612073612067:6e6976616c736e45
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffc1479700:0000ffffc1479700 Z17=ffffff80ffffffd0:0000ffffc14796d0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000