last executing test programs:

1h24m49.561067492s ago: executing program 0 (id=212):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000000000000080000000100ffff8a"])
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f00000001c0)=0x7ffffff, 0xfdef)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x6030000000138010}}], 0x18}, 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x29)
r11 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x121200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r11, 0x4b47, 0xfffffffffffffffe)
r12 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r14, 0xae03, 0x66)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
r16 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r15, 0x2, 0x12, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r16, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48)
r17 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r17, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)

1h24m39.216394399s ago: executing program 1 (id=213):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x27)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r4 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000240)=@attr_arm64={0x0, 0x1, 0x4, &(0x7f0000000080)=0x40})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r5, 0x4010aeab, &(0x7f0000000000)={0x1, 0x8000001})

1h24m28.943519217s ago: executing program 1 (id=214):
ioctl$KVM_GET_REGS(0xffffffffffffffff, 0x8360ae81, &(0x7f0000000000))
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000400)={0x0, &(0x7f00000000c0)=[@smc={0x1e, 0x40, {0x84000011, [0x2, 0x4, 0x2, 0x0, 0x5]}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @irq_setup={0x46, 0x18, {0x4, 0x19}}, @svc={0x122, 0x40, {0x84000013, [0x4, 0x5, 0x4, 0x4, 0xaa1]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x21b}}, @smc={0x1e, 0x40, {0x80008000, [0xffffffffffffffff, 0xc331, 0x6, 0xc2, 0x7]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x29c}}, @svc={0x122, 0x40, {0x105, [0x80000001, 0x7, 0x2, 0x0, 0x2]}}, @msr={0x14, 0x20, {0x603000000013c006, 0x40}}, @irq_setup={0x46, 0x18, {0x1, 0x148}}, @code={0xa, 0x9c, {"000c007c0000202e007008d5c01e8dd20080b0f2610180d2820080d2630080d2e40180d2020000d4803398d200c0b0f2810080d2620080d2230180d2240080d2020000d40008a07820c888d20040b8f2010080d2c20180d2230080d2c40080d2020000d40038300e809e98d200a0b8f2810180d2c20180d2a30180d2240080d2020000d4008008d5"}}, @irq_setup={0x46, 0x18, {0x3, 0x2b}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x3, 0x8, 0x8, 0x8000, 0x1}}, @eret={0xe6, 0x18, 0x6}, @eret={0xe6, 0x18, 0x5}, @code={0xa, 0x54, {"001ca00e000028d50000002e003c0053007008d5008008d520cb9ad200a0b0f2a10080d2620080d2c30080d2c40180d2020000d40040df0c00000039000008d5"}}, @irq_setup={0x46, 0x18, {0x0, 0x37b}}], 0x330}, &(0x7f0000000440)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000480)={0x7fff, 0x1})
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000500)=@arm64_fp={0x604000000010006b, &(0x7f00000004c0)=0x6})
ioctl$KVM_SET_GUEST_DEBUG_arm64(r0, 0x4208ae9b, &(0x7f0000000540)={0x20001, 0x0, {[0x6, 0x2, 0x7fffffffffffffff, 0x4, 0x4, 0x5, 0x2, 0x10000, 0x9, 0x1, 0xfff, 0x3, 0x6, 0x5, 0x9, 0x8], [0x8, 0x2, 0x1, 0xff, 0x0, 0x8, 0x0, 0x7, 0x8, 0x8, 0xa, 0xd8, 0x2, 0xc64c, 0x8, 0x8000000000000001], [0x1, 0x21d0, 0x5, 0x4, 0x101, 0x5, 0x3, 0x8, 0x0, 0x4, 0x2, 0x5, 0xffffffffad490feb, 0x8, 0x43, 0x3], [0x1, 0x7, 0x1, 0xc0000000000, 0x6, 0x2a, 0x100000000, 0x8, 0x7, 0x7, 0x1ff, 0x2, 0x7fffffffffffffff, 0x5, 0x8, 0x10]}})
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r1, 0x4018aee3, &(0x7f0000000780)=@attr_pmu_init)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_FINALIZE(0xffffffffffffffff, 0x4004aec2, &(0x7f00000007c0)=0x5)
syz_kvm_setup_cpu$arm64(r1, r0, &(0x7f0000bfd000/0x400000)=nil, &(0x7f0000000e00)=[{0x0, &(0x7f0000000800)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x280, 0x3, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013e729}}, @uexit={0x0, 0x18, 0xfff}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x0, 0x3, 0x6, 0x7, 0x2}}, @code={0xa, 0x6c, {"0000204a000000bc008040480000805a000c003c00b8215e809791d20080b8f2a10180d2020180d2030080d2240080d2020000d440a39fd20020b0f2010180d2420180d2230080d2040180d2020000d4008040480058200e"}}, @svc={0x122, 0x40, {0x84000009, [0x0, 0x0, 0x40, 0x5, 0x391]}}, @smc={0x1e, 0x40, {0x4000, [0x400000000000, 0x8000000000000001, 0x6, 0x7]}}, @irq_setup={0x46, 0x18, {0x0, 0x165}}, @svc={0x122, 0x40, {0x0, [0x100000001, 0x0, 0x6, 0x7d7f646c, 0xd4c8]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x6, 0x80, 0xb34, 0xb}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe0, 0x9, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x2000, 0x0, 0xc}}, @uexit={0x0, 0x18, 0x2f}, @mrs={0xbe, 0x18, {0x603000000013c109}}, @mrs={0xbe, 0x18, {0x6030000000138002}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0x4, 0x80000001, 0x4, 0x2}}, @svc={0x122, 0x40, {0x80000000, [0x3, 0x0, 0x47, 0x9, 0xffffffff00000000]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0x5, 0x5, 0x1ae, 0x4}}, @smc={0x1e, 0x40, {0x81000002, [0x8, 0x10, 0xd, 0xe, 0x52]}}, @hvc={0x32, 0x40, {0x4000000, [0x3, 0x7, 0xffff, 0x10, 0x100]}}, @smc={0x1e, 0x40, {0x80000001, [0x8, 0x5, 0x0, 0x8000000000000000, 0x80]}}, @hvc={0x32, 0x40, {0x8400000e, [0x6, 0x0, 0x4, 0x3f0, 0x2]}}, @smc={0x1e, 0x40, {0x84000012, [0x9, 0x7, 0x9, 0xfffffffffffffffc, 0x401]}}, @code={0xa, 0xb4, {"a03097d200e0b8f2c10180d2e20080d2e30180d2c40180d2020000d400a0800d0020ff0d20bf86d20060b0f2610180d2220180d2e30080d2840080d2020000d400768cd20080b8f2e10080d2a20080d2c30080d2040180d2020000d4402f88d20020b8f2a10180d2820180d2230180d2640080d2020000d400e0600d000008d5007008d5e05392d200c0b0f2010180d2220180d2230180d2240180d2020000d4"}}, @uexit={0x0, 0x18, 0xfffffffffffffffc}, @msr={0x14, 0x20, {0x603000000013de95, 0x1}}, @irq_setup={0x46, 0x18, {0x1, 0x1f9}}, @msr={0x14, 0x20, {0x603000000013dee1, 0xe8b}}, @uexit={0x0, 0x18, 0x1}, @svc={0x122, 0x40, {0x84000001, [0x5, 0x9, 0x80000000, 0x7, 0xfff]}}], 0x5f0}], 0x1, 0x0, &(0x7f0000000e40)=[@featur1={0x1, 0x1}], 0x1)
ioctl$KVM_GET_SREGS(r1, 0x8000ae83, &(0x7f0000000e80))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r1, 0xc040aed5, &(0x7f0000000fc0)={0x0, 0x1a000})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000001000)={0xe4, 0x0, 0x9})
ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f0000001080)={[0x1000, 0xc, 0x8, 0xdd1, 0x530, 0x6, 0x0, 0xfffffffffffffff9, 0x4, 0x1, 0x9, 0x100, 0xffffffffffff7723, 0x8001, 0x8, 0x63ca], 0xeeee8000, 0x48a44})
ioctl$KVM_PRE_FAULT_MEMORY(r1, 0xc040aed5, &(0x7f0000001140)={0xdddd1000, 0x2000})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_DIRTY_TLB(r3, 0x4010aeaa, &(0x7f0000001180)={0xfffffffffffffff7, 0x200})
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7)
r4 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece)
write$eventfd(r4, &(0x7f00000011c0)=0xffffffffffffffff, 0x8)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000001200)={0x3})
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001280)={0x0, &(0x7f0000001240)=[@svc={0x122, 0x40, {0x80007fff, [0xc, 0x1, 0x100, 0x4, 0x6]}}], 0x40}, &(0x7f00000012c0)=[@featur1={0x1, 0x108}], 0x1)
ioctl$KVM_KVMCLOCK_CTRL(r5, 0xaead)
ioctl$KVM_GET_REGS(r4, 0x8360ae81, &(0x7f0000001300))
close(r2)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f0000001400)=@attr_other={0x0, 0x3, 0x1, &(0x7f00000013c0)=0x81})
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x36)
ioctl$KVM_PPC_ALLOCATE_HTAB(r6, 0xc004aea7, &(0x7f0000001440)=0x7)

1h24m28.765958316s ago: executing program 0 (id=215):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x90)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = eventfd2(0xeffffffb, 0x80800)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r5, 0x1})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r5, 0x3})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r5, 0xb})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r2, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000800000/0x800000)=nil, 0x0, 0x0, 0x2010, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec7000/0x4000)=nil, 0x4000)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000200)}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x7, 0x3}})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x8, 0x8032, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400003, 0x0)

1h24m24.087925913s ago: executing program 1 (id=216):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0xc018ae85, &(0x7f00000003c0)=@arm64_bitmap={0x6030000000160001, 0x0})
ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f0000000180)={0xb835fa4a04041ba6, 0x10000})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef00000000fcffffffffffff1bf3a3b292e50d9600020000000100000003000000000000000400000000000000320000000000000040000000000000005200008400"], 0x80}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000000000)={0x5, 0x3})
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) (async)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r11, 0x3, 0x11, r9, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r11, 0x3, 0x11, r9, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0)

1h24m15.899269657s ago: executing program 0 (id=217):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2c)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r2, 0x4018aee3, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x431c685cde1afb60, 0x4, 0x4000, 0x2000, &(0x7f0000d74000/0x2000)=nil})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x2402, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
close(0x4)
close(0x5)
r9 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c02a, &(0x7f0000000180)})
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
r13 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000080)="fb0149dd033be3ac4e37c4005a9614fbff67521ce16f8f09449a7a836b73312954000000000000000000000000000000000000000000000000000000dc6900", 0x0, 0x2e)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r14 = eventfd2(0x0, 0x0)
close(r14)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0)

1h24m14.599303161s ago: executing program 1 (id=218):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000160006, &(0x7f0000000000)=0x8})
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@mrs={0xbe, 0x18, {0x603000000013dce0}}], 0x18}, &(0x7f0000000000)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x0, 0x2000, &(0x7f0000fb0000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x0, 0x2000, &(0x7f0000fb0000/0x2000)=nil})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f00000000c0)={0x4, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000fd3000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) (async)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1h23m51.832235986s ago: executing program 1 (id=219):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(r3, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f00000000c0)=[@eret={0xe6, 0x18}, @svc={0x122, 0x40, {0x5000000, [0x3, 0x6, 0x6000, 0x0, 0x8000]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x7ff, 0x2}}, @msr={0x14, 0x20, {0x603000000013dce8}}, @eret={0xe6, 0x18, 0x1}, @hvc={0x32, 0x40, {0x84000013, [0x1, 0xac, 0x8, 0x1, 0x5d60]}}, @eret={0xe6, 0x18, 0xffffffffffff3d46}, @code={0xa, 0x84, {"0000204b40889dd200a0b8f2410180d2e20180d2030080d2240180d2020000d4008008d5007008d5008008d50054007f000008d5c05784d20040b0f2a10080d2c20180d2630180d2240180d2020000d400f097d20040b0f2e10080d2220180d2030080d2640080d2020000d400d8a05e"}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x376}}, @mrs={0xbe, 0x18, {0x603000000013e2b0}}, @msr={0x14, 0x20, {0x603000000013e6dd, 0x5}}, @uexit={0x0, 0x18, 0x9}, @svc={0x122, 0x40, {0x86000001, [0x2, 0xffffffffffffd7ec, 0x4, 0x6, 0x27]}}, @irq_setup={0x46, 0x18, {0x3, 0x51}}, @irq_setup={0x46, 0x18, {0x3, 0x8e}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0xee}}], 0x2ac}], 0x1, 0x0, &(0x7f00000003c0)=[@featur2], 0x1)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0x80086601, 0x20000000)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000dc2000/0x4000)=nil, r7, 0x4, 0x1010, r8, 0x0)

1h23m51.230627372s ago: executing program 0 (id=220):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) (async)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29e00007a9610fbff67521ce16f8f1f449a7a835673312b5cebb2aa76c869d22627e70000000000000000000000008000", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(0xffffffffffffffff, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4a8100, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4a8100, 0x0)

1h23m5.849335855s ago: executing program 32 (id=219):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(r3, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f00000000c0)=[@eret={0xe6, 0x18}, @svc={0x122, 0x40, {0x5000000, [0x3, 0x6, 0x6000, 0x0, 0x8000]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x7ff, 0x2}}, @msr={0x14, 0x20, {0x603000000013dce8}}, @eret={0xe6, 0x18, 0x1}, @hvc={0x32, 0x40, {0x84000013, [0x1, 0xac, 0x8, 0x1, 0x5d60]}}, @eret={0xe6, 0x18, 0xffffffffffff3d46}, @code={0xa, 0x84, {"0000204b40889dd200a0b8f2410180d2e20180d2030080d2240180d2020000d4008008d5007008d5008008d50054007f000008d5c05784d20040b0f2a10080d2c20180d2630180d2240180d2020000d400f097d20040b0f2e10080d2220180d2030080d2640080d2020000d400d8a05e"}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x376}}, @mrs={0xbe, 0x18, {0x603000000013e2b0}}, @msr={0x14, 0x20, {0x603000000013e6dd, 0x5}}, @uexit={0x0, 0x18, 0x9}, @svc={0x122, 0x40, {0x86000001, [0x2, 0xffffffffffffd7ec, 0x4, 0x6, 0x27]}}, @irq_setup={0x46, 0x18, {0x3, 0x51}}, @irq_setup={0x46, 0x18, {0x3, 0x8e}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0xee}}], 0x2ac}], 0x1, 0x0, &(0x7f00000003c0)=[@featur2], 0x1)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0x80086601, 0x20000000)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000dc2000/0x4000)=nil, r7, 0x4, 0x1010, r8, 0x0)

1h23m2.966755129s ago: executing program 33 (id=220):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) (async)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29e00007a9610fbff67521ce16f8f1f449a7a835673312b5cebb2aa76c869d22627e70000000000000000000000008000", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(0xffffffffffffffff, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4a8100, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4a8100, 0x0)

1h11m38.988689985s ago: executing program 2 (id=281):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x2, 0x7c}}], 0x28}, 0x0, 0x0) (async)
r4 = syz_kvm_vgic_v3_setup(r1, 0xffffffffffbffffc, 0x120) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x2c0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000000)=0x6})

1h11m28.718348352s ago: executing program 2 (id=283):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3f)
r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0xde1e808bfdfbb8b1, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2d)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ef7000/0x1000)=nil, r6, 0x1000005, 0x10010, r4, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000100), 0x61e880, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2d)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100036, &(0x7f0000000000)=0xcb})
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x6)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f0000000340)=[@its_setup={0x82, 0x28, {0x4, 0x1, 0x1}}, @code={0xa, 0xfc, {"20f59fd200e0b0f2410180d2c20080d2230180d2e40080d2020000d4a08383d200c0b8f2610180d2820080d2030080d2c40180d2020000d4c01f9fd20080b8f2a10080d2820080d2c30080d2240180d2020000d420b391d20060b0f2410080d2020180d2e30180d2640080d2020000d4e01989d20020b0f2010180d2220080d2830080d2240080d2020000d420db8dd20080b0f2610180d2420080d2e30080d2a40080d2020000d4007008d5c03798d20020b0f2010080d2420180d2230080d2640180d2020000d4007008d5a0b085d200a0b0f2610080d2220180d2830180d2040080d2020000d4"}}], 0x124}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000180)={0x5, <r16=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f0000000200)=0x8080002})
ioctl$KVM_RUN(r15, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r17, 0x4040aea0, &(0x7f0000000000)=@x86={0x79, 0x2, 0xed, 0x0, 0x8, 0x3c, 0x6, 0x1, 0x2, 0x8, 0xfc, 0x40, 0x0, 0x0, 0x0, 0x1, 0x6, 0x6, 0x35, '\x00', 0x7, 0xde3e})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)

1h11m18.170321267s ago: executing program 2 (id=285):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r5, 0x2}) (async)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r5, 0x2})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000040)={0x4, 0xd000, 0x8, r5, 0xa})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r5, 0x3})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x20) (async)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x20)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616})
r7 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000080)=[@memwrite={0x6e, 0x0, @vgic_gicr={0x80e0000, 0x280, 0x3ff, 0xf}}], 0xfff6}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1h11m7.064504239s ago: executing program 2 (id=287):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000002c0)={0xffffffffffffffff, 0xcf, 0x3, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0xfffff828, 0x6})
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000240)={0xdddd0000, 0x1000})
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000d26000/0x4000)=nil, 0x0, 0x3000004, 0x10, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="615e96137b3c6562629a4a95cc219abaa1aa856a58df672144ed5f222f2256f4159e2bb42aaf92b4c8f1f0f2bb1d3c0c0ce82f2e2fe5004aed23d8dc9dd0f5ebe7a2cdf315d62d21", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, <r12=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r12, 0x400454ca, 0xd8ffffffffff0f00)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)

1h11m0.821644515s ago: executing program 3 (id=288):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x5edc}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r1, 0x4208ae9b, &(0x7f0000000380)={0x10000, 0x0, {[0x8000, 0xffffffffffffffff, 0x6, 0x9, 0x2, 0x71, 0x0, 0x7, 0x9, 0xacb, 0x100, 0x8, 0x3, 0x100, 0x2, 0xc], [0x4, 0x1, 0x0, 0x40, 0xfffffffffffffffd, 0xe, 0xdf76, 0xfff, 0x688, 0xffff, 0x4, 0xfffd, 0x6, 0x3, 0x9, 0x4], [0x3ff, 0x3ff, 0x6, 0xf, 0x4, 0x9, 0x14ae0c12, 0x7, 0x2, 0xd, 0x2, 0x5, 0x7, 0x9, 0x3, 0xc], [0x1, 0x3, 0x8, 0x8000000000000001, 0x40, 0x7ff, 0x78a, 0xc, 0x9cb, 0x10000, 0x1, 0x80000001, 0x7, 0x8, 0x0, 0x6]}})
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8})
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000000)={0x4})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000100)={0xfffffffffffffff7, 0xeeef0000})
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000140)=[@featur2={0x1, 0xe1}], 0x1)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r10, 0x4008ae6a, &(0x7f0000000240)={0x1, 0x0, [{0xf, 0x3, 0x1, 0x0, @msi={0xebe, 0x6e, 0x7b, 0x801}}]})
ioctl$KVM_CHECK_EXTENSION(r8, 0x8933, 0x6)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x21)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r13, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x7f, &(0x7f0000000340)=0x8})
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f0000000280)=[@mrs={0xbe, 0x18, {0x603000000013c643}}, @memwrite={0x6e, 0x30, @generic={0x6000, 0x0, 0x6}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x68}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x0)

1h10m46.851155377s ago: executing program 2 (id=289):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x57)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f00000000c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000080)=0x922})
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x9)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x2000)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000240)={0x200002f})
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000000)={0x1ff, 0x1, 0x4000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x4, 0x8003000, 0x1000, &(0x7f0000ee1000/0x1000)=nil})

1h10m44.649208041s ago: executing program 3 (id=290):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10000, 0x2, 0xffff1000, 0x1000, &(0x7f00003f1000/0x1000)=nil})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

1h10m34.013675643s ago: executing program 2 (id=291):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x7, <r5=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x20000000000005)
r8 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bde000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x33)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
r14 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r13, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000240)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37e35a9610fbff9379c03b2785e2769a7a835673312b36b376c869d22627e700004000", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0)
r15 = eventfd2(0x0, 0x0)
close(r15)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r16 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r16, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
write$eventfd(r15, &(0x7f0000000180)=0x5, 0xfffffde3)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)

1h10m32.412242486s ago: executing program 3 (id=292):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x19})
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000080)=0x4)
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f00000000c0)={0xfff, 0x5})
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x80000001, [0x4, 0x8, 0x3, 0x8, 0x8]}}], 0x40}, &(0x7f0000000180)=[@featur2={0x1, 0x22}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f0000000200)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000001c0)})
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000240))
ioctl$KVM_CAP_HALT_POLL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000280)={0xb6, 0x0, 0x1})
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x17)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000300)={0x3, <r3=>0xffffffffffffffff, 0x1})
eventfd2(0x80000000, 0x81001)
r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f00000005c0)={0x0, &(0x7f0000000340)=[@irq_setup={0x46, 0x18, {0x2, 0x163}}, @smc={0x1e, 0x40, {0x8400000d, [0x0, 0x1, 0x5, 0x1, 0x7]}}, @code={0xa, 0x9c, {"007008d5007008d5008008d5007008d580cf8ad200c0b0f2610080d2020080d2030080d2840080d2020000d4000008d5608d99d200e0b0f2610080d2420080d2430180d2c40080d2020000d400c0231e005e80d20000b0f2c10180d2020180d2030180d2440080d2020000d4a0ac9dd200a0b8f2c10080d2420180d2230180d2840080d2020000d4"}}, @smc={0x1e, 0x40, {0x6000000, [0x746, 0x8000000000000000, 0x8, 0x623, 0x7ff]}}, @its_send_cmd={0xaa, 0x28, {0x7, 0x1, 0x2, 0x2, 0xd, 0x1, 0x101}}, @hvc={0x32, 0x40, {0xc4000003, [0x7a2f, 0xc, 0xbeb8, 0x5, 0x1]}}, @irq_setup={0x46, 0x18, {0x1, 0x32c}}, @msr={0x14, 0x20, {0x3982, 0x6}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0xb85, 0x3, 0x5}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0xff}}, @msr={0x14, 0x20, {0x603000000013e6d9, 0x6}}], 0x24c}, &(0x7f0000000600)=[@featur2={0x1, 0x9}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000640)={0x10003, 0x2, 0x5000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f00000006c0)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000680)=0xde})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ARM_PREFERRED_TARGET(r5, 0x8020aeaf, &(0x7f0000000700))
munmap(&(0x7f0000ca1000/0x3000)=nil, 0x3000)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000740)=@x86={0x6, 0x40, 0x7, 0x0, 0x0, 0x7, 0xcc, 0x8, 0x47, 0xdc, 0xc, 0x1, 0x0, 0x4, 0x7, 0x7, 0x8, 0x8, 0x8, '\x00', 0xf8, 0x400})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r2, r5, &(0x7f000097a000/0x400000)=nil, &(0x7f0000000b80)=[{0x0, &(0x7f0000000780)=[@smc={0x1e, 0x40, {0x80000002, [0x7fffffff, 0x1000, 0x9, 0x4, 0x66c0]}}, @smc={0x1e, 0x40, {0x84000011, [0x3, 0x6, 0x1, 0xb, 0x80]}}, @code={0xa, 0xb4, {"0074200e007008d520d287d200a0b0f2a10180d2020080d2630080d2c40180d2020000d4808082d20080b8f2010180d2420180d2c30180d2e40180d2020000d40000781ec0d183d200c0b0f2810080d2220180d2a30080d2240080d2020000d4c01a87d20040b8f2810180d2820180d2030180d2040180d2020000d4000028d5007008d5a07391d200c0b0f2c10180d2e20180d2830080d2e40180d2020000d4"}}, @code={0xa, 0x84, {"00c385d200e0b8f2010080d2420080d2e30080d2c40080d2020000d40078000e007008d5007008d5007008d5a00088d20020b0f2010080d2420180d2430080d2440180d2020000d420038cd20040b8f2a10180d2020180d2630080d2640080d2020000d4000028d500008072008008d5"}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x4, 0x5, 0x6, 0x8, 0x2}}, @smc={0x1e, 0x40, {0x8000, [0xa, 0x7fff, 0x9, 0x0, 0x2]}}, @msr={0x14, 0x20, {0x603000000013c013, 0xfffffffffffffffb}}, @eret={0xe6, 0x18, 0x5}, @svc={0x122, 0x40, {0x84000050, [0x1000, 0x401, 0x6b5e, 0x8, 0xc03e]}}, @irq_setup={0x46, 0x18, {0x0, 0x2b8}}, @uexit={0x0, 0x18, 0x6}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xe00, 0x6, 0x7}}, @irq_setup={0x46, 0x18, {0x4, 0xba}}, @hvc={0x32, 0x40, {0x40000000, [0x9, 0x4, 0x9, 0x1ed, 0x1000]}}, @mrs={0xbe, 0x18, {0x603000000013c4cf}}, @msr={0x14, 0x20, {0x6030000000138076, 0x9}}, @eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0x44000013, [0x4, 0x0, 0x3, 0x5, 0xeb]}}, @irq_setup={0x46, 0x18, {0x3, 0x264}}], 0x3f8}], 0x1, 0x0, &(0x7f0000000bc0)=[@featur2={0x1, 0x80}], 0x1)
ioctl$KVM_CAP_PTP_KVM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000c00))
ioctl$KVM_HAS_DEVICE_ATTR_vm(r2, 0x4018aee3, &(0x7f0000000cc0)=@attr_other={0x0, 0x6, 0x6, &(0x7f0000000c80)=0x2a1})
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_INTERRUPT(r6, 0x4004ae86, &(0x7f0000000d00)=0x8)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000d40)={0x8, 0x4f51dce5})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000d80)={0x10001, 0x1, 0x3000, 0x2000, &(0x7f0000a65000/0x2000)=nil, 0xb})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000e80)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000e40)=0x7})
syz_kvm_setup_cpu$arm64(r2, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000001240)=[{0x0, &(0x7f0000000ec0)=[@msr={0x14, 0x20, {0x60300000001383c6, 0x1}}, @hvc={0x32, 0x40, {0x84000014, [0x3, 0x7d, 0x10001, 0xfff, 0x3]}}, @eret={0xe6, 0x18, 0xd}, @msr={0x14, 0x20, {0x603000000013c110, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x2b5}}, @smc={0x1e, 0x40, {0x80002002, [0x1, 0x3, 0x9000000000000, 0xf, 0x6]}}, @hvc={0x32, 0x40, {0x86000001, [0x2, 0x6, 0xf, 0x8001]}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x18f}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013803e}}, @eret={0xe6, 0x18, 0x400}, @hvc={0x32, 0x40, {0x84000006, [0x3ff, 0x40, 0x3, 0x7ff, 0x1]}}, @irq_setup={0x46, 0x18, {0x0, 0x3}}, @svc={0x122, 0x40, {0x31000000, [0xffffffff, 0x569, 0xafc2, 0x0, 0x1]}}, @code={0xa, 0xb4, {"c04d9bd20060b0f2610080d2e20080d2c30180d2040180d2020000d400fc40d3007008d5201980d20060b8f2210080d2a20180d2030080d2640080d2020000d400084038007008d5e08983d20060b0f2e10180d2420080d2230180d2040180d2020000d420c38ad20040b8f2810180d2e20080d2e30080d2c40080d2020000d4008008d520be92d200a0b8f2810180d2020180d2030180d2440180d2020000d4"}}, @hvc={0x32, 0x40, {0xc4000011, [0x4, 0x8, 0x5c5249b1, 0x94, 0x7ff]}}], 0x354}], 0x1, 0x0, &(0x7f0000001280)=[@featur2], 0x1)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f00000012c0))

1h10m24.236609118s ago: executing program 3 (id=293):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@code={0xa, 0x1c, {"7f2003d50008a078"}}], 0x1c}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})

1h10m14.458639552s ago: executing program 3 (id=294):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0xc0)
ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x9, 0x9, &(0x7f0000000040)=0xd})
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

1h10m7.547848734s ago: executing program 3 (id=295):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x39)
r3 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x2000004, 0x810, r2, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000006c0)=[@hvc={0x32, 0x40, {0xc5000021, [0xfffffffffffffde4, 0x3ff, 0x1, 0x7, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r9, 0x40a0ae49, &(0x7f00000000c0)={0x5, 0x5, 0x2000, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x3})
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000f7c000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
r10 = ioctl$KVM_GET_STATS_FD_vm(r9, 0xaece)
syz_kvm_setup_cpu$arm64(r10, r2, &(0x7f0000a28000/0x400000)=nil, &(0x7f00000001c0)=[{0x0, &(0x7f0000000000)=[@code={0xa, 0x6c, {"007008d5005cc09a000028d5a02a83d20000b0f2410180d2020080d2c30080d2640180d2020000d440a19ed200e0b0f2c10080d2420180d2e30080d2e40180d2020000d40000609e0820201e008008d5007008d500e4a07e"}}], 0x6c}], 0x1, 0x0, &(0x7f0000000200)=[@featur2={0x1, 0xd0}], 0x1)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

1h9m47.571395523s ago: executing program 34 (id=291):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x7, <r5=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x20000000000005)
r8 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bde000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x33)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
r14 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r13, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000240)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37e35a9610fbff9379c03b2785e2769a7a835673312b36b376c869d22627e700004000", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0)
r15 = eventfd2(0x0, 0x0)
close(r15)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r16 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r16, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
write$eventfd(r15, &(0x7f0000000180)=0x5, 0xfffffde3)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)

1h9m19.80629778s ago: executing program 35 (id=295):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x39)
r3 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x2000004, 0x810, r2, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000006c0)=[@hvc={0x32, 0x40, {0xc5000021, [0xfffffffffffffde4, 0x3ff, 0x1, 0x7, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r9, 0x40a0ae49, &(0x7f00000000c0)={0x5, 0x5, 0x2000, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x3})
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000f7c000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
r10 = ioctl$KVM_GET_STATS_FD_vm(r9, 0xaece)
syz_kvm_setup_cpu$arm64(r10, r2, &(0x7f0000a28000/0x400000)=nil, &(0x7f00000001c0)=[{0x0, &(0x7f0000000000)=[@code={0xa, 0x6c, {"007008d5005cc09a000028d5a02a83d20000b0f2410180d2020080d2c30080d2640180d2020000d440a19ed200e0b0f2c10080d2420180d2e30080d2e40180d2020000d40000609e0820201e008008d5007008d500e4a07e"}}], 0x6c}], 0x1, 0x0, &(0x7f0000000200)=[@featur2={0x1, 0xd0}], 0x1)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

55m10.310413168s ago: executing program 4 (id=352):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async)
syz_kvm_vgic_v3_setup(r1, 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close(r1)

55m8.760149255s ago: executing program 5 (id=353):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000540)={0x0, &(0x7f0000000000)=[@its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x4, 0xa, 0x10000, 0x0, 0x2}}, @smc={0x1e, 0x40, {0xc5000020, [0x6, 0x5, 0xb, 0x1, 0xe3c]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x6, 0x3, 0x7, 0x9, 0x1ff, 0x4}}, @mrs={0xbe, 0x18, {0x781d}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x3, 0x8, 0x6, 0x6, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9, 0xd, 0x7, 0x3}}, @svc={0x122, 0x40, {0x84000004, [0x830, 0xe48, 0x9, 0xd21, 0x338]}}, @hvc={0x32, 0x40, {0x8400000c, [0x8000, 0x0, 0x7fffffff, 0x2, 0xffffffffffffff74]}}, @code={0xa, 0x9c, {"c0d38ed20080b0f2e10180d2e20180d2e30180d2040080d2020000d4008008d540928dd20020b0f2c10080d2e20180d2030180d2040080d2020000d4007008d5000028d520bc81d200e0b8f2210080d2e20180d2830180d2440180d2020000d40200a0d460b896d200a0b8f2810180d2c20080d2630180d2240080d2020000d40020002f007008d5"}}, @msr={0x14, 0x20, {0x603000000013c3a0, 0x3}}, @svc={0x122, 0x40, {0x1, [0x2, 0x7e, 0x1795d3, 0x3, 0x8]}}, @msr={0x14, 0x20, {0x603000000013e534, 0x100}}, @code={0xa, 0x6c, {"000028d5002b8ed20080b8f2410080d2620180d2430080d2c40080d2020000d4000040f8000008d500e4006f009c200e403395d200c0b0f2a10180d2a20080d2430080d2a40180d2020000d4000028d5000008d50014202e"}}, @smc={0x1e, 0x40, {0x6000000, [0x2, 0x1ff, 0xa2b, 0x1, 0x4]}}, @svc={0x122, 0x40, {0xc5000020, [0xce5, 0x1ff, 0xcf, 0x0, 0xcc]}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x158}}, @memwrite={0x6e, 0x30, @generic={0x8000000, 0xe17, 0x1000, 0x4}}, @uexit={0x0, 0x18, 0x153}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x3, 0xe}}, @eret={0xe6, 0x18, 0xf}, @mrs={0xbe, 0x18, {0x603000000013f665}}, @svc={0x122, 0x40, {0x8400000f, [0x9, 0x32a5, 0xa, 0x0, 0x84]}}, @irq_setup={0x46, 0x18, {0x4, 0x302}}, @code={0xa, 0x6c, {"007008d50000006a0040400c0048215e00c8210e40538dd20080b0f2010180d2820180d2830180d2a40080d2020000d4000040ac007008d5009c007f00009dd20020b0f2a10180d2020180d2a30080d2c40180d2020000d4"}}], 0x514}, &(0x7f0000000580)=[@featur2={0x1, 0x40}], 0x1)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000740)={0x0, &(0x7f00000005c0)=[@hvc={0x32, 0x40, {0x20, [0x7f, 0x9, 0x7fff, 0x6, 0x6]}}, @hvc={0x32, 0x40, {0x80, [0xb, 0x401, 0x8, 0x4, 0x7]}}, @uexit={0x0, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013de95}}, @code={0xa, 0x6c, {"0028217e0000301e00c0641e403c8fd20000b8f2010080d2620180d2030080d2440180d2020000d40004005e20489cd200a0b8f2610180d2420080d2e30180d2c40080d2020000d4007008d5000008d5007008d5007008d5"}}, @irq_setup={0x46, 0x18, {0x4, 0x313}}, @svc={0x122, 0x40, {0x80007fff, [0x8, 0x10000, 0x7, 0x10, 0x80000000]}}], 0x174}, &(0x7f0000000780)=[@featur1={0x1, 0xb2}], 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f00000007c0)={0x5, 0x31})
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000f40)=[{0x0, &(0x7f0000000800)=[@mrs={0xbe, 0x18, {0x2f69d87aa06f6832}}, @hvc={0x32, 0x40, {0x8400000e, [0x800, 0x4, 0x15, 0x2, 0x2]}}, @uexit={0x0, 0x18}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x119}}, @smc={0x1e, 0x40, {0x3f000000, [0x4, 0x2, 0x51e, 0x2, 0x3]}}, @msr={0x14, 0x20, {0x603000000013df05, 0x8}}, @svc={0x122, 0x40, {0x80, [0x2, 0x80, 0xb, 0xf, 0x8001]}}, @irq_setup={0x46, 0x18, {0x3, 0x114}}, @uexit={0x0, 0x18, 0x6c909ce4}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x103}}, @hvc={0x32, 0x40, {0x6000000, [0x8, 0x0, 0x10000, 0x2, 0x9]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x1cf}}, @uexit={0x0, 0x18, 0x7}, @uexit={0x0, 0x18, 0x101}, @svc={0x122, 0x40, {0x8400000c, [0xffffffffffffff33, 0x1, 0x80, 0x9, 0x2]}}, @msr={0x14, 0x20, {0x399e, 0x9}}, @code={0xa, 0x6c, {"007008d5007008d50040600dc0788dd200a0b0f2410180d2e20180d2e30180d2440180d2020000d4007008d5007008d5007008d5008008d560df89d20020b8f2010080d2e20180d2e30080d2240080d2020000d4008008d5"}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x0, 0xe, 0x8, 0x1000, 0x2}}, @msr={0x14, 0x20, {0x603000000013c2a1, 0x200}}, @mrs={0xbe, 0x18, {0x603000000013c112}}, @code={0xa, 0x9c, {"00a4004f007008d50078205e805a86d200c0b0f2c10080d2a20080d2630180d2640080d2020000d4600499d20000b0f2410180d2020180d2e30180d2640180d2020000d4c0ae87d200e0b8f2c10180d2c20180d2c30080d2a40180d2020000d4008008d50040204ea01891d20060b0f2410080d2420080d2830080d2040180d2020000d4000028d5"}}, @smc={0x1e, 0x40, {0x2000, [0x704, 0x1, 0x40, 0x6b8c102a, 0xffff]}}, @svc={0x122, 0x40, {0x200, [0x90000, 0x1, 0x7fffffffffffffff, 0x8, 0x9]}}, @uexit={0x0, 0x18, 0x10000000}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x4, 0x5, 0x10, 0xa277, 0x4}}, @hvc={0x32, 0x40, {0xffff, [0x2, 0x8, 0xfff, 0x7, 0x7]}}, @code={0xa, 0x54, {"c09582d20080b8f2a10080d2620180d2c30080d2840180d2020000d400008052007008d5008008d50028202e0000404800eca02e0000201f007008d50000651e"}}, @svc={0x122, 0x40, {0xffff, [0x9, 0xfffffffffffff1ea, 0x9, 0x70777837, 0x8]}}, @code={0xa, 0x9c, {"0000629e0000005120598dd20080b8f2a10080d2620080d2a30080d2a40080d2020000d4000028d5007008d50080c04800f994d20080b8f2c10080d2420080d2c30080d2040180d2020000d4000028d5401f93d20020b8f2a10080d2420180d2c30180d2840180d2020000d4c0378cd20080b0f2810080d2620180d2830080d2240080d2020000d4"}}, @smc={0x1e, 0x40, {0x148003fed, [0x7, 0x7ff, 0xfffffffffffff800, 0x8001, 0x640]}}, @smc={0x1e, 0x40, {0x84000012, [0x2, 0x7, 0xf355, 0x1, 0xe]}}, @code={0xa, 0x9c, {"00809f0c409b9dd200c0b0f2010080d2020080d2c30080d2c40080d2020000d4007008d5007008d50014200e00a4a00de04994d20020b0f2c10180d2620180d2e30180d2240080d2020000d4008008d560d89bd200a0b8f2a10080d2e20180d2c30180d2e40080d2020000d400e48dd20000b0f2c10080d2020180d2a30180d2a40180d2020000d4"}}], 0x73c}], 0x1, 0x0, &(0x7f0000000f80)=[@featur2], 0x1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000fc0), 0x80000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x2)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4000ae84, &(0x7f0000001000)={{0x2000, 0x2000, 0x4, 0x5, 0xf7, 0x46, 0x2, 0xd9, 0x9, 0x2, 0x6, 0xe}, {0x4, 0x1000, 0x9, 0x4, 0x8f, 0xc, 0x55, 0x4, 0x5, 0x5, 0x6, 0xe2}, {0x1000, 0x4000, 0xd, 0x7, 0x3, 0x7f, 0xfe, 0x10, 0xfe, 0x5, 0x8, 0x2}, {0x1000, 0x4, 0xb, 0x2, 0x6, 0x9, 0xff, 0x7, 0x0, 0x3, 0x6, 0x4}, {0x5000, 0x10000, 0x8fee9078307eaa50, 0x9f, 0xd, 0x0, 0xd3, 0xe, 0x7, 0x2, 0x0, 0x5}, {0x80a0000, 0x4000, 0xb, 0x0, 0x5, 0x81, 0x7, 0x2, 0x1, 0xa, 0x3}, {0xdddd0000, 0x0, 0x3, 0x9, 0xb8, 0x7, 0x1, 0x1, 0x7, 0xf5, 0x3, 0x5}, {0x0, 0x1, 0x8, 0x10, 0x4, 0x3, 0x4, 0xa, 0x4, 0xfa, 0x8, 0xbd}, {0x80a0000, 0x9}, {0xeeee8000, 0x2}, 0x60000070, 0x0, 0xeeee8000, 0x0, 0x4, 0x2000, 0xf000, [0x1, 0x2, 0x8, 0x7]})
r5 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x35)
ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000001140)={0x5, 0x3})
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000001180)={0xb6, 0x0, 0x3})
close(r4)
r7 = mmap$KVM_VCPU(&(0x7f0000f5c000/0x2000)=nil, 0x0, 0x1000001, 0x12, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000001200)="c6e244f5274a075c7c9ac344d43c7b45c5c8f6af6500dbe3b11bae90ee325a5b196ac32c168df328e2c10b93f4f6f6e7230ea1c2a5afc0aa658c68a1c0ba7de69d366cff9d042ce8", 0x0, 0x48)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000012c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000001280)={0x8000, 0xffffff23, 0x1}})
syz_kvm_vgic_v3_setup(r6, 0x1, 0x59fc86c62d7679e9)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000001340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000001300)={0x0, 0x4}})
ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f0000001380)={0xffff1000, 0xa000})
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000f51000/0x4000)=nil, r8, 0x3000000, 0x30, r5, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f00000013c0)={0x2, "1cf4"})
r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x3f)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r9, 0x4010ae68, &(0x7f0000001400)={0xd000, 0x4000, 0x1})
ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000001440)={0x1000, "c841ff5cdd91c03c15f1d37b50e4485f5d6403ee44e7094ed7ccd5604a47a55b78cb78eba9be7c6f7beaeddb341b23747c4c04d3abb1bac8e9e9ab38103253160b00fbe1057f05ead4b911d0ddb4be27304194018761f0db1a6d75a5d89a8a74d8fc537e99148d0e2fac664e25955d09272b724af1ef442b200fb8b5058bd468be233ec935cc42f1b4f017fb73fea9c5aaffb243970a741f03620a80e8b6f63ce8c1d7216f43cbe6bcd4ad5c9833e12a472097ba7061b5606e22981e0f1040bfff6a2876a3a2bb83eeaea1fe4ef252e67f2c8db42ce5a54c19d99d422231af45c8884c35a676dac18e68f1df839cce001c9bd4ef430fd245a8e4ee89520daf52a49fad89f20f398afe2b7563c642d071a9bff1655cb8757258c482c2aeab3f62c920911a7b3810ec0fe35fc957402ec86a1a8e1e9b6a68e2fbe48bad95b102c1aae94ca2d7d79953829cd29acd4c6db8a2200620ce4c4f6019d0dcc71afc18206bfc26c088e60fcd56f2f5898c71bbd96bf0bb67abecdc53d5dc8f153874c296d11c3eee45c281ee924267807e30718927935a310f912bbe8cacba9746f18430a37bbdcd780dad73c4b3d0e353e8096127b1246693d0dbc8005ccd3de618bc4e4d990cb52e80baca282d8162cd6772f9288390584227216f81dde68b33d05f26ea49d27694f60be9f7a4f5b0f441dd938944e55443df2086a163646350160ad9a29858c250ab4034b8e0e96748004c36c2d6d3de86c209238b8bcea99166d8b988acdbe69289dfdf133d27e3b3c8a1de2acdf248c33db54913e7723eee4b88cc34f1651aaf5d124926dd3e586321745d790c90547ee53c018411269824792d36faa17de4b18f886552ec4c2dac635b75856eeb6aa79234e7992c5340d032cd34a5e3db6525285c583ec2b7c3315ce83ee2d6efe99fff8a6ad73e7b78b2d2467d89227460b0157c00789e7d984c0419b472377c452f69e8c8e03958a97dde5de15e7a30be7a21df0a7567aaf3d34421e47abfe3fea473acdadae0e286eea2d0311c664dc5248519d56099d8598adc950a269c8c698009150e4b0125de66eb7ec655606555970fc5dc5b4fbffc97324152fa3953c923050caf5651fff87788bf4ba1ea4d77814145f7d22c891c9ce44c58e6166008cc38d6f8b9b07f4915630e6a67770399bf9dfe43b104c6f6dbbd4ba46709e0a92a81a3bb2d14669065137318fc26958363b7703a2df975ecdaf5ead6f5ec06d99d2601e129d4affad8ebc52495168867a3b77e43caf9f5ab80fffb374e330276cf8e0a583cc9704d75331d93272e78c7c139530d06aad848c4208ae89e904343ac007695d154669794642584b198f7052b3f363fbbd6c2e51b38b7c9d11ae2dbab5774b5e6057ce26795daf301b8ad28c126613f1d426061b6602bf8c477975c575043a5821a311f4b0e0d3985e36a04772e7cd9c21ce479c76f4da57879c6f92673d7c638298ca61553808eec06ee8249ddd034dcd7b4cd60ea81e7cf3143909fa2b1c7d5b8b8bcedfc0b36a1b88cf5fed721cd9daf61748bf2f797af4ccb4778df24a0a61668160de696ed3dbfcb31556ab55b9c167cae91b14a35efd0051b466cdbfbc5fca30653b3ae7283d1d299637c06151e50b862c37ac9f0f2885e4ca45901912a3d37e4f608cb2f28b44eb1d4e1d831357b22d46ee990979fb882f6adfd3bd81e2d43fdc1f156858a1c74f5d23565c8821d8112fbefd9aaf39d039f975f26cf6b0f169318e86c5cadac7f070307b0b3789ec9ad3f50d4bdc9f0a24d284c90397d98bb1333fdddb51b38d84872d351bc43ffb27d2465c37f700228996e60f65d131ac661572551ac20a937411a057d4d2de21c60ea3638fa4dcf0593f5f5b7ab14bf5da26f311b9e4e1cf76816b8781161ae124399830631d32e220dfe14e66dcfc38ec75f09b94cf714a163563ebb80ef6613ff494e3891269189ee3661190bad9b0ff43750fdeb203d48865c8b64ad284f193feaa00b9589e4d99ed13a74bfc69d9acdc6d2e53067f5211de9a39cb395f13313a141ad3238095e7832779d05459c0b87e7e2028cbd353ce5ae1d3869d1931a1ef2abc84b7191f5121bd4168f9d31185afdc0146fc07c04a65715a3f1c961ba96921320bb90af234e960e5fed7ce8ec3ee15ce4fcec42b863877c5997e355e08033bee57c455e7c8448e8682210a99747e149e97517680754d9a4a0b233d600e19a0fee22c60284e2988fba6452aac584f5c52a39b3fbf8c6b95634d5ee752014029a29df15e6794eb95a5efa2c92cd5e51a6bc8c153e33993b7aeea889b43c5537adaf32c5be0ec8d62e04f3a97c0d2853c9dc24981513d3cc0696f6e361686fdeb838cd1d64cde7290d533966e00c063bf6d7ad4d15d9d876f307126e271126c0bd69947d323c99fc0e4343cafd0840f9382feaf2043ab3e3e7d3391cc24b9c393218f15dc35082528919fd65749a6dd2a11d4b1c442a598e22e935df5593dcd4c7b106f71ec8a9ff59a7cd2e0146b09f5d434870de60f7306e3f94689fbd5a2771f484b56e396560c35477c52753a17189437098ba534fbaadb1ea4092bb9236baf3dc121a079fb4ff740bc14a6918ca076c9bcf460988ea494233031b5804d4ca82f42a554921124a90b26da9885411e04f4518ed2eeb210a16a1fadf0ff1c315252c8f3dd7a1fa32d701c35015947b8859cfdbfdff29cd537b32d6c6dcf85e8bc42af49da809c884b2abb54103d8a1fa5687e914cce4a0a21fb4e87823a5894127abdc7023d7ec5c60d7d5fcee71307a0961a91f9692d7b88e33aaddfd518e31c9567b7bf37015fdf380d52bb682ed371d392fa549ad0eb736414d7fb3840edd36a72ff6e3fc9303e1afd27a235aaeb9f819fb183cb24d9c0c3dbf6214e7f24c907b52cf56936ece7385317427a53d29feb2b9f154e783992c250bdf46454d3ad5b5018ecc6f23d13c4f1b58ecb9534b2ab45917c15fb557f13d6d7be0fc2ceac3fc4bf395a0974936bf1cef5a3961b9c76e36e2b8d19d6ce273084e29bc13f75d95a4957277d4892d264b9126f13bac8a3d959792b1469ae40bd8c431b0a369ab1fd160df98b988b7cddc9c4ad2bd89c57725ed646160fd59a020d6550572cad96c6d6362853efe9d4c46b6d7754c46ce3ce90f095e52da05ea8b1152261edfaccf1fb7e76cc1dcab38afb705501a6b56616b8f4ebf77acf3d6e13e9b953b26043b9dfd8c73bb61f19d225985ee7be58b84bd09ce59ef9b1550d6e4a1e317184e754c38b239c090e0d63ac7a30d20213682808c82397a41088f477c1060d7551b5b750a74a7709c97929aa54d18e76a86f2f92be85a920d061ca5af34c180045121d221c0c0b85c25203eb32b805a6f3333daabeac50ed6de9f5ed94982ab553d7cdd70471994f2e3a79b5bf09b465767f54ff8e42c2486746db906245dab2f899d589c3646b0baa6a55541dcfbb70f057b66dbe8c9e1fcbbbbe935a11f9c407defcc6f0e77acf0b0c74aa92b66e6c210f25a9c4e8390549f972b56a89a8a72725e7ac1b103912adcc93aa1a6cdaf78ae87cc1ee1b5bf3c0e82fe8caf64dbdf954aff149817432a57a817e4163c8f92adee4f69e12c15db16d91646ff0f30a39067f4e0e0bbb65072eb4dc556d15d2179f795e2cb89f14fc48ab33718323fea77b2fe73fd98366ec1ddbbfefefe98f58e4a00bfb7825ea7dde4114e2a5bf61d12b6e8dc277b5e74bdd897c809e37a791d4c390fd30e5dc599e482539b1dcceaeb8502303e5994825c0f13857e87aca907f66e3257cbb2c117ef86e1a13dd61b0c68841b6708fd61d590c6a5c077a8d5e3e2b419fceb9ea2f81321363d08e67b0c506efb7b801317bbd7aa436f03d863aeb4d28540ace38e64b81674663e5e4357b487cc13230dbe7bea295247e34615af07f50d72f79e7535b48d6c514a375b9880e7abb69a3e770aea1f495e6deda156bb386476f8159dca787f6dea890769fe1a51b1ef1f2ab2275d8fedbb4b55ffdf7a77fe3f3396bc3afdfda0ec74b009f099af7c4e8c659d877342b988339d964ce3414d3275442a45a31c56933a249d302c488c3273e44f44003d973ca54181a2cfbfb736171774c494bd38ac21fbc9ef6a84ec48949e3d9cd4ab2660bb3f036d6b12856ab99b9c12a48c24e656ddc7057d00e2d9c8674953b294d4f988a85c0e06946c76f915037e7a3ffb66417cfaf7b60375dab448c3c236c74cb6987819aee6fc59c08a57f1b61ab1f4c61a5915e08c241a9fd59ec735ff140610ac96c638a7ac6bf938a9822b34f14daff312d0b208a42c5322b1441b8bf66a68095a3cd6fe5cd0759896fa32f320c068fbad6a91232b47dc22e9c5641521aad4d04b175c58b7a0357f73ca4952b3378746bdc85d5a3b2802d05d7285759fa36e9bec5f91bcb791320ec873208500f21d641233e14bf7da64769f9cd35c87329323ccd18b7f9529b9474efb285a463ca66d48d2e896afa073ec678a5f125a130a094274c0844c4f753ae362c8500cc458a0a5b7b66cde0f1ea1275d7acda28a227e4b6c12053cb8653870452e6500be2fefa6ba13f7e2bce8d46dd3dc164349dee1ba9a4631c5d7833779e1a8458a636a8382639eb1163ab2550cb301caa0307b72c4610c4ebe7ce55296b6b6bce1b544e6c8a22ebdc21474f79a7e12f2d9b1c458c9f6b36621a018f2c5aa583cc134734e84668d45f9d85089b052d1dd378fc3415f5c1f63a86cf3bfb04d7e7a8987e93213a3cce325cac3433deeb573a5fb1ace5c6dd05367ad20a045922713e2f0eea5f784e078686e2b7086d25e3fcf5f600a0569ef19b06ed37a136a1452ca71bc9a8ccaecdd318548e4f97658b8480288fc6d284c6095eed309a8a2885cb24688ba13320e70019adcdbd76ad60a0994f8f636f19af7b9108563cb6c00962436c5461b7b985a926e2c4a87b5456bfc3d6471714889d3af18d3ff4932679a4fef6bdaaaa904cb1d0e6b227416b5546bea1ea987f0ceb03781f44df11e578dee87865839c9de0d3198454c9bea684b90db3dec43d6a8c329390e89fa19f951ee40f34052c0acb7dcfb5560b687e01f8978cceb67334c899eba62a77b676d83d1fda91d5740e8437d47419287e64d928199347ff84c4b794f1e036dc56922a7c055ef2d9e0e757580bbd0d1e4611d1d7d4afa48e2cd833c49dd06c26ab9c67e00385a0d75968c1a608c90bc40788036fd9e4208b2e823a37d6704bcaf43c90cefcf4946c5ca82878897be317c2e18270021e2751aa4eec50133a9a44ff8f0d6fd26f80a29173d92d21e8625ff9ec987c9b8599118a7fb2e844cb67b45b0108ba8a3abac435adf387322053b89a845c1ae59f9ad4f6b2d501b92484e853d66c119c38bc4613d5cacc056231baa6becfa181006d1c44cce1ac697d0b592ca4f6909c0cbe4a756ce8b7f110e7c5dd72f3d9bcc21addb99f1728e5f32cf425ecc6a83f4fb4e4e06e563c4510f6f5b7c310eb34c6f6d7e638ea7c06299d8483ea32f47c580fc2227090e8dc3159decd75cfc5985adb8235175971698ad957b3d9ddf51f0997eae6f137c149a67b7153c96fe0ec379ba6a95fa3586534c410abef209bee6d055ac7fcc486e41aa42ab64b76e070a9da5b4961eea34a83704c3a341fa17eec6d9fafa1d56342da32f77ae37bf355d31fd741830ee00a5989a9014f193f98552e55b04842db3cc30b0f19d68588d319f18d590ba7527472baedd1105f80836140ce05ddc2eebf76e20b95b476f5611b9c1b6fb3515"})
syz_kvm_vgic_v3_setup(r6, 0x4, 0x140)

55m0.826646152s ago: executing program 4 (id=354):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x15)
syz_kvm_setup_cpu$arm64(r0, 0xffffffffffffffff, &(0x7f0000007000/0x400000)=nil, &(0x7f0000000500)=[{0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x0, [0xb6, 0x1, 0xfffffffffffffff7, 0x6, 0x4b1e]}}, @irq_setup={0x46, 0x18, {0x2, 0x259}}, @msr={0x14, 0x20, {0x603000000013c2a2, 0xed}}, @uexit={0x0, 0x18, 0x800}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x1, 0x2, 0x2, 0x80000000}}, @hvc={0x32, 0x40, {0x40000000, [0x0, 0x1, 0x4, 0x10001, 0x281]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0xa, 0x462, 0xe, 0x1}}, @hvc={0x32, 0x40, {0x8400000e, [0x10000, 0xe09, 0xef, 0xae, 0xf]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x3, 0xc, 0x2, 0x3, 0x3}}, @msr={0x14, 0x20, {0x603000000013c113, 0xae}}, @svc={0x122, 0x40, {0x8400000e, [0x10000, 0xb72, 0x1, 0x5]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x318}}, @code={0xa, 0x6c, {"007008d5406c83d20020b0f2410080d2420180d2830080d2040180d2020000d4000028d5009d96d200c0b0f2c10180d2c20180d2030180d2c40180d2020000d40068201e007008d5007008d5000008d50000c0390014005f"}}, @hvc={0x32, 0x40, {0x80000000, [0x3, 0x2, 0x200, 0x4, 0x5]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x293}}, @mrs={0xbe, 0x18, {0x603000000013c019}}, @hvc={0x32, 0x40, {0x80000002, [0x8, 0x8000000000000001, 0x2, 0x7f]}}, @svc={0x122, 0x40, {0x2000, [0xc, 0x978d, 0x10000, 0xe732, 0x1]}}, @eret={0xe6, 0x18, 0x91f}, @svc={0x122, 0x40, {0x200, [0xffffffffffffffff, 0xfffffffffffffff8, 0x6f7, 0x7ff, 0x9]}}, @irq_setup={0x46, 0x18, {0x2, 0x396}}, @irq_setup={0x46, 0x18, {0x3, 0x1de}}, @hvc={0x32, 0x40, {0x4, [0x6d9b5c3f, 0x2, 0x1, 0x7]}}, @msr={0x14, 0x20, {0x603000000013deb6, 0x5}}, @irq_setup={0x46, 0x18, {0x3, 0x3c6}}, @msr={0x14, 0x20, {0x603000000013df41, 0xc2}}, @uexit={0x0, 0x18, 0x8}, @mrs={0xbe, 0x18, {0x603000000013defb}}, @mrs={0xbe, 0x18, {0x26f6}}], 0x4e4}], 0x1, 0x0, &(0x7f0000000540)=[@featur1={0x1, 0x11}], 0x1)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)

55m0.210120619s ago: executing program 5 (id=355):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a00ed})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x28)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_kvm_setup_cpu$arm64(r4, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000c40)=ANY=[], 0x318}], 0x1, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0x2}], 0x1) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)

54m53.058018471s ago: executing program 4 (id=356):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x40086602, 0x110e22ffff)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000595000/0x2000)=nil, r3, 0x8, 0x8032, 0xffffffffffffffff, 0x0)
eventfd2(0xfffffffa, 0x80001)
write$eventfd(0xffffffffffffffff, &(0x7f00000000c0)=0xe, 0x8)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)
ioctl$KVM_CHECK_EXTENSION(r4, 0x40086602, 0x110e227ffe)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r6, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000080)=ANY=[@ANYRES32=r6], 0x10}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f00007c5000/0x3000)=nil, 0x930, 0x100000e, 0x80010, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000c49000/0x2000)=nil, 0x2000)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)

54m50.676580167s ago: executing program 5 (id=357):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x3000000, 0x10, 0xffffffffffffffff, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000140)=@attr_arm64={0x0, 0x5, 0x2, &(0x7f0000000100)=0xc0})
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f2a000/0x4000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000975000/0x1000)=nil, 0x930, 0x200000f, 0x110, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x800}}]})
close(r5)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000004, 0xaf832, r6, 0x0)
mmap$KVM_VCPU(&(0x7f0000834000/0x3000)=nil, 0x930, 0x100000a, 0x8032, 0xffffffffffffffff, 0x0)

54m38.267753305s ago: executing program 4 (id=358):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000140)={0xc, 0xfff9, 0x1}})

54m36.661784478s ago: executing program 5 (id=359):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) (async)
r5 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
ioctl$KVM_CHECK_EXTENSION(r5, 0x541b, 0xac)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) (async, rerun: 32)
r7 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x40) (rerun: 32)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0xffd0, 0x0})

54m25.378095892s ago: executing program 4 (id=360):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x480440, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x17)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_vgic_v3_setup(r3, 0x4, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x3, 0x5})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x9, 0x5660b638, &(0x7f0000000000)=0x4})
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e0000000000000030000000000000000000dddd0080"], 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

54m24.472001509s ago: executing program 5 (id=361):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0x80111500, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r2, 0x541b, 0x2000001c)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xc)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0)
ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f0000000000)=0x90ac)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
openat$kvm(0x3f, &(0x7f0000000040), 0x280880, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r9, 0x4018aee2, &(0x7f0000000140)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
r10 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x29)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x5, 0xffffffffffffffff, 0x1})
r13 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3f, 0x0)
r14 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x2, 0x9, &(0x7f0000000100)=0x4})

54m13.796221217s ago: executing program 5 (id=362):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x10002})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0x10000, 0x2000, &(0x7f0000ed4000/0x2000)=nil}) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async, rerun: 64)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r7, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7}) (async)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil)
ioctl$KVM_GET_DIRTY_LOG(r8, 0x4010ae42, &(0x7f0000000040)={0x1, 0x0, &(0x7f0000ff6000/0x7000)=nil})

54m12.749035809s ago: executing program 4 (id=363):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x40000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100010, &(0x7f0000000100)})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0xe)

53m26.698046624s ago: executing program 36 (id=362):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x10002})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0x10000, 0x2000, &(0x7f0000ed4000/0x2000)=nil}) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async, rerun: 64)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r7, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7}) (async)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil)
ioctl$KVM_GET_DIRTY_LOG(r8, 0x4010ae42, &(0x7f0000000040)={0x1, 0x0, &(0x7f0000ff6000/0x7000)=nil})

53m24.019818951s ago: executing program 37 (id=363):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x40000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100010, &(0x7f0000000100)})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0xe)

33m12.948919743s ago: executing program 7 (id=443):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @hvc={0x32, 0x40, {0xc4000053, [0x0, 0x1, 0x2, 0x3, 0x6]}}], 0x80}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r16, 0x4018aee2, &(0x7f0000000040)=@attr_set_pmu={0x0, 0x0, 0x3, 0x0})
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_assert_reg(r11, 0x603000000013dce8, 0x8000)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000000)={0x7, 0x6})

32m48.408923812s ago: executing program 7 (id=446):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110003, &(0x7f00000001c0)=0x7})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x12})

32m26.820367459s ago: executing program 7 (id=448):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000be6000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138047, 0x8000}}], 0x20}, 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0) (async)
r11 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x3a0)
ioctl$KVM_GET_MP_STATE(r10, 0x8004ae98, &(0x7f0000000040)) (async, rerun: 32)
ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, 0x0) (rerun: 32)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async, rerun: 32)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (rerun: 32)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)

32m14.0863646s ago: executing program 7 (id=450):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_MTE(r2, 0x4068aea3, &(0x7f0000000140))
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000004000000000000000ad770081000000000800000000000000010000000000000002000000000000000300000000000000040000000000000032000000000000004000000000000000530000c400000000000080"], 0x80}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

31m58.768900406s ago: executing program 7 (id=452):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000b80)={0x0, &(0x7f0000000740)=[@eret={0xe6, 0x18, 0x387}, @hvc={0x32, 0x40, {0x800, [0x7, 0x735, 0x7fffffffffffffff, 0x5e2f2d4e]}}, @irq_setup={0x46, 0x18, {0x3, 0x213}}, @eret={0xe6, 0x18}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x7c}}, @hvc={0x32, 0x40, {0x84000009, [0x100000000, 0x3f1, 0x6, 0x2, 0x10001]}}, @code={0xa, 0x6c, {"0080209b00000013007008d5008008d5005f98d20020b8f2a10180d2420180d2430080d2c40180d2020000d400b8215e200691d200c0b8f2e10180d2a20080d2a30080d2e40080d2020000d4000008d50090807f007008d5"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xffd0, 0x0, 0x4}}, @smc={0x1e, 0x40, {0x40000000, [0x3, 0xfffffffffffffffc, 0xe, 0x5, 0x1]}}, @msr={0x14, 0x20, {0x603000000013feec, 0x1}}, @irq_setup={0x46, 0x18, {0x0, 0x198}}, @svc={0x122, 0x40, {0x5000000, [0x8, 0x6, 0x6dfe8acf, 0x20ac, 0x1]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x3b8}}, @mrs={0xbe, 0x18, {0x603000000013da21}}, @mrs={0xbe, 0x18}, @uexit={0x0, 0x18, 0x7fffffff}, @mrs={0xbe, 0x18, {0x603000000013df48}}, @hvc={0x32, 0x40, {0x84000013, [0xd19, 0x4, 0x4, 0x8000, 0x3]}}, @msr={0x14, 0x20, {0x603000000013c039, 0xb}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x308}}, @eret={0xe6, 0x18, 0x7}, @eret={0xe6, 0x18, 0x5}, @uexit={0x0, 0x18, 0x1000}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x8000, 0xa, 0x3, 0x2, 0x3}}, @msr={0x14, 0x20, {0x603000000013c608, 0x1}}, @hvc={0x32, 0x40, {0x40, [0x5, 0x8, 0x1, 0xcd, 0x94]}}], 0x424}, &(0x7f0000000bc0)=[@featur2={0x1, 0xa2}], 0x1)
ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000c00)={0x2, [0x9, 0x6]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0x80000002, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}], 0x1, 0x0, 0x0, 0x0)
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x0, 0x7, 0xabbc, 0x0, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0x3, 0xffffffff, 0xeff}}, @svc={0x122, 0x40, {0x84000053, [0x7b6, 0x8000000000000000, 0x8, 0x2, 0xffffffff00000001]}}, @eret={0xe6, 0x18, 0x7fff}, @smc={0x1e, 0x40, {0x84000050, [0x100000000, 0x1, 0x6, 0xdfa, 0xfffffffeffffffff]}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x75}}, @memwrite={0x6e, 0x30, @generic={0x1, 0xd05, 0x5, 0x10}}, @msr={0x14, 0x20, {0x603000000013c030, 0xe11}}, @uexit={0x0, 0x18, 0xa0e}, @irq_setup={0x46, 0x18, {0x3, 0x1e0}}, @msr={0x14, 0x20, {0x603000000013de96, 0x5}}, @irq_setup={0x46, 0x18, {0x2, 0x208}}, @uexit={0x0, 0x18, 0x1}, @irq_setup={0x46, 0x18, {0x1, 0x2f0}}, @msr={0x14, 0x20, {0x603000000013e6d8, 0x400}}, @hvc={0x32, 0x40, {0x0, [0x5, 0x6, 0x1ff, 0x5, 0xfffffffffffffffe]}}, @msr={0x14, 0x20, {0x3f16, 0x5}}, @irq_setup={0x46, 0x18, {0x4, 0x317}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x338}}, @code={0xa, 0x6c, {"00008013000008d5007008d5000040d3007008d5007008d5007008d560529bd20000b0f2810180d2c20180d2430080d2a40080d2020000d4007008d5c0be8cd200e0b0f2810180d2a20080d2e30180d2a40080d2020000d4"}}, @code={0xa, 0x6c, {"00c8307e007008d5007008d5e04f81d200a0b8f2a10080d2a20080d2430080d2840080d2020000d40000a00d000040a9007008d51f0020ab809c8fd200a0b8f2e10180d2820080d2230080d2040080d2020000d4008008d5"}}, @uexit={0x0, 0x18, 0x49}], 0x3a8}, &(0x7f00000004c0)=[@featur2={0x1, 0x40}], 0x1)
syz_kvm_setup_cpu$arm64(r3, r5, &(0x7f0000bc3000/0x400000)=nil, &(0x7f0000000640)=[{0x0, &(0x7f0000000500)=[@smc={0x1e, 0x40, {0x32000000, [0x8000000000000001, 0xf, 0x0, 0x800]}}, @msr={0x14, 0x20, {0x603000000013c510, 0x5}}, @msr={0x14, 0x20, {0x603000000013c020, 0xf}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x110, 0x2, 0x6}}, @eret={0xe6, 0x18, 0xff}, @smc={0x1e, 0x40, {0x2, [0xcc4, 0x1, 0x6, 0x0, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x280, 0x7fff, 0x2}}], 0x138}], 0x1, 0x0, &(0x7f0000000680)=[@featur2], 0x1)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000700)=@arm64_bitmap={0x6030000000160000, &(0x7f00000006c0)=0x7fffffffffffffff})
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x800})

31m42.746951163s ago: executing program 7 (id=454):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r7 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0})
ioctl$KVM_CREATE_VM(r7, 0x401c5820, 0x20000006)
r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d1, 0x0})

30m54.949662646s ago: executing program 38 (id=454):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r7 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0})
ioctl$KVM_CREATE_VM(r7, 0x401c5820, 0x20000006)
r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d1, 0x0})

27m39.846191246s ago: executing program 6 (id=471):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xf, 0x2}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0x250)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

27m27.316562718s ago: executing program 6 (id=472):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xdddd1000, 0x2000, &(0x7f0000fa4000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000000)=@x86={0x0, 0x3, 0xb, 0x0, 0xe09, 0x6, 0x0, 0x3, 0x9, 0x2, 0xd5, 0x8, 0x0, 0x0, 0x6, 0x2, 0x4, 0xd0, 0xf8, '\x00', 0x51, 0xfffffffffffffffc})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000140)={0xdf, 0x0, 0x2000}) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000140)={0xdf, 0x0, 0x2000})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
eventfd2(0x8, 0x80800) (async)
r10 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r10})

27m8.571127333s ago: executing program 6 (id=473):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x2, 0x100)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000100)={0x55})

26m49.554347371s ago: executing program 6 (id=474):
openat$kvm(0xffffffffffffff9c, 0x0, 0x18b080, 0x0) (async)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)

26m41.08931305s ago: executing program 6 (id=475):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1e)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, &(0x7f0000000040)=@attr_other={0x0, 0x1, 0x6, &(0x7f0000000000)=0xbe51})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x401, 0xfffffffffffffeff, &(0x7f00000000c0)=0x345})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r3, 0x400454ca, 0x110c230008)

26m27.176517263s ago: executing program 6 (id=476):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000000c0)={0x8080000, 0x3000, 0x1000, 0x1, 0x40})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x8040aeb6, 0x0)
r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004c, 0x0})

25m36.757979533s ago: executing program 39 (id=476):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000000c0)={0x8080000, 0x3000, 0x1000, 0x1, 0x40})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x8040aeb6, 0x0)
r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004c, 0x0})

13m33.790717791s ago: executing program 9 (id=503):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r7, 0x4208ae9b, &(0x7f0000000500)={0x20000, 0x0, {[0x1, 0xf66d, 0x5, 0xffff, 0x6, 0x100000000, 0x8000, 0xa0000000, 0x0, 0x80, 0x7, 0xb97, 0x0, 0x3, 0x401, 0x8], [0x8000000000000001, 0x1c000, 0xfff, 0x413, 0xfff, 0x1, 0x7ff, 0x9, 0x1, 0x800, 0x100000000, 0x6, 0xffffffff80000001, 0xd, 0xa8b1, 0x9], [0x3, 0x0, 0x3, 0xfffffffffffffff9, 0x80000001, 0x26, 0x38b, 0x2, 0x0, 0x1, 0x7fffffff, 0x4b2123fe, 0x292e1739, 0xfffffffffffffffb, 0xe5, 0x2], [0x7, 0x36e8, 0x800, 0xb, 0x7, 0x200, 0xe, 0x3, 0x101, 0x23dd, 0x7fff, 0x473, 0x2d7, 0x9, 0x9]}})
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x9)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x300, &(0x7f0000000080)=0x4})
ioctl$KVM_GET_REGS(r2, 0x8360ae81, &(0x7f0000000140))

13m33.340098799s ago: executing program 8 (id=504):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000400)={0x0, &(0x7f0000000000)=[@memwrite={0x6e, 0x30, @generic={0x1, 0x197, 0x8, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x278}}, @msr={0x14, 0x20, {0x603000000013f080, 0x617e}}, @uexit={0x0, 0x18, 0x7}, @hvc={0x32, 0x40, {0xc5000020, [0x81, 0x8000000000000000, 0x7, 0x943, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013df41}}, @msr={0x14, 0x20, {0x603000000013df72, 0x17ee}}, @mrs={0xbe, 0x18, {0x603000000013df6d}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x380, 0x3e, 0x5}}, @code={0xa, 0x9c, {"008008d5007008d5008008d500cd91d20000b0f2410080d2020080d2630180d2040180d2020000d4c0aa91d20040b0f2210080d2020080d2a30180d2c40180d2020000d4201e82d20000b0f2c10080d2820080d2c30180d2640080d2020000d4008008d5007008d5000008d5004488d200c0b0f2410180d2820180d2e30080d2440080d2020000d4"}}, @mrs={0xbe, 0x18, {0x6030000000139820}}, @mrs={0xbe, 0x18, {0x603000000013c3a0}}, @hvc={0x32, 0x40, {0x0, [0x2, 0x7ff, 0x5, 0x80000000, 0x9]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x0, 0x9}}, @irq_setup={0x46, 0x18, {0x2, 0x9b}}, @svc={0x122, 0x40, {0x8400000f, [0x8, 0x3, 0x80000000, 0xe, 0x1]}}, @svc={0x122, 0x40, {0x8, [0x4, 0x5, 0xffffffffffffffff, 0x8000000000000000, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013e642}}, @its_send_cmd={0xaa, 0x28, {0x16bde1c0c7dd11bc, 0x0, 0x2, 0xc, 0x800, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x4, 0xf, 0x552, 0xffffffff}}, @msr={0x14, 0x20, {0x603000000013dea2, 0x6}}, @mrs={0xbe, 0x18}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x0, 0xc, 0x8, 0x8, 0x85}}], 0x3ec}, &(0x7f0000000440)=[@featur1={0x1, 0x40}], 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r0, 0xc040aed5, &(0x7f0000000480)={0xf000, 0x102000})
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000b80)={0x0, &(0x7f00000004c0)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x18f}}, @msr={0x14, 0x20, {0x603000000013e66c, 0x3b7}}, @svc={0x122, 0x40, {0x84000053, [0x5b80, 0xb08, 0x3, 0x2, 0x4]}}, @uexit={0x0, 0x18, 0xfffffffffffffff9}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0xd, 0x0, 0x8, 0x4}}, @uexit={0x0, 0x18, 0x8}, @msr={0x14, 0x20, {0x6030000000138007, 0x6}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x4, 0x5, 0x4, 0x55a, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xe00, 0x8bb, 0xa}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x13f}}, @hvc={0x32, 0x40, {0x200, [0x2, 0x3, 0x6, 0x1, 0x4]}}, @code={0xa, 0x9c, {"00d594d20000b8f2610180d2020080d2430080d2040080d2020000d4000008d540888dd200c0b0f2210180d2220180d2430080d2440180d2020000d4000040b3000028d500e4000fa01b91d20060b0f2c10080d2620180d2230080d2c40180d2020000d4202098d20080b8f2410080d2820080d2030080d2240180d2020000d400d8210e000000eb"}}, @irq_setup={0x46, 0x18, {0x1, 0x12c}}, @smc={0x1e, 0x40, {0x84000012, [0x5, 0x0, 0xc, 0x3d8]}}, @hvc={0x32, 0x40, {0x84000050, [0x3, 0x2, 0x5, 0x401, 0x2]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe0, 0x2}}, @svc={0x122, 0x40, {0x2, [0x6c, 0xfffffffffffffff7, 0x68539fc2, 0x7, 0x3]}}, @uexit={0x0, 0x18, 0x200}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x122}}, @svc={0x122, 0x40, {0x84000012, [0xf, 0xffffffffffffffff, 0x4, 0x2, 0xb]}}, @svc={0x122, 0x40, {0xc4000004, [0x6, 0x6, 0x0, 0x5, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x1, 0xd, 0xe2ba, 0x3, 0x4}}, @smc={0x1e, 0x40, {0x100, [0xf0, 0x8, 0x7fffffffffffffff, 0x90c9, 0x40]}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x1, 0x9, 0x81, 0x3, 0x1}}, @msr={0x14, 0x20, {0x603000000013f089, 0x2}}, @irq_setup={0x46, 0x18, {0x2, 0x338}}, @svc={0x122, 0x40, {0x84000001, [0xb7, 0xffffffffffffffff, 0x7, 0x4, 0x4]}}, @uexit={0x0, 0x18, 0x5bc6}, @smc={0x1e, 0x40, {0x8400000f, [0x4, 0x0, 0x1, 0x9, 0x10]}}, @code={0xa, 0xcc, {"000cc09ae0a286d200a0b8f2210180d2220180d2e30080d2840080d2020000d4609f89d20020b0f2c10180d2820180d2a30080d2840180d2020000d4c06382d20020b8f2010080d2220080d2430180d2640180d2020000d4000008d5c0b895d200a0b0f2c10180d2420180d2a30180d2640180d2020000d4007008d500fd82d20040b0f2410080d2020180d2630180d2640080d2020000d440419fd20000b0f2c10080d2220080d2430080d2a40080d2020000d4000000b9"}}, @svc={0x122, 0x40, {0xc4000014, [0x1, 0x0, 0x3, 0x8, 0x1]}}, @eret={0xe6, 0x18, 0x8}], 0x6a8}, &(0x7f0000000bc0)=[@featur1={0x1, 0x80}], 0x1) (async)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000b80)={0x0, &(0x7f00000004c0)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x18f}}, @msr={0x14, 0x20, {0x603000000013e66c, 0x3b7}}, @svc={0x122, 0x40, {0x84000053, [0x5b80, 0xb08, 0x3, 0x2, 0x4]}}, @uexit={0x0, 0x18, 0xfffffffffffffff9}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0xd, 0x0, 0x8, 0x4}}, @uexit={0x0, 0x18, 0x8}, @msr={0x14, 0x20, {0x6030000000138007, 0x6}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x4, 0x5, 0x4, 0x55a, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xe00, 0x8bb, 0xa}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x13f}}, @hvc={0x32, 0x40, {0x200, [0x2, 0x3, 0x6, 0x1, 0x4]}}, @code={0xa, 0x9c, {"00d594d20000b8f2610180d2020080d2430080d2040080d2020000d4000008d540888dd200c0b0f2210180d2220180d2430080d2440180d2020000d4000040b3000028d500e4000fa01b91d20060b0f2c10080d2620180d2230080d2c40180d2020000d4202098d20080b8f2410080d2820080d2030080d2240180d2020000d400d8210e000000eb"}}, @irq_setup={0x46, 0x18, {0x1, 0x12c}}, @smc={0x1e, 0x40, {0x84000012, [0x5, 0x0, 0xc, 0x3d8]}}, @hvc={0x32, 0x40, {0x84000050, [0x3, 0x2, 0x5, 0x401, 0x2]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe0, 0x2}}, @svc={0x122, 0x40, {0x2, [0x6c, 0xfffffffffffffff7, 0x68539fc2, 0x7, 0x3]}}, @uexit={0x0, 0x18, 0x200}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x122}}, @svc={0x122, 0x40, {0x84000012, [0xf, 0xffffffffffffffff, 0x4, 0x2, 0xb]}}, @svc={0x122, 0x40, {0xc4000004, [0x6, 0x6, 0x0, 0x5, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x1, 0xd, 0xe2ba, 0x3, 0x4}}, @smc={0x1e, 0x40, {0x100, [0xf0, 0x8, 0x7fffffffffffffff, 0x90c9, 0x40]}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x1, 0x9, 0x81, 0x3, 0x1}}, @msr={0x14, 0x20, {0x603000000013f089, 0x2}}, @irq_setup={0x46, 0x18, {0x2, 0x338}}, @svc={0x122, 0x40, {0x84000001, [0xb7, 0xffffffffffffffff, 0x7, 0x4, 0x4]}}, @uexit={0x0, 0x18, 0x5bc6}, @smc={0x1e, 0x40, {0x8400000f, [0x4, 0x0, 0x1, 0x9, 0x10]}}, @code={0xa, 0xcc, {"000cc09ae0a286d200a0b8f2210180d2220180d2e30080d2840080d2020000d4609f89d20020b0f2c10180d2820180d2a30080d2840180d2020000d4c06382d20020b8f2010080d2220080d2430180d2640180d2020000d4000008d5c0b895d200a0b0f2c10180d2420180d2a30180d2640180d2020000d4007008d500fd82d20040b0f2410080d2020180d2630180d2640080d2020000d440419fd20000b0f2c10080d2220080d2430080d2a40080d2020000d4000000b9"}}, @svc={0x122, 0x40, {0xc4000014, [0x1, 0x0, 0x3, 0x8, 0x1]}}, @eret={0xe6, 0x18, 0x8}], 0x6a8}, &(0x7f0000000bc0)=[@featur1={0x1, 0x80}], 0x1)
ioctl$KVM_SET_REGS(r1, 0x4360ae82, &(0x7f0000000c00)={[0x5, 0xfa, 0x576, 0x5, 0xf43, 0x2, 0xb4, 0x3, 0x3, 0x3, 0xc, 0x11, 0x800, 0x0, 0xa8, 0x9], 0x2000, 0x20c00})
ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000000cc0)=0x40) (async)
ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000000cc0)=0x40)
ioctl$KVM_RUN(r0, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r0, 0x4000ae84, &(0x7f0000000d00)={{0xdddd0000, 0x3000, 0x9, 0x9, 0x6, 0x9, 0x41, 0x9, 0xfa, 0x10, 0x4, 0x80}, {0xf000, 0xeeeee000, 0x9, 0xfb, 0x0, 0x3, 0x0, 0x0, 0x2f, 0x6a, 0x1, 0x36}, {0x4000, 0xeeee2000, 0x8, 0x9f, 0x3, 0xc, 0x8, 0x41, 0x5, 0x6, 0x5, 0xa}, {0x4, 0x8000000, 0x8, 0x9, 0x1, 0x8, 0x40, 0xc, 0x3, 0xfc, 0x8, 0xff}, {0x2000, 0x540b9f4001c6bf8f, 0x3, 0xff, 0x4, 0x9, 0x7, 0x1, 0x4, 0x7, 0x1, 0x6}, {0xd5d63000, 0x1, 0xc, 0x4, 0xb, 0x3, 0x4, 0x0, 0x6, 0x27, 0x1, 0x6}, {0x100000, 0x0, 0x9, 0x7, 0xe, 0x7f, 0xd, 0x8, 0x9, 0x7, 0x7, 0x59}, {0x0, 0x0, 0xc, 0x2, 0x7, 0x9e, 0x9, 0x9, 0x9, 0x6, 0x51, 0x5}, {0xe6e4a000, 0x7ff}, {0x4000, 0x7}, 0x8000001c, 0x0, 0xf000, 0x4000, 0x8, 0x400, 0x4, [0xfffffffffffff157, 0x11d, 0x9, 0x3e24]})
ioctl$KVM_GET_REGS(0xffffffffffffffff, 0x8360ae81, &(0x7f0000000e40))
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x26) (async)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x26)
syz_kvm_setup_cpu$arm64(r2, r0, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000f40)=[{0x0, &(0x7f0000000f00)=[@irq_setup={0x46, 0x18, {0x3, 0x57}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x51}}], 0x40}], 0x1, 0x0, &(0x7f0000000f80)=[@featur2={0x1, 0x10}], 0x1) (async)
syz_kvm_setup_cpu$arm64(r2, r0, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000f40)=[{0x0, &(0x7f0000000f00)=[@irq_setup={0x46, 0x18, {0x3, 0x57}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x51}}], 0x40}], 0x1, 0x0, &(0x7f0000000f80)=[@featur2={0x1, 0x10}], 0x1)
ioctl$KVM_SET_REGS(r1, 0x4360ae82, &(0x7f0000000fc0)={[0x1, 0x0, 0x6c0, 0x6, 0xfffffffffffffffa, 0xfffffffffffffff7, 0x4, 0x11a3e42f, 0x6bc, 0x6ca9d95c, 0x4, 0xffffffffffffffff, 0x7, 0x59ba, 0x100000001, 0xffffffffc4764d80], 0x1000, 0x41})
ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, &(0x7f0000001080)=0x8000)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001300)={0x0, &(0x7f00000010c0)=[@irq_setup={0x46, 0x18, {0x1, 0x279}}, @irq_setup={0x46, 0x18, {0x2, 0x3aa}}, @irq_setup={0x46, 0x18, {0x0, 0x23b}}, @uexit={0x0, 0x18, 0x100000000}, @smc={0x1e, 0x40, {0xc4000001, [0x4, 0x9a7, 0x80000001, 0xf, 0x5]}}, @hvc={0x32, 0x40, {0x84000012, [0x5, 0x5, 0x5, 0x7, 0x7fffffffffffffff]}}, @svc={0x122, 0x40, {0x8501180c, [0x10001, 0x8, 0x5, 0x57f, 0x6]}}, @svc={0x122, 0x40, {0x84000000, [0xffffffffffffffff, 0x7, 0x0, 0x9, 0x7fff]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0xfff, 0x0, 0xffffffffffffc9fe, 0x6}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x0, 0x10, 0xfff}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0xe}}, @mrs={0xbe, 0x18, {0x603000000013df05}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x380, 0x26, 0xc}}], 0x240}, &(0x7f0000001340)=[@featur1={0x1, 0x22}], 0x1) (async)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001300)={0x0, &(0x7f00000010c0)=[@irq_setup={0x46, 0x18, {0x1, 0x279}}, @irq_setup={0x46, 0x18, {0x2, 0x3aa}}, @irq_setup={0x46, 0x18, {0x0, 0x23b}}, @uexit={0x0, 0x18, 0x100000000}, @smc={0x1e, 0x40, {0xc4000001, [0x4, 0x9a7, 0x80000001, 0xf, 0x5]}}, @hvc={0x32, 0x40, {0x84000012, [0x5, 0x5, 0x5, 0x7, 0x7fffffffffffffff]}}, @svc={0x122, 0x40, {0x8501180c, [0x10001, 0x8, 0x5, 0x57f, 0x6]}}, @svc={0x122, 0x40, {0x84000000, [0xffffffffffffffff, 0x7, 0x0, 0x9, 0x7fff]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0xfff, 0x0, 0xffffffffffffc9fe, 0x6}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x0, 0x10, 0xfff}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0xe}}, @mrs={0xbe, 0x18, {0x603000000013df05}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x380, 0x26, 0xc}}], 0x240}, &(0x7f0000001340)=[@featur1={0x1, 0x22}], 0x1)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000001380)=0x5) (async)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000001380)=0x5)
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f00000013c0)=0x8)
syz_kvm_vgic_v3_setup(r2, 0x0, 0x6a0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r3, 0x4208ae9b, &(0x7f0000001400)={0x0, 0x0, {[0x8, 0x1, 0x0, 0x9, 0xf, 0x4115, 0x1c00000000000, 0x7, 0xe, 0x1c5, 0x200, 0x101, 0x3, 0x6, 0xac13, 0x7ff], [0x8, 0x100000000000, 0x1, 0x401, 0x1, 0x2d0, 0x3, 0x7fffffff, 0x6, 0x1, 0x9, 0xffffffffffffff48, 0x9, 0x5, 0x4c2, 0xd8], [0x0, 0x2, 0x3, 0xbb90000000000, 0x8, 0xfffffffffffffff9, 0x7fffffff, 0xffffffffffffff01, 0x1, 0x7f, 0xa, 0x0, 0x8, 0x10001, 0x9, 0xcca6], [0x0, 0xfff, 0x8, 0x1, 0x9, 0x1d, 0x24, 0x5, 0x40, 0x81, 0x100000001, 0x112, 0x100000000, 0xfffffffffffff800, 0x18b, 0x3]}}) (async)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r3, 0x4208ae9b, &(0x7f0000001400)={0x0, 0x0, {[0x8, 0x1, 0x0, 0x9, 0xf, 0x4115, 0x1c00000000000, 0x7, 0xe, 0x1c5, 0x200, 0x101, 0x3, 0x6, 0xac13, 0x7ff], [0x8, 0x100000000000, 0x1, 0x401, 0x1, 0x2d0, 0x3, 0x7fffffff, 0x6, 0x1, 0x9, 0xffffffffffffff48, 0x9, 0x5, 0x4c2, 0xd8], [0x0, 0x2, 0x3, 0xbb90000000000, 0x8, 0xfffffffffffffff9, 0x7fffffff, 0xffffffffffffff01, 0x1, 0x7f, 0xa, 0x0, 0x8, 0x10001, 0x9, 0xcca6], [0x0, 0xfff, 0x8, 0x1, 0x9, 0x1d, 0x24, 0x5, 0x40, 0x81, 0x100000001, 0x112, 0x100000000, 0xfffffffffffff800, 0x18b, 0x3]}})
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000001640)={0xb6, 0x0, 0x3})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_INTERRUPT(r4, 0x4004ae86, &(0x7f00000016c0)=0x2) (async)
ioctl$KVM_INTERRUPT(r4, 0x4004ae86, &(0x7f00000016c0)=0x2)
ioctl$KVM_S390_VCPU_FAULT(r3, 0x4008ae52, &(0x7f0000001700)) (async)
ioctl$KVM_S390_VCPU_FAULT(r3, 0x4008ae52, &(0x7f0000001700))
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000001780)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000001740)=0x1})
ioctl$KVM_ARM_PREFERRED_TARGET(r1, 0x8020aeaf, &(0x7f00000017c0))
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000001800)=@arm64={0xdf, 0xff, 0x5, '\x00', 0x441a})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000001840)={0x4, 0x10})
ioctl$KVM_S390_VCPU_FAULT(r5, 0x4008ae52, &(0x7f0000001880)=0x5)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000001900)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000018c0)={0x2, 0x10, 0x1}})
ioctl$KVM_GET_MP_STATE(r5, 0x8004ae98, &(0x7f0000001940))

13m17.356836806s ago: executing program 8 (id=505):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000040)={0xeeee8000, 0x0, 0xa6, 0x0, 0x7})
r3 = ioctl$KVM_CREATE_VM(r2, 0x400454cc, 0x1)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000080)={0x2000, 0x104000, 0x1})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000040)={0xeeee8000, 0x0, 0xa6, 0x0, 0x7}) (async)
ioctl$KVM_CREATE_VM(r2, 0x400454cc, 0x1) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000080)={0x2000, 0x104000, 0x1}) (async)

13m11.298777565s ago: executing program 9 (id=506):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xc6)
r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000d19000/0x1000)=nil, 0x1000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, 0x0, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, 0x0, 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x399972, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r9, 0xb, 0x11, r7, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x4010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
r11 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000002c0)=[@code={0xa, 0xb4, {"000028d50000c02920db91d200e0b8f2a10080d2020080d2e30080d2640180d2020000d4007008d5000000d8a06483d20020b8f2610180d2220080d2c30080d2a40180d2020000d4600590d20080b0f2210080d2a20080d2c30080d2040080d2020000d4007008d540f685d200a0b0f2610180d2c20080d2630180d2040180d2020000d4e0e389d200c0b8f2610180d2220180d2e30180d2a40180d2020000d4"}}, @eret={0xe6, 0x18, 0x1}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x130}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x10, 0x2, 0x1, 0x4}}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0x3, 0x0, 0xfffffc00, 0x2}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0xb5}}, @mrs={0xbe, 0x18, {0x6030000000138057}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x200, 0x5, 0x5}}, @code={0xa, 0x6c, {"00128bd200a0b0f2610180d2420180d2630080d2440180d2020000d4000008d5007c209b000028d5607095d20080b0f2610180d2420180d2830080d2240180d2020000d400a4006f007008d5007008d5000028d51820601e"}}, @irq_setup={0x46, 0x18, {0x2, 0x228}}], 0x250}, &(0x7f0000000080)=[@featur1={0x1, 0x2}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r9, 0x0, 0x40010, r11, 0x0)

12m57.746283515s ago: executing program 8 (id=507):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000b64000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000140)=0xffff})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0xdddd1000, 0xeeef9004, 0x0, 0x0, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5)
r10 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x21)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r13, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r13, 0x0)
r14 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r15, 0x8, 0x13, r13, 0x0)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r16, 0x3, 0x11, r10, 0x0)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r16, 0x3, 0x11, r14, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)

12m50.508298878s ago: executing program 9 (id=508):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x228000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, 0x0)

12m36.35153629s ago: executing program 9 (id=509):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1c)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x1, 0x100)
eventfd2(0x8, 0x80800) (async)
r9 = eventfd2(0x8, 0x80800)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f00000000c0)={r9, 0x3})
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9, 0x9, 0x3, r9}) (async)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9, 0x9, 0x3, r9})
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x7a)
r10 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r5, 0x2, 0x12, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48)
munmap(&(0x7f000000e000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f000000e000/0x1000)=nil, 0x1000)
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x12)
openat$kvm(0x0, &(0x7f0000000180), 0x139100, 0x0) (async)
r12 = openat$kvm(0x0, &(0x7f0000000180), 0x139100, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x1, 0xd3, &(0x7f0000000000)=0xd})
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) (async)
r16 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r17, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c807, &(0x7f0000000280)=0x1}) (async)
ioctl$KVM_GET_ONE_REG(r17, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c807, &(0x7f0000000280)=0x1})
ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c111, 0x0})
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0xffff) (async)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0xffff)

12m26.434506975s ago: executing program 8 (id=510):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, 0xffffffffffffffff)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x9, 0x0, 0x80}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8})
openat$kvm(0x0, 0x0, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000004c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xffffffffffffffff}}], 0x20}, &(0x7f00000000c0)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r16, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x603000000010004c, &(0x7f0000000100)=0x401})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r17 = openat$kvm(0x0, &(0x7f0000000080), 0x80080, 0x0)
r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r18, 0xc00caee0, &(0x7f0000000100)={0x7})

12m11.430549035s ago: executing program 9 (id=511):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0xc0980, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r2)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)

11m54.369080391s ago: executing program 8 (id=512):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000240)={0x2710, 0x0, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000000)=[@eret={0xe6, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013dea9}}, @smc={0x1e, 0x40, {0xc6000003, [0x5, 0xda, 0x7, 0x4, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x3, 0x1, 0x10, 0x80, 0x1}}, @irq_setup={0x46, 0x18, {0x1, 0x278}}, @code={0xa, 0x84, {"809098d20000b0f2410080d2e20080d2030180d2e40180d2020000d40000003600d8a05ea0a588d20080b8f2c10080d2a20180d2630180d2a40180d2020000d40000004bc0cb89d20040b8f2e10080d2a20180d2430180d2a40180d2020000d4007008d5000008d5007008d5007008d5"}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x222}}], 0x15c}, &(0x7f0000000200)=[@featur2], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r2, 0x4, 0x10, r3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000240)={0x2710, 0x0, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000000)=[@eret={0xe6, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013dea9}}, @smc={0x1e, 0x40, {0xc6000003, [0x5, 0xda, 0x7, 0x4, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x3, 0x1, 0x10, 0x80, 0x1}}, @irq_setup={0x46, 0x18, {0x1, 0x278}}, @code={0xa, 0x84, {"809098d20000b0f2410080d2e20080d2030180d2e40180d2020000d40000003600d8a05ea0a588d20080b8f2c10080d2a20180d2630180d2a40180d2020000d40000004bc0cb89d20040b8f2e10080d2a20180d2430180d2a40180d2020000d4007008d5000008d5007008d5007008d5"}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x222}}], 0x15c}, &(0x7f0000000200)=[@featur2], 0x1) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r2, 0x4, 0x10, r3, 0x0) (async)

11m50.373868851s ago: executing program 9 (id=513):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x9}) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x9})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @msr={0x14, 0x20, {0x603000000013e66c, 0xa}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2, 0x2, 0x5}}], 0x68}, 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000ab8000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r10, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r8, 0xaece)

11m33.952552138s ago: executing program 8 (id=514):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013c521, 0x8000}}], 0x20}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000003c0)={0x0, 0x0}, &(0x7f0000000400)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000480)=@arm64_fw={0x6030000000140000, &(0x7f0000000440)=0xdd})
openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x4b49, 0x11)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x10002})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

11m1.915969186s ago: executing program 40 (id=513):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x9}) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x9})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @msr={0x14, 0x20, {0x603000000013e66c, 0xa}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2, 0x2, 0x5}}], 0x68}, 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000ab8000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r10, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r8, 0xaece)

10m43.129289439s ago: executing program 41 (id=514):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013c521, 0x8000}}], 0x20}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000003c0)={0x0, 0x0}, &(0x7f0000000400)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000480)=@arm64_fw={0x6030000000140000, &(0x7f0000000440)=0xdd})
openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x4b49, 0x11)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x10002})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m16.850920609s ago: executing program 0 (id=516):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@smc={0x1e, 0x40, {0x80000001, [0x7fffffffffffffff, 0x10, 0x2, 0xfffffffffffffc00, 0xb09a]}}, @svc={0x122, 0x40, {0x84000053, [0x6e22800000000000, 0x7, 0xb20, 0xe, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x7, 0x8}}, @code={0xa, 0x84, {"005592d20000b8f2610180d2020080d2430180d2a40180d2020000d4000000ad0000289e007008d5007008d5007008d5805c93d20040b0f2610080d2e20080d2230080d2440180d2020000d4000028d500a097d200c0b0f2410180d2e20180d2830180d2440180d2020000d4008008d5"}}, @irq_setup={0x46, 0x18, {0x2, 0x22b}}, @svc={0x122, 0x40, {0x3f000000, [0xfffffffffffffffc, 0x9e3, 0xd72, 0x9, 0x88a1]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x184, 0x3, 0x2}}, @hvc={0x32, 0x40, {0x80, [0xfffffffffffff3f8, 0x4, 0x3, 0x7e5257f7, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x2000, 0x6, 0x3}}, @hvc={0x32, 0x40, {0xc4000053, [0x6, 0x4, 0x1, 0x3, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xffe8, 0x8000000000000001, 0x2}}, @svc={0x122, 0x40, {0x4000, [0x1, 0x7, 0x6e6, 0x66a, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013c665}}, @uexit={0x0, 0x18, 0x57038f15}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x8, 0x5354, 0xa000, 0x4}}, @irq_setup={0x46, 0x18, {0x2, 0xd0}}, @msr={0x14, 0x20, {0x603000000013c4cd}}, @uexit={0x0, 0x18, 0xff}, @irq_setup={0x46, 0x18, {0x3, 0x38e}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1c00, 0x1000, 0x3}}], 0x3cc}, &(0x7f00000005c0)=[@featur1={0x1, 0x94}], 0x1) (async)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@smc={0x1e, 0x40, {0x80000001, [0x7fffffffffffffff, 0x10, 0x2, 0xfffffffffffffc00, 0xb09a]}}, @svc={0x122, 0x40, {0x84000053, [0x6e22800000000000, 0x7, 0xb20, 0xe, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x7, 0x8}}, @code={0xa, 0x84, {"005592d20000b8f2610180d2020080d2430180d2a40180d2020000d4000000ad0000289e007008d5007008d5007008d5805c93d20040b0f2610080d2e20080d2230080d2440180d2020000d4000028d500a097d200c0b0f2410180d2e20180d2830180d2440180d2020000d4008008d5"}}, @irq_setup={0x46, 0x18, {0x2, 0x22b}}, @svc={0x122, 0x40, {0x3f000000, [0xfffffffffffffffc, 0x9e3, 0xd72, 0x9, 0x88a1]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x184, 0x3, 0x2}}, @hvc={0x32, 0x40, {0x80, [0xfffffffffffff3f8, 0x4, 0x3, 0x7e5257f7, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x2000, 0x6, 0x3}}, @hvc={0x32, 0x40, {0xc4000053, [0x6, 0x4, 0x1, 0x3, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xffe8, 0x8000000000000001, 0x2}}, @svc={0x122, 0x40, {0x4000, [0x1, 0x7, 0x6e6, 0x66a, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013c665}}, @uexit={0x0, 0x18, 0x57038f15}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x8, 0x5354, 0xa000, 0x4}}, @irq_setup={0x46, 0x18, {0x2, 0xd0}}, @msr={0x14, 0x20, {0x603000000013c4cd}}, @uexit={0x0, 0x18, 0xff}, @irq_setup={0x46, 0x18, {0x3, 0x38e}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1c00, 0x1000, 0x3}}], 0x3cc}, &(0x7f00000005c0)=[@featur1={0x1, 0x94}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000600)=@attr_pmu_init)
r6 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r6, 0x603000000013df12, 0x8000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000180)={0x80, 0xd5d77004, 0x4, r10})
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, <r13=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r13, 0x400454c8, 0x1)
ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
r14 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x202501, 0x0) (async)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x202501, 0x0)
ioctl$KVM_CHECK_EXTENSION(r15, 0xae03, 0x5)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)

1m9.742375228s ago: executing program 1 (id=515):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x15)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f00000000c0)={0x80000000, 0x5})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2e)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x4, <r7=>0xffffffffffffffff})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000000)=0x6})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3})
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)

51.506448045s ago: executing program 0 (id=517):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r2, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000000180)=0x4)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_sve_vls={0x606000000015ffff, &(0x7f00000000c0)=0x80000001})
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x20)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000a67000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffdd1}, 0x0, 0xfffffffffffffe1f)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010001c, &(0x7f0000000080)=0x40})
r10 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r10, 0xc040aed4, &(0x7f0000000000)={0x100000000, 0x3})
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, 0x0)

21.54920804s ago: executing program 42 (id=515):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x15)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f00000000c0)={0x80000000, 0x5})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2e)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x4, <r7=>0xffffffffffffffff})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000000)=0x6})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3})
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)

0s ago: executing program 43 (id=517):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r2, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000000180)=0x4)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_sve_vls={0x606000000015ffff, &(0x7f00000000c0)=0x80000001})
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x20)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000a67000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffdd1}, 0x0, 0xfffffffffffffe1f)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010001c, &(0x7f0000000080)=0x40})
r10 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r10, 0xc040aed4, &(0x7f0000000000)={0x100000000, 0x3})
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, 0x0)

kernel console output (not intermixed with test programs):

[  386.907513][ T3157] 8021q: adding VLAN 0 to HW filter on device bond0
[  407.588498][ T3157] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:13591' (ED25519) to the list of known hosts.
[  580.745962][   T25] audit: type=1400 audit(579.940:61): avc:  denied  { name_bind } for  pid=3308 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  583.177599][   T25] audit: type=1400 audit(582.410:62): avc:  denied  { execute } for  pid=3309 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  583.196124][   T25] audit: type=1400 audit(582.420:63): avc:  denied  { execute_no_trans } for  pid=3309 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  606.938908][   T25] audit: type=1400 audit(606.140:64): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  606.969816][   T25] audit: type=1400 audit(606.190:65): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  607.059863][ T3309] cgroup: Unknown subsys name 'net'
[  607.109328][   T25] audit: type=1400 audit(606.340:66): avc:  denied  { unmount } for  pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  607.511412][ T3309] cgroup: Unknown subsys name 'cpuset'
[  607.610065][ T3309] cgroup: Unknown subsys name 'rlimit'
[  608.509660][   T25] audit: type=1400 audit(607.740:67): avc:  denied  { setattr } for  pid=3309 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  608.546603][   T25] audit: type=1400 audit(607.750:68): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  608.555816][   T25] audit: type=1400 audit(607.770:69): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  609.726611][ T3317] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  609.745378][   T25] audit: type=1400 audit(608.970:70): avc:  denied  { relabelto } for  pid=3317 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  609.771938][   T25] audit: type=1400 audit(609.000:71): avc:  denied  { write } for  pid=3317 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  609.948845][   T25] audit: type=1400 audit(609.180:72): avc:  denied  { read } for  pid=3309 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  609.965701][   T25] audit: type=1400 audit(609.190:73): avc:  denied  { open } for  pid=3309 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  610.010897][ T3309] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  659.522446][   T25] audit: type=1400 audit(658.750:74): avc:  denied  { execmem } for  pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  664.102007][   T25] audit: type=1400 audit(663.320:75): avc:  denied  { read } for  pid=3320 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  664.122020][   T25] audit: type=1400 audit(663.350:76): avc:  denied  { open } for  pid=3320 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  664.193028][   T25] audit: type=1400 audit(663.420:77): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  664.469702][   T25] audit: type=1400 audit(663.700:78): avc:  denied  { module_request } for  pid=3321 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  664.496160][   T25] audit: type=1400 audit(663.720:79): avc:  denied  { module_request } for  pid=3320 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  665.542673][   T25] audit: type=1400 audit(664.770:80): avc:  denied  { sys_module } for  pid=3320 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  688.865730][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  688.972680][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  689.829220][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  689.979698][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  705.130734][ T3320] hsr_slave_0: entered promiscuous mode
[  705.171383][ T3320] hsr_slave_1: entered promiscuous mode
[  707.063128][ T3321] hsr_slave_0: entered promiscuous mode
[  707.131027][ T3321] hsr_slave_1: entered promiscuous mode
[  707.196005][ T3321] debugfs: 'hsr0' already exists in 'hsr'
[  707.207560][ T3321] Cannot create hsr debugfs directory
[  712.847510][   T25] audit: type=1400 audit(712.070:81): avc:  denied  { create } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  712.916590][   T25] audit: type=1400 audit(712.090:82): avc:  denied  { write } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  712.917693][   T25] audit: type=1400 audit(712.140:83): avc:  denied  { read } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  713.134870][ T3320] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  713.452585][ T3320] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  713.702737][ T3320] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  713.868447][ T3320] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  715.697496][ T3321] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  715.916451][ T3321] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  716.166292][ T3321] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  716.352984][ T3321] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  728.031399][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0
[  730.770141][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0
[  784.513283][ T3320] veth0_vlan: entered promiscuous mode
[  785.016466][ T3320] veth1_vlan: entered promiscuous mode
[  786.593401][ T3320] veth0_macvtap: entered promiscuous mode
[  787.140675][ T3320] veth1_macvtap: entered promiscuous mode
[  787.880514][ T3321] veth0_vlan: entered promiscuous mode
[  788.848495][ T3321] veth1_vlan: entered promiscuous mode
[  789.418533][ T2110] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  789.448494][ T2110] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  789.456611][ T2110] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  789.466946][ T2110] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  791.648630][   T25] audit: type=1400 audit(790.850:84): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  791.921620][   T25] audit: type=1400 audit(791.090:85): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzkaller.0jStPP/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  791.983195][ T3321] veth0_macvtap: entered promiscuous mode
[  792.141194][   T25] audit: type=1400 audit(791.370:86): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  792.307780][ T3321] veth1_macvtap: entered promiscuous mode
[  792.412615][   T25] audit: type=1400 audit(791.640:87): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzkaller.0jStPP/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  792.500494][   T25] audit: type=1400 audit(791.730:88): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzkaller.0jStPP/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  793.030966][   T25] audit: type=1400 audit(792.260:89): avc:  denied  { unmount } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  793.177283][   T25] audit: type=1400 audit(792.400:90): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  793.333333][   T25] audit: type=1400 audit(792.550:91): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="gadgetfs" ino=3759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  793.651223][   T25] audit: type=1400 audit(792.870:92): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  793.742234][   T25] audit: type=1400 audit(792.970:93): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  794.167891][ T3467] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  794.197584][ T3467] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  794.202792][ T3467] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  794.225935][ T3467] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  795.208329][ T3320] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  805.531410][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  805.545873][   T25] audit: type=1400 audit(804.760:98): avc:  denied  { read } for  pid=3472 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  805.586745][   T25] audit: type=1400 audit(804.800:99): avc:  denied  { open } for  pid=3472 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  806.135989][   T25] audit: type=1400 audit(805.360:100): avc:  denied  { ioctl } for  pid=3472 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  806.702459][   T25] audit: type=1400 audit(805.930:101): avc:  denied  { write } for  pid=3472 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  817.145943][   T25] audit: type=1400 audit(816.370:102): avc:  denied  { append } for  pid=3478 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  946.186846][   T25] audit: type=1400 audit(945.410:103): avc:  denied  { execute } for  pid=3563 comm="syz.0.28" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=5428 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1027.166608][   T25] audit: type=1400 audit(1026.390:104): avc:  denied  { ioctl } for  pid=3617 comm="syz.0.42" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1071.729740][ T3645] kvm [3645]: Failed to find VMA for hva 0x21016000
[ 1097.309472][   T25] audit: type=1400 audit(1096.510:105): avc:  denied  { setattr } for  pid=3664 comm="syz.1.57" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1412.530220][ T3884] KVM: debugfs: duplicate directory 3884-7
[ 1508.759018][   T25] audit: type=1400 audit(1507.990:106): avc:  denied  { map } for  pid=3956 comm="syz.0.149" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1546.708897][   T25] audit: type=1400 audit(1545.930:107): avc:  denied  { execute } for  pid=3980 comm="syz.0.158" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1558.040378][ T3986] kvm [3986]: Failed to find VMA for hva 0x21016000
[ 1710.430834][ T4089] kvm [4089]: Failed to find VMA for hva 0x20e16000
[ 1908.203148][   T21] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1909.551031][   T21] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1910.585998][   T21] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1911.832482][   T21] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1925.822224][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1925.953046][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1926.050068][   T21] bond0 (unregistering): Released all slaves
[ 1927.517358][   T21] hsr_slave_0: left promiscuous mode
[ 1927.571534][   T21] hsr_slave_1: left promiscuous mode
[ 1928.112771][   T21] veth1_macvtap: left promiscuous mode
[ 1928.124344][   T21] veth0_macvtap: left promiscuous mode
[ 1928.160515][   T21] veth1_vlan: left promiscuous mode
[ 1928.177806][   T21] veth0_vlan: left promiscuous mode
[ 1944.659650][   T21] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1945.838848][   T21] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1946.811118][   T21] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1947.640192][   T21] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1960.391591][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1960.472116][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1960.531520][   T21] bond0 (unregistering): Released all slaves
[ 1961.826394][   T21] hsr_slave_0: left promiscuous mode
[ 1961.888122][   T21] hsr_slave_1: left promiscuous mode
[ 1962.136948][   T21] veth1_macvtap: left promiscuous mode
[ 1962.140392][   T21] veth0_macvtap: left promiscuous mode
[ 1962.156082][   T21] veth1_vlan: left promiscuous mode
[ 1962.168463][   T21] veth0_vlan: left promiscuous mode
[ 2000.681182][ T4180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2000.889573][ T4180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2003.480259][ T4184] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2003.743155][ T4184] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2021.321871][ T4180] hsr_slave_0: entered promiscuous mode
[ 2021.390776][ T4180] hsr_slave_1: entered promiscuous mode
[ 2025.140018][ T4184] hsr_slave_0: entered promiscuous mode
[ 2025.199208][ T4184] hsr_slave_1: entered promiscuous mode
[ 2025.243349][ T4184] debugfs: 'hsr0' already exists in 'hsr'
[ 2025.255585][ T4184] Cannot create hsr debugfs directory
[ 2038.550106][ T4180] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 2039.020321][ T4180] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 2039.369147][ T4180] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 2039.777808][ T4180] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 2043.452674][ T4184] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2043.891934][ T4184] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2044.206558][ T4184] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2044.491322][ T4184] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2062.892704][ T4180] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2067.119729][ T4184] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2156.861308][ T4180] veth0_vlan: entered promiscuous mode
[ 2157.638020][ T4180] veth1_vlan: entered promiscuous mode
[ 2161.158156][ T4180] veth0_macvtap: entered promiscuous mode
[ 2162.211781][ T4180] veth1_macvtap: entered promiscuous mode
[ 2163.652560][ T4184] veth0_vlan: entered promiscuous mode
[ 2165.387826][ T4184] veth1_vlan: entered promiscuous mode
[ 2166.985905][ T3413] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2167.136826][ T3413] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2167.148483][ T3413] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2167.172235][ T3413] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2171.026330][ T4184] veth0_macvtap: entered promiscuous mode
[ 2171.842104][ T4184] veth1_macvtap: entered promiscuous mode
[ 2175.123201][ T3413] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2175.165541][ T3413] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2175.201416][ T4339] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2175.261473][ T4188] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2438.100523][ T4582] kvm [4582]: Failed to find VMA for hva 0x20e51000
[ 2757.467848][ T4722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2758.166830][ T4722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2784.210401][ T4188] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2785.631746][ T4188] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2786.632492][ T4188] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2787.551714][ T4188] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2796.368489][ T4722] hsr_slave_0: entered promiscuous mode
[ 2796.448695][ T4722] hsr_slave_1: entered promiscuous mode
[ 2796.507627][ T4722] debugfs: 'hsr0' already exists in 'hsr'
[ 2796.512725][ T4722] Cannot create hsr debugfs directory
[ 2803.279312][ T4188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2803.378379][ T4188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2803.442548][ T4188] bond0 (unregistering): Released all slaves
[ 2805.397452][ T4188] hsr_slave_0: left promiscuous mode
[ 2805.526769][ T4188] hsr_slave_1: left promiscuous mode
[ 2806.071239][ T4188] veth1_macvtap: left promiscuous mode
[ 2806.125416][ T4188] veth0_macvtap: left promiscuous mode
[ 2806.157066][ T4188] veth1_vlan: left promiscuous mode
[ 2806.161625][ T4188] veth0_vlan: left promiscuous mode
[ 2828.027602][ T4736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2828.818178][ T4736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2833.555414][ T4188] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2835.062948][ T4188] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2836.502023][ T4188] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2837.798975][ T4188] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2840.300035][ T4722] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2840.652203][ T4722] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2841.807441][ T4722] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2842.716223][ T4722] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2855.768827][ T4188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2855.877677][ T4188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2855.948439][ T4188] bond0 (unregistering): Released all slaves
[ 2858.626875][ T4188] hsr_slave_0: left promiscuous mode
[ 2858.837018][ T4188] hsr_slave_1: left promiscuous mode
[ 2859.550298][ T4188] veth1_macvtap: left promiscuous mode
[ 2859.560971][ T4188] veth0_macvtap: left promiscuous mode
[ 2859.598107][ T4188] veth1_vlan: left promiscuous mode
[ 2859.631188][ T4188] veth0_vlan: left promiscuous mode
[ 2882.982566][ T4736] hsr_slave_0: entered promiscuous mode
[ 2883.112218][ T4736] hsr_slave_1: entered promiscuous mode
[ 2899.035690][ T4736] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2899.399176][ T4736] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2899.792131][ T4736] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2900.381734][ T4736] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2901.417263][ T4722] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2928.730302][ T4736] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3027.549810][ T4722] veth0_vlan: entered promiscuous mode
[ 3028.416775][ T4722] veth1_vlan: entered promiscuous mode
[ 3031.240714][ T4722] veth0_macvtap: entered promiscuous mode
[ 3031.939272][ T4722] veth1_macvtap: entered promiscuous mode
[ 3035.451898][ T3413] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3035.453088][ T3413] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3035.466114][ T3413] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3035.479127][ T3413] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3061.263339][ T4736] veth0_vlan: entered promiscuous mode
[ 3062.397148][ T4736] veth1_vlan: entered promiscuous mode
[ 3066.373141][ T4736] veth0_macvtap: entered promiscuous mode
[ 3067.125165][ T4736] veth1_macvtap: entered promiscuous mode
[ 3071.236622][ T4738] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3071.238071][ T4738] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3071.456587][ T4738] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3071.476774][ T4738] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3750.651288][   T21] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3752.242713][   T21] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3753.510290][   T21] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3754.672514][   T21] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3775.112094][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3775.468313][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3775.647350][   T21] bond0 (unregistering): Released all slaves
[ 3777.897464][   T21] hsr_slave_0: left promiscuous mode
[ 3778.030894][   T21] hsr_slave_1: left promiscuous mode
[ 3778.721009][   T21] veth1_macvtap: left promiscuous mode
[ 3778.766791][   T21] veth0_macvtap: left promiscuous mode
[ 3778.781386][   T21] veth1_vlan: left promiscuous mode
[ 3778.796904][   T21] veth0_vlan: left promiscuous mode
[ 3804.103140][ T5283] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3804.588366][ T5285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3804.903343][ T5283] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3805.171005][ T5285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3810.081423][   T21] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3811.683404][   T21] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3813.016055][   T21] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3814.319687][   T21] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3831.787097][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3831.960737][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3832.100228][   T21] bond0 (unregistering): Released all slaves
[ 3835.401454][   T21] hsr_slave_0: left promiscuous mode
[ 3835.600133][   T21] hsr_slave_1: left promiscuous mode
[ 3836.349059][   T21] veth1_macvtap: left promiscuous mode
[ 3836.355286][   T21] veth0_macvtap: left promiscuous mode
[ 3836.378498][   T21] veth1_vlan: left promiscuous mode
[ 3836.391365][   T21] veth0_vlan: left promiscuous mode
[ 3870.183238][ T5285] hsr_slave_0: entered promiscuous mode
[ 3870.253450][ T5285] hsr_slave_1: entered promiscuous mode
[ 3872.521569][ T5283] hsr_slave_0: entered promiscuous mode
[ 3872.619253][ T5283] hsr_slave_1: entered promiscuous mode
[ 3872.671359][ T5283] debugfs: 'hsr0' already exists in 'hsr'
[ 3872.675825][ T5283] Cannot create hsr debugfs directory
[ 3888.085411][ T5285] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 3888.592243][ T5285] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 3888.943145][ T5285] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 3889.593163][ T5285] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 3894.838395][ T5283] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 3895.466067][ T5283] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 3896.090722][ T5283] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 3896.652404][ T5283] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 3926.541336][ T5285] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3933.609594][ T5283] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4075.714558][ T5285] veth0_vlan: entered promiscuous mode
[ 4077.207006][ T5285] veth1_vlan: entered promiscuous mode
[ 4080.930186][ T5285] veth0_macvtap: entered promiscuous mode
[ 4081.946693][ T5285] veth1_macvtap: entered promiscuous mode
[ 4084.948837][ T5283] veth0_vlan: entered promiscuous mode
[ 4087.102782][ T5283] veth1_vlan: entered promiscuous mode
[ 4088.316305][ T5332] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4088.330134][ T5332] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4088.450428][ T5332] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4088.466328][ T5332] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4095.288062][ T5283] veth0_macvtap: entered promiscuous mode
[ 4096.429885][ T5283] veth1_macvtap: entered promiscuous mode
[ 4101.406469][ T5332] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4101.445036][   T21] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4101.489992][ T4738] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4101.552691][ T4738] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5047.239070][ T4871] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5049.763350][ T4871] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5052.035954][ T4871] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5054.109710][ T4871] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5084.700457][ T4871] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5085.228099][ T4871] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5085.532882][ T4871] bond0 (unregistering): Released all slaves
[ 5088.572943][ T4871] hsr_slave_0: left promiscuous mode
[ 5088.746331][ T4871] hsr_slave_1: left promiscuous mode
[ 5089.599360][ T4871] veth1_macvtap: left promiscuous mode
[ 5089.633101][ T4871] veth0_macvtap: left promiscuous mode
[ 5089.649702][ T4871] veth1_vlan: left promiscuous mode
[ 5089.682394][ T4871] veth0_vlan: left promiscuous mode
[ 5217.231387][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5218.009633][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5272.009265][ T5949] hsr_slave_0: entered promiscuous mode
[ 5272.103505][ T5949] hsr_slave_1: entered promiscuous mode
[ 5300.512095][ T5949] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 5301.190878][ T5949] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 5301.841319][ T5949] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 5302.600340][ T5949] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 5347.232806][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5391.486956][ T5332] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5393.052326][ T5332] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5394.733037][ T5332] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5396.662221][ T5332] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5426.987604][ T5332] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5427.382258][ T5332] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5427.567228][ T5332] bond0 (unregistering): Released all slaves
[ 5430.348180][ T5332] hsr_slave_0: left promiscuous mode
[ 5430.546816][ T5332] hsr_slave_1: left promiscuous mode
[ 5431.334429][ T5332] veth1_macvtap: left promiscuous mode
[ 5431.428026][ T5332] veth0_macvtap: left promiscuous mode
[ 5431.487336][ T5332] veth1_vlan: left promiscuous mode
[ 5431.500336][ T5332] veth0_vlan: left promiscuous mode
[ 5513.299725][ T6111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5513.671042][ T6111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5558.963064][ T6111] hsr_slave_0: entered promiscuous mode
[ 5559.119397][ T6111] hsr_slave_1: entered promiscuous mode
[ 5559.280981][ T6111] debugfs: 'hsr0' already exists in 'hsr'
[ 5559.315734][ T6111] Cannot create hsr debugfs directory
[ 5568.726484][ T5949] veth0_vlan: entered promiscuous mode
[ 5573.460129][ T5949] veth1_vlan: entered promiscuous mode
[ 5581.137680][ T5949] veth0_macvtap: entered promiscuous mode
[ 5582.905630][ T5949] veth1_macvtap: entered promiscuous mode
[ 5584.987559][ T6111] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 5585.667338][ T6111] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 5586.319087][ T6111] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 5587.048215][ T6111] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 5592.966812][ T5649] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5592.981050][ T5649] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5593.107237][ T5649] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5593.139933][ T5649] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5633.579372][   T25] audit: type=1400 audit(5632.810:108): avc:  denied  { map } for  pid=6235 comm="syz.8.478" path="pipe:[31512]" dev="pipefs" ino=31512 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 5636.181037][ T6111] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5866.082347][ T6111] veth0_vlan: entered promiscuous mode
[ 5868.169156][ T6111] veth1_vlan: entered promiscuous mode
[ 5873.351660][ T6111] veth0_macvtap: entered promiscuous mode
[ 5874.288549][ T6111] veth1_macvtap: entered promiscuous mode
[ 5879.933348][ T3413] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5879.937432][ T3413] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5879.943145][ T3413] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5880.071733][ T3413] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6288.066614][ T6122] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6290.633409][ T6122] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6293.032018][ T6122] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6295.372648][ T6122] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6322.450776][ T6122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6322.701931][ T6122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6322.880557][ T6122] bond0 (unregistering): Released all slaves
[ 6327.254477][ T6122] hsr_slave_0: left promiscuous mode
[ 6327.386177][ T6122] hsr_slave_1: left promiscuous mode
[ 6328.039396][ T6122] veth1_macvtap: left promiscuous mode
[ 6328.070490][ T6122] veth0_macvtap: left promiscuous mode
[ 6328.090933][ T6122] veth1_vlan: left promiscuous mode
[ 6328.101644][ T6122] veth0_vlan: left promiscuous mode
[ 6368.410376][ T6122] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6369.790122][ T6122] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6371.387195][ T6122] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6373.721927][ T6122] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6408.301871][ T6122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6408.682877][ T6122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6408.866513][ T6122] bond0 (unregistering): Released all slaves
[ 6412.507993][ T6122] hsr_slave_0: left promiscuous mode
[ 6412.686088][ T6122] hsr_slave_1: left promiscuous mode
[ 6413.682847][ T6122] veth1_macvtap: left promiscuous mode
[ 6413.766937][ T6122] veth0_macvtap: left promiscuous mode
[ 6413.788456][ T6122] veth1_vlan: left promiscuous mode
[ 6413.845868][ T6122] veth0_vlan: left promiscuous mode
[ 6476.039590][ T6512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6476.417085][ T6505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6476.761164][ T6512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6477.022520][ T6505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6519.688033][ T6512] hsr_slave_0: entered promiscuous mode
[ 6519.780340][ T6512] hsr_slave_1: entered promiscuous mode
[ 6523.980362][ T6505] hsr_slave_0: entered promiscuous mode
[ 6524.118693][ T6505] hsr_slave_1: entered promiscuous mode
[ 6524.161057][ T6505] debugfs: 'hsr0' already exists in 'hsr'
[ 6524.175690][ T6505] Cannot create hsr debugfs directory
[ 6568.221715][ T6512] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 6569.437904][ T6512] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 6570.328547][ T6512] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 6572.392481][ T6512] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 6579.348131][ T6505] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 6579.908113][ T6505] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 6580.397885][ T6505] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 6580.892900][ T6505] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 6615.389393][ T6512] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6621.821390][ T6505] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6770.571046][ T6512] veth0_vlan: entered promiscuous mode
[ 6772.062259][ T6512] veth1_vlan: entered promiscuous mode
[ 6777.932853][ T6512] veth0_macvtap: entered promiscuous mode
[ 6778.286970][ T6505] veth0_vlan: entered promiscuous mode
[ 6779.629850][ T6512] veth1_macvtap: entered promiscuous mode
[ 6780.969595][ T6505] veth1_vlan: entered promiscuous mode
[ 6786.905802][ T4770] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6787.556184][ T6122] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6787.558036][ T6122] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6787.568047][ T6122] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6790.079896][ T6505] veth0_macvtap: entered promiscuous mode
[ 6791.717080][ T6505] veth1_macvtap: entered promiscuous mode
[ 6798.287747][ T6508] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6798.309518][ T6508] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6798.425196][ T6522] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6798.450571][ T6522] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7026.072116][ T6760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7026.699249][ T6760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7051.688918][ T6768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7052.408186][ T6768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7091.927946][ T6760] hsr_slave_0: entered promiscuous mode
[ 7092.088854][ T6760] hsr_slave_1: entered promiscuous mode
[ 7092.258099][ T6760] debugfs: 'hsr0' already exists in 'hsr'
[ 7092.287214][ T6760] Cannot create hsr debugfs directory
[ 7122.922171][ T6768] hsr_slave_0: entered promiscuous mode
[ 7123.190347][ T6768] hsr_slave_1: entered promiscuous mode
[ 7123.337633][ T6768] debugfs: 'hsr0' already exists in 'hsr'
[ 7123.369957][ T6768] Cannot create hsr debugfs directory
[ 7162.927135][ T6760] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 7163.880255][ T6760] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 7167.140496][ T6760] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 7171.036403][ T6760] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 7189.269917][ T6768] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 7190.099396][ T6768] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 7190.808167][ T6768] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 7191.562537][ T6768] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 7229.381940][ T6760] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7245.818741][ T6768] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7283.217020][   T27] INFO: task syz.0.517:6747 blocked for more than 430 seconds.
[ 7283.247038][   T27]       Not tainted syzkaller #0
[ 7283.265336][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 7283.266121][   T27] task:syz.0.517       state:D stack:0     pid:6747  tgid:6747  ppid:6512   task_flags:0x400040 flags:0x00000019
[ 7283.267612][   T27] Call trace:
[ 7283.268094][   T27]  __switch_to+0x584/0xb20 (T)
[ 7283.270155][   T27]  __schedule+0x1eec/0x33a4
[ 7283.270740][   T27]  schedule+0xac/0x27c
[ 7283.271215][   T27]  schedule_timeout+0x5c/0x1e4
[ 7283.271657][   T27]  do_wait_for_common+0x28c/0x444
[ 7283.272041][   T27]  wait_for_completion+0x44/0x5c
[ 7283.272529][   T27]  __synchronize_srcu+0x2a4/0x320
[ 7283.272975][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 7283.273418][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 7283.462219][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 7283.462812][   T27]  kvm_vm_release+0x58/0x78
[ 7283.463249][   T27]  __fput+0x4ac/0x980
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 7283.555154][   T27]  ____fput+0x20/0x58
[ 7283.555816][   T27]  task_work_run+0x1bc/0x254
[ 7283.556244][   T27]  do_notify_resume+0x1bc/0x270
[ 7283.556705][   T27]  el0_svc+0xb8/0x164
[ 7283.557112][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 7283.557551][   T27]  el0t_64_sync+0x198/0x19c
[ 7283.559110][   T27] 
[ 7283.559110][   T27] Showing all locks held in the system:
[ 7283.559612][   T27] 1 lock held by khungtaskd/27:
[ 7283.560028][   T27]  #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 7283.562579][   T27] 2 locks held by getty/3185:
[ 7283.562948][   T27]  #0: 91f0000011c4e8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 7283.771494][   T27]  #1: f2ff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 7283.773290][   T27] 2 locks held by syz-executor/3309:
[ 7283.855064][   T27] 3 locks held by kworker/u4:5/3413:
[ 7283.855800][   T27] 3 locks held by kworker/u4:7/4751:
[ 7283.856155][   T27] 2 locks held by kworker/u4:10/4770:
[ 7283.856513][   T27] 3 locks held by kworker/u4:13/5332:
[ 7283.856829][   T27] 2 locks held by kworker/u4:2/5649:
[ 7283.857128][   T27] 2 locks held by kworker/u4:15/6121:
[ 7283.857438][   T27]  #0: f7f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 7283.859163][   T27]  #1: ffff80008f757c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 7283.860811][   T27] 3 locks held by kworker/u4:16/6122:
[ 7283.861142][   T27] 2 locks held by kworker/u4:12/6522:
[ 7283.861457][   T27]  #0: f7f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 7283.863078][   T27]  #1: ffff80008e767c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 7284.036873][   T27] 2 locks held by kworker/u4:3/6727:
[ 7284.037208][   T27]  #0: f7f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 7284.038964][   T27]  #1: ffff80008ef97c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 7284.040612][   T27] 2 locks held by syz.1.515/6739:
[ 7284.040946][   T27] 3 locks held by kworker/u4:14/6821:
[ 7284.041259][   T27] 2 locks held by modprobe/6914:
[ 7284.041584][   T27] 1 lock held by modprobe/6915:
[ 7284.041932][   T27] 1 lock held by modprobe/6916:
[ 7284.042499][   T27] 
[ 7284.042770][   T27] =============================================
[ 7284.042770][   T27] 
[ 7304.347288][   T27] INFO: task syz.0.517:6747 blocked for more than 451 seconds.
[ 7304.368128][   T27]       Not tainted syzkaller #0
[ 7304.385177][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 7304.385915][   T27] task:syz.0.517       state:D stack:0     pid:6747  tgid:6747  ppid:6512   task_flags:0x400040 flags:0x00000019
[ 7304.386704][   T27] Call trace:
[ 7304.386956][   T27]  __switch_to+0x584/0xb20 (T)
[ 7304.387508][   T27]  __schedule+0x1eec/0x33a4
[ 7304.387971][   T27]  schedule+0xac/0x27c
[ 7304.388447][   T27]  schedule_timeout+0x5c/0x1e4
[ 7304.388852][   T27]  do_wait_for_common+0x28c/0x444
[ 7304.389222][   T27]  wait_for_completion+0x44/0x5c
[ 7304.389761][   T27]  __synchronize_srcu+0x2a4/0x320
[ 7304.390290][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 7304.390744][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 7304.391180][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 7304.391587][   T27]  kvm_vm_release+0x58/0x78
[ 7304.392003][   T27]  __fput+0x4ac/0x980
[ 7304.392386][   T27]  ____fput+0x20/0x58
[ 7304.392770][   T27]  task_work_run+0x1bc/0x254
[ 7304.393156][   T27]  do_notify_resume+0x1bc/0x270
[ 7304.606594][   T27]  el0_svc+0xb8/0x164
[ 7304.622475][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 7304.623143][   T27]  el0t_64_sync+0x198/0x19c
[ 7304.637588][   T27] 
[ 7304.637588][   T27] Showing all locks held in the system:
[ 7304.638981][   T27] 2 locks held by kworker/u4:1/21:
[ 7304.639411][   T27] 1 lock held by khungtaskd/27:
[ 7304.639713][   T27]  #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 7304.641489][   T27] 2 locks held by getty/3185:
[ 7304.641820][   T27]  #0: 91f0000011c4e8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 7304.643464][   T27]  #1: f2ff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 7304.717068][   T27] 3 locks held by kworker/u4:2/5649:
[ 7304.717457][   T27] 3 locks held by kworker/u4:9/5954:
[ 7304.717777][   T27] 2 locks held by kworker/u4:16/6122:
[ 7304.718105][   T27]  #0: f7f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 7304.719719][   T27]  #1: ffff80008ea47c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 7304.721385][   T27] 3 locks held by kworker/u4:12/6522:
[ 7304.721929][   T27] 2 locks held by syz.1.515/6739:
[ 7304.722261][   T27] 1 lock held by syz-executor/6760:
[ 7304.722620][   T27] 2 locks held by syz-executor/6768:
[ 7304.722962][   T27] 1 lock held by modprobe/6922:
[ 7304.723359][   T27] 
[ 7304.894554][   T27] =============================================
[ 7304.894554][   T27] 

VM DIAGNOSIS:
10:07:12  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008036d680 X00=0000000000000000 X01=ffff80008712372d
X02=ffff80008c5f7ba0 X03=0000000000000010 X04=0000000000000001
X05=0000000000000001 X06=0000000000000000 X07=ffff80008039fbc8
X08=1cf000000d849d80 X09=0000000000000000 X10=0000000000ff0100
X11=000000000000001c X12=0000000000000001 X13=0000000000000028
X14=ffffffffffffffff X15=00000000000000c2 X16=000000000000001c
X17=00000000015d15e9 X18=00000000000aae60 X19=33f000000d2d0100
X20=efff800000000000 X21=000000000000001c X22=0000000000000000
X23=0000000000000033 X24=33f000000d2d0104 X25=1cf000000d84b370
X26=000000000000001c X27=0000000000000033 X28=1cf000000d849d98
X29=ffff80008c5f7dd0 X30=ffff80008036d8d4  SP=ffff80008c5f7d80
PSTATE=41402009 -Z-- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=65642f000a732520:7325207334362e25
Z02=742065726f6d2072:6f662064656b636f Z03=000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:000f00f00f00000f Z05=64656b636f6c6220:373437363a373135
Z06=203a29315f657661:6c735f646e6f6220 Z07=206e612073612067:6e6976616c736e45
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffcab349e0:0000ffffcab349e0 Z17=ffffff80ffffffd0:0000ffffcab349b0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000