last executing test programs:

53m23.372557651s ago: executing program 0 (id=152):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x19)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) (async, rerun: 64)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000140)={0xe4, 0x0, 0x2}) (async, rerun: 64)
r3 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000080)=0x4}) (async)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2a)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) (rerun: 32)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r7 = eventfd2(0x8, 0x80800)
r8 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7ffffffffffffffe, 0xeeee0000, 0x8, r8}) (async, rerun: 32)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r7, 0x2}) (rerun: 32)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0xff, 0x0, 0x1, r7, 0xb})

52m58.595238708s ago: executing program 0 (id=154):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x33)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x2})
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000004c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xffffffffffffffff}}], 0x20}, &(0x7f00000000c0)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r14 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xb, 0xfe, 0x2, 0x20000009, 0x0, 0x80, 0xfffffffc}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r14, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000180)={0x8, <r17=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r17, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r16, 0xae80, 0x0)

52m47.284157965s ago: executing program 0 (id=157):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7e)
r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000)
r3 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x59)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x7fffffffffffffff)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000000)={0xa4a605311ad0de6b, 0x0, &(0x7f0000c67000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f000073e000/0x400000)=nil)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

52m31.778749018s ago: executing program 0 (id=159):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x40086602, 0x2f)
r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r3, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x401c5820, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)=0x6})
openat$kvm(0x0, 0x0, 0x80, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r10, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000200)=@arm64_core={0x603000000010003a, &(0x7f00000001c0)=0x9})
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x4, 0x3, 0x0})
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0xfffffffffffffffc, 0x8}}], 0x30}, 0x0, 0x0)

52m21.781784778s ago: executing program 0 (id=162):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c006, &(0x7f0000000040)=0xffffffffffffffff})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25)
ioctl$KVM_CAP_ARM_MTE(r5, 0x4068aea3, &(0x7f00000000c0))
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013c00a, &(0x7f0000000280)=0x3})

52m12.906555621s ago: executing program 0 (id=163):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x32)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff, 0x1})
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, &(0x7f0000000000)={0x10001, 0x400, 0xc0, 0x0})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

51m26.511458208s ago: executing program 32 (id=163):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x32)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff, 0x1})
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, &(0x7f0000000000)={0x10001, 0x400, 0xc0, 0x0})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

38m2.870178638s ago: executing program 1 (id=263):
mmap$KVM_VCPU(&(0x7f0000e0f000/0x2000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0})
ioctl$KVM_CREATE_DEVICE(r5, 0xc018aec0, &(0x7f00000000c0)={0x1}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) (async)
syz_kvm_assert_reg(r3, 0x603000000013df11, 0x8000)

37m52.325533497s ago: executing program 1 (id=265):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async)
close(r2) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000140)={0x1ff, 0xdddc1000, 0x0, r5, 0x4}) (async)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r4, 0x4068aea3, &(0x7f00000000c0))

37m38.278863601s ago: executing program 1 (id=267):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e9d000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0xa)
mmap$KVM_VCPU(&(0x7f0000834000/0x3000)=nil, 0x930, 0x100000a, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0)

37m27.728202861s ago: executing program 1 (id=269):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2f)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r2, 0x3})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x14)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x3, 0x0, 0x2, r2, 0xb})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r12, 0x2000003, 0x11, r11, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r12, 0x2000009, 0x11, r11, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x1800002, 0x810, 0xffffffffffffffff, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000180)=@arm64_bitmap={0x6030000000160001, &(0x7f00000000c0)=0x4})
r15 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e96000/0x4000)=nil, r12, 0x200000e, 0x110, r15, 0x0)
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000100)=@arm64_fp={0x60400000001000a4, &(0x7f0000000140)=0xfffffffffffffffc})

36m57.630636758s ago: executing program 1 (id=272):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xffff, 0x3})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
mmap$KVM_VCPU(&(0x7f0000c17000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x20)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f00000002c0), 0x2001, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013df62, 0xc00000}}], 0x20}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0x80000000, 0x6, &(0x7f00000000c0)=0x9})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000aa2000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x4, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@arm64={0x40, 0x9d, 0xa, '\x00', 0x7})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)

36m42.040166903s ago: executing program 1 (id=275):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x20141, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000002c0)={0x1, 0x0, [{0x3, 0x1, 0x0, 0x0, @irqchip={0x2, 0x3}}]})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f0000000000)={0x7fffffff, 0x8000001})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000b40), 0x88940, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000140)=0xffff})
r11 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x7, <r12=>0xffffffffffffffff})
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, &(0x7f0000000b00)={0x4a2df35c, 0x7, 0x8})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x8, &(0x7f00000000c0)=0x45d4970})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r13 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffa000/0x5000)=nil, 0x5000)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000000)={0x0, &(0x7f0000000180)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xe00, 0x401, 0x7}}, @mrs={0xbe, 0x18, {0x603000000013df6c}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x3c5}}, @hvc={0x32, 0x40, {0x84000014, [0x0, 0x2, 0x6, 0x80000000, 0x800]}}, @smc={0x1e, 0x40, {0x3f000000, [0x0, 0x2, 0x100000000, 0xfffffffffffffff7, 0x200]}}, @hvc={0x32, 0x40, {0x8400000c, [0x1, 0xfffffffffffffff7, 0x1ff, 0x5578, 0xffffffffffffffff]}}, @irq_setup={0x46, 0x18, {0x4, 0x378}}, @eret={0xe6, 0x18, 0xa}, @hvc={0x32, 0x40, {0x80000002, [0x373b, 0x80, 0x2, 0x7, 0xf1]}}, @code={0xa, 0x6c, {"007008d500409f0d000028d50008603c004c85d200c0b0f2610080d2e20080d2c30080d2240080d2020000d4008008d50000c00c001c600ec0f796d20000b0f2810180d2220080d2c30080d2a40080d2020000d40008201e"}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x8d7, 0x7fe1, 0x2}}, @code={0xa, 0x6c, {"000028d560b484d20080b8f2210080d2220180d2430080d2e40080d2020000d40048200e007008d500e4207e0094004f000008d50000006d203b86d20040b8f2c10180d2420080d2230080d2e40180d2020000d4007008d5"}}, @hvc={0x32, 0x40, {0x8400000d, [0xc, 0x8, 0x8381, 0x7, 0x7fff]}}, @hvc={0x32, 0x40, {0x4000001f, [0xc, 0x1, 0x9, 0x1, 0x9]}}, @msr={0x14, 0x20}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x3, 0xf, 0x8001, 0xda0}}, @msr={0x14, 0x20, {0x603000000013801e, 0x4}}, @eret={0xe6, 0x18, 0x1}], 0x400}, &(0x7f00000000c0)=[@featur1={0x1, 0xf5}], 0x1)
syz_kvm_setup_cpu$arm64(r3, r14, &(0x7f0000976000/0x400000)=nil, &(0x7f0000000100)=[{0x0, &(0x7f0000000580)=[@its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0xfffffffe, 0xe, 0x6cf7, 0x282, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0x34a}}, @mrs={0xbe, 0x18, {0x603000000013c685}}, @uexit={0x0, 0x18, 0x66a38f8a}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x1a, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013c64a}}, @hvc={0x32, 0x40, {0x8400000a, [0x8, 0x9, 0xe, 0x8, 0x8001]}}, @memwrite={0x6e, 0x30, @generic={0x3000, 0x2df, 0x5a57ea51, 0x4}}, @uexit={0x0, 0x18, 0x8}, @smc={0x1e, 0x40, {0x8400000a, [0x7, 0x3, 0x1, 0x1, 0x100]}}, @eret={0xe6, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013e6c3, 0x8000000000000001}}, @svc={0x122, 0x40, {0x84000002, [0xff7b, 0x1, 0xb, 0x400, 0x5]}}, @svc={0x122, 0x40, {0x31000000, [0x2, 0x5, 0x0, 0xfffffffffffffffc, 0x9e]}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x57}}, @code={0xa, 0x84, {"000000bc007008d500a0800d0000199e00a79ad200c0b0f2010180d2420180d2630180d2c40080d2020000d4a0499ad200c0b0f2610080d2420180d2e30180d2240080d2020000d4000008d50024000f000008d5807a9bd20040b8f2c10080d2c20180d2830080d2040180d2020000d4"}}, @code={0xa, 0x84, {"0000407a007008d50048216ea01d88d200e0b8f2e10180d2420180d2830180d2c40080d2020000d4607491d200a0b8f2e10180d2420180d2030080d2640080d2020000d4007008d5007008d500000013a0e38ed20000b0f2a10080d2020080d2a30080d2840180d2020000d40028000e"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x10, 0x3800000}}, @eret={0xe6, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x0, 0x6, 0x7f, 0x10000000, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e300}}, @smc={0x1e, 0x40, {0x400, [0x4b, 0x3ff, 0x980, 0x7, 0x7fffffffffffffff]}}, @uexit={0x0, 0x18, 0x8000000000000001}, @svc={0x122, 0x40, {0x84008058, [0x6f49, 0x3, 0x5, 0x4, 0x10000000000]}}, @mrs={0xbe, 0x18, {0x6030000000138024}}, @smc={0x1e, 0x40, {0x80, [0x3, 0x5, 0xcb, 0x42b79ce5, 0x4]}}], 0x4e0}], 0x1, 0x0, &(0x7f0000000a80)=[@featur1={0x1, 0x7d}], 0x1)

35m55.205815625s ago: executing program 33 (id=275):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x20141, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000002c0)={0x1, 0x0, [{0x3, 0x1, 0x0, 0x0, @irqchip={0x2, 0x3}}]})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f0000000000)={0x7fffffff, 0x8000001})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000b40), 0x88940, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000140)=0xffff})
r11 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x7, <r12=>0xffffffffffffffff})
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, &(0x7f0000000b00)={0x4a2df35c, 0x7, 0x8})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x8, &(0x7f00000000c0)=0x45d4970})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r13 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffa000/0x5000)=nil, 0x5000)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000000)={0x0, &(0x7f0000000180)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xe00, 0x401, 0x7}}, @mrs={0xbe, 0x18, {0x603000000013df6c}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x3c5}}, @hvc={0x32, 0x40, {0x84000014, [0x0, 0x2, 0x6, 0x80000000, 0x800]}}, @smc={0x1e, 0x40, {0x3f000000, [0x0, 0x2, 0x100000000, 0xfffffffffffffff7, 0x200]}}, @hvc={0x32, 0x40, {0x8400000c, [0x1, 0xfffffffffffffff7, 0x1ff, 0x5578, 0xffffffffffffffff]}}, @irq_setup={0x46, 0x18, {0x4, 0x378}}, @eret={0xe6, 0x18, 0xa}, @hvc={0x32, 0x40, {0x80000002, [0x373b, 0x80, 0x2, 0x7, 0xf1]}}, @code={0xa, 0x6c, {"007008d500409f0d000028d50008603c004c85d200c0b0f2610080d2e20080d2c30080d2240080d2020000d4008008d50000c00c001c600ec0f796d20000b0f2810180d2220080d2c30080d2a40080d2020000d40008201e"}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x8d7, 0x7fe1, 0x2}}, @code={0xa, 0x6c, {"000028d560b484d20080b8f2210080d2220180d2430080d2e40080d2020000d40048200e007008d500e4207e0094004f000008d50000006d203b86d20040b8f2c10180d2420080d2230080d2e40180d2020000d4007008d5"}}, @hvc={0x32, 0x40, {0x8400000d, [0xc, 0x8, 0x8381, 0x7, 0x7fff]}}, @hvc={0x32, 0x40, {0x4000001f, [0xc, 0x1, 0x9, 0x1, 0x9]}}, @msr={0x14, 0x20}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x3, 0xf, 0x8001, 0xda0}}, @msr={0x14, 0x20, {0x603000000013801e, 0x4}}, @eret={0xe6, 0x18, 0x1}], 0x400}, &(0x7f00000000c0)=[@featur1={0x1, 0xf5}], 0x1)
syz_kvm_setup_cpu$arm64(r3, r14, &(0x7f0000976000/0x400000)=nil, &(0x7f0000000100)=[{0x0, &(0x7f0000000580)=[@its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0xfffffffe, 0xe, 0x6cf7, 0x282, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0x34a}}, @mrs={0xbe, 0x18, {0x603000000013c685}}, @uexit={0x0, 0x18, 0x66a38f8a}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x1a, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013c64a}}, @hvc={0x32, 0x40, {0x8400000a, [0x8, 0x9, 0xe, 0x8, 0x8001]}}, @memwrite={0x6e, 0x30, @generic={0x3000, 0x2df, 0x5a57ea51, 0x4}}, @uexit={0x0, 0x18, 0x8}, @smc={0x1e, 0x40, {0x8400000a, [0x7, 0x3, 0x1, 0x1, 0x100]}}, @eret={0xe6, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013e6c3, 0x8000000000000001}}, @svc={0x122, 0x40, {0x84000002, [0xff7b, 0x1, 0xb, 0x400, 0x5]}}, @svc={0x122, 0x40, {0x31000000, [0x2, 0x5, 0x0, 0xfffffffffffffffc, 0x9e]}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x57}}, @code={0xa, 0x84, {"000000bc007008d500a0800d0000199e00a79ad200c0b0f2010180d2420180d2630180d2c40080d2020000d4a0499ad200c0b0f2610080d2420180d2e30180d2240080d2020000d4000008d50024000f000008d5807a9bd20040b8f2c10080d2c20180d2830080d2040180d2020000d4"}}, @code={0xa, 0x84, {"0000407a007008d50048216ea01d88d200e0b8f2e10180d2420180d2830180d2c40080d2020000d4607491d200a0b8f2e10180d2420180d2030080d2640080d2020000d4007008d5007008d500000013a0e38ed20000b0f2a10080d2020080d2a30080d2840180d2020000d40028000e"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x10, 0x3800000}}, @eret={0xe6, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x0, 0x6, 0x7f, 0x10000000, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e300}}, @smc={0x1e, 0x40, {0x400, [0x4b, 0x3ff, 0x980, 0x7, 0x7fffffffffffffff]}}, @uexit={0x0, 0x18, 0x8000000000000001}, @svc={0x122, 0x40, {0x84008058, [0x6f49, 0x3, 0x5, 0x4, 0x10000000000]}}, @mrs={0xbe, 0x18, {0x6030000000138024}}, @smc={0x1e, 0x40, {0x80, [0x3, 0x5, 0xcb, 0x42b79ce5, 0x4]}}], 0x4e0}], 0x1, 0x0, &(0x7f0000000a80)=[@featur1={0x1, 0x7d}], 0x1)

32m58.890603026s ago: executing program 2 (id=295):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
r6 = ioctl$KVM_CREATE_VM(r5, 0x894c, 0x0)
close(r6)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r4, 0x4008ae73, 0x0)
r7 = syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r9, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
ioctl$KVM_GET_DIRTY_LOG(r9, 0x4010ae42, &(0x7f0000000080)={0x10004, 0x0, &(0x7f0000c82000/0x4000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x1, 0x7, &(0x7f0000000180)=0x3})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f00000000c0)=0x1})

32m49.213252931s ago: executing program 2 (id=296):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x15)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0xfffffff8, 0xffff, 0x0})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x405200, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r8, 0x2, 0x12, r7, 0x0)
openat$kvm(0x0, 0x0, 0x140, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r14, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r13, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r13, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bfd000/0x400000)=nil, &(0x7f00000004c0)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x240)
r16 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000b00)={0x0, &(0x7f00000007c0)=[@mrs={0xbe, 0x18, {0x603000000013c2a4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x2, 0xffffffff, 0x9, 0x2}}, @svc={0x122, 0x40, {0x8400000d, [0x8000000000000000, 0x7, 0x7000, 0xaaf, 0x8000]}}, @hvc={0x32, 0x40, {0xc4000004, [0x7, 0x8, 0xc, 0x4]}}, @msr={0x14, 0x20, {0x603000000013e66b, 0x6}}], 0xe0}, 0x0, 0x0)

32m39.91137888s ago: executing program 2 (id=297):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x83)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

32m29.061079301s ago: executing program 2 (id=298):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000540)={0x0, &(0x7f0000000000)=[@uexit={0x0, 0x18, 0x8}, @smc={0x1e, 0x40, {0x84000044, [0x7, 0x7fffffff, 0x6a4e5c47, 0x7, 0x59]}}, @irq_setup={0x46, 0x18, {0x2, 0x8b}}, @mrs={0xbe, 0x18, {0x603000000013dce4}}, @msr={0x14, 0x20, {0x603000000013c4ce, 0x7}}, @uexit={0x0, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x4, 0x1, 0x6, 0xb2e, 0x3}}, @hvc={0x32, 0x40, {0x40, [0x7, 0x80000001, 0x0, 0x5, 0x6]}}, @memwrite={0x6e, 0x30, @generic={0x1000, 0xdf5, 0x401}}, @irq_setup={0x46, 0x18, {0x4, 0x147}}, @uexit={0x0, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x2, 0x4, 0x8, 0x7, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013deb4}}, @uexit={0x0, 0x18, 0x8}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x1, 0xc9, 0x6}}, @smc={0x1e, 0x40, {0x800, [0x4, 0xaa2, 0x200, 0x8d3, 0x100000000]}}, @eret={0xe6, 0x18, 0x1e4}, @memwrite={0x6e, 0x30, @generic={0x1, 0x33e, 0x2, 0x1}}, @svc={0x122, 0x40, {0xc400000e, [0x20, 0x2, 0x2, 0x7, 0x3]}}, @svc={0x122, 0x40, {0xffff, [0x3, 0x1000, 0x3, 0x79, 0x69]}}, @code={0xa, 0x84, {"60688ed200e0b0f2a10180d2420180d2830180d2a40080d2020000d4000008d5e03291d200e0b8f2210080d2620180d2630180d2c40180d2020000d4e0c088d20000b0f2210080d2c20180d2630180d2640180d2020000d4030000d4007008d50038207e007008d5007008d5007008d5"}}, @svc={0x122, 0x40, {0xffff, [0x4, 0x1ff, 0x7ff, 0x100]}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x20a}}, @smc={0x1e, 0x40, {0xc4000010, [0x1, 0x4, 0x8, 0xc573, 0x7fff]}}, @hvc={0x32, 0x40, {0xc4000003, [0x0, 0x7fff, 0x3, 0x7, 0x3]}}, @uexit={0x0, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013e218, 0x3}}, @msr={0x14, 0x20, {0x603000000013e218, 0x9}}, @code={0xa, 0x54, {"000c00f80090800f007008d500000014807082d20000b0f2210180d2620180d2430080d2240180d2020000d4007008d500e0c00d00a0df0d000028d5000c207e"}}], 0x528}, &(0x7f0000000580)=[@featur1={0x1, 0x9}], 0x1)
ioctl$KVM_ARM_PREFERRED_TARGET(r0, 0x8020aeaf, &(0x7f00000005c0))
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000600))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000640)={0x10004, 0x2, 0x80a0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000680)=0x40)
ioctl$KVM_ARM_PREFERRED_TARGET(r0, 0x8020aeaf, &(0x7f00000006c0))
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000b40)={0x0, &(0x7f0000000700)=[@uexit={0x0, 0x18, 0x4}, @code={0xa, 0x9c, {"a02b9dd200a0b0f2210080d2420180d2a30080d2040080d2020000d4000008d50004005e00b0205e00082038007008d5804c95d20020b0f2a10180d2820080d2230180d2a40180d2020000d40040bf0dc0fe87d20060b0f2c10180d2c20080d2a30180d2240080d2020000d4201b9ad200a0b8f2a10080d2020180d2230080d2a40080d2020000d4"}}, @code={0xa, 0x9c, {"0020c00ca04887d20080b8f2410080d2c20080d2c30180d2c40080d2020000d4e0e488d200e0b8f2410080d2e20180d2630180d2240080d2020000d4007f80d20060b8f2610180d2a20180d2630080d2840180d2020000d40040000e0000001b000008d50004002f000028d580ac8dd20000b0f2210180d2c20080d2c30080d2c40180d2020000d4"}}, @code={0xa, 0x6c, {"00a0bf0d000820bc00c0206e008008d50000002f008008d5007008d50078000ec01481d20080b8f2010080d2020180d2c30080d2640080d2020000d4a00791d20080b0f2010180d2c20180d2230080d2a40080d2020000d4"}}, @smc={0x1e, 0x40, {0x8400000c, [0xe, 0x4, 0x0, 0x4, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x0, 0xb, 0xad, 0x400, 0x4}}, @code={0xa, 0x84, {"e0649bd200e0b8f2410080d2820180d2a30180d2a40080d2020000d420529cd20060b8f2010180d2c20080d2e30180d2840180d2020000d4000040d3007008d50044c01a007008d50058602e00709f0c80729ad20080b8f2c10080d2a20180d2630180d2e40180d2020000d40030200e"}}, @msr={0x14, 0x20, {0x603000000013e290}}, @msr={0x14, 0x20, {0x603000000013deb2, 0x6}}, @smc={0x1e, 0x40, {0x31000000, [0xfffffffffffffd4c, 0x5, 0xffffffffffffffff, 0x1, 0x7]}}, @smc={0x1e, 0x40, {0x4000, [0x3, 0xfffffffffffffffa, 0x6, 0x401, 0x1]}}, @msr={0x14, 0x20, {0x0, 0x4}}, @smc={0x1e, 0x40, {0x100, [0x7328, 0x3, 0x25b8723c, 0x3, 0xf033]}}, @smc={0x1e, 0x40, {0x20, [0x9, 0x3, 0xba, 0x3, 0x93f]}}], 0x408}, &(0x7f0000000b80)=[@featur1={0x1, 0x40}], 0x1)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000e80)=[{0x0, &(0x7f0000000bc0)=[@smc={0x1e, 0x40, {0xc4000001, [0x5, 0x10000, 0x1, 0x100000001, 0x2]}}, @hvc={0x32, 0x40, {0x84000053, [0x0, 0x1, 0xfffffffffffffff7, 0x3ff, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x51cc7c629d55baa1, 0x1, 0x4, 0xc, 0x5, 0x2, 0x4}}, @msr={0x14, 0x20, {0x603000000013e535, 0x2}}, @svc={0x122, 0x40, {0x9cb02506b6518228, [0x8ae, 0x17b, 0x6b, 0x4, 0x5]}}, @irq_setup={0x46, 0x18, {0x0, 0x10f}}, @svc={0x122, 0x40, {0x200, [0x4, 0x9, 0x9f96, 0xffffe00000000000, 0x80000000]}}, @eret={0xe6, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013c510}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x400, 0x6, 0x4}}, @msr={0x14, 0x20, {0x38f5, 0x7}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x3e0}}, @smc={0x1e, 0x40, {0x84000003, [0x8, 0x9, 0x7, 0x1, 0x8ce]}}, @uexit={0x0, 0x18, 0x656}, @eret={0xe6, 0x18, 0x8}, @irq_setup={0x46, 0x18, {0x4, 0x371}}], 0x290}], 0x1, 0x0, &(0x7f0000000ec0)=[@featur1={0x1, 0x2}], 0x1)
r2 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece)
syz_kvm_setup_cpu$arm64(r2, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000012c0)=[{0x0, &(0x7f0000000f00)=[@hvc={0x32, 0x40, {0x4000, [0x4f269aba, 0x9, 0x3217, 0x0, 0x8]}}, @irq_setup={0x46, 0x18, {0x3, 0x76}}, @smc={0x1e, 0x40, {0x800, [0xf097, 0x18b1, 0x7, 0x8, 0x76a5]}}, @uexit={0x0, 0x18, 0xb}, @smc={0x1e, 0x40, {0x4000000, [0x6, 0x8001, 0x9, 0xea52, 0x7f]}}, @hvc={0x32, 0x40, {0xc4000005, [0x401, 0xffffffffffffff7f, 0x0, 0x367, 0x400000000000000]}}, @eret={0xe6, 0x18, 0x6}, @code={0xa, 0x9c, {"0040641e408c8fd20020b8f2210080d2a20080d2c30180d2040080d2020000d4c01f9fd20060b0f2210180d2420180d2a30080d2a40180d2020000d40004007f00c0251e000028d5000cc01a20478cd20000b8f2c10180d2820180d2630080d2040080d2020000d4a07b8ed20080b0f2e10080d2a20180d2430080d2e40180d2020000d40020c09a"}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x0, 0x7, 0x0, 0x8, 0x2}}, @code={0xa, 0x9c, {"000020cb00c98bd20040b0f2810080d2220180d2c30180d2440180d2020000d4000028d50020601e007008d50000239e006b89d20020b0f2e10080d2420180d2630080d2e40080d2020000d4000008d5801e96d200c0b0f2410180d2620180d2030180d2640080d2020000d440d89dd20040b0f2a10080d2e20080d2030180d2440180d2020000d4"}}, @hvc={0x32, 0x40, {0x40, [0x8000000000000000, 0xfff, 0x9, 0x8000000000000000, 0x7fff]}}, @hvc={0x32, 0x40, {0x600bf01, [0xb, 0xa01, 0x9, 0x7, 0xfffffffffffffff6]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x150}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0xc37, 0x832, 0x5}}, @irq_setup={0x46, 0x18, {0x2, 0x4}}], 0x398}], 0x1, 0x0, &(0x7f0000001300)=[@featur1={0x1, 0x20}], 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000001340)={0x3a, "09ba838663cbae1bc5114405d100755791b95ae0d4161368fd49633cc4e19b72b1db50b5103ad6b48af36a13621ab45b455dd9dbc80591e0218d"})
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c61000/0x2000)=nil, r3, 0x2000000, 0x40010, r1, 0x0)
ioctl$KVM_ARM_PREFERRED_TARGET(r0, 0x8020aeaf, &(0x7f0000001380))
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000001400)=@attr_other={0x0, 0x8, 0x101, &(0x7f00000013c0)=0x8000})
munmap(&(0x7f0000f9b000/0xa000)=nil, 0xa000)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000001440)=@arm64)
ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000001480)=0x7)
r4 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f00000014c0)=0x1)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_GET_REG_LIST(r5, 0xc008aeb0, &(0x7f0000001500)={0x8, [0xfffffffffffffffa, 0x0, 0xde564ec, 0x7, 0x8, 0x8000, 0x1, 0x7]})
ioctl$KVM_GET_SREGS(r5, 0x8000ae83, &(0x7f0000001580))
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f00000016c0)={0x4, 0x93})
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x16)
syz_kvm_vgic_v3_setup(r7, 0x3, 0x200)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f0000001700)=@attr_pmu_init)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000001740)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece)

32m19.843710684s ago: executing program 2 (id=299):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, 0xfffffffffffffffe) (async)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0xc)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x285}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
r11 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000280)=@arm64_sys={0x603000000013808c, &(0x7f00000001c0)}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x5, 0x4, 0x1}}) (async)
r13 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x29)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x1)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
r17 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r16, 0x2, 0x12, r15, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r17, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)

32m5.890396413s ago: executing program 2 (id=300):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = eventfd2(0x8, 0x80800)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100024, &(0x7f0000000140)=0x7})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r5, 0xb})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r5, 0x3})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0}) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x2132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000240)={0x200002f}) (async)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000bfd000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async, rerun: 64)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r14, 0x4010ae67, 0xffffffffffffffff)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_IRQ_LINE(r10, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) (async, rerun: 32)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)

31m18.500682394s ago: executing program 34 (id=300):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = eventfd2(0x8, 0x80800)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100024, &(0x7f0000000140)=0x7})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r5, 0xb})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r5, 0x3})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0}) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x2132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000240)={0x200002f}) (async)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000bfd000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async, rerun: 64)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r14, 0x4010ae67, 0xffffffffffffffff)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_IRQ_LINE(r10, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) (async, rerun: 32)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)

28m44.352965891s ago: executing program 3 (id=304):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x2, 0x100)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, &(0x7f0000000140)=@attr_other={0x0, 0x3, 0x5, &(0x7f0000000000)=0x8})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000100)={0x55})

28m35.143379771s ago: executing program 3 (id=305):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x10480, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7})

28m27.498616974s ago: executing program 3 (id=306):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x5452, 0x15)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000001000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2e)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0x40086602, 0x110e227ffe)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r8, 0x400454d0, 0x7ffffffd)
syz_kvm_setup_cpu$arm64(r3, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x12})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013c023, &(0x7f0000000000)=0x2})

28m2.862387358s ago: executing program 3 (id=307):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r5})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f00005e1000/0x3000)=nil, r7, 0x2000009, 0x213011, r2, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

27m50.682644738s ago: executing program 3 (id=308):
mmap$KVM_VCPU(&(0x7f0000c81000/0x2000)=nil, 0x930, 0x3000003, 0x80010, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x8, 0x0, 0x0})
r3 = eventfd2(0x8801, 0x800)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r7 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x401c5820, &(0x7f00000000c0)=@attr_arm64={0x0, 0x5, 0x5, &(0x7f0000000080)=0x3ff})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r3, 0x5, 0x2})
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000f06000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)

27m36.794027849s ago: executing program 3 (id=309):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0x8, 0x80, 0x80}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

26m49.098944717s ago: executing program 35 (id=309):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0x8, 0x80, 0x80}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22m58.750272794s ago: executing program 4 (id=317):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f0000000280), 0x2d0a)
r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x151400, 0x0)

22m46.991145868s ago: executing program 4 (id=318):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000581000/0x1000)=nil, 0x930, 0x0, 0x4020131, 0xffffffffffffffff, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138010, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138012, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138004, 0x8000}}, @msr={0x14, 0x20, {0x603000000013800c, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138014, 0x8000}}, @msr={0x14, 0x20, {0x603000000013801c, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138024, 0x8000}}, @msr={0x14, 0x20, {0x603000000013802c, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138005, 0x8000}}, @msr={0x14, 0x20, {0x603000000013800d, 0x8000}}], 0x140}, 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r5, 0xffffffffffffffff)
syz_kvm_assert_reg(r3, 0x6030000000138010, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138012, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138004, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013800c, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138014, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013801c, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138024, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013802c, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138005, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013800d, 0x8000)

22m35.993056466s ago: executing program 4 (id=319):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000100)={0x3, 0x2, 0xeeef0000, 0x2000, &(0x7f0000c0c000/0x2000)=nil, 0xfffffffffffffff0})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x6)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f00000001c0)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x800000000108, &(0x7f0000000340)=0x2})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000b44000/0x400000)=nil)
r6 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000000000))

22m21.072391822s ago: executing program 4 (id=320):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32)
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (rerun: 32)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r3, 0x2, 0x12, r2, 0x0) (async)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r3, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (rerun: 64)

22m8.280060722s ago: executing program 4 (id=321):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async, rerun: 64)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8, <r7=>0xffffffffffffffff}) (async, rerun: 64)
close(r6) (rerun: 64)
close(r7) (async, rerun: 32)
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (rerun: 32)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_IRQ_LINE_STATUS(r10, 0xc008ae67, &(0x7f0000000180)={0x1}) (async)
syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r11, 0x5421, 0x6)
r12 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0x10)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x9}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) (rerun: 32)

21m45.98450263s ago: executing program 4 (id=322):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x309202, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r3 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x10010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = syz_kvm_vgic_v3_setup(r6, 0x2, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x5, 0x3, &(0x7f0000000240)=0x9})
openat$kvm(0x0, &(0x7f0000000040), 0x1a0042, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100008, &(0x7f0000000140)=0x4})
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) (async)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000040)={0x7, <r11=>0xffffffffffffffff}) (async)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0xf)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_kvm_setup_cpu$arm64(r13, r15, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000c40)=ANY=[], 0x318}], 0x1, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0x2}], 0x1) (async)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x3, 0x0})
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)

20m58.321103523s ago: executing program 36 (id=322):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x309202, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r3 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x10010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = syz_kvm_vgic_v3_setup(r6, 0x2, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x5, 0x3, &(0x7f0000000240)=0x9})
openat$kvm(0x0, &(0x7f0000000040), 0x1a0042, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100008, &(0x7f0000000140)=0x4})
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) (async)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000040)={0x7, <r11=>0xffffffffffffffff}) (async)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0xf)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_kvm_setup_cpu$arm64(r13, r15, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000c40)=ANY=[], 0x318}], 0x1, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0x2}], 0x1) (async)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x3, 0x0})
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)

13m38.004337628s ago: executing program 5 (id=343):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x2, 0x2}}, @msr={0x14, 0x20, {0x603000000013e720, 0x92}}, @eret={0xe6, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x3, 0x10, 0x2, 0x8000, 0x4}}, @code={0xa, 0x3c, {"00004093000008d5007008d5007008d5007008d500b0004f000008d50098200e0000029e000028d5"}}, @code={0xa, 0x9c, {"000820f840c287d20020b8f2c10080d2420180d2e30180d2a40080d2020000d40058c01a007008d5007008d5001a9cd20080b0f2c10080d2420080d2630180d2640180d2020000d4e01493d200e0b8f2410080d2a20080d2e30080d2640180d2020000d400b8a15e00fc40d3a00885d200e0b0f2610180d2220180d2c30180d2e40180d2020000d4"}}, @svc={0x122, 0x40, {0xc400000e, [0xae8, 0xe, 0x7fffffff, 0xc193, 0x3]}}, @svc={0x122, 0x40, {0xc400000d, [0x8001, 0x7fffffff, 0xfffffffffffffff9, 0xa3c, 0x1]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x1f1}}, @msr={0x14, 0x20, {0x603000000013e289, 0x10000}}, @svc={0x122, 0x40, {0x2000, [0x4, 0x0, 0x7, 0x7, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x180, 0x3}}, @smc={0x1e, 0x40, {0x1, [0x5, 0x9, 0x63c4000000000, 0xef, 0x1]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x9b}}, @hvc={0x32, 0x40, {0x500001a, [0xf35, 0x8, 0x3, 0x7, 0x8]}}, @eret={0xe6, 0x18, 0x80}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x30e}}, @code={0xa, 0x9c, {"0000800cc01491d20080b8f2210080d2620080d2c30080d2c40180d2020000d40000c05a0000003220ec92d20080b8f2810180d2420180d2830180d2040080d2020000d400c8215e0000c0ac802987d20080b8f2210080d2620180d2a30180d2440080d2020000d4808880d200c0b0f2c10180d2820080d2c30180d2c40080d2020000d4008008d5"}}, @msr={0x14, 0x20, {0x603000000013e281, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013803e}}, @mrs={0xbe, 0x18, {0x603000000013e661}}, @eret={0xe6, 0x18, 0x5}, @smc={0x1e, 0x40, {0x10, [0x1, 0x4, 0x200, 0x73e6, 0x1]}}, @smc={0x1e, 0x40, {0xc400000c, [0x9, 0x0, 0xfffffffffffffff8, 0x1ff, 0xc]}}, @hvc={0x32, 0x40, {0x6000000, [0x6, 0x4, 0x1, 0x8, 0x8]}}, @smc={0x1e, 0x40, {0xc4000001, [0x3, 0x8, 0x6, 0x7b30, 0x3]}}, @hvc={0x32, 0x40, {0x84000013, [0x101, 0x4, 0x5, 0x7, 0x5]}}, @irq_setup={0x46, 0x18, {0x2, 0x3b0}}, @eret={0xe6, 0x18, 0x4}, @code={0xa, 0x6c, {"00804048008008d580d990d20000b8f2a10180d2620080d2630180d2240180d2020000d4a06787d200c0b8f2810080d2a20180d2030180d2e40180d2020000d4000028d5000028d50080200e001ca00e000028d5000008d5"}}], 0x668}, &(0x7f0000000700)=[@featur2={0x1, 0x13}], 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

13m26.371595063s ago: executing program 5 (id=344):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r3, r5, &(0x7f00009a7000/0x400000)=nil, &(0x7f0000000300)=[{0x0, &(0x7f0000000c00)=[@its_setup={0x82, 0x28, {0x0, 0x4, 0x44}}, @eret={0xe6, 0x18, 0xfff}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x200}}, @svc={0x122, 0x40, {0x86000001, [0x240000000000, 0x2, 0x9, 0x40, 0x40]}}, @mrs={0xbe, 0x18, {0x603000000013c200}}, @irq_setup={0x46, 0x18, {0x3, 0x114}}, @smc={0x1e, 0x40, {0x8, [0x7, 0xb, 0x0, 0x2, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x300, 0x401, 0x1}}, @smc={0x1e, 0x40, {0x10800000d, [0x9a0, 0x0, 0xfff, 0xe400, 0x5]}}, @smc={0x1e, 0x40, {0x80008053, [0x5, 0x40, 0x3ff, 0xd9ef]}}, @mrs={0xbe, 0x18, {0x603000000013d801}}], 0x1e0}], 0x1, 0x0, &(0x7f0000000340)=[@featur2={0x1, 0x1}], 0x1)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000ffe000/0x1000)=nil})

13m8.58108717s ago: executing program 5 (id=345):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r9 = syz_kvm_vgic_v3_setup(r6, 0x4, 0x220)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r9, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0x0, 0x0})
r10 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c021}}], 0x18}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000040)={0x7})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000380)=0x800012})
syz_kvm_setup_cpu$arm64(r1, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c030})

12m56.631898878s ago: executing program 6 (id=323):
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x40000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x2, 0x160)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000040)=@arm64={0x3, 0x3, 0x0, '\x00', 0x9})
r5 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4020ae46, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100"])
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r9, 0x400454e2, 0x110c230020)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)

12m38.625919648s ago: executing program 5 (id=346):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000000)=[@code={0xa, 0x6c, {"000028d5008008d560f29cd20000b0f2a10180d2020080d2830180d2840180d2020000d40004000f0040000c000028d500005fd600a8217e000008d5009292d20080b0f2610180d2820180d2c30180d2c40180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013e18e}}, @msr={0x14, 0x20, {0x603000000013df78, 0x8ed6}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffe8, 0x9, 0xc}}, @memwrite={0x6e, 0x30, @generic={0xffff1000, 0xdb7, 0x5, 0x2}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x1c8}}, @mrs={0xbe, 0x18, {0x603000000013e6d2}}, @eret={0xe6, 0x18, 0x8}, @code={0xa, 0x84, {"0074002f000008d500b8a10e60e89fd200e0b0f2c10080d2620180d2630180d2a40180d2020000d4000008d5008088d200e0b8f2210080d2020080d2230080d2e40080d2020000d4007008d560dd8fd200e0b8f2610080d2620080d2030180d2440180d2020000d40000801200000091"}}, @code={0xa, 0xb4, {"008008d5004e9dd20000b8f2a10080d2c20180d2c30180d2240180d2020000d480128cd20060b8f2e10080d2020180d2a30180d2c40180d2020000d4a06386d200c0b8f2a10080d2220180d2030180d2040080d2020000d4c0178cd20000b0f2010080d2420080d2830180d2840080d2020000d4008008d50030204e008008d5000028d5202283d20060b8f2210180d2c20080d2830180d2640180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013e101}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0x4, 0xfffffa24, 0x7, 0x1}}, @uexit={0x0, 0x18, 0x8}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x2, 0x10, 0x9, 0x6, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013c65d}}, @code={0xa, 0x9c, {"007008d50000007800000098006499d20040b0f2810080d2820180d2630180d2040080d2020000d40008207c008008d500f88ad200a0b8f2410080d2620180d2430180d2640080d2020000d400099fd200e0b0f2a10180d2c20180d2230080d2240080d2020000d4405d97d20060b8f2c10080d2e20080d2830180d2440080d2020000d4000008d5"}}, @code={0xa, 0x9c, {"0028200ec04484d200c0b8f2a10080d2c20180d2230080d2840080d2020000d4a0cd98d200e0b8f2410080d2020080d2830180d2e40080d2020000d4007008d5a0be82d20020b8f2c10180d2420180d2030180d2640080d2020000d4000080920064002f007008d5e0849ed20060b0f2c10180d2220080d2a30080d2840080d2020000d4007008d5"}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x33f}}, @svc={0x122, 0x40, {0x84000051, [0x1, 0xfffffffffffffffd, 0x7, 0x3, 0x9]}}, @svc={0x122, 0x40, {0x6000000, [0x1, 0x0, 0x800, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013c039}}, @smc={0x1e, 0x40, {0x86000000, [0x7, 0x6, 0x4, 0x80000000, 0x9]}}, @eret={0xe6, 0x18, 0x5}, @msr={0x14, 0x20, {0x603000000013e08c, 0x1ff}}], 0x59c}, &(0x7f0000000600)=[@featur1={0x1, 0x42}], 0x1)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000009c0)=[{0x0, &(0x7f0000000640)=[@its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x8, 0x4, 0x1, 0x4}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x3}}, @irq_setup={0x46, 0x18, {0x0, 0x202}}, @eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0x1000, [0x8, 0x0, 0x7fffffff, 0x6, 0x100000000]}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x1a9}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x1, 0x8, 0x1, 0xffffff7d, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0xf, 0x2, 0x6, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x3, 0xf, 0x1, 0x800}}, @hvc={0x32, 0x40, {0x32000000, [0x10001, 0x7, 0x2, 0xe1e, 0xb]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x4, 0x223800000, 0x3}}, @irq_setup={0x46, 0x18, {0x0, 0x3c1}}, @hvc={0x32, 0x40, {0x84000001, [0xffffffffffffff1b, 0x2f980000000000, 0x5, 0x1, 0x10000]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x2, 0x2, 0x2c78}}, @msr={0x14, 0x20, {0x603000000013e304, 0x5}}, @smc={0x1e, 0x40, {0x84000051, [0x7, 0x10, 0x3, 0x8000000000000000]}}, @hvc={0x32, 0x40, {0x85000008, [0x6, 0x3, 0x5, 0x0, 0x6]}}, @msr={0x14, 0x20, {0x603000000013df42, 0x1d93}}, @uexit={0x0, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x2, 0xf8}}, @eret={0xe6, 0x18, 0x2}], 0x358}], 0x1, 0x0, &(0x7f0000000a00)=[@featur1={0x1, 0x38}], 0x1)
ioctl$KVM_RESET_DIRTY_RINGS(r0, 0xaec7)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1f)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000a40)={0x2, 0x2, 0xeeef0000, 0x2000, &(0x7f0000dd3000/0x2000)=nil})
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000a80)={0x1000, 0xf000, 0x9, 0x0, 0x7f})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1c)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f0000000ac0)={0xe4, 0x0, 0x5})
r4 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000b40)={0x2, [0x8, 0x40]})
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000b80)={0x100000, 0x0, 0x5, 0x1, 0xfffffff7})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000bc0), 0x8042, 0x0)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f0000000c00))
syz_kvm_vgic_v3_setup(r0, 0x2, 0x20)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r4, 0x40a0ae49, &(0x7f0000000c80)={0x3, 0x5, 0x10000, 0x1000, &(0x7f0000f6a000/0x1000)=nil, 0x5, r4})
ioctl$KVM_CAP_ARM_MTE(r2, 0x4068aea3, &(0x7f0000000d40))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f00000011c0)={0x10001, 0x240, 0x280, &(0x7f0000000dc0)=[0x5, 0x8000000000000000, 0xa, 0xfffffffffffffffb, 0x1, 0x1ff, 0x0, 0x7, 0x0, 0x3ff, 0x7, 0x2, 0xffffffffffffffff, 0x101, 0x8, 0x7c, 0x8, 0x7, 0x3, 0x0, 0x593b, 0x7fffffff, 0x7, 0x0, 0x4, 0x80000000, 0x80000001, 0x2, 0xb2, 0x5, 0x9, 0x0, 0xf, 0x0, 0x3, 0x1, 0x9, 0x7, 0x7, 0xfffffffffffffff7, 0xfffffffffffffffb, 0x3, 0x2, 0x10, 0x8, 0xc, 0x6, 0x2ae3, 0xfa, 0xaf6, 0x0, 0x1, 0x6, 0xfc9, 0x1, 0x1, 0x4, 0x3, 0x6, 0x0, 0x4, 0x0, 0x8, 0x67782ee2, 0xfffffffffffffffa, 0xffffffffffffff80, 0x2, 0x66da, 0x1, 0x8, 0x3, 0x94, 0x9e, 0x80000000, 0x8, 0x6, 0x7f, 0x6, 0xaf, 0x10001, 0x4000000000000000, 0x7f, 0x5e5, 0x10000, 0x2, 0x2, 0x6ad, 0x1, 0x7, 0x1, 0x8, 0x7, 0x3, 0x100000001, 0x80000001, 0x6, 0x7f, 0x0, 0x1, 0xe, 0x3, 0x0, 0x8, 0x8, 0x1, 0x95c3, 0xfffffffffffffff8, 0x1, 0x4, 0x6, 0x3, 0x7, 0xffffffffffff8001, 0x4, 0xff, 0x4b96, 0x4, 0xa47, 0x85, 0xfffffffffffffffc, 0x8, 0x2e, 0x5, 0x1e336dbc, 0x4, 0x4, 0x3, 0x9ad6]})
close(r0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000001200)={0x6, 0xffffffffffffffff, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000001240)={0x8080000, 0x18000, 0x1})
ioctl$KVM_CAP_ARM_USER_IRQ(r3, 0x4068aea3, &(0x7f0000001280))
openat$kvm(0xffffffffffffff9c, &(0x7f0000001300), 0x2000, 0x0)
syz_kvm_vgic_v3_setup(r0, 0x1, 0x40)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x18)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r6, 0x4018aee3, &(0x7f0000001380)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000001340)={0xfffffeff, 0x0, 0x2}})
ioctl$KVM_SET_USER_MEMORY_REGION2(r6, 0x40a0ae49, &(0x7f00000013c0)={0x4, 0x5, 0x3000, 0x1000, &(0x7f0000ee2000/0x1000)=nil, 0x4, r5})

12m34.009926562s ago: executing program 6 (id=347):
openat$kvm(0xffffffffffffff9c, 0x0, 0x18b080, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ff8000/0x8000)=nil, r1, 0x1000000, 0xe637a22295c143f8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r2 = eventfd2(0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x0, 0x1000004, 0x11, r2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x18b080, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000ff8000/0x8000)=nil, r1, 0x1000000, 0xe637a22295c143f8, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
eventfd2(0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x0, 0x1000004, 0x11, r2, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async)

12m28.238440555s ago: executing program 5 (id=348):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x400000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r3 = eventfd2(0x5, 0x800)
write$eventfd(r3, &(0x7f0000000000)=0xffffffffffffffff, 0x8)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x2, 0x0, 0x0})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x20)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = eventfd2(0x0, 0x0)
write$eventfd(r13, &(0x7f0000000100)=0xfffffffffffffffd, 0x8)
r14 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r15 = eventfd2(0x0, 0x800)
ioctl$KVM_IOEVENTFD(r14, 0x4040ae79, &(0x7f0000000040)={0x5, 0x8080000, 0x2, r15, 0x8})
ioctl$KVM_IOEVENTFD(r14, 0x4040ae79, &(0x7f00000000c0)={0x8000000008000800, 0x0, 0x0, r15, 0x2})
ioctl$KVM_IOEVENTFD(r14, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x7000000, r15, 0x6})

12m21.659908151s ago: executing program 6 (id=349):
r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x5, 0x0, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xc6)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x40480, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_vgic_v3_setup(r9, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f00000000c0)})
r11 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = openat$kvm(0x0, &(0x7f00000001c0), 0x100, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0x80111500, 0x20000000)
close(r14)
close(0x3)
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0xcd)
r16 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000003c0)=[@hvc={0x32, 0x40, {0x86000001, [0xc, 0x5, 0x2, 0x0, 0x52]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r16, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)

12m8.255975649s ago: executing program 5 (id=350):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)

11m34.462203883s ago: executing program 37 (id=349):
r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x5, 0x0, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xc6)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x40480, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_vgic_v3_setup(r9, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f00000000c0)})
r11 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = openat$kvm(0x0, &(0x7f00000001c0), 0x100, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0x80111500, 0x20000000)
close(r14)
close(0x3)
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0xcd)
r16 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000003c0)=[@hvc={0x32, 0x40, {0x86000001, [0xc, 0x5, 0x2, 0x0, 0x52]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r16, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)

11m16.720751147s ago: executing program 38 (id=350):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)

2m56.441417034s ago: executing program 7 (id=351):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae03, 0xbb)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}, @msr={0x14, 0x20, {0x603000000013dcf3, 0x8000}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x9, 0xffffffffffffffff, 0x1})
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x8000000000000000, 0x4, 0x4, r10, 0xc})
close(r9)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x1})

2m49.798988879s ago: executing program 8 (id=352):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x9, 0x2000, 0x1000, &(0x7f0000ec2000/0x1000)=nil})

2m32.52887386s ago: executing program 8 (id=353):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@x86={0x92, 0x8, 0x0, 0x0, 0xf08, 0x2, 0x8, 0x6, 0x8, 0x2, 0x5, 0x4, 0x0, 0x3, 0x6, 0x1, 0x5, 0x7, 0x5, '\x00', 0x3, 0x5})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r4, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x80000000, 0x2}})
ioctl$KVM_GET_REGS(r2, 0x8360ae81, &(0x7f0000000040))
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xc020660b, 0xe1)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="be00000000000000180000000000000001c8"], 0x18}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x402001, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x7)

2m30.079930592s ago: executing program 7 (id=354):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x1, 0x0})
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r10 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r10}) (async)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r12, 0x1, 0x240) (async)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, <r16=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r14, 0xae80, 0x0) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000180)={0x5000})
r17 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r17, 0xae80, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0)

2m7.635286627s ago: executing program 7 (id=355):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xf, 0x2}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0xc5c5})

2m5.718375505s ago: executing program 8 (id=356):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) (async, rerun: 64)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000240)={0x0, &(0x7f0000000000)=[@memwrite={0x6e, 0x30, @generic={0x8080000, 0xdc2, 0x4, 0x9}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x58, 0x9, 0x5}}, @eret={0xe6, 0x18, 0xffffffff}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x3ff}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0xffffffff, 0x8b28846086227187}}, @code={0xa, 0x9c, {"807c83d20040b8f2010180d2620180d2830180d2a40180d2020000d4008008d5807292d200a0b8f2c10180d2220080d2c30080d2e40180d2020000d4008008d5008008d5c0be9fd200e0b8f2410080d2c20180d2830080d2440080d2020000d4007008d5406a86d200e0b8f2010080d2820080d2430080d2840080d2020000d4000000fd00b0204e"}}, @svc={0x122, 0x40, {0x6000007, [0x345, 0x5, 0x2, 0x8000, 0x2]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x151}}], 0x1d4}, 0x0, 0x0) (rerun: 64)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
write$eventfd(r7, &(0x7f00000001c0)=0x7ffffff, 0xfdef) (async, rerun: 64)
close(r3) (rerun: 64)
r8 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x3, 0x0, &(0x7f0000000240)=0x100})

1m46.66104791s ago: executing program 8 (id=357):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0x8, 0x80800)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil)
write$eventfd(r6, &(0x7f00000001c0), 0xfdef)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r3})
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x18)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000000)=[@featur2={0x1, 0x14}], 0x1)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000040)={0x0, &(0x7f0000000380)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x8, 0x3d, 0x4}}, @msr={0x14, 0x20, {0x603000000013c640, 0x3}}, @msr={0x14, 0x20, {0x55c90b4bb5008484, 0x6}}, @mrs={0xbe, 0x18, {0x603000000013e130}}, @msr={0x14, 0x20, {0x603000000013df18, 0xfffffffffffffff4}}, @memwrite={0x6e, 0x30, @generic={0x0, 0x270, 0x6, 0x8}}, @code={0xa, 0x84, {"008008d5007008d500e4205e007008d50000711e0000289e60238bd20020b8f2010080d2e20180d2230180d2e40080d2020000d440959dd200e0b0f2a10180d2420180d2830080d2a40180d2020000d440e09cd20020b8f2e10180d2c20080d2830080d2e40080d2020000d4007008d5"}}, @eret={0xe6, 0x18, 0x9}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x2e1}}, @code={0xa, 0x6c, {"60fe96d200c0b8f2410080d2620180d2630080d2440080d2020000d4007008d5000028d500000072000008d50000003700000092a0c086d20040b0f2610180d2a20080d2030080d2040180d2020000d400c0601e008008d5"}}, @irq_setup={0x46, 0x18, {0x0, 0x3a1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x2, 0x67a, 0x1000}}, @mrs={0xbe, 0x18, {0x603000000013e6cb}}, @svc={0x122, 0x40, {0x84000003, [0xd023, 0x2, 0x8, 0x640a, 0xfffffffffffffffa]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x2df}}, @uexit={0x0, 0x18, 0xfffffffffffffffc}, @eret={0xe6, 0x18, 0xefc4}, @irq_setup={0x46, 0x18, {0x4, 0x27a}}], 0x310}, &(0x7f00000000c0)=[@featur1={0x1, 0x89}], 0x1)
syz_kvm_vgic_v3_setup(r7, 0x4, 0x3a0)
close(r7)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)

1m46.093297248s ago: executing program 7 (id=358):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x121402, 0x0)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0xfffffffffffffffa, 0x2, 0x4, 0xffffffffffffffff, 0x8a4fa382f1515d0b})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000000), 0x121402, 0x0) (async)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) (async)
openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0xfffffffffffffffa, 0x2, 0x4, 0xffffffffffffffff, 0x8a4fa382f1515d0b}) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)

1m28.152338283s ago: executing program 7 (id=359):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0xe3)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r6, 0x40a0ae49, &(0x7f0000000100)={0x3, 0x2, 0xeeef0000, 0x2000, &(0x7f0000c0c000/0x2000)=nil, 0xfffffffffffffff0})
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000340)=[@uexit={0x0, 0x18}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x4, 0x0, 0x5, 0xffff}}, @mrs={0xbe, 0x18, {0x6030000000138017}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8000, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x1, 0x2, 0xfffffceb, 0x7f, 0x2}}, @eret={0xe6, 0x18, 0x7}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x7fffffff, 0x7}}, @smc={0x1e, 0x40, {0x44007ffc, [0x7, 0x7, 0xffffffffffff0000, 0x200, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xd00, 0x5, 0x6}}, @eret={0xe6, 0x18, 0x7}, @code={0xa, 0x9c, {"40a283d20000b8f2010080d2e20180d2230080d2e40180d2020000d40000201e00e691d20020b8f2610080d2e20080d2230080d2e40180d2020000d4407190d200a0b0f2a10080d2620080d2230180d2440180d2020000d4000008d500000010007008d500e4205e00001fd660cd8ed200e0b0f2610080d2420080d2a30180d2840080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x2, 0x35}}, @svc={0x122, 0x40, {0xc4000001, [0x3, 0x5, 0x7, 0x7f1d, 0x1b1]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x3, 0x18b1, 0x7, 0x4}}], 0x29c}, &(0x7f0000000080)=[@featur1={0x1, 0x48}], 0x1)
syz_kvm_assert_reg(r7, 0x4000000000, 0x8000)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r7, 0x4018aee3, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x6)

1m15.295762311s ago: executing program 8 (id=360):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, 0x0, 0x72483, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x28)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0xc018ae85, &(0x7f00000011c0)=@arm64={0x5, 0xff, 0xc, '\x00', 0x5})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000000c0)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r7, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)

1m3.478517625s ago: executing program 7 (id=361):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0xffff1000, 0x1000, &(0x7f00003f1000/0x1000)=nil})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000100)={0xe4, 0x0, 0xfffffffffffffffb})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x34)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616})
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

51.138192067s ago: executing program 8 (id=362):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r4, 0x6, 0x8000) (async)
syz_kvm_assert_reg(r4, 0x6, 0x8000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f00000001c0)=@arm64_core={0x6030000000100046, &(0x7f0000000100)=0x2})
r12 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x6243, 0x1}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r14, 0x4208ae9b, &(0x7f0000000280)={0x20002, 0x0, {[0x4e, 0x3, 0x271, 0x9, 0xf, 0x28a07d71, 0x5, 0x2, 0x2, 0x1000, 0x1, 0xf63, 0x2, 0x3, 0x7fffffff, 0x66d], [0x63f, 0x0, 0x3ff, 0x3, 0x8001, 0x7, 0x80000001, 0x6, 0x5, 0x4, 0x96, 0x4, 0x10000, 0x0, 0x2c, 0xffffffff], [0xfa93, 0x200, 0x4, 0x3, 0xbf7, 0x7, 0x1, 0x3, 0x2, 0x4, 0x0, 0x0, 0x3, 0x7ff, 0xb1c, 0xe0], [0x0, 0x7, 0x44, 0x3ff, 0x9, 0x5, 0xfff, 0x3, 0x5, 0x1000, 0x5ef3, 0x100000000, 0x4, 0x8f81, 0x2, 0x8]}}) (async)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r14, 0x4208ae9b, &(0x7f0000000280)={0x20002, 0x0, {[0x4e, 0x3, 0x271, 0x9, 0xf, 0x28a07d71, 0x5, 0x2, 0x2, 0x1000, 0x1, 0xf63, 0x2, 0x3, 0x7fffffff, 0x66d], [0x63f, 0x0, 0x3ff, 0x3, 0x8001, 0x7, 0x80000001, 0x6, 0x5, 0x4, 0x96, 0x4, 0x10000, 0x0, 0x2c, 0xffffffff], [0xfa93, 0x200, 0x4, 0x3, 0xbf7, 0x7, 0x1, 0x3, 0x2, 0x4, 0x0, 0x0, 0x3, 0x7ff, 0xb1c, 0xe0], [0x0, 0x7, 0x44, 0x3ff, 0x9, 0x5, 0xfff, 0x3, 0x5, 0x1000, 0x5ef3, 0x100000000, 0x4, 0x8f81, 0x2, 0x8]}})

15.180242225s ago: executing program 39 (id=361):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0xffff1000, 0x1000, &(0x7f00003f1000/0x1000)=nil})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000100)={0xe4, 0x0, 0xfffffffffffffffb})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x34)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616})
r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

0s ago: executing program 40 (id=362):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r4, 0x6, 0x8000) (async)
syz_kvm_assert_reg(r4, 0x6, 0x8000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f00000001c0)=@arm64_core={0x6030000000100046, &(0x7f0000000100)=0x2})
r12 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x6243, 0x1}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r14, 0x4208ae9b, &(0x7f0000000280)={0x20002, 0x0, {[0x4e, 0x3, 0x271, 0x9, 0xf, 0x28a07d71, 0x5, 0x2, 0x2, 0x1000, 0x1, 0xf63, 0x2, 0x3, 0x7fffffff, 0x66d], [0x63f, 0x0, 0x3ff, 0x3, 0x8001, 0x7, 0x80000001, 0x6, 0x5, 0x4, 0x96, 0x4, 0x10000, 0x0, 0x2c, 0xffffffff], [0xfa93, 0x200, 0x4, 0x3, 0xbf7, 0x7, 0x1, 0x3, 0x2, 0x4, 0x0, 0x0, 0x3, 0x7ff, 0xb1c, 0xe0], [0x0, 0x7, 0x44, 0x3ff, 0x9, 0x5, 0xfff, 0x3, 0x5, 0x1000, 0x5ef3, 0x100000000, 0x4, 0x8f81, 0x2, 0x8]}}) (async)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r14, 0x4208ae9b, &(0x7f0000000280)={0x20002, 0x0, {[0x4e, 0x3, 0x271, 0x9, 0xf, 0x28a07d71, 0x5, 0x2, 0x2, 0x1000, 0x1, 0xf63, 0x2, 0x3, 0x7fffffff, 0x66d], [0x63f, 0x0, 0x3ff, 0x3, 0x8001, 0x7, 0x80000001, 0x6, 0x5, 0x4, 0x96, 0x4, 0x10000, 0x0, 0x2c, 0xffffffff], [0xfa93, 0x200, 0x4, 0x3, 0xbf7, 0x7, 0x1, 0x3, 0x2, 0x4, 0x0, 0x0, 0x3, 0x7ff, 0xb1c, 0xe0], [0x0, 0x7, 0x44, 0x3ff, 0x9, 0x5, 0xfff, 0x3, 0x5, 0x1000, 0x5ef3, 0x100000000, 0x4, 0x8f81, 0x2, 0x8]}})

kernel console output (not intermixed with test programs):

[  440.129014][ T3151] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:58869' (ED25519) to the list of known hosts.
[  613.218877][   T25] audit: type=1400 audit(612.430:61): avc:  denied  { name_bind } for  pid=3311 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  614.433162][   T25] audit: type=1400 audit(613.660:62): avc:  denied  { execute } for  pid=3312 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  614.460519][   T25] audit: type=1400 audit(613.690:63): avc:  denied  { execute_no_trans } for  pid=3312 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  634.287461][   T25] audit: type=1400 audit(633.510:64): avc:  denied  { mounton } for  pid=3312 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  634.328673][   T25] audit: type=1400 audit(633.540:65): avc:  denied  { mount } for  pid=3312 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  634.491411][ T3312] cgroup: Unknown subsys name 'net'
[  634.589574][   T25] audit: type=1400 audit(633.800:66): avc:  denied  { unmount } for  pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  635.161399][ T3312] cgroup: Unknown subsys name 'cpuset'
[  635.343254][ T3312] cgroup: Unknown subsys name 'rlimit'
[  637.446989][   T25] audit: type=1400 audit(636.670:67): avc:  denied  { setattr } for  pid=3312 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  637.486538][   T25] audit: type=1400 audit(636.690:68): avc:  denied  { mounton } for  pid=3312 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  637.528812][   T25] audit: type=1400 audit(636.730:69): avc:  denied  { mount } for  pid=3312 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  639.993972][ T3316] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  640.027624][   T25] audit: type=1400 audit(639.250:70): avc:  denied  { relabelto } for  pid=3316 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  640.061556][   T25] audit: type=1400 audit(639.290:71): avc:  denied  { write } for  pid=3316 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  640.350941][   T25] audit: type=1400 audit(639.580:72): avc:  denied  { read } for  pid=3312 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  640.379302][   T25] audit: type=1400 audit(639.590:73): avc:  denied  { open } for  pid=3312 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  640.442493][ T3312] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  689.636147][   T25] audit: type=1400 audit(688.850:74): avc:  denied  { execmem } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  694.219935][   T25] audit: type=1400 audit(693.450:75): avc:  denied  { read } for  pid=3319 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  694.239005][   T25] audit: type=1400 audit(693.460:76): avc:  denied  { open } for  pid=3319 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  694.322393][   T25] audit: type=1400 audit(693.550:77): avc:  denied  { mounton } for  pid=3319 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  694.613353][   T25] audit: type=1400 audit(693.840:78): avc:  denied  { module_request } for  pid=3319 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  694.630658][   T25] audit: type=1400 audit(693.860:79): avc:  denied  { module_request } for  pid=3320 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  696.157247][   T25] audit: type=1400 audit(695.360:80): avc:  denied  { sys_module } for  pid=3320 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  725.433411][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  725.674355][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  725.734023][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  725.959763][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  738.204552][ T3320] hsr_slave_0: entered promiscuous mode
[  738.233394][ T3320] hsr_slave_1: entered promiscuous mode
[  739.117535][ T3319] hsr_slave_0: entered promiscuous mode
[  739.152064][ T3319] hsr_slave_1: entered promiscuous mode
[  739.180152][ T3319] debugfs: 'hsr0' already exists in 'hsr'
[  739.184403][ T3319] Cannot create hsr debugfs directory
[  744.822847][   T25] audit: type=1400 audit(744.050:81): avc:  denied  { create } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  744.887148][   T25] audit: type=1400 audit(744.100:82): avc:  denied  { write } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  744.903856][   T25] audit: type=1400 audit(744.130:83): avc:  denied  { read } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  745.041792][ T3320] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  745.434521][ T3320] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  745.779619][ T3320] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  746.091650][ T3320] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  747.593378][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  747.733843][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  747.940798][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  748.144046][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  763.100816][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0
[  766.260407][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0
[  822.992356][ T3320] veth0_vlan: entered promiscuous mode
[  823.619779][ T3320] veth1_vlan: entered promiscuous mode
[  826.318593][ T3319] veth0_vlan: entered promiscuous mode
[  826.682366][ T3320] veth0_macvtap: entered promiscuous mode
[  827.230382][ T3320] veth1_macvtap: entered promiscuous mode
[  827.588598][ T3319] veth1_vlan: entered promiscuous mode
[  830.410523][ T3397] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  830.428980][ T3397] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  830.438907][ T3397] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  830.446287][ T3397] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  831.237993][ T3319] veth0_macvtap: entered promiscuous mode
[  832.118093][ T3319] veth1_macvtap: entered promiscuous mode
[  833.944592][   T25] audit: type=1400 audit(833.170:84): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  834.262077][   T25] audit: type=1400 audit(833.460:85): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzkaller.M3Prl6/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  834.508585][   T25] audit: type=1400 audit(833.710:86): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  835.202101][   T25] audit: type=1400 audit(834.370:87): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzkaller.M3Prl6/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  835.477753][   T25] audit: type=1400 audit(834.690:88): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzkaller.M3Prl6/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3793 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  835.980917][ T3397] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  836.007224][ T3397] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  836.026820][ T3397] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  836.059968][ T3397] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  836.532226][   T25] audit: type=1400 audit(835.760:89): avc:  denied  { unmount } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  836.849459][   T25] audit: type=1400 audit(836.070:90): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  837.064297][   T25] audit: type=1400 audit(836.290:91): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="gadgetfs" ino=3804 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  837.568231][   T25] audit: type=1400 audit(836.790:92): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  837.696503][   T25] audit: type=1400 audit(836.920:93): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  838.872936][ T3320] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  839.587287][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  839.600841][   T25] audit: type=1400 audit(838.800:95): avc:  denied  { read write } for  pid=3320 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  839.657083][   T25] audit: type=1400 audit(838.860:96): avc:  denied  { open } for  pid=3320 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  839.714173][   T25] audit: type=1400 audit(838.940:97): avc:  denied  { ioctl } for  pid=3320 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  848.517088][   T25] audit: type=1400 audit(847.740:98): avc:  denied  { read } for  pid=3471 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  848.537577][   T25] audit: type=1400 audit(847.760:99): avc:  denied  { open } for  pid=3471 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  848.640963][   T25] audit: type=1400 audit(847.860:100): avc:  denied  { ioctl } for  pid=3471 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  850.749353][   T25] audit: type=1400 audit(849.890:101): avc:  denied  { execute } for  pid=3471 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3902 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  889.116965][   T25] audit: type=1400 audit(888.340:102): avc:  denied  { append } for  pid=3503 comm="syz.1.10" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  930.993396][   T25] audit: type=1400 audit(930.220:103): avc:  denied  { write } for  pid=3529 comm="syz.1.19" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1003.416549][   T25] audit: type=1400 audit(1002.630:104): avc:  denied  { setattr } for  pid=3583 comm="syz.0.34" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1186.050526][   T25] audit: type=1400 audit(1185.230:105): avc:  denied  { map } for  pid=3696 comm="syz.1.74" path="pipe:[2815]" dev="pipefs" ino=2815 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1198.039011][ T3705] kvm [3705]: Failed to find VMA for hva 0x21016000
[ 1389.494194][   T25] audit: type=1400 audit(1388.660:106): avc:  denied  { ioctl } for  pid=3824 comm="syz.1.113" path="net:[4026532615]" dev="nsfs" ino=4026532615 ioctlcmd=0xb709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1520.672135][ T3890] kvm [3890]: Failed to find VMA for hva 0x20c01000
[ 1753.518216][ T3315] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1754.714355][ T3315] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1755.701969][ T3315] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1756.789018][ T3315] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1773.517462][ T3315] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1773.729556][ T3315] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1773.968835][ T3315] bond0 (unregistering): Released all slaves
[ 1776.290701][ T3315] hsr_slave_0: left promiscuous mode
[ 1776.440193][ T3315] hsr_slave_1: left promiscuous mode
[ 1777.168349][ T3315] veth1_macvtap: left promiscuous mode
[ 1777.185580][ T3315] veth0_macvtap: left promiscuous mode
[ 1777.197055][ T3315] veth1_vlan: left promiscuous mode
[ 1777.212771][ T3315] veth0_vlan: left promiscuous mode
[ 1849.518289][ T4010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1849.849531][ T4010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1881.953672][ T4010] hsr_slave_0: entered promiscuous mode
[ 1882.039158][ T4010] hsr_slave_1: entered promiscuous mode
[ 1882.094007][ T4010] debugfs: 'hsr0' already exists in 'hsr'
[ 1882.098927][ T4010] Cannot create hsr debugfs directory
[ 1895.027904][ T4010] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1895.336767][ T4010] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1895.606380][ T4010] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1895.901762][ T4010] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1922.770751][ T4010] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2032.850898][ T4010] veth0_vlan: entered promiscuous mode
[ 2034.049373][ T4010] veth1_vlan: entered promiscuous mode
[ 2037.493404][ T4010] veth0_macvtap: entered promiscuous mode
[ 2038.179019][ T4010] veth1_macvtap: entered promiscuous mode
[ 2042.028850][ T3394] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2042.032730][ T3394] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2042.061369][ T3394] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2042.086443][ T3394] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2045.617598][   T25] audit: type=1400 audit(2044.820:107): avc:  denied  { mounton } for  pid=4010 comm="syz-executor" path="/syzkaller.rTGufm/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 2251.437578][   T25] audit: type=1400 audit(2250.660:108): avc:  denied  { map } for  pid=4358 comm="syz.2.222" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2288.759013][ T4379] kvm [4379]: Failed to find VMA for hva 0x21016000
[ 2288.823659][ T4380] kvm [4380]: Failed to find VMA for hva 0x21016000
[ 2689.199827][ T4031] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2691.198170][ T4031] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2693.311088][ T4031] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2695.262377][ T4031] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2720.290616][ T4031] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2720.652664][ T4031] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2720.832848][ T4031] bond0 (unregistering): Released all slaves
[ 2723.539292][ T4031] hsr_slave_0: left promiscuous mode
[ 2723.637792][ T4031] hsr_slave_1: left promiscuous mode
[ 2724.276370][ T4031] veth1_macvtap: left promiscuous mode
[ 2724.286608][ T4031] veth0_macvtap: left promiscuous mode
[ 2724.291198][ T4031] veth1_vlan: left promiscuous mode
[ 2724.327501][ T4031] veth0_vlan: left promiscuous mode
[ 2807.611796][ T4571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2807.972340][ T4571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2845.333366][ T4571] hsr_slave_0: entered promiscuous mode
[ 2845.488574][ T4571] hsr_slave_1: entered promiscuous mode
[ 2862.571752][ T4571] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2863.027002][ T4571] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2863.292246][ T4571] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2863.758819][ T4571] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2897.811948][ T4571] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2970.822078][ T4039] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2972.460263][ T4039] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2974.200087][ T4039] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2975.353350][ T4039] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2997.780997][ T4039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2998.022692][ T4039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2998.223666][ T4039] bond0 (unregistering): Released all slaves
[ 3000.381917][ T4039] hsr_slave_0: left promiscuous mode
[ 3000.450409][ T4039] hsr_slave_1: left promiscuous mode
[ 3001.158105][ T4039] veth1_macvtap: left promiscuous mode
[ 3001.167580][ T4039] veth0_macvtap: left promiscuous mode
[ 3001.218128][ T4039] veth1_vlan: left promiscuous mode
[ 3001.259214][ T4039] veth0_vlan: left promiscuous mode
[ 3042.523699][ T4571] veth0_vlan: entered promiscuous mode
[ 3043.267703][ T4571] veth1_vlan: entered promiscuous mode
[ 3045.772478][ T4571] veth0_macvtap: entered promiscuous mode
[ 3046.192778][ T4571] veth1_macvtap: entered promiscuous mode
[ 3052.619351][ T4031] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3052.658046][ T4791] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3052.663018][ T4791] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3052.746532][ T3394] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3071.106507][ T4763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3071.688231][ T4763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3106.062565][ T4763] hsr_slave_0: entered promiscuous mode
[ 3106.142947][ T4763] hsr_slave_1: entered promiscuous mode
[ 3106.225783][ T4763] debugfs: 'hsr0' already exists in 'hsr'
[ 3106.228824][ T4763] Cannot create hsr debugfs directory
[ 3129.220126][ T4763] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 3129.722247][ T4763] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 3130.094079][ T4763] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 3130.657573][ T4763] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 3164.068672][ T4763] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3286.839151][ T4574] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3288.511074][ T4574] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3289.743633][ T4574] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3291.451363][ T4574] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3315.576966][ T4574] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3315.857997][ T4574] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3316.004063][ T4574] bond0 (unregistering): Released all slaves
[ 3319.577527][ T4574] hsr_slave_0: left promiscuous mode
[ 3319.718820][ T4574] hsr_slave_1: left promiscuous mode
[ 3320.373632][ T4574] veth1_macvtap: left promiscuous mode
[ 3320.406553][ T4574] veth0_macvtap: left promiscuous mode
[ 3320.425507][ T4574] veth1_vlan: left promiscuous mode
[ 3320.439567][ T4574] veth0_vlan: left promiscuous mode
[ 3343.692275][ T4763] veth0_vlan: entered promiscuous mode
[ 3344.498673][ T4763] veth1_vlan: entered promiscuous mode
[ 3347.414465][ T4763] veth0_macvtap: entered promiscuous mode
[ 3347.831841][ T4763] veth1_macvtap: entered promiscuous mode
[ 3350.794011][   T35] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3350.798027][   T35] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3350.908858][   T35] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3350.911442][   T35] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3356.064053][ T4935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3356.618917][ T4935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3399.770591][ T4935] hsr_slave_0: entered promiscuous mode
[ 3399.859833][ T4935] hsr_slave_1: entered promiscuous mode
[ 3421.470416][ T4935] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 3421.882358][ T4935] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 3422.327920][ T4935] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 3422.720056][ T4935] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 3460.731316][ T4935] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3595.129486][ T4576] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3597.268079][ T4576] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3599.191875][ T4576] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3600.798303][ T4576] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3628.854239][ T4576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3629.263810][ T4576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3629.504101][ T4576] bond0 (unregistering): Released all slaves
[ 3631.760694][ T4576] hsr_slave_0: left promiscuous mode
[ 3631.898010][ T4576] hsr_slave_1: left promiscuous mode
[ 3632.572772][ T4576] veth1_macvtap: left promiscuous mode
[ 3632.626481][ T4576] veth0_macvtap: left promiscuous mode
[ 3632.641163][ T4576] veth1_vlan: left promiscuous mode
[ 3632.659714][ T4576] veth0_vlan: left promiscuous mode
[ 3664.699322][ T4935] veth0_vlan: entered promiscuous mode
[ 3665.744645][ T4935] veth1_vlan: entered promiscuous mode
[ 3670.977814][ T4935] veth0_macvtap: entered promiscuous mode
[ 3671.618442][ T4935] veth1_macvtap: entered promiscuous mode
[ 3675.058279][ T4574] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3675.062412][ T4574] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3675.649074][ T4574] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3675.653152][ T4574] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3715.820980][ T5160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3716.282742][ T5160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3763.343863][ T5160] hsr_slave_0: entered promiscuous mode
[ 3763.510035][ T5160] hsr_slave_1: entered promiscuous mode
[ 3763.610111][ T5160] debugfs: 'hsr0' already exists in 'hsr'
[ 3763.645929][ T5160] Cannot create hsr debugfs directory
[ 3788.760505][ T5160] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 3789.422459][ T5160] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 3790.300488][ T5160] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 3790.843558][ T5160] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 3832.230917][ T5160] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4023.038102][ T5160] veth0_vlan: entered promiscuous mode
[ 4024.812249][ T5160] veth1_vlan: entered promiscuous mode
[ 4029.229000][ T5160] veth0_macvtap: entered promiscuous mode
[ 4030.094288][ T5160] veth1_macvtap: entered promiscuous mode
[ 4034.964436][   T49] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4034.991636][ T4791] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4035.011779][ T3315] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4035.018788][ T4574] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4170.370500][ T4791] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4174.888281][ T4791] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4177.363537][ T4791] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4179.200837][ T4791] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4200.503436][ T4791] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4201.671661][ T4791] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4202.084145][ T4791] bond0 (unregistering): Released all slaves
[ 4205.032288][ T4791] hsr_slave_0: left promiscuous mode
[ 4205.181748][ T4791] hsr_slave_1: left promiscuous mode
[ 4205.894366][ T4791] veth1_macvtap: left promiscuous mode
[ 4205.917193][ T4791] veth0_macvtap: left promiscuous mode
[ 4205.950189][ T4791] veth1_vlan: left promiscuous mode
[ 4205.988147][ T4791] veth0_vlan: left promiscuous mode
[ 4238.408643][ T4576] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4239.457678][ T4576] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4240.739186][ T4576] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4242.388719][ T4576] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4268.398973][ T4576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4268.608567][ T4576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4268.739836][ T4576] bond0 (unregistering): Released all slaves
[ 4271.219709][ T4576] hsr_slave_0: left promiscuous mode
[ 4271.352442][ T4576] hsr_slave_1: left promiscuous mode
[ 4272.170070][ T4576] veth1_macvtap: left promiscuous mode
[ 4272.216952][ T4576] veth0_macvtap: left promiscuous mode
[ 4272.228106][ T4576] veth1_vlan: left promiscuous mode
[ 4272.239690][ T4576] veth0_vlan: left promiscuous mode
[ 4320.772074][ T5474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4321.200209][ T5474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4328.408942][ T5483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4328.794450][ T5483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4359.011493][ T5474] hsr_slave_0: entered promiscuous mode
[ 4359.152032][ T5474] hsr_slave_1: entered promiscuous mode
[ 4365.231228][ T5483] hsr_slave_0: entered promiscuous mode
[ 4365.319113][ T5483] hsr_slave_1: entered promiscuous mode
[ 4365.378400][ T5483] debugfs: 'hsr0' already exists in 'hsr'
[ 4365.381502][ T5483] Cannot create hsr debugfs directory
[ 4384.263440][ T5474] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 4385.488235][ T5474] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 4386.530584][ T5474] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 4388.267169][ T5474] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 4394.713935][ T5483] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 4395.484071][ T5483] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 4396.089811][ T5483] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 4396.709302][ T5483] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 4430.481566][ T5474] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4435.310045][ T5483] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4612.917391][ T5474] veth0_vlan: entered promiscuous mode
[ 4614.359943][ T5474] veth1_vlan: entered promiscuous mode
[ 4618.998651][ T5483] veth0_vlan: entered promiscuous mode
[ 4621.814192][ T5483] veth1_vlan: entered promiscuous mode
[ 4622.440664][ T5474] veth0_macvtap: entered promiscuous mode
[ 4623.520887][ T5474] veth1_macvtap: entered promiscuous mode
[ 4630.606586][ T4576] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4630.611721][ T4576] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4630.672023][ T5483] veth0_macvtap: entered promiscuous mode
[ 4631.028005][ T3413] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4631.040392][ T3413] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4632.391209][ T5483] veth1_macvtap: entered promiscuous mode
[ 4640.939898][ T5169] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4640.947802][ T3413] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4640.974135][ T3413] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4641.258506][ T4428] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4980.537322][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4981.310046][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4997.152677][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4997.816703][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5047.041875][ T5794] hsr_slave_0: entered promiscuous mode
[ 5047.151354][ T5794] hsr_slave_1: entered promiscuous mode
[ 5047.313981][ T5794] debugfs: 'hsr0' already exists in 'hsr'
[ 5047.359176][ T5794] Cannot create hsr debugfs directory
[ 5062.984407][ T5800] hsr_slave_0: entered promiscuous mode
[ 5063.212803][ T5800] hsr_slave_1: entered promiscuous mode
[ 5063.308828][ T5800] debugfs: 'hsr0' already exists in 'hsr'
[ 5063.327032][ T5800] Cannot create hsr debugfs directory
[ 5095.507475][ T5794] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 5097.930707][ T5794] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 5101.867684][ T5794] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 5106.053078][ T5794] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 5130.620670][ T5800] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 5131.598061][ T5800] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 5132.193188][ T5800] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 5133.127026][ T5800] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 5171.713278][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5189.723194][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5221.103282][   T27] INFO: task syz.8.362:5780 blocked for more than 430 seconds.
[ 5221.104521][   T27]       Not tainted syzkaller #0
[ 5221.106689][   T27]       Blocked by coredump.
[ 5221.107014][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 5221.107482][   T27] task:syz.8.362       state:D stack:0     pid:5780  tgid:5777  ppid:5483   task_flags:0x40044c flags:0x00000018
[ 5221.108947][   T27] Call trace:
[ 5221.109456][   T27]  __switch_to+0x584/0xb20 (T)
[ 5221.111527][   T27]  __schedule+0x1eec/0x33a4
[ 5221.112113][   T27]  schedule+0xac/0x27c
[ 5221.112640][   T27]  schedule_timeout+0x5c/0x1e4
[ 5221.113073][   T27]  do_wait_for_common+0x28c/0x444
[ 5221.113597][   T27]  wait_for_completion+0x44/0x5c
[ 5221.114148][   T27]  __synchronize_srcu+0x2a4/0x320
[ 5221.223489][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 5221.247993][   T27]  __mmu_notifier_release+0x424/0x614
[ 5221.248729][   T27]  exit_mmap+0xb8/0xbb8
[ 5221.249163][   T27]  __mmput+0x10c/0x528
[ 5221.249657][   T27]  mmput+0x70/0xac
[ 5221.250148][   T27]  exit_mm+0x158/0x258
[ 5221.250623][   T27]  do_exit+0x788/0x2378
[ 5221.251057][   T27]  do_group_exit+0x1d4/0x2ac
[ 5221.251513][   T27]  get_signal+0x1440/0x1554
[ 5221.251989][   T27]  do_signal+0x23c/0x4dd0
[ 5221.252488][   T27]  do_notify_resume+0xb0/0x270
[ 5221.252937][   T27]  el0_svc+0xb8/0x164
[ 5221.253361][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 5221.253793][   T27]  el0t_64_sync+0x198/0x19c
[ 5221.417836][   T27] 
[ 5221.417836][   T27] Showing all locks held in the system:
[ 5221.439919][   T27] 1 lock held by khungtaskd/27:
[ 5221.440470][   T27]  #0: ffff800087806858 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 5221.443172][   T27] 2 locks held by getty/3179:
[ 5221.443583][   T27]  #0: ccf0000011c4a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 5221.569256][   T27]  #1: 9dff80008c54b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 5221.571052][   T27] 3 locks held by kworker/u4:0/3315:
[ 5221.571395][   T27] 3 locks held by kworker/u4:1/3394:
[ 5221.571728][   T27] 3 locks held by kworker/u4:9/4576:
SYZFAIL: failed to recv rpc
[ 5221.572051][   T27] 3 locks held by kworker/u4:11/4791:
[ 5221.572398][   T27] 3 locks held by kworker/u4:6/5360:
[ 5221.572729][   T27] 3 locks held by kworker/u4:7/5485:
[ 5221.573084][   T27] 2 locks held by kworker/0:0/5712:
[ 5221.573419][   T27] 2 locks held by syz.7.361/5772:
[ 5221.573778][   T27] 2 locks held by kworker/0:5/5860:
[ 5221.574118][   T27] 2 locks held by kworker/u4:5/5885:
[ 5221.574434][   T27]  #0: ebf000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5221.742743][   T27]  #1: ffff80008fff7c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5221.744517][   T27] 1 lock held by modprobe/5952:
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5221.809709][   T27] 
[ 5221.810096][   T27] =============================================
[ 5221.810096][   T27] 
[ 5221.810904][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 5221.815902][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 5221.817393][   T27] Hardware name: linux,dummy-virt (DT)
[ 5221.818384][   T27] Call trace:
[ 5221.819208][   T27]  show_stack+0x2c/0x3c (C)
[ 5221.820226][   T27]  __dump_stack+0x30/0x40
[ 5221.821076][   T27]  dump_stack_lvl+0x30/0x12c
[ 5221.822023][   T27]  dump_stack+0x1c/0x28
[ 5221.822819][   T27]  vpanic+0x22c/0x59c
[ 5221.823562][   T27]  vpanic+0x0/0x59c
[ 5221.824351][   T27]  hung_task_panic+0x0/0x2c
[ 5221.825200][   T27]  kthread+0x794/0x9a0
[ 5221.826136][   T27]  ret_from_fork+0x10/0x20
[ 5221.828026][   T27] Kernel Offset: disabled
[ 5221.828798][   T27] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 5221.830085][   T27] Memory Limit: none
[ 5221.832517][   T27] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:33:14  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008048be78 X00=0000000000000000 X01=0000000100000102
X02=000000000000000e X03=00000000b6e2353a X04=0000000000000003
X05=0000000000000001 X06=0000000000000000 X07=ffff800081b5429c
X08=ffff8000878c2c58 X09=0000000000000019 X10=0000000000000019
X11=ffff800087f69a20 X12=0ffff8000878c2c5 X13=0000000000000001
X14=00000000ffff8000 X15=ffff800080007708 X16=ffff800080010e20
X17=00000000000000af X18=00000000000000ff X19=b3f0000011a6a228
X20=00000000000000b3 X21=0000000000000000 X22=00000000b6e2353a
X23=0000000000000000 X24=fff00000719973a0 X25=0000000000000070
X26=2bf000000ea46a80 X27=0000000000000220 X28=0000000000000000
X29=ffff800080007600 X30=ffff800081b54618  SP=ffff800080007630
PSTATE=404020c9 -Z-- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=65642f000a732520:7325207334362e25
Z02=742065726f6d2072:6f662064656b636f Z03=000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:000f00f00f00000f Z05=64656b636f6c6220:303837353a323633
Z06=203a29315f657661:6c735f646e6f6220 Z07=206e612073612067:6e6976616c736e45
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffcb6b5970:0000ffffcb6b5970 Z17=ffffff80ffffffd0:0000ffffcb6b5940
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000