last executing test programs:

10m14.900369058s ago: executing program 1 (id=104):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2a0140, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
r5 = eventfd2(0x0, 0x0)
close(r4)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r5, &(0x7f0000000180)=0x5, 0xfffffde3) (async)
write$eventfd(r5, &(0x7f0000000180)=0x5, 0xfffffde3)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x40010, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x40010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x1}}, @hvc={0x32, 0x40, {0x5000000, [0x7f, 0x7, 0x7, 0x2, 0x1]}}], 0x68}, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x1}}, @hvc={0x32, 0x40, {0x5000000, [0x7f, 0x7, 0x7, 0x2, 0x1]}}], 0x68}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x4, 0xa0) (async)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x4, 0xa0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
mmap$KVM_VCPU(&(0x7f0000f53000/0xc000)=nil, 0x930, 0x3, 0x10, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x400000000000030) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x400000000000030)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
write$eventfd(r9, &(0x7f00000001c0)=0x7ffffff, 0xfdef)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)

10m6.157894496s ago: executing program 1 (id=107):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@irq_setup={0x5, 0x18}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r12, 0x3})
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000140)={0x3, 0x0, 0x2, r12, 0xb})
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x21)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r15, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r15, 0x0)
ioctl$KVM_CHECK_EXTENSION(r15, 0xae03, 0xc)
r16 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r17 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r17, 0x3, 0x11, r9, 0x0)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r17, 0x3, 0x11, r16, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)

9m59.222259513s ago: executing program 0 (id=108):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x101800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
r7 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x2, 0x100)
r8 = eventfd2(0x1, 0x80001)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r8, 0x3})
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x1000000})
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r9, 0x600000c, 0x28031, 0xffffffffffffffff, 0x0)

9m53.989928239s ago: executing program 1 (id=109):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xc3)
openat$kvm(0xffffffffffffff9c, 0x0, 0x18b080, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200802, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f00006cc000/0x1000)=nil, 0x1000)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r5, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f8e000/0x4000)=nil, r5, 0x1000008, 0x13, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e9d000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f00005d2000/0x2000)=nil, r5, 0x2, 0x10, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000cdb000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, r3, 0x3000000, 0x80010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r3, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000834000/0x3000)=nil, 0x930, 0x100000a, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000004000/0x4000)=nil, 0x930, 0x2000004, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2000002, 0x4010, 0xffffffffffffffff, 0x0)

9m52.560425823s ago: executing program 0 (id=110):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x6243, 0x5}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

9m45.82034598s ago: executing program 1 (id=111):
r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
r1 = eventfd2(0x2, 0x80800)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x100000001)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x2, r1})
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454d0, 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1a)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000bfd000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000002c0)=[@its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x0, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0xbb}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x2}}, @svc={0x122, 0x40, {0xc4000007, [0xfffffffffffffff1, 0x10000, 0xfffffffffffffff9, 0x7, 0x100]}}, @mrs={0xbe, 0x18, {0x603000000013da15}}, @msr={0x14, 0x20, {0x603000000013df4a}}, @svc={0x122, 0x40, {0x2, [0x1, 0x500000, 0x6, 0x4, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013e6c2}}, @uexit={0x0, 0x18, 0x6}, @irq_setup={0x46, 0x18, {0x2, 0x32}}], 0x178}], 0x1, 0x0, &(0x7f00000000c0)=[@featur1={0x1, 0x8}], 0x1)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r8, 0x400454d0, 0x1)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
ioctl$KVM_CAP_ARM_MTE(r11, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000200)=@arm64_fw={0x6030000000140003, &(0x7f00000001c0)})
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r12 = eventfd2(0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0x80111500, 0x20000000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5)

9m44.741958409s ago: executing program 0 (id=112):
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000000)={0x0, 0x104000, 0xfffffffe})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, 0xfffffffffffffffe)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

9m37.160052091s ago: executing program 0 (id=113):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r1, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) (async, rerun: 32)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x5, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4}}], 0x75}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r2, 0x40000000000008, 0xc0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async, rerun: 32)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (rerun: 32)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
r10 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) (async, rerun: 64)
r11 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
ioctl$KVM_CREATE_VM(r11, 0xae03, 0xc3)
ioctl$KVM_CREATE_VM(r10, 0x401c5820, 0x20000001)

9m26.04008333s ago: executing program 1 (id=114):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0x0, 0x6, 0x2, 0x4}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8})
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000000)={0x7, <r6=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000bde000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x2, 0xd, 0x97, 0x0, 0x2}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
r12 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r11, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="fb0149dd033be3ac2cc4a2260c96108f1f449a7a835673312b54ebb2aa76c869d22627e7ef180000000000000000000000000000000000000000000000001b00", 0x0, 0x3a)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0)
r13 = eventfd2(0x0, 0x0)
close(r13)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r14 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
write$eventfd(r13, &(0x7f0000000180)=0x5, 0xfffffde3)

9m24.94487732s ago: executing program 0 (id=115):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@x86={0x79, 0x2, 0xed, 0x0, 0x8, 0x3c, 0x6, 0x1, 0x2, 0x8, 0xfc, 0x40, 0x0, 0x0, 0x0, 0x1, 0x6, 0x6, 0x35, '\x00', 0x7, 0xde3e})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0xeffffffb, 0x80800)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r6, 0x1})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r6, 0x3})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r6, 0xb})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)

9m14.820388459s ago: executing program 0 (id=116):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) (async)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @eret={0xe6, 0x18}], 0x40}, 0x0, 0x0) (async)
r5 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2a)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) (async)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x2e)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r9, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000700)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3})
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="4600000000000000180000000000000001000800", @ANYRES32=r5, @ANYRESHEX=r4, @ANYRESHEX=r5, @ANYRES64=r2], 0x18}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x1}}], 0x20}, &(0x7f0000000300)=[@featur2={0x1, 0x95}], 0x1) (async)
r17 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r18, &(0x7f0000c00000/0x400000)=nil)

9m7.822110083s ago: executing program 1 (id=117):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x76d107, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
r7 = syz_kvm_vgic_v3_setup(r5, 0x2, 0x80)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x6, 0x3, 0x0})
ioctl$KVM_GET_REGS(r3, 0x8360ae81, 0x0)

8m28.576382837s ago: executing program 32 (id=116):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) (async)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @eret={0xe6, 0x18}], 0x40}, 0x0, 0x0) (async)
r5 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2a)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) (async)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x2e)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r9, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000700)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3})
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="4600000000000000180000000000000001000800", @ANYRES32=r5, @ANYRESHEX=r4, @ANYRESHEX=r5, @ANYRES64=r2], 0x18}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x1}}], 0x20}, &(0x7f0000000300)=[@featur2={0x1, 0x95}], 0x1) (async)
r17 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r18, &(0x7f0000c00000/0x400000)=nil)

8m19.883118633s ago: executing program 33 (id=117):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x76d107, 0x0)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
r7 = syz_kvm_vgic_v3_setup(r5, 0x2, 0x80)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x6, 0x3, 0x0})
ioctl$KVM_GET_REGS(r3, 0x8360ae81, 0x0)

1m21.625265934s ago: executing program 2 (id=132):
r0 = mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, 0x0, 0xd, 0x8010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="6bd4f3d2abb061b4621d23f31fb6e7323e17e5cd3195c5914bf0bc16a1b265b8b44d83136598d1cc101454c37e03b5ab1e58d950ab259b929e22de4828d25d4b23974d647a9bd095", 0x0, 0x48)
r1 = eventfd2(0x1, 0x0)
write$eventfd(r1, &(0x7f0000000080)=0x8, 0x8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200080, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xa)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000100)={0xeeef0000, 0x11a000, 0x1})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x7, 0xdddd1000, 0x8, r1, 0x4})
r5 = syz_kvm_vgic_v3_setup(r3, 0x3, 0x80)
ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7)
r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f0000000180)={0x40, 0xe4e})
ioctl$KVM_SET_USER_MEMORY_REGION2(r3, 0x40a0ae49, &(0x7f00000001c0)={0x1, 0x2, 0xeeee0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x7, r6})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000280)="3a4dccf04e187cc6479703c6a348df8928b5b35b5f0c8d88acb57926a2e67793091c836adc5693d92648771e302dcb5437db5ab7af155ff6d1390a7c5e96c5b2e0a9b120df65a4cd", 0x0, 0x48)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x3ff)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r3, 0x4018aee3, &(0x7f0000000340)=@attr_other={0x0, 0x5, 0xf, &(0x7f0000000300)=0x200})
r8 = mmap$KVM_VCPU(&(0x7f0000de6000/0x3000)=nil, r7, 0x8, 0x13, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000380)="91cdc5d07cb201f4224e42f631fa8e9684709cd8661a206fdb9ffb9ebd7c7e443d29e0009651a97a224794d2184ded64215343356430abb96d6f2a30af5b4481acd0051be4cc9bbd", 0x0, 0x48)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x7, 0x1, &(0x7f0000000400)=0x8})
ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000480)={0xb6, 0x0, 0x3})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000500)="d81a202131e33e5cdc59548f4145d74c39c9cf90c6f0c498d127ecd5363534b93380450378c67375477c828c450ca749199e1139527783fe2b25714e5573cbd54bff9b2d5d6dd22a", 0x0, 0x48)
syz_memcpy_off$KVM_EXIT_MMIO(r8, 0x20, &(0x7f0000000580)="7adc6bd15da2ef520d4f50caa2ddb6353b0fa880c6ec011e", 0x0, 0x18)
close(r3)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x5)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x401)
openat$kvm(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)

1m10.011995676s ago: executing program 2 (id=133):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000d95000/0x4000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x18b080, 0x0)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f000049b000/0x400000)=nil, 0x400000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
openat$kvm(0x0, &(0x7f0000000040), 0x3534c1, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000280)=@arm64_fp_extra={0x60200000001000d5, &(0x7f0000000240)=0x7fffffffffffffff})

1m2.453954084s ago: executing program 3 (id=134):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0e82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x80000)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001340)={0x0, 0x0, 0x2, r2, 0x4})
r3 = eventfd2(0x71ff, 0x1)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x1, 0x0, r3})
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x59, 0x0, 0x6, r2, 0xf})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000000200))
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000240), 0x4000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r9, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x1, 0x0})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r11, 0x0, 0xaf832, r0, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04)
r14 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r13, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)

57.112014708s ago: executing program 2 (id=135):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
r2 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (rerun: 64)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_GET_STATS_FD_cpu(r7, 0xaece) (async)
close(0xffffffffffffffff) (async, rerun: 64)
r8 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (rerun: 64)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013d000, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, 0x0) (async)
ioctl$KVM_RUN(r11, 0xae80, 0x0) (async, rerun: 32)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100004, &(0x7f0000000000)=0x300000000000}) (rerun: 32)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r13, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_cpu$arm64(r13, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
r14 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r15 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r14, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f0000000100)="fb0149dd033be3ac2cc4a29ea6af8031d1dfd900080001000000315f9731c10d097fd66f8f1f44f9ffffffffffffffebb207000000000000000000002a2900", 0x0, 0x48)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r3, 0x4068aea3, &(0x7f0000000180)) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r14, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)

48.316841403s ago: executing program 3 (id=136):
r0 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x100000c, 0x4d832, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0xc0000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x40)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013c023, &(0x7f0000000000)=0x2})

45.113700049s ago: executing program 2 (id=137):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20)
ioctl$KVM_IOEVENTFD(r1, 0xc0189436, &(0x7f0000000180)={0x0, 0xd000, 0x8, 0xffffffffffffffff, 0x5})
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_GET_API_VERSION(r2, 0xae00, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r4, 0x400454e2, 0x110c210020) (async)
r5 = eventfd2(0x9, 0x800)
write$eventfd(r5, &(0x7f0000000000)=0x3, 0x8)

35.782257678s ago: executing program 3 (id=138):
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x1, 0x800000000008, &(0x7f00000004c0)=0x1}) (async)
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) (async)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r4, 0x8, 0x8010, 0xffffffffffffffff, 0x0)

32.190103204s ago: executing program 2 (id=139):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = ioctl$KVM_CREATE_VM(r2, 0x400454ce, 0x110c230008)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x4, 0xa}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x0, 0x380)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100006, &(0x7f0000000100)=0xc5c5})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_VM(r2, 0x400454ce, 0x110c230008) (async)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x4, 0xa}}], 0x30}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r5, 0x0, 0x380) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100006, &(0x7f0000000100)=0xc5c5}) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)

23.87250937s ago: executing program 3 (id=140):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000000c0), 0x55}, &(0x7f00000000c0)=[@featur1={0x1, 0xa9}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013e7fc, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1d)
r9 = eventfd2(0x0, 0x80800)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000000)={0x2, 0x6000, 0x0, r9, 0xd})
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x2ff, 0x9, &(0x7f0000000040)=0x80000001})
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_GET_DEVICE_ATTR(r12, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d)
syz_kvm_vgic_v3_setup(r13, 0x4, 0x180)

14.470377167s ago: executing program 2 (id=141):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

10.391750623s ago: executing program 3 (id=142):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xb)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x4, <r1=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000040)={0x4, 0x0, [{0x7, 0x1, 0x0, 0x0, @irqchip={0x5, 0x80}}, {0x1, 0x4, 0x0, 0x0, @msi={0x7fff, 0x5, 0xe, 0xffffffff}}, {0x4, 0x5, 0x0, 0x0, @sint={0x9}}, {0x4, 0x1, 0x1, 0x0, @adapter={0x10000, 0xe, 0xe0, 0x0, 0xfffffffe}}]})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(r0, 0xc004aea7, &(0x7f0000000140)=0x9)
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x8, &(0x7f0000000180)=0x9})
ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000240)=@attr_other={0x0, 0x8, 0x8000, &(0x7f0000000200)=0xa})
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r0, 0x4068aea3, &(0x7f0000000280))
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000300)={0x2710, 0x4, 0x4000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
r2 = eventfd2(0x1, 0x801)
r3 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000340)={r2, 0x3889, 0x2, r3})
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x31)
ioctl$KVM_CLEAR_DIRTY_LOG(r4, 0xc018aec0, &(0x7f0000000780)={0x2, 0x340, 0x140, &(0x7f0000000380)=[0x8, 0xdd, 0xff, 0x8, 0x7f, 0x4, 0x4, 0xb, 0xd, 0x7f, 0x6, 0x4, 0x0, 0x2, 0x3, 0x6, 0x5cee, 0x831, 0x4, 0x6, 0x8, 0x8, 0x6, 0xa91, 0x8, 0x5, 0xd361, 0x7, 0x4, 0x4000000000, 0x17e3, 0x5, 0x41e5, 0x0, 0xff, 0x2, 0x5, 0x1, 0xffff, 0x3080000000000000, 0x6c1e, 0x1, 0x7, 0x5, 0x4955, 0x1, 0x1, 0x6, 0x4, 0x7ff, 0xfffffffffffffbfd, 0x5, 0x9, 0x3, 0xb8c, 0x455e0895, 0x1, 0x6, 0x3183, 0x6, 0x0, 0x8000, 0x7, 0x6, 0x1, 0xb, 0x7fffffff, 0x1, 0xfffffffffffffff2, 0xfff, 0x8, 0x81, 0x7, 0x0, 0x1, 0xffffffffffffd8a5, 0xe0f, 0xb9, 0x7, 0xffff, 0x2, 0x3ff, 0x6, 0x4, 0x8000000000000000, 0x2, 0x3, 0x2, 0x80, 0x9, 0x3, 0x9a, 0x6, 0x4, 0x1c8, 0x3, 0xc, 0x0, 0x7, 0x9, 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x1, 0xfffffffffffffffc, 0xa, 0x80000001, 0x9, 0x0, 0xffff, 0x6, 0x340000, 0x9, 0x223f, 0x0, 0x44a7, 0x5, 0x7, 0x94e, 0x2, 0x2, 0x9, 0x4, 0x88, 0x4, 0x4, 0xe8a7]})
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x8)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x4010aeb5, &(0x7f00000007c0)={0xffff, 0x844})
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x40)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000800)={r2, 0x3, 0x1, r2})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfd000/0x400000)=nil)
ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f0000000840))
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1c)
ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, &(0x7f00000008c0)={0xfffffff7, 0x9})
r7 = mmap$KVM_VCPU(&(0x7f0000e27000/0x1000)=nil, 0x0, 0x2, 0x13, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000900)="9ef56033c270c072b00e6ffddd5933357869a5092ac97a3271680c03135475b107656fe6b6e1cf4bad2f1d77a81c2bd8dce6beff58155eb594dac690c113a1eb54444a6ed028e846", 0x0, 0x48)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000009c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000980)=0x6})
ioctl$KVM_CAP_ARM_USER_IRQ(r5, 0x4068aea3, &(0x7f0000000a00))
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x8)
syz_memcpy_off$KVM_EXIT_MMIO(r7, 0x20, &(0x7f0000000a80)="828565a47a50d44674d999d0c3a7e9b8f2e706f271470f30", 0x0, 0x18)
r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x38)
ioctl$KVM_SET_USER_MEMORY_REGION2(r8, 0x40a0ae49, &(0x7f0000000ac0)={0x1fe, 0x4, 0x2000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0xffffffffffffffa3, r3})

0s ago: executing program 3 (id=143):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0xc0980, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfd000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x4, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r6)

kernel console output (not intermixed with test programs):

[  402.499843][ T3144] 8021q: adding VLAN 0 to HW filter on device bond0
[  451.153759][ T3144] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:61415' (ED25519) to the list of known hosts.
[  620.681336][   T25] audit: type=1400 audit(619.850:61): avc:  denied  { name_bind } for  pid=3297 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  622.736027][   T25] audit: type=1400 audit(621.900:62): avc:  denied  { execute } for  pid=3298 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  622.786927][   T25] audit: type=1400 audit(621.950:63): avc:  denied  { execute_no_trans } for  pid=3298 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  650.068391][   T25] audit: type=1400 audit(649.230:64): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  650.100259][   T25] audit: type=1400 audit(649.270:65): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  650.190780][ T3298] cgroup: Unknown subsys name 'net'
[  650.240779][   T25] audit: type=1400 audit(649.410:66): avc:  denied  { unmount } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  650.677468][ T3298] cgroup: Unknown subsys name 'cpuset'
[  650.783413][ T3298] cgroup: Unknown subsys name 'rlimit'
[  651.750997][   T25] audit: type=1400 audit(650.920:67): avc:  denied  { setattr } for  pid=3298 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  651.770533][   T25] audit: type=1400 audit(650.940:68): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  651.801474][   T25] audit: type=1400 audit(650.960:69): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  653.044874][ T3301] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  653.076904][   T25] audit: type=1400 audit(652.230:70): avc:  denied  { relabelto } for  pid=3301 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  653.098289][   T25] audit: type=1400 audit(652.260:71): avc:  denied  { write } for  pid=3301 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  653.272763][   T25] audit: type=1400 audit(652.440:72): avc:  denied  { read } for  pid=3298 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  653.297541][   T25] audit: type=1400 audit(652.460:73): avc:  denied  { open } for  pid=3298 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  653.340320][ T3298] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  705.750492][   T25] audit: type=1400 audit(704.920:74): avc:  denied  { execmem } for  pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  710.349442][   T25] audit: type=1400 audit(709.500:75): avc:  denied  { read } for  pid=3304 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  710.367720][   T25] audit: type=1400 audit(709.530:76): avc:  denied  { open } for  pid=3304 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  710.453855][   T25] audit: type=1400 audit(709.620:77): avc:  denied  { mounton } for  pid=3304 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  710.701183][   T25] audit: type=1400 audit(709.870:79): avc:  denied  { module_request } for  pid=3304 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  710.733307][   T25] audit: type=1400 audit(709.860:78): avc:  denied  { module_request } for  pid=3305 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  711.893228][   T25] audit: type=1400 audit(711.050:80): avc:  denied  { sys_module } for  pid=3304 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  736.737943][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  736.979448][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  737.504301][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  737.771523][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  750.770907][ T3304] hsr_slave_0: entered promiscuous mode
[  750.800008][ T3304] hsr_slave_1: entered promiscuous mode
[  751.899169][ T3305] hsr_slave_0: entered promiscuous mode
[  751.933568][ T3305] hsr_slave_1: entered promiscuous mode
[  751.968846][ T3305] debugfs: 'hsr0' already exists in 'hsr'
[  751.977320][ T3305] Cannot create hsr debugfs directory
[  758.426256][   T25] audit: type=1400 audit(757.580:81): avc:  denied  { create } for  pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  758.505843][   T25] audit: type=1400 audit(757.660:82): avc:  denied  { write } for  pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  758.618222][   T25] audit: type=1400 audit(757.780:83): avc:  denied  { read } for  pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  758.769967][ T3304] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  759.299915][ T3304] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  759.594496][ T3304] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  760.398111][ T3304] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  762.878040][ T3305] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  763.177071][ T3305] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  763.496421][ T3305] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  763.759366][ T3305] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  779.649059][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0
[  782.193020][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0
[  846.099458][ T3304] veth0_vlan: entered promiscuous mode
[  846.549631][ T3304] veth1_vlan: entered promiscuous mode
[  848.948252][ T3304] veth0_macvtap: entered promiscuous mode
[  849.096516][ T3305] veth0_vlan: entered promiscuous mode
[  849.380233][ T3304] veth1_macvtap: entered promiscuous mode
[  849.739098][ T3305] veth1_vlan: entered promiscuous mode
[  851.619095][ T2125] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  851.723034][ T2125] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  851.729228][ T2125] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  851.743398][ T2125] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  852.792171][ T3305] veth0_macvtap: entered promiscuous mode
[  853.331233][ T3305] veth1_macvtap: entered promiscuous mode
[  854.473473][   T25] audit: type=1400 audit(853.610:84): avc:  denied  { mount } for  pid=3304 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  854.640244][   T25] audit: type=1400 audit(853.800:85): avc:  denied  { mounton } for  pid=3304 comm="syz-executor" path="/syzkaller.MYWdHV/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  854.818507][   T25] audit: type=1400 audit(853.980:86): avc:  denied  { mount } for  pid=3304 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  855.082885][   T25] audit: type=1400 audit(854.250:87): avc:  denied  { mounton } for  pid=3304 comm="syz-executor" path="/syzkaller.MYWdHV/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  855.223156][   T25] audit: type=1400 audit(854.380:88): avc:  denied  { mounton } for  pid=3304 comm="syz-executor" path="/syzkaller.MYWdHV/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3772 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  856.069567][   T25] audit: type=1400 audit(855.240:89): avc:  denied  { unmount } for  pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  856.193652][   T50] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  856.207067][   T50] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  856.224380][   T50] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  856.261373][   T42] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  856.353265][   T25] audit: type=1400 audit(855.520:90): avc:  denied  { mounton } for  pid=3304 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  856.470390][   T25] audit: type=1400 audit(855.630:91): avc:  denied  { mount } for  pid=3304 comm="syz-executor" name="/" dev="gadgetfs" ino=3782 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  856.791291][   T25] audit: type=1400 audit(855.940:92): avc:  denied  { mount } for  pid=3304 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  856.916571][   T25] audit: type=1400 audit(856.040:93): avc:  denied  { mounton } for  pid=3304 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  858.461473][ T3304] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  859.579028][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  859.607678][   T25] audit: type=1400 audit(858.740:95): avc:  denied  { read write } for  pid=3304 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  859.664285][   T25] audit: type=1400 audit(858.830:96): avc:  denied  { open } for  pid=3304 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  859.678619][   T25] audit: type=1400 audit(858.840:97): avc:  denied  { ioctl } for  pid=3304 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  869.454139][   T25] audit: type=1400 audit(868.620:98): avc:  denied  { read } for  pid=3463 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  869.490458][   T25] audit: type=1400 audit(868.650:99): avc:  denied  { open } for  pid=3463 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  869.574402][   T25] audit: type=1400 audit(868.740:100): avc:  denied  { ioctl } for  pid=3463 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  871.218943][   T25] audit: type=1400 audit(870.380:101): avc:  denied  { execute } for  pid=3463 comm="syz.0.1" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3852 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  918.354055][   T25] audit: type=1400 audit(917.470:102): avc:  denied  { append } for  pid=3492 comm="syz.1.10" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  935.408837][   T25] audit: type=1400 audit(934.580:103): avc:  denied  { write } for  pid=3503 comm="syz.0.13" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1158.782539][   T25] audit: type=1400 audit(1157.880:104): avc:  denied  { map } for  pid=3615 comm="syz.0.46" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1158.800122][   T25] audit: type=1400 audit(1157.900:105): avc:  denied  { execute } for  pid=3615 comm="syz.0.46" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1195.362472][   T25] audit: type=1400 audit(1194.480:106): avc:  denied  { setattr } for  pid=3639 comm="syz.1.52" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1235.257016][ T3662] kvm [3662]: Failed to find VMA for hva 0x20df7000
[ 1245.059501][   T25] audit: type=1400 audit(1244.220:107): avc:  denied  { ioctl } for  pid=3671 comm="syz.1.62" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1631.734052][ T3852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1632.008484][ T3852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1641.210803][ T3863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1641.417756][ T3863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1656.429303][ T3852] hsr_slave_0: entered promiscuous mode
[ 1656.490664][ T3852] hsr_slave_1: entered promiscuous mode
[ 1656.549042][ T3852] debugfs: 'hsr0' already exists in 'hsr'
[ 1656.568754][ T3852] Cannot create hsr debugfs directory
[ 1669.400917][ T3863] hsr_slave_0: entered promiscuous mode
[ 1669.470505][ T3863] hsr_slave_1: entered promiscuous mode
[ 1669.493303][ T3863] debugfs: 'hsr0' already exists in 'hsr'
[ 1669.526040][ T3863] Cannot create hsr debugfs directory
[ 1675.628056][ T3852] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1676.686135][ T3852] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1677.281112][ T3852] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1678.020188][ T3852] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1688.030854][ T3863] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1688.390756][ T3863] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1688.794138][ T3863] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1689.146764][ T3863] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1708.188748][ T3852] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1717.651282][ T3863] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1731.397371][   T50] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1733.293674][   T50] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1734.969538][   T50] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1736.717925][   T50] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1755.391698][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1755.500653][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1755.609268][   T50] bond0 (unregistering): Released all slaves
[ 1757.602907][   T50] hsr_slave_0: left promiscuous mode
[ 1757.718263][   T50] hsr_slave_1: left promiscuous mode
[ 1758.108921][   T50] veth1_macvtap: left promiscuous mode
[ 1758.112888][   T50] veth0_macvtap: left promiscuous mode
[ 1758.158119][   T50] veth1_vlan: left promiscuous mode
[ 1758.178327][   T50] veth0_vlan: left promiscuous mode
[ 1779.089993][   T50] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1780.563173][   T50] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1782.122876][   T50] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1783.868943][   T50] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1806.092190][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1806.302550][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1806.448765][   T50] bond0 (unregistering): Released all slaves
[ 1808.857801][   T50] hsr_slave_0: left promiscuous mode
[ 1809.096415][   T50] hsr_slave_1: left promiscuous mode
[ 1809.654452][   T50] veth1_macvtap: left promiscuous mode
[ 1809.658923][   T50] veth0_macvtap: left promiscuous mode
[ 1809.698033][   T50] veth1_vlan: left promiscuous mode
[ 1809.710691][   T50] veth0_vlan: left promiscuous mode
[ 1882.557355][ T3863] veth0_vlan: entered promiscuous mode
[ 1882.858185][ T3852] veth0_vlan: entered promiscuous mode
[ 1884.099555][ T3852] veth1_vlan: entered promiscuous mode
[ 1884.228998][ T3863] veth1_vlan: entered promiscuous mode
[ 1887.958554][ T3863] veth0_macvtap: entered promiscuous mode
[ 1888.112901][ T3852] veth0_macvtap: entered promiscuous mode
[ 1888.690927][ T3863] veth1_macvtap: entered promiscuous mode
[ 1888.929965][ T3852] veth1_macvtap: entered promiscuous mode
[ 1892.846267][ T3928] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1892.869254][ T3928] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1892.889873][ T3928] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1892.897385][ T3928] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1893.171323][   T50] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1893.206587][ T2125] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1893.250850][ T3928] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1893.268672][ T3928] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2073.928438][ T4152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8cf0000000000000 pfn:0x5dd4f
[ 2073.979167][ T4152] flags: 0x1ffce8000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x3a)
[ 2074.098761][ T4152] raw: 01ffce8000000000 ffffc1ffc0777d88 ffffc1ffc0508988 0000000000000000
[ 2074.116050][ T4152] raw: 8cf0000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2074.126893][ T4152] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[ 2074.137152][ T4152] ------------[ cut here ]------------
[ 2074.137400][ T4152] kernel BUG at ./include/linux/mm.h:1036!
[ 2074.139173][ T4152] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
[ 2074.144443][ T4152] Modules linked in:
[ 2074.146635][ T4152] CPU: 0 UID: 0 PID: 4152 Comm: syz.2.141 Not tainted syzkaller #0 PREEMPT 
[ 2074.148304][ T4152] Hardware name: linux,dummy-virt (DT)
[ 2074.149658][ T4152] pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 2074.151085][ T4152] pc : kvm_s2_put_page+0x374/0x3a0
[ 2074.153428][ T4152] lr : kvm_s2_put_page+0x374/0x3a0
[ 2074.154502][ T4152] sp : ffff80008e977570
[ 2074.155281][ T4152] x29: ffff80008e977570 x28: f5f0000014226000 x27: f5f0000014226000
[ 2074.157079][ T4152] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000
[ 2074.158589][ T4152] x23: ffffc1ffc07753c8 x22: 0000000000000000 x21: ffffc1ffc07753f4
[ 2074.160103][ T4152] x20: 0000000000000000 x19: ffffc1ffc07753c0 x18: 00000000eefaf6f0
[ 2074.161701][ T4152] x17: 00000000082911dd x16: 00000000eecc9288 x15: 00000000551693f4
[ 2074.163256][ T4152] x14: ffffffffffffffff x13: fff0000018df5888 x12: 0000000000000001
[ 2074.164810][ T4152] x11: 0000000000080000 x10: 000000000004c5b7 x9 : fe1d7f9d994ae100
[ 2074.166422][ T4152] x8 : fe1d7f9d994ae100 x7 : ffff8000803a03c8 x6 : 0000000000000000
[ 2074.167943][ T4152] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010
[ 2074.169349][ T4152] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e
[ 2074.170991][ T4152] Call trace:
[ 2074.171881][ T4152]  kvm_s2_put_page+0x374/0x3a0 (P)
[ 2074.173283][ T4152]  stage2_free_walker+0x1b0/0x264
[ 2074.174272][ T4152]  __kvm_pgtable_walk+0x7d8/0xa68
[ 2074.175337][ T4152]  kvm_pgtable_walk+0x294/0x468
[ 2074.176329][ T4152]  kvm_pgtable_stage2_destroy_range+0x60/0xb4
[ 2074.177493][ T4152]  kvm_free_stage2_pgd+0x198/0x28c
[ 2074.178455][ T4152]  kvm_uninit_stage2_mmu+0x20/0x38
[ 2074.179506][ T4152]  kvm_arch_flush_shadow_all+0x1a8/0x1e0
[ 2074.180635][ T4152]  kvm_mmu_notifier_release+0x48/0xa8
[ 2074.181769][ T4152]  mmu_notifier_unregister+0x128/0x42c
[ 2074.182902][ T4152]  kvm_put_kvm+0x6a0/0xfa8
[ 2074.183811][ T4152]  kvm_vcpu_release+0x70/0x9c
[ 2074.184857][ T4152]  __fput+0x4ac/0x980
[ 2074.185709][ T4152]  ____fput+0x20/0x58
[ 2074.186570][ T4152]  task_work_run+0x1bc/0x254
[ 2074.187535][ T4152]  get_signal+0x13ec/0x1554
[ 2074.188523][ T4152]  do_signal+0x23c/0x4dd0
[ 2074.189546][ T4152]  do_notify_resume+0xb0/0x270
[ 2074.190514][ T4152]  el0_svc+0xb8/0x164
[ 2074.191402][ T4152]  el0t_64_sync_handler+0x84/0x12c
[ 2074.192419][ T4152]  el0t_64_sync+0x198/0x19c
[ 2074.193960][ T4152] Code: d0037581 9126fc21 aa1303e0 97f9c9f2 (d4210000) 
[ 2074.195927][ T4152] ---[ end trace 0000000000000000 ]---
[ 2074.197585][ T4152] Kernel panic - not syncing: Oops - BUG: Fatal exception
[ 2074.199629][ T4152] Kernel Offset: disabled
[ 2074.200391][ T4152] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 2074.201536][ T4152] Memory Limit: none
[ 2074.203296][ T4152] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:21:42  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008049069c X00=0000000000000001 X01=0000000000000008
X02=0000000000000000 X03=ffff800080490688 X04=0000000000000000
X05=0000000000000000 X06=ffff80008048b334 X07=ffff800080015834
X08=00000000000000fe X09=0cff80008ec69000 X10=000000000004d863
X11=0000000000080000 X12=0000000000000000 X13=00000000ffffffff
X14=0000000000000002 X15=ffff800087f83a20 X16=0000000000000000
X17=00000000082911dd X18=00000000eefaf6f0 X19=000000000000040b
X20=efff800000000000 X21=ffff80008795f110 X22=000000000000040a
X23=00000000000000ff X24=ffff80008795f110 X25=000000000000040a
X26=2cf0000018df5890 X27=00000000000003c0 X28=ffff800087735000
X29=ffff80008e976fd0 X30=ffff800080490688  SP=ffff80008e976f90
PSTATE=204023c9 --C- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0a0a0a0a0a0a0a0a:0a0a0a0a0a0a0a0a Z01=303d6761746e6173:6100003030303030
Z02=2066666666666666:6630303030303030 Z03=0000000000000000:00ffff0000000000
Z04=0000000000000000:000000000ff00000 Z05=3030203030303030:3030303030303030
Z06=30303030303a676e:697070616d20303a Z07=65646e6920303030:3030303030303030
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffe46c1da0:0000ffffe46c1da0 Z17=ffffff80ffffffd8:0000ffffe46c1d70
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000