last executing test programs:

1h8m24.199767046s ago: executing program 0 (id=294):
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x3, 0x100000, 0x1000, &(0x7f0000fd1000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x3, 0x100000, 0x1000, &(0x7f0000fd1000/0x1000)=nil})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) (async)
r9 = syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_HAS_DEVICE_ATTR(r9, 0x4018aee3, &(0x7f0000000380)=@attr_other={0x0, 0x5, 0x0, 0x0})
r10 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x22300, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r12, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x8000})
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f00004e3000/0x2000)=nil, 0x930, 0xa, 0x2013, r13, 0x40000)
r14 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
r15 = syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r15, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x5, 0x70, &(0x7f0000000240)=0x80000001})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000ec2000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000ec2000/0x1000)=nil})
mmap$KVM_VCPU(&(0x7f0000f06000/0x3000)=nil, 0x0, 0xc, 0x10010, r14, 0x0) (async)
r16 = mmap$KVM_VCPU(&(0x7f0000f06000/0x3000)=nil, 0x0, 0xc, 0x10010, r14, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r16, 0x20, &(0x7f0000000200)="954da6385f5823473a22b18c1553d36cb7b8e42958f3763e", 0x0, 0x18) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r16, 0x20, &(0x7f0000000200)="954da6385f5823473a22b18c1553d36cb7b8e42958f3763e", 0x0, 0x18)
r17 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r17, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

1h8m10.248717032s ago: executing program 0 (id=296):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x6)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
r6 = ioctl$KVM_CREATE_VM(r5, 0x894c, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r10, 0x603000000013df1a, 0x8000)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f00004dc000/0x400000)=nil)
r11 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
r12 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r13, 0x0, 0x3c0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r17, 0xc00caee0, &(0x7f00000001c0)={0x7})

1h7m58.358796875s ago: executing program 0 (id=299):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000ab8000/0x400000)=nil)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x36)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
write$eventfd(r8, &(0x7f00000001c0)=0xffffff7f, 0xff25)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000200)="38fcf13e2ff05df91905abff3720915c0e3d813f08687724bc83b3e072ca15ab45c0817313477119d92f46134d98f753ce3f2731c8c44000fb1dd06ea1aa1a1df66f5123f5bd6dc9", 0x0, 0x48)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2f)
syz_kvm_setup_cpu$arm64(r8, r4, &(0x7f0000b24000/0x400000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x100, 0xe5, 0xa}}, @msr={0x14, 0x20, {0x603000000013deb2, 0x771}}], 0x50}], 0x1, 0x0, &(0x7f0000000280)=[@featur2={0x1, 0x8}], 0x1)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f00000001c0)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000})
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x2b)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0})
ioctl$KVM_IRQ_LINE(r13, 0x4008ae61, &(0x7f0000000240)={0x2200002f})
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x7, 0x2, &(0x7f0000000040)})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000003c0)={0x3, 0x3, 0x1000, 0x1000, &(0x7f0000be7000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x101, 0x2}})
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)

1h7m49.850379611s ago: executing program 0 (id=300):
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x4, 0x220)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1650c2, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1650c2, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000000)={0x5, 0x6}) (async)
ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000000)={0x5, 0x6})
ioctl$KVM_CHECK_EXTENSION(r6, 0x5451, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1h7m38.690940752s ago: executing program 0 (id=303):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x80087601, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x179}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x3550, 0x3}}], 0x58}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000000)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x11)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r12, 0x4068aea3, &(0x7f00000001c0))
ioctl$KVM_IRQ_LINE_STATUS(r12, 0xc008ae67, &(0x7f0000000000)={0x200, 0x38000})
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r12, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})
ioctl$KVM_CAP_ARM_MTE(r12, 0x4068aea3, &(0x7f0000000240))
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)

1h7m27.203779004s ago: executing program 0 (id=305):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x5452, 0x2000fdfd)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000240)={0x0, &(0x7f00000001c0)=[@svc={0x122, 0x40, {0x2000000, [0x5, 0x1, 0x2, 0x12e4, 0x3]}}, @irq_setup={0x46, 0x18, {0x4, 0x2b6}}], 0x58}, &(0x7f0000000280)=[@featur2={0x1, 0x2a}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x88)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xcd)
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @irq_setup={0x46, 0x18, {0x4, 0xc4}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2}}], 0x60}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r1, r9, &(0x7f0000b26000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000004c0)=[@hvc={0x32, 0x40, {0x86000001, [0x199, 0x1, 0x66c1, 0x3, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x7c, 0xd}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x991, 0x8, 0xa}}, @code={0xa, 0x9c, {"000c803ce0208cd20080b0f2a10080d2e20080d2230180d2840080d2020000d4007008d580df8cd200a0b8f2410080d2e20180d2030080d2640180d2020000d460fa86d200e0b8f2c10080d2220080d2430180d2440080d2020000d4007008d5000008d50000002f00c0651ec00e85d200c0b0f2a10180d2020180d2230080d2e40080d2020000d4"}}, @eret={0xe6, 0x18}, @mrs={0xbe, 0x18, {0x603000000013da10}}, @smc={0x1e, 0x40, {0x8400000e, [0x7fff, 0x6, 0x10, 0x4, 0x6]}}, @smc={0x1e, 0x40, {0x4000, [0x7fff, 0x93dd, 0xd, 0x8, 0x100000001]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x1, 0x3, 0x3ff, 0x3}}, @hvc={0x32, 0x40, {0x31000000, [0x2, 0x80000001, 0x5, 0x5, 0x80000000]}}, @irq_setup={0x46, 0x18, {0x2, 0x2d5}}, @mrs={0xbe, 0x18, {0x603000000013df41}}, @code={0xa, 0x3c, {"00000051000008d500000088007008d50060005e00802088008008d500c4a02e007008d5008008d5"}}, @hvc={0x32, 0x40, {0x3f000000, [0x1, 0x800, 0x9, 0x400, 0x12a]}}], 0x300}], 0x1, 0x0, &(0x7f0000000140)=[@featur2={0x1, 0x4}], 0x1)
ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0)

1h6m45.321892181s ago: executing program 32 (id=304):
openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xc5000020, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bc2000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x29)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r9, 0x2, 0x12, r8, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r12, 0x3, 0x11, r10, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r10, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

1h6m39.508411879s ago: executing program 33 (id=305):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x5452, 0x2000fdfd)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000240)={0x0, &(0x7f00000001c0)=[@svc={0x122, 0x40, {0x2000000, [0x5, 0x1, 0x2, 0x12e4, 0x3]}}, @irq_setup={0x46, 0x18, {0x4, 0x2b6}}], 0x58}, &(0x7f0000000280)=[@featur2={0x1, 0x2a}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x88)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xcd)
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @irq_setup={0x46, 0x18, {0x4, 0xc4}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2}}], 0x60}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r1, r9, &(0x7f0000b26000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000004c0)=[@hvc={0x32, 0x40, {0x86000001, [0x199, 0x1, 0x66c1, 0x3, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x7c, 0xd}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x991, 0x8, 0xa}}, @code={0xa, 0x9c, {"000c803ce0208cd20080b0f2a10080d2e20080d2230180d2840080d2020000d4007008d580df8cd200a0b8f2410080d2e20180d2030080d2640180d2020000d460fa86d200e0b8f2c10080d2220080d2430180d2440080d2020000d4007008d5000008d50000002f00c0651ec00e85d200c0b0f2a10180d2020180d2230080d2e40080d2020000d4"}}, @eret={0xe6, 0x18}, @mrs={0xbe, 0x18, {0x603000000013da10}}, @smc={0x1e, 0x40, {0x8400000e, [0x7fff, 0x6, 0x10, 0x4, 0x6]}}, @smc={0x1e, 0x40, {0x4000, [0x7fff, 0x93dd, 0xd, 0x8, 0x100000001]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x1, 0x3, 0x3ff, 0x3}}, @hvc={0x32, 0x40, {0x31000000, [0x2, 0x80000001, 0x5, 0x5, 0x80000000]}}, @irq_setup={0x46, 0x18, {0x2, 0x2d5}}, @mrs={0xbe, 0x18, {0x603000000013df41}}, @code={0xa, 0x3c, {"00000051000008d500000088007008d50060005e00802088008008d500c4a02e007008d5008008d5"}}, @hvc={0x32, 0x40, {0x3f000000, [0x1, 0x800, 0x9, 0x400, 0x12a]}}], 0x300}], 0x1, 0x0, &(0x7f0000000140)=[@featur2={0x1, 0x4}], 0x1)
ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0)

1h2m1.95858244s ago: executing program 2 (id=306):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}}) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x84000014, [0x7, 0x9, 0x8, 0xfffffffffffffffa, 0x100]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000200), 0x282, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x24)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000})
r7 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_RESET_DIRTY_RINGS(r4, 0xaec7) (async)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7})

1h1m41.019608052s ago: executing program 3 (id=307):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r4 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, 0x0, 0x0, 0x4000010, r3, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000080)={0x1, 0x5, 0xeeee0000, 0x1000, &(0x7f0000007000/0x1000)=nil, 0x400})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x5b7882, 0x0)

1h1m16.302536991s ago: executing program 3 (id=308):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000002c0), 0x81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x2}}, @msr={0x14, 0x20, {0x603000000013e208, 0x4}}], 0x48}, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x7})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000240)={0xb, <r8=>0xffffffffffffffff})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee3, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x0, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x10000, 0x3, 0x2, 0x2000, &(0x7f0000fc5000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r10, 0xc018aec0, &(0x7f00000000c0)={0x4})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x2, 0x4, &(0x7f0000000200)})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r11 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
close(r7)
syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@its_setup={0x82, 0x28, {0xfffffffffffffffe, 0x1, 0x266}}, @memwrite={0x6e, 0x30, @generic={0x4000, 0x3a6, 0x74c9, 0x1}}], 0x58}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000000)={0x8})
openat$kvm(0x0, &(0x7f0000000280), 0xa01, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)

1h1m13.467984585s ago: executing program 34 (id=306):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}}) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x84000014, [0x7, 0x9, 0x8, 0xfffffffffffffffa, 0x100]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000200), 0x282, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x24)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000})
r7 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_RESET_DIRTY_RINGS(r4, 0xaec7) (async)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7})

1h0m59.00227046s ago: executing program 3 (id=310):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
syz_kvm_vgic_v3_setup(r2, 0x0, 0x60)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x4, <r4=>0xffffffffffffffff, 0x1})
r5 = ioctl$KVM_CREATE_VM(r4, 0x894c, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xb704, 0x0)
openat$kvm(0x0, &(0x7f0000000100), 0x200480, 0x0)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r12, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x1})
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000001000/0x4000)=nil, 0x0, 0x3000008, 0x1010, r6, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_IRQ_LINE_STATUS(r12, 0xc008ae67, &(0x7f0000000000)={0x1000000, 0x2})
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@uexit={0x0, 0x18, 0xfffffffff8000000}, @svc={0x122, 0x40, {0x84000008, [0x99, 0x1ff, 0x4, 0x8, 0x4]}}, @smc={0x1e, 0x40, {0xc4000003, [0x0, 0x6, 0x3, 0x2, 0x5]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x318}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0x4a8e}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0xe, 0xffffffff, 0xa}}, @svc={0x122, 0x40, {0xc4000003, [0x0, 0x83, 0x10, 0x6]}}, @msr={0x14, 0x20, {0x603000000013e66f, 0x5}}], 0x178}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x4, 0x3e0)

1h0m11.929089372s ago: executing program 35 (id=310):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
syz_kvm_vgic_v3_setup(r2, 0x0, 0x60)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x4, <r4=>0xffffffffffffffff, 0x1})
r5 = ioctl$KVM_CREATE_VM(r4, 0x894c, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xb704, 0x0)
openat$kvm(0x0, &(0x7f0000000100), 0x200480, 0x0)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r12, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x1})
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000001000/0x4000)=nil, 0x0, 0x3000008, 0x1010, r6, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_IRQ_LINE_STATUS(r12, 0xc008ae67, &(0x7f0000000000)={0x1000000, 0x2})
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@uexit={0x0, 0x18, 0xfffffffff8000000}, @svc={0x122, 0x40, {0x84000008, [0x99, 0x1ff, 0x4, 0x8, 0x4]}}, @smc={0x1e, 0x40, {0xc4000003, [0x0, 0x6, 0x3, 0x2, 0x5]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x318}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0x4a8e}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0xe, 0xffffffff, 0xa}}, @svc={0x122, 0x40, {0xc4000003, [0x0, 0x83, 0x10, 0x6]}}, @msr={0x14, 0x20, {0x603000000013e66f, 0x5}}], 0x178}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x4, 0x3e0)

52m15.267074676s ago: executing program 5 (id=323):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x0, 0x8000000, 0x1000, &(0x7f0000c42000/0x1000)=nil})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0xf0780000002e2172, 0x0})
ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000004)
r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bfd000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0x8400000f, [0x48a, 0x3, 0x8000000000000000, 0x100, 0xe2]}}], 0x40}, &(0x7f0000000180)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r16, 0x4010aeac, &(0x7f00000000c0)=@arm64_fw={0x6030000000140001})
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r12, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000080)={0x9})
r17 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r17, 0x8933, 0x6)

51m51.947691591s ago: executing program 5 (id=325):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xda)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, 0xfffffffffffffffe)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r5 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100020, &(0x7f0000000000)=0x2})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)

51m29.759551155s ago: executing program 5 (id=328):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION2(r4, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000, r5})
close(r5)
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x10004, 0x4, 0x1000, 0x1000, &(0x7f0000ffc000/0x1000)=nil, 0x8, r5})
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x60300000001000d7, 0x0})

51m7.585048158s ago: executing program 5 (id=330):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000000)=0x400)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, r1, 0xe, 0x8010, r0, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000000040)={0x8000000000000001, 0x8000000})
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xe)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000080)={0x10003, 0x2, 0xeeef0000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x6000, 0x0)
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000180)={0x4, [0x4, 0x0, 0x400, 0x7]})
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000002c0)={0x0, &(0x7f00000001c0)=[@hvc={0x32, 0x40, {0x2, [0x3, 0x7fffffff, 0x5, 0x0, 0x3]}}, @code={0xa, 0x9c, {"009d83d200c0b0f2c10080d2a20180d2030080d2c40080d2020000d4007008d5a04689d20040b8f2210080d2a20080d2630180d2840080d2020000d4007008d5008896d20040b0f2a10180d2a20080d2a30080d2440180d2020000d420bc8ed200c0b8f2410180d2820180d2430080d2840080d2020000d40004005e007008d5007008d5007008d5"}}], 0xdc}, &(0x7f0000000300)=[@featur1={0x1, 0x5c}], 0x1)
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f0000000380)=@arm64_fw={0x6030000000140000, &(0x7f0000000340)=0x9c2})
openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x408080, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r2, 0x4010aeb5, &(0x7f0000000400)={0x3, 0x80})
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000440)=@x86={0x1, 0x1, 0x1, 0x0, 0x6, 0x45, 0xf, 0x63, 0x2, 0x7f, 0x1, 0x9, 0x0, 0x7, 0x0, 0x1, 0x28, 0xfd, 0x4, '\x00', 0x0, 0x100000000})
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000480)={0x2000, 0x0, 0xe, 0x0, 0x7})
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000004c0)={0xeeef0000, 0x13000})
ioctl$KVM_SET_GUEST_DEBUG_arm64(r0, 0x4208ae9b, &(0x7f0000000500)={0x20001, 0x0, {[0x3ff, 0x2, 0xb, 0xfff, 0xc3f6e4f, 0x1, 0x7, 0x186, 0xfffffffffffffff5, 0xd3, 0xfffffffffffffff7, 0x4, 0xd0000, 0x65d2, 0x80000001, 0x8], [0x1, 0x5d1c, 0x8, 0x0, 0x2, 0x9, 0x101, 0x9, 0x6, 0x1, 0x308a00, 0x80000001, 0x3, 0x9, 0x3, 0x1], [0x5, 0x5, 0x100, 0x1, 0x8, 0x8000, 0x0, 0x4, 0x0, 0x80000000, 0x6, 0xffffffffffffffff, 0xe8, 0xb85, 0x100000000, 0x4], [0x0, 0x7, 0x80, 0x4, 0x8, 0x7, 0xe, 0x400, 0xf6, 0x6, 0x4, 0x4, 0x22, 0x5, 0x2, 0x5cb4]}})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r5, 0x4208ae9b, &(0x7f0000000740)={0x10000, 0x0, {[0x8, 0x3, 0x1ff, 0x5, 0x7fff, 0x2, 0x8000000000000001, 0xc, 0x6, 0xffffffff, 0x3, 0x3, 0xbd2, 0x8000000000000000, 0x2, 0x9], [0x1, 0x48, 0x400, 0x7, 0x8, 0x915, 0x6, 0x1, 0x6, 0x6, 0x8, 0x8, 0x3, 0xc5a9, 0x1, 0xfffffffffffffff7], [0x30, 0xffff, 0x163, 0x8, 0xd, 0x24d, 0xa, 0x0, 0x7, 0x0, 0xff, 0x9, 0x6, 0x9, 0x2, 0x5], [0x1, 0x1427, 0x5, 0xd971, 0xbf6, 0x2, 0x400, 0x10, 0xfd, 0xa, 0xfffffffffffffffd, 0x7, 0x1, 0x2, 0x73, 0x10000]}})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000980), 0x20000, 0x0)
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f00000009c0)={0x6, 0xffffff81})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000a40)=@arm64_core={0x6030000000100018, &(0x7f0000000a00)=0x6})
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x5)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28)
r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x35)
ioctl$KVM_CAP_HALT_POLL(r8, 0x4068aea3, &(0x7f0000000a80)={0xb6, 0x0, 0x3})

50m52.265928721s ago: executing program 5 (id=332):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
write$eventfd(r1, &(0x7f0000000000), 0xfffffdef)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f00000002c0)={0x200})
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f00000000c0)={0xa83, 0xffffffff})
munmap(&(0x7f0000008000/0x1000)=nil, 0x200000)

50m38.207712s ago: executing program 5 (id=334):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x25)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x88) (async)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48)
eventfd2(0x7, 0x1) (async)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x39d}}], 0x28}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r7, 0xffffffffffbffffc, 0x120) (async)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)

49m51.074846571s ago: executing program 36 (id=334):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x25)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x88) (async)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48)
eventfd2(0x7, 0x1) (async)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x39d}}], 0x28}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r7, 0xffffffffffbffffc, 0x120) (async)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)

32m6.038119017s ago: executing program 6 (id=426):
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x800454cf, 0x0)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

32m0.507398726s ago: executing program 4 (id=427):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x0, 0x2, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async, rerun: 32)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async, rerun: 32)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f00000000c0)={0x8000000}) (async)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013d000}}], 0x18}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

31m50.840780323s ago: executing program 6 (id=428):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2b)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x9, <r1=>0xffffffffffffffff, 0x1})
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r0, 0x4068aea3, &(0x7f0000000040)) (async, rerun: 64)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f00000000c0)={0x6000, 0x2ff2a6e3e618c199, 0x1}) (async, rerun: 64)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20)
r3 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000600)=[{0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x4, 0x34c}}, @hvc={0x32, 0x40, {0x5000000, [0x4, 0x6, 0x6, 0x6, 0x5]}}, @smc={0x1e, 0x40, {0x8400000a, [0x9, 0x7, 0x9, 0x10001, 0x6]}}, @uexit={0x0, 0x18, 0x9}, @eret={0xe6, 0x18, 0x45988a0}, @irq_setup={0x46, 0x18, {0x1, 0xfa}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x0, 0x2, 0x0, 0x5}}, @hvc={0x32, 0x40, {0x84000052, [0x0, 0x2, 0x6df, 0x9, 0x2]}}, @irq_setup={0x46, 0x18, {0x4, 0x6f}}, @memwrite={0x6e, 0x30, @generic={0x1, 0xb77, 0xffff}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x5019c, 0xffffffff, 0x4}}, @hvc={0x32, 0x40, {0x35687dda912a182c, [0xbc, 0x62, 0x101, 0x6, 0xa0e]}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x3ec}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0x6, 0x7, 0x9a2, 0x3}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x94}}, @hvc={0x32, 0x40, {0x1000, [0x4, 0xe27c, 0x17af600000, 0x572173ab, 0x1]}}, @svc={0x122, 0x40, {0x800, [0x401, 0x5, 0x6, 0x27, 0x4]}}, @eret={0xe6, 0x18, 0x100}, @code={0xa, 0x84, {"008008d5e0bc96d20000b0f2a10180d2620180d2630080d2240180d2020000d4e08b88d200c0b8f2810180d2420080d2c30080d2c40080d2020000d4405e95d200e0b8f2e10180d2420180d2c30080d2a40180d2020000d4007008d5008008d5000028d500fc007f007008d500e0c00d"}}, @svc={0x122, 0x40, {0x8400000c, [0x7, 0x3, 0x86, 0x400, 0x2]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1600, 0x45, 0x2}}, @hvc={0x32, 0x40, {0xc4000014, [0xffffffffffff74c6, 0x2000000000000, 0x6f, 0x10000, 0x80000001]}}, @eret={0xe6, 0x18, 0x3ff}, @mrs={0xbe, 0x18, {0x603000000013df02}}, @mrs={0xbe, 0x18, {0x603000000013da15}}, @smc={0x1e, 0x40, {0xffff, [0x9cb, 0x3e3, 0x10, 0x4, 0x3]}}], 0x4cc}], 0x1, 0x0, &(0x7f0000000640)=[@featur2={0x1, 0x40}], 0x1) (async)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000006c0)=@attr_arm64={0x0, 0x5, 0x1, &(0x7f0000000680)=0x7})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r2, 0x4018aee3, &(0x7f0000000740)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000700)={0x3, 0xff, 0x1}}) (async)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000780)={0x6, 0x7fff, 0x400})
eventfd2(0x6, 0x801) (async)
r4 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000800)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000007c0)={0xa7b, 0x7fff, 0x2}}) (async, rerun: 64)
ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f0000000880)=@attr_other={0x0, 0x4, 0x7711, &(0x7f0000000840)=0x2}) (async, rerun: 64)
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f00000008c0)={0x3, 0x4, 0x80a0000, 0x2000, &(0x7f0000ffb000/0x2000)=nil, 0x2}) (async, rerun: 32)
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000980)={0x2000, 0x4000, 0x7f, 0x0, 0x8}) (rerun: 32)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f00000009c0)={0x2, 0x5})
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000a40)={0x0, &(0x7f0000000a00)=[@irq_setup={0x46, 0x18, {0x3, 0x193}}], 0x18}, &(0x7f0000000a80), 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000b00)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000ac0)=0x19}) (async)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x0, 0x100000e, 0x100010, r5, 0x0) (async)
ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000b40)) (async)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000bc0)={0x0, <r6=>0xffffffffffffffff, 0x1})
close(r6) (async)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x37)
ioctl$KVM_CHECK_EXTENSION_VM(r7, 0xae03, 0x7)
ioctl$KVM_SET_USER_MEMORY_REGION2(r3, 0x40a0ae49, &(0x7f0000000c00)={0x1fd, 0x1, 0x1000, 0x2000, &(0x7f0000ffb000/0x2000)=nil, 0x4, r3}) (async, rerun: 32)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) (async, rerun: 32)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f0000000cc0)) (async)
ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000000d40)={0x7, 0xb}) (async)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r5, 0x4018aee3, &(0x7f0000000dc0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000d80)={0x66, 0xfffffffd}})

31m44.377615388s ago: executing program 4 (id=429):
openat$kvm(0x0, &(0x7f0000000080), 0x2a040, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000000)=0xa) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x20080, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2e)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x6)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x14}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0x40049409, 0x9)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000b97000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c090, &(0x7f00000000c0)=0xfffffffffffffffe}) (async)
r15 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000000)={0x0, 0x2c0, 0x2c0, &(0x7f00000003c0)=[0x0, 0x0, 0x2, 0x1, 0x5, 0xa7, 0x8, 0x8, 0xffff, 0x322436d4, 0x5, 0x8, 0xfffffffffffffffe, 0xf5, 0x86, 0x3, 0x180000, 0x0, 0xffffffff80000001, 0x6, 0x1ff, 0x8, 0x32, 0x6, 0x9, 0x8, 0x0, 0x5, 0x2, 0x4, 0x3, 0x24, 0x7f, 0x60bb, 0x2, 0xfffffffffffffffb, 0x40, 0x9, 0x7, 0x7, 0x0, 0x3ff, 0x9, 0x1, 0xdf8, 0x8000000000000001, 0x5e7, 0x31d9, 0xe, 0x2, 0xc87, 0x0, 0x4, 0x10000, 0x8000000000000001, 0x2, 0x0, 0x9, 0x2b7, 0x0, 0x7, 0xc314, 0x2, 0x1, 0xfffffffffffff09e, 0x7, 0xb222, 0x2000000000000000, 0x8, 0xfff, 0x1, 0x0, 0x9, 0x8, 0x0, 0x90, 0x0, 0x40, 0x5, 0xffe000000, 0x0, 0x2, 0xfffffffffffff44e, 0x5, 0x6, 0x7, 0xfc3, 0x76, 0x7fffffff, 0x5, 0xf86, 0x8000000000000000, 0x0, 0x7, 0x9, 0x5e38346c, 0x8000000000000000, 0x5, 0x8, 0x70b3ffb1, 0x4, 0xffffffffffff0b5d, 0x0, 0x1, 0x8001, 0x9, 0x898f, 0x4, 0x0, 0x435, 0x1, 0xffffffffffffff00, 0x9, 0x9, 0xfffffffffffffffc, 0x7, 0x200, 0x7, 0x7, 0x6, 0xeffd, 0xffffffff00000001, 0x80, 0x2, 0x7, 0x1000, 0x2, 0x13f]}) (async)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}, @msr={0x14, 0x20, {0x603000000013dce1, 0xfffffffffffffbff}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r17, 0x4018aee1, &(0x7f0000000240)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f00000001c0)=0x2})

31m38.341194716s ago: executing program 6 (id=430):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2b)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f0000000180)=[@mrs={0xbe, 0x18, {0x3fe7}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, r8, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
mmap$KVM_VCPU(&(0x7f00005e1000/0x3000)=nil, r10, 0x2000009, 0x213011, r8, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r11 = syz_kvm_vgic_v3_setup(r7, 0x0, 0x20)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x1, 0x5, &(0x7f0000000040)=0x9})

31m17.980036259s ago: executing program 4 (id=431):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x7a1600, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x19)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x4000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x66)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000eaa000/0x4000)=nil}) (async)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async)
r11 = syz_kvm_vgic_v3_setup(r10, 0x4, 0x220)
ioctl$KVM_HAS_DEVICE_ATTR(r11, 0x4018aee3, &(0x7f0000000200)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000280)=0x800402}) (async)
r12 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)

31m15.107105822s ago: executing program 6 (id=432):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x20080, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2e)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x6)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x14})
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000d9d000/0x2000)=nil, r5, 0x1800000, 0x12, r1, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013e71a})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x20080, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2e) (async)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x6) (async)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x14}) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000d9d000/0x2000)=nil, r5, 0x1800000, 0x12, r1, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013e71a}) (async)

30m48.1075381s ago: executing program 4 (id=433):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r7 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x5, 0x70, &(0x7f0000000240)=0x80000001})
r8 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000380)}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000f08000/0x3000)=nil, r1, 0x1000008, 0x10, r8, 0x0)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x20c440, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x80000000})
ioctl$KVM_ARM_VCPU_FINALIZE(r12, 0x4004aec2, &(0x7f0000000240)=0x4)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x60300000001000d4, 0x0})
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x3, 0x60)
r15 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r16 = openat$kvm(0x0, &(0x7f0000000080), 0x80001, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r17, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x80000, 0x10000, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)

30m44.35570897s ago: executing program 6 (id=434):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = eventfd2(0x8, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r3, 0x5})
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000240)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c00a}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0x5421, 0xfffffffefffffffe)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4020ae46, &(0x7f0000000000)=ANY=[@ANYRES32=r0])

30m32.287905278s ago: executing program 6 (id=435):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1f)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x800}}]})
close(r2)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x3, <r7=>0xffffffffffffffff})
write$eventfd(r7, &(0x7f00000001c0)=0xffffff7f, 0xff25)
r8 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x101300, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e5f000/0x3000)=nil, r10, 0x3, 0x13, r8, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_GUEST_MEMFD(r12, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION2(r12, 0x40a0ae49, &(0x7f0000000180)={0x0, 0x4, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000, r13})
close(r12)
close(r13)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
r14 = eventfd2(0x1, 0x0)
write$eventfd(r14, &(0x7f0000000000)=0x8, 0x8)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)

30m23.92886756s ago: executing program 4 (id=436):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40c0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xffffffffffffffff)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000200)={0x1, 0x0, [{0x78, 0x3, 0x1, 0x0, @adapter={0x800, 0x3, 0x0, 0xab, 0xa28}}]})

30m11.061196079s ago: executing program 4 (id=437):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x40)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f00000004c0)={0xdf, 0x0, 0x8000})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x34441, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000080)=@arm64_sys={0x603000000013e641, 0x0})
r10 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f00000000c0)})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r13, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r14 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@smc={0x1e, 0x40, {0x84000053, [0x80000000000, 0x6, 0x5, 0x6f4, 0x1]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_CAP_ARM_MTE(r3, 0x4068aea3, &(0x7f00000001c0))
r15 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r17 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfd000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r17, &(0x7f0000000000)={0x0, &(0x7f0000000540)=[@its_setup={0x82, 0x28, {0x7, 0x0, 0x263}}, @hvc={0x32, 0x40, {0xc4000004, [0x3, 0x2, 0x2fb2, 0x7, 0x1]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x10c}}, @svc={0x122, 0x40, {0x84000009, [0xb70, 0x8001, 0xff, 0x0, 0x58]}}, @eret={0xe6, 0x18, 0x7}], 0xe8}, &(0x7f0000000180)=[@featur1={0x1, 0xe4}], 0x1)
ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)

29m44.668212702s ago: executing program 37 (id=435):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1f)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x800}}]})
close(r2)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x3, <r7=>0xffffffffffffffff})
write$eventfd(r7, &(0x7f00000001c0)=0xffffff7f, 0xff25)
r8 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x101300, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e5f000/0x3000)=nil, r10, 0x3, 0x13, r8, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_GUEST_MEMFD(r12, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION2(r12, 0x40a0ae49, &(0x7f0000000180)={0x0, 0x4, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000, r13})
close(r12)
close(r13)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
r14 = eventfd2(0x1, 0x0)
write$eventfd(r14, &(0x7f0000000000)=0x8, 0x8)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)

29m22.147601069s ago: executing program 38 (id=437):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x40)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f00000004c0)={0xdf, 0x0, 0x8000})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x34441, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000080)=@arm64_sys={0x603000000013e641, 0x0})
r10 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f00000000c0)})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r13, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r14 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@smc={0x1e, 0x40, {0x84000053, [0x80000000000, 0x6, 0x5, 0x6f4, 0x1]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_CAP_ARM_MTE(r3, 0x4068aea3, &(0x7f00000001c0))
r15 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r17 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfd000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r17, &(0x7f0000000000)={0x0, &(0x7f0000000540)=[@its_setup={0x82, 0x28, {0x7, 0x0, 0x263}}, @hvc={0x32, 0x40, {0xc4000004, [0x3, 0x2, 0x2fb2, 0x7, 0x1]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x10c}}, @svc={0x122, 0x40, {0x84000009, [0xb70, 0x8001, 0xff, 0x0, 0x58]}}, @eret={0xe6, 0x18, 0x7}], 0xe8}, &(0x7f0000000180)=[@featur1={0x1, 0xe4}], 0x1)
ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)

21m36.527980423s ago: executing program 7 (id=438):
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$kvm(0xffffff9c, 0x0, 0xa00f2, 0x0)
close(0xffffffffffffffff)
r1 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x0, 0x16831, r0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, 0x0)

21m23.979926883s ago: executing program 8 (id=439):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x7})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x101000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@mrs={0xbe, 0x18, {0x603000000013c006}}], 0x18}, 0x0, 0x0)
munmap(&(0x7f0000ef5000/0x1000)=nil, 0x1000)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0) (async)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x4, 0x220) (async)
syz_kvm_vgic_v3_setup(r7, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

21m18.039177594s ago: executing program 7 (id=440):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3}}], 0x68}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff}) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xef)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) (async)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r6, 0x3, 0x11, r3, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r7, 0xfffffffffffffffe) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r7, 0xffffffffffffffff)

21m5.461797654s ago: executing program 8 (id=441):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000001c0)={0x0, &(0x7f0000000580)=[@msr={0x14, 0x20, {0x603000000013e6c0, 0xd}}, @svc={0x122, 0x40, {0x1, [0x2d, 0x3, 0xf, 0x574e, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x280, 0x7fffffff, 0x9}}, @svc={0x122, 0x40, {0x40000000, [0x6, 0x3, 0x6, 0x6b, 0x6]}}, @msr={0x14, 0x20, {0x603000000013c4d0, 0x6}}, @uexit={0x0, 0x18, 0x2}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x11}}, @msr={0x14, 0x20, {0x603000000013df50, 0xe62d}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0xe4, {"00709f0c40419ad20080b0f2c10180d2020180d2630180d2e40180d2020000d4e01f94d200e0b8f2410080d2820080d2e30080d2240080d2020000d460c084d20060b8f2c10180d2620080d2430180d2640180d2020000d4006d99d20060b8f2210180d2420180d2030080d2640180d2020000d4603b81d20020b8f2e10080d2620080d2030180d2a40180d2020000d4007008d5a0f99ad20000b0f2a10180d2620080d2c30180d2840180d2020000d40038207ee0539dd20080b0f2010180d2c20180d2a30180d2c40080d2020000d4"}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4d9f}}, @svc={0x122, 0x40, {0x40000000, [0x4, 0x2, 0x7b4, 0x3, 0x9]}}, @hvc={0x32, 0x40, {0x84000005, [0xb6, 0x3, 0x401, 0x7d3, 0x3]}}, @smc={0x1e, 0x40, {0x84000006, [0x5, 0x4475, 0x9, 0x9, 0x4]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0xfafa, 0x3}}, @msr={0x14, 0x20, {0x603000000013dce7, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x9}}, @msr={0x14, 0x20, {0x603000000013df70, 0x5}}, @uexit={0x0, 0x18, 0xfffffffeffffffff}, @eret={0xe6, 0x18, 0x4}, @msr={0x14, 0x20, {0x603000000013df7b, 0x2}}, @eret={0xe6, 0x18, 0x7}, @code={0xa, 0x9c, {"0000005300408fd200a0b0f2210080d2820080d2630080d2040180d2020000d400084078a0368fd20060b8f2610080d2e20080d2230180d2440080d2020000d40000251e00804088007008d5a0f09cd20040b0f2e10180d2a20080d2a30180d2a40080d2020000d40078202ec06d89d20080b0f2c10180d2020080d2030180d2440080d2020000d4"}}, @mrs={0xbe, 0x18, {0x6030000000131a02}}], 0x4e0}, &(0x7f0000000240), 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000200)=@arm64_core={0x603000000010004e, &(0x7f0000000100)=0xd})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000540)=[{0x0, 0x0, 0x51c}], 0x1, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x169880, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0x5450, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000000c0)={0x1ff, 0x0, &(0x7f0000fac000/0x4000)=nil})
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x501c2, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
syz_kvm_vgic_v3_setup(r9, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x38)

21m1.037853153s ago: executing program 7 (id=442):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@mrs={0xbe, 0x18, {0x603000000013c520}}], 0x18}, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_GET_REG_LIST(r9, 0xc008aeb0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r12 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x53c, &(0x7f0000000100)=0x5})
ioctl$KVM_CREATE_VM(r12, 0x401c5820, 0x20000006)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x8, <r13=>0xffffffffffffffff, 0x1})
ioctl$KVM_GET_DEVICE_ATTR(r13, 0x4018aee2, 0xffffffffffffffff)
r14 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x2)

20m16.757531817s ago: executing program 39 (id=441):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000001c0)={0x0, &(0x7f0000000580)=[@msr={0x14, 0x20, {0x603000000013e6c0, 0xd}}, @svc={0x122, 0x40, {0x1, [0x2d, 0x3, 0xf, 0x574e, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x280, 0x7fffffff, 0x9}}, @svc={0x122, 0x40, {0x40000000, [0x6, 0x3, 0x6, 0x6b, 0x6]}}, @msr={0x14, 0x20, {0x603000000013c4d0, 0x6}}, @uexit={0x0, 0x18, 0x2}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x11}}, @msr={0x14, 0x20, {0x603000000013df50, 0xe62d}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0xe4, {"00709f0c40419ad20080b0f2c10180d2020180d2630180d2e40180d2020000d4e01f94d200e0b8f2410080d2820080d2e30080d2240080d2020000d460c084d20060b8f2c10180d2620080d2430180d2640180d2020000d4006d99d20060b8f2210180d2420180d2030080d2640180d2020000d4603b81d20020b8f2e10080d2620080d2030180d2a40180d2020000d4007008d5a0f99ad20000b0f2a10180d2620080d2c30180d2840180d2020000d40038207ee0539dd20080b0f2010180d2c20180d2a30180d2c40080d2020000d4"}}, @msr={0x14, 0x20, {0x6030000000138002, 0x4d9f}}, @svc={0x122, 0x40, {0x40000000, [0x4, 0x2, 0x7b4, 0x3, 0x9]}}, @hvc={0x32, 0x40, {0x84000005, [0xb6, 0x3, 0x401, 0x7d3, 0x3]}}, @smc={0x1e, 0x40, {0x84000006, [0x5, 0x4475, 0x9, 0x9, 0x4]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0xfafa, 0x3}}, @msr={0x14, 0x20, {0x603000000013dce7, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x9}}, @msr={0x14, 0x20, {0x603000000013df70, 0x5}}, @uexit={0x0, 0x18, 0xfffffffeffffffff}, @eret={0xe6, 0x18, 0x4}, @msr={0x14, 0x20, {0x603000000013df7b, 0x2}}, @eret={0xe6, 0x18, 0x7}, @code={0xa, 0x9c, {"0000005300408fd200a0b0f2210080d2820080d2630080d2040180d2020000d400084078a0368fd20060b8f2610080d2e20080d2230180d2440080d2020000d40000251e00804088007008d5a0f09cd20040b0f2e10180d2a20080d2a30180d2a40080d2020000d40078202ec06d89d20080b0f2c10180d2020080d2030180d2440080d2020000d4"}}, @mrs={0xbe, 0x18, {0x6030000000131a02}}], 0x4e0}, &(0x7f0000000240), 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000200)=@arm64_core={0x603000000010004e, &(0x7f0000000100)=0xd})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000540)=[{0x0, 0x0, 0x51c}], 0x1, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x169880, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0x5450, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000000c0)={0x1ff, 0x0, &(0x7f0000fac000/0x4000)=nil})
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x501c2, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
syz_kvm_vgic_v3_setup(r9, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x38)

20m8.877630382s ago: executing program 40 (id=442):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@mrs={0xbe, 0x18, {0x603000000013c520}}], 0x18}, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_GET_REG_LIST(r9, 0xc008aeb0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r12 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x53c, &(0x7f0000000100)=0x5})
ioctl$KVM_CREATE_VM(r12, 0x401c5820, 0x20000006)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x8, <r13=>0xffffffffffffffff, 0x1})
ioctl$KVM_GET_DEVICE_ATTR(r13, 0x4018aee2, 0xffffffffffffffff)
r14 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x2)

3m7.250057511s ago: executing program 1 (id=481):
openat$kvm(0x0, &(0x7f0000000000), 0x2000, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x2000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0xc) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xc)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x39d}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0xffffffffffbffffc, 0x180)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2f)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r9, 0x400454d0, 0x0) (async)
ioctl$KVM_CREATE_VM(r9, 0x400454d0, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000240)=[{0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e0000000000000030000000000000000000dddd0080"], 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) (async)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000009, 0x11, r14, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000009, 0x11, r14, 0x0)
syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000040)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, 0x930, 0x5, 0x4f832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, 0x930, 0x5, 0x4f832, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x301081, 0x0)
r15 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000180)={0x8, <r16=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x1000008080000})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0})

3m2.161419647s ago: executing program 9 (id=482):
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x603000000010001e, &(0x7f0000000040)=0x2}) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0)

2m32.857497419s ago: executing program 9 (id=483):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x10000000001, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x0, 0x100000, 0x10000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x180)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xf, 0x2}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x7, 0x1, &(0x7f0000000040)=0x6})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m31.455148455s ago: executing program 1 (id=484):
openat$kvm(0x0, 0x0, 0x0, 0x0)
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000008, [0xfffffffffffffffb, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur2={0x1, 0x83}], 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2b)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r9, 0x4208ae9b, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa2)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, <r12=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x40305829, &(0x7f0000000040)=@attr_arm64={0x0, 0x7, 0x2, &(0x7f00000000c0)=0xfffffffffffffff7})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r13 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000003, [0xa00000000, 0x4, 0x4, 0x9, 0x4d]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r13, 0xae80, 0x0)

2m9.765887544s ago: executing program 9 (id=485):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000080)=[@its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x0, 0xe, 0x3, 0x5, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0x1, 0x40, 0x1ff}}, @irq_setup={0x46, 0x18, {0x4, 0x2ee}}], 0x68}, &(0x7f0000000140)=[@featur2={0x1, 0x2}], 0x1)
mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, r3, 0x1000000, 0x40010, r4, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000300), 0xc0000, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000300), 0xc0000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x4})
syz_kvm_vgic_v3_setup(r6, 0x4, 0x100) (async)
syz_kvm_vgic_v3_setup(r6, 0x4, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x4})
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000004, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000834000/0x3000)=nil, 0x930, 0x100000a, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000834000/0x3000)=nil, 0x930, 0x100000a, 0x8032, 0xffffffffffffffff, 0x0)

2m7.649974722s ago: executing program 1 (id=486):
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x1000006, 0x810, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x8, 0x4, &(0x7f0000000280)=0x4f627b94})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x600041, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x21)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0xffff)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x698800, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x5)
ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000000080)={0xd9, 0x7ff})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4020ae46, &(0x7f0000000000)=ANY=[@ANYRES32=r7])
r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c})
r10 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, r9, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

1m46.988172984s ago: executing program 9 (id=487):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x82001, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x3000007, 0x2012, r0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c17000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x20) (async)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r3, 0xaead) (async)
ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
eventfd2(0x9d, 0x800)

1m42.320297379s ago: executing program 1 (id=488):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000240)={0xdddd1000, 0x1000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000080)={0x1})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f00000001c0)=@attr_other={0x0, 0x0, 0x5, &(0x7f0000000180)=0x4})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x5, 0xffffffffffffffff, 0x1})
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000000, [0x40000099a, 0x5cf, 0xaca, 0x6, 0x1]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000080)})
close(r5)
r9 = openat$kvm(0x0, &(0x7f0000000000), 0x1, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_vgic_v3_setup(r10, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x0, 0x5, 0xffffffffffffffff})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

1m28.878043083s ago: executing program 9 (id=489):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
syz_kvm_vgic_v3_setup(r1, 0x0, 0x0)
close(r1)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2c)
r6 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000001c0)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000000c0)=@x86={0xf4, 0x20, 0x3, 0x0, 0xb5, 0x4, 0x9, 0x0, 0x67, 0x7, 0x7, 0x8, 0x0, 0x1, 0x5, 0x9, 0x5, 0x2, 0x2, '\x00', 0x9, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000340)=@attr_other={0x0, 0x8, 0x128, &(0x7f0000000000)=0xc000000000000000})
r9 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c021, &(0x7f0000000140)=0x9})
ioctl$KVM_CREATE_VM(r3, 0x5460, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r13, 0x80811501, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r12, 0x8040aeb6, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})

1m14.439556959s ago: executing program 1 (id=490):
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000000)={0x1, 0x31})
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000480)={0x0, &(0x7f0000000040)=[@svc={0x122, 0x40, {0x400, [0x6, 0xfffffffffffffff4, 0x80, 0x2, 0x80]}}, @eret={0xe6, 0x18, 0x40}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x4, 0xf, 0x10001, 0x5, 0x3}}, @uexit={0x0, 0x18, 0x8}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x1, 0x0, 0x1, 0x30f, 0x3}}, @msr={0x14, 0x20, {0x603000000013dead, 0x100}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x38}}, @svc={0x122, 0x40, {0x2000, [0x3ff, 0x7, 0x5, 0x3ff, 0x100000001]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x221}}, @uexit={0x0, 0x18, 0x8}, @smc={0x1e, 0x40, {0x4000000, [0x7, 0xbf, 0xfffffffffffffff9, 0x6, 0x101]}}, @hvc={0x32, 0x40, {0x84000000, [0x3, 0x1, 0x0, 0xf9, 0x8]}}, @hvc={0x32, 0x40, {0x8400000e, [0x1, 0x2, 0x0, 0x1000, 0xfffffffffffffff9]}}, @irq_setup={0x46, 0x18, {0x2, 0x276}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x5, 0xffffffff, 0xce4, 0x2}}, @mrs={0xbe, 0x18, {0xc06000000027bd6a}}, @msr={0x14, 0x20, {0x603000000013d801}}, @eret={0xe6, 0x18, 0x2}, @smc={0x1e, 0x40, {0x31000000, [0xffffffff, 0xc7b1, 0xe, 0x4, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013feea}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x2, 0xa, 0x0, 0x6, 0x4}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x37a}}, @smc={0x1e, 0x40, {0x40000017, [0x7f, 0x0, 0x4, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013e2c1}}, @hvc={0x32, 0x40, {0x84000007, [0xfff, 0x7ff, 0x2, 0x0, 0x800]}}], 0x418}, &(0x7f00000004c0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f0000000500)={[0x7, 0x4, 0x7, 0x7, 0x100000001, 0x7fffffffffffffff, 0x7fff, 0x17, 0x401, 0x6, 0x8, 0x81, 0x6, 0xb5e, 0xfffffffffffffffb, 0x9], 0xeeee8000, 0x84005})
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil)
r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000b40)={0x0, &(0x7f00000005c0)=[@uexit={0x0, 0x18, 0x800}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x2, 0x8, 0xf88, 0x101, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013e708}}, @svc={0x122, 0x40, {0x80, [0x0, 0x58d, 0xf, 0x800, 0x2]}}, @irq_setup={0x46, 0x18, {0x2, 0x2}}, @smc={0x1e, 0x40, {0x86000001, [0x6, 0x3, 0x7fff, 0x10001, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x9, 0x10}}, @uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0x6, 0x4, 0x19b}}, @svc={0x122, 0x40, {0x84000010, [0xadf5, 0x100000000, 0x2, 0x200, 0x400]}}, @smc={0x1e, 0x40, {0x31000000, [0xe67b, 0x2, 0x2, 0x9, 0x5]}}, @hvc={0x32, 0x40, {0x84000012, [0x7ff, 0x8, 0x7ff, 0xfffffffffffffff9, 0x4]}}, @smc={0x1e, 0x40, {0xc4000001, [0x1, 0xffff, 0x40, 0x80000000, 0x100000000]}}, @mrs={0xbe, 0x18, {0x603000000013803f}}, @its_setup={0x82, 0x28, {0x0, 0x36, 0x1a9}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x300, 0x1, 0x9}}, @irq_setup={0x46, 0x18, {0x3, 0xb5}}, @code={0xa, 0x6c, {"c0f299d200c0b8f2e10180d2020080d2430180d2c40080d2020000d460e783d20040b8f2a10080d2420080d2430080d2e40180d2020000d400c8b07e007008d50040200e00004079000008d50040641e000028d5000008d5"}}, @mrs={0xbe, 0x18, {0x603000000013f682}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x200, 0xfffffffffffffffe, 0x3}}, @msr={0x14, 0x20, {0x603000000013802e, 0x8}}, @mrs={0xbe, 0x18, {0x603000000013c4ce}}, @smc={0x1e, 0x40, {0x84000007, [0x80000000, 0x6, 0x0, 0xf48f, 0xfffffffffffffffc]}}, @code={0xa, 0x9c, {"a0829fd20040b0f2a10180d2c20080d2a30080d2240180d2020000d4000080f9007008d50000699e00008039003c409380b28ad200a0b8f2c10180d2a20080d2e30080d2e40080d2020000d400b59fd20020b0f2610180d2a20080d2a30180d2840180d2020000d4007684d20060b0f2210180d2c20080d2230180d2e40180d2020000d40068000e"}}, @mrs={0xbe, 0x18, {0x6030000000138037}}, @eret={0xe6, 0x18, 0x6}, @code={0xa, 0x6c, {"007008d5000000f220a28fd200e0b8f2e10180d2420180d2c30080d2c40080d2020000d4000028d5007008d5007008d5000008d500000054401d8dd200e0b0f2410180d2a20080d2030180d2040180d2020000d4001ca00e"}}, @mrs={0xbe, 0x18, {0x603000000013c708}}], 0x564}, &(0x7f0000000b80)=[@featur1={0x1, 0x42}], 0x1)
r3 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x4, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000c00)=@attr_other={0x0, 0x6, 0xe, &(0x7f0000000bc0)=0x7fffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000c80)=@attr_arm64={0x0, 0x1, 0x3, &(0x7f0000000c40)=0x1})
ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, &(0x7f0000000cc0)=0x9)
r4 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000f40)={0x0, &(0x7f0000000d00)=[@code={0xa, 0x9c, {"007008d51f00003160db89d20040b8f2c10180d2820080d2230080d2840180d2020000d4007008d50000591e400b9ed200c0b0f2e10180d2620080d2630180d2440080d2020000d4201d9fd200c0b0f2610080d2820180d2230080d2a40080d2020000d40004005e0060005ea0bb99d20060b0f2410080d2e20180d2030080d2e40080d2020000d4"}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0xa0}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x3, 0x6, 0x4, 0x6, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc00, 0x5, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x1, 0xc, 0x6, 0x2800, 0x1}}, @msr={0x14, 0x20, {0x603000000013deb0, 0x9}}, @msr={0x14, 0x20, {0x603000000013802f, 0x400}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x328}}, @irq_setup={0x46, 0x18, {0x3, 0x2d8}}, @svc={0x122, 0x40, {0x44008053, [0x2, 0x1000, 0x8, 0x3, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x78, 0x9, 0x4}}], 0x234}, &(0x7f0000000f80)=[@featur1={0x1, 0x44}], 0x1)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000001000)=@attr_arm64={0x0, 0x1, 0x5, &(0x7f0000000fc0)=0xeae})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000001080)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000001040)=0x7})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
close(0xffffffffffffffff)
r5 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000001300)={0x0, &(0x7f00000010c0)=[@mrs={0xbe, 0x18, {0xc06000000027ce30}}, @irq_setup={0x46, 0x18, {0x2, 0x184}}, @eret={0xe6, 0x18, 0xcaf5}, @svc={0x122, 0x40, {0x80000001, [0x1, 0x8, 0x6, 0x8000, 0xfff]}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0xba}}, @msr={0x14, 0x20, {0x603000000013e130, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x1, 0x5, 0x6, 0xc7a1}}, @eret={0xe6, 0x18, 0x7f}, @eret={0xe6, 0x18}, @svc={0x122, 0x40, {0xc4000005, [0xb2e, 0x6, 0xfffffffffffff7ee, 0x5, 0xfffffffffffffffb]}}, @msr={0x14, 0x20, {0x603000000013c4cb, 0x5}}, @svc={0x122, 0x40, {0x80007fff, [0x8, 0x8, 0x824, 0xba, 0x7ff]}}, @svc={0x122, 0x40, {0xc4000003, [0x5, 0x8, 0x9, 0x80000000, 0x8]}}, @mrs={0xbe, 0x18, {0x62dc}}], 0x220}, &(0x7f0000001340)=[@featur2], 0x1)
close(r5)
ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000001380)=0x4)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f00000013c0)={0x1, 0x0, &(0x7f0000fa7000/0x2000)=nil})
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000001440)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000001400)=0x400})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000001480)={0x1, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000001500)=@attr_arm64={0x0, 0x6, 0x0, &(0x7f00000014c0)=0x2})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000001540)=@x86={0x6, 0x5, 0x2, 0x0, 0x3d, 0x47, 0x4, 0xc9, 0x7, 0x9, 0x4, 0x40, 0x0, 0x7, 0xce35, 0x0, 0x2, 0x6, 0x3, '\x00', 0x0, 0xb78e})
r7 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x1a0)
ioctl$KVM_HAS_DEVICE_ATTR(r7, 0x4018aee3, &(0x7f00000015c0)=@attr_arm64={0x0, 0x6, 0x0, &(0x7f0000001580)=0x1})
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000001640)=@attr_arm64={0x0, 0x6, 0x0, &(0x7f0000001600)=0x6})
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f00000016c0)=@attr_other={0x0, 0x8d1, 0x6, &(0x7f0000001680)=0x1ff})
r8 = ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece)
ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f0000001700)={0x0, 0x9})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000001780)=@attr_arm64={0x0, 0x6, 0x3, &(0x7f0000001740)=0x9c})

56.950511706s ago: executing program 1 (id=491):
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000100), 0x82802, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bc5000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013dce7}}], 0x18}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r11 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x23)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000040)={0x7, <r14=>0xffffffffffffffff})
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x541b, 0x0)
mmap$KVM_VCPU(&(0x7f0000c31000/0x2000)=nil, 0x0, 0x1000009, 0x10, r10, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)

55.04950743s ago: executing program 9 (id=492):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
close(r3)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0x80087601, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r7, 0xae03, 0xb2)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x34)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
r11 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r10, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x1, 0x100)
r14 = eventfd2(0x8, 0x80800)
ioctl$KVM_IRQFD(r13, 0x4020ae76, &(0x7f00000000c0)={r14, 0x3})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r14, 0x4000008, 0x3, r14})
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0x801c581f, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x31)
r18 = syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r18, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)

8.05771793s ago: executing program 41 (id=491):
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000100), 0x82802, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bc5000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013dce7}}], 0x18}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r11 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x23)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000040)={0x7, <r14=>0xffffffffffffffff})
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x541b, 0x0)
mmap$KVM_VCPU(&(0x7f0000c31000/0x2000)=nil, 0x0, 0x1000009, 0x10, r10, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)

0s ago: executing program 42 (id=492):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
close(r3)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0x80087601, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r7, 0xae03, 0xb2)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x34)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
r11 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r10, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x1, 0x100)
r14 = eventfd2(0x8, 0x80800)
ioctl$KVM_IRQFD(r13, 0x4020ae76, &(0x7f00000000c0)={r14, 0x3})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r14, 0x4000008, 0x3, r14})
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0x801c581f, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x31)
r18 = syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r18, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)

kernel console output (not intermixed with test programs):

[  387.179374][ T3166] 8021q: adding VLAN 0 to HW filter on device bond0
[  439.424919][ T3166] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:25511' (ED25519) to the list of known hosts.
[  600.963132][   T25] audit: type=1400 audit(600.200:61): avc:  denied  { name_bind } for  pid=3319 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  602.004831][   T25] audit: type=1400 audit(601.240:62): avc:  denied  { execute } for  pid=3320 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  602.044534][   T25] audit: type=1400 audit(601.260:63): avc:  denied  { execute_no_trans } for  pid=3320 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  628.201388][   T25] audit: type=1400 audit(627.440:64): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  628.235624][   T25] audit: type=1400 audit(627.470:65): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  628.323780][ T3320] cgroup: Unknown subsys name 'net'
[  628.400473][   T25] audit: type=1400 audit(627.640:66): avc:  denied  { unmount } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  628.878253][ T3320] cgroup: Unknown subsys name 'cpuset'
[  629.000455][ T3320] cgroup: Unknown subsys name 'rlimit'
[  630.001960][   T25] audit: type=1400 audit(629.240:67): avc:  denied  { setattr } for  pid=3320 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  630.021914][   T25] audit: type=1400 audit(629.260:68): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  630.050808][   T25] audit: type=1400 audit(629.280:69): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  631.101419][ T3329] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  631.123344][   T25] audit: type=1400 audit(630.360:70): avc:  denied  { relabelto } for  pid=3329 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  631.152844][   T25] audit: type=1400 audit(630.390:71): avc:  denied  { write } for  pid=3329 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  631.324187][   T25] audit: type=1400 audit(630.560:72): avc:  denied  { read } for  pid=3320 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  631.342518][   T25] audit: type=1400 audit(630.580:73): avc:  denied  { open } for  pid=3320 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  631.392190][ T3320] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  684.617951][   T25] audit: type=1400 audit(683.840:74): avc:  denied  { execmem } for  pid=3330 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  689.085137][   T25] audit: type=1400 audit(688.320:75): avc:  denied  { read } for  pid=3332 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  689.105527][   T25] audit: type=1400 audit(688.340:76): avc:  denied  { open } for  pid=3333 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  689.177555][   T25] audit: type=1400 audit(688.410:77): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  689.464975][   T25] audit: type=1400 audit(688.700:78): avc:  denied  { module_request } for  pid=3333 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  690.449874][   T25] audit: type=1400 audit(689.680:79): avc:  denied  { sys_module } for  pid=3333 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  716.569037][ T3332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  716.804629][ T3332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  716.871276][ T3333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  717.121370][ T3333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  728.803638][ T3332] hsr_slave_0: entered promiscuous mode
[  728.832611][ T3332] hsr_slave_1: entered promiscuous mode
[  729.148186][ T3333] hsr_slave_0: entered promiscuous mode
[  729.181063][ T3333] hsr_slave_1: entered promiscuous mode
[  729.209006][ T3333] debugfs: 'hsr0' already exists in 'hsr'
[  729.213160][ T3333] Cannot create hsr debugfs directory
[  734.988010][   T25] audit: type=1400 audit(734.220:80): avc:  denied  { create } for  pid=3332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  735.023840][   T25] audit: type=1400 audit(734.250:81): avc:  denied  { write } for  pid=3332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  735.097372][   T25] audit: type=1400 audit(734.320:82): avc:  denied  { read } for  pid=3332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  735.260130][ T3332] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  735.592247][ T3332] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  735.898540][ T3332] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  736.267900][ T3332] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  737.662679][ T3333] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  737.832852][ T3333] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  738.044871][ T3333] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  738.231500][ T3333] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  750.661695][ T3332] 8021q: adding VLAN 0 to HW filter on device bond0
[  752.134579][ T3333] 8021q: adding VLAN 0 to HW filter on device bond0
[  804.499705][ T3332] veth0_vlan: entered promiscuous mode
[  805.059274][ T3332] veth1_vlan: entered promiscuous mode
[  806.763906][ T3333] veth0_vlan: entered promiscuous mode
[  807.395395][ T3332] veth0_macvtap: entered promiscuous mode
[  807.528371][ T3333] veth1_vlan: entered promiscuous mode
[  807.843796][ T3332] veth1_macvtap: entered promiscuous mode
[  810.091833][ T3333] veth0_macvtap: entered promiscuous mode
[  810.437607][ T3349] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  810.512707][ T3349] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  810.524079][ T3349] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  810.560756][ T3349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  810.676779][ T3333] veth1_macvtap: entered promiscuous mode
[  812.826893][   T25] audit: type=1400 audit(812.060:83): avc:  denied  { mount } for  pid=3332 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  813.130883][   T25] audit: type=1400 audit(812.360:84): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/syzkaller.BWt4v2/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  813.432061][   T25] audit: type=1400 audit(812.660:85): avc:  denied  { mount } for  pid=3332 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  813.632809][   T21] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  813.647842][   T21] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  813.675403][   T21] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  813.691260][   T21] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  813.748913][   T25] audit: type=1400 audit(812.980:86): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/syzkaller.BWt4v2/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  813.851803][   T25] audit: type=1400 audit(813.070:87): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/syzkaller.BWt4v2/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3790 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  814.419945][   T25] audit: type=1400 audit(813.640:88): avc:  denied  { unmount } for  pid=3332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  814.688682][   T25] audit: type=1400 audit(813.920:89): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  814.907141][   T25] audit: type=1400 audit(814.000:90): avc:  denied  { mount } for  pid=3332 comm="syz-executor" name="/" dev="gadgetfs" ino=3803 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  815.341010][   T25] audit: type=1400 audit(814.560:91): avc:  denied  { mount } for  pid=3332 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  815.394570][   T25] audit: type=1400 audit(814.630:92): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  816.512696][ T3332] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  817.938835][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  817.967402][   T25] audit: type=1400 audit(817.170:94): avc:  denied  { read write } for  pid=3332 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  817.968820][   T25] audit: type=1400 audit(817.190:95): avc:  denied  { open } for  pid=3332 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  818.061630][   T25] audit: type=1400 audit(817.300:96): avc:  denied  { ioctl } for  pid=3332 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  829.598182][   T25] audit: type=1400 audit(828.830:97): avc:  denied  { read } for  pid=3483 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  829.681432][   T25] audit: type=1400 audit(828.920:98): avc:  denied  { open } for  pid=3483 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  830.452067][   T25] audit: type=1400 audit(829.670:99): avc:  denied  { ioctl } for  pid=3483 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  852.757917][   T25] audit: type=1400 audit(851.990:100): avc:  denied  { write } for  pid=3500 comm="syz.1.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  903.781040][   T25] audit: type=1400 audit(902.970:101): avc:  denied  { execute } for  pid=3520 comm="syz.0.13" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4539 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  914.581996][   T25] audit: type=1400 audit(913.810:102): avc:  denied  { append } for  pid=3529 comm="syz.0.15" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  990.298468][   T25] audit: type=1400 audit(989.530:103): avc:  denied  { create } for  pid=3575 comm="syz.1.29" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  992.425290][   T25] audit: type=1400 audit(991.650:104): avc:  denied  { map } for  pid=3575 comm="syz.1.29" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=5291 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  992.452861][   T25] audit: type=1400 audit(991.680:105): avc:  denied  { read } for  pid=3575 comm="syz.1.29" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=5291 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1077.225384][   T25] audit: type=1400 audit(1076.460:106): avc:  denied  { setattr } for  pid=3614 comm="syz.1.41" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1231.124729][ T3696] kvm [3696]: Failed to find VMA for hva 0x20c01000
[ 1333.212460][   T25] audit: type=1400 audit(1332.440:107): avc:  denied  { ioctl } for  pid=3750 comm="syz.0.84" path="net:[4026532625]" dev="nsfs" ino=4026532625 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1362.638996][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1362.694596][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1362.761815][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1362.800446][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1362.853125][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1362.913359][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1362.942507][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.013159][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.070121][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.172274][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.204364][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.338716][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.451376][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.627692][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.652212][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.801978][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.862513][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.933072][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1363.974466][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1364.062590][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c01000
[ 1476.810351][ T3836] KVM: debugfs: duplicate directory 3836-7
[ 1477.134292][ T3836] KVM: debugfs: duplicate directory 3836-7
[ 1494.990779][ T3849] debugfs: 'vgic-its-state@8080000' already exists in '3849-5'
[ 1583.790243][ T3900] kvm [3900]: Failed to find VMA for hva 0x21016000
[ 1593.220192][   T25] audit: type=1400 audit(1592.450:108): avc:  denied  { execute } for  pid=3906 comm="syz.0.129" path=2F36332FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=337 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1871.397805][   T25] audit: type=1400 audit(1870.590:109): avc:  denied  { map } for  pid=4065 comm="syz.1.181" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1961.590378][ T4123] kvm [4123]: Failed to find VMA for hva 0x20dd7000
[ 1992.232951][ T4143] kvm [4143]: Failed to find VMA for hva 0x20de9000
[ 2123.140180][ T4222] kvm [4222]: Failed to find VMA for hva 0x20c01000
[ 2276.870556][   T25] audit: type=1400 audit(2276.080:110): avc:  denied  { execute } for  pid=4324 comm="syz.0.263" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2316.610631][ T4345] kvm [4345]: Failed to find VMA for hva 0x20c01000
[ 2321.207772][ T4347] KVM: debugfs: duplicate directory 4347-17
[ 2387.620530][ T4391] kvm [4391]: Failed to find VMA for hva 0x21016000
[ 2624.504957][ T4465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2624.804666][ T4465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2633.112680][ T4470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2633.389617][ T4470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2654.614398][ T4465] hsr_slave_0: entered promiscuous mode
[ 2654.710974][ T4465] hsr_slave_1: entered promiscuous mode
[ 2654.778331][ T4465] debugfs: 'hsr0' already exists in 'hsr'
[ 2654.790177][ T4465] Cannot create hsr debugfs directory
[ 2662.490384][ T3884] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2663.129443][ T3884] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2663.932981][ T3884] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2664.730477][ T3884] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2665.594966][ T4470] hsr_slave_0: entered promiscuous mode
[ 2665.620369][ T4470] hsr_slave_1: entered promiscuous mode
[ 2665.634606][ T4470] debugfs: 'hsr0' already exists in 'hsr'
[ 2665.651836][ T4470] Cannot create hsr debugfs directory
[ 2676.734958][ T3884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2676.832348][ T3884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2676.905570][ T3884] bond0 (unregistering): Released all slaves
[ 2678.221225][ T3884] hsr_slave_0: left promiscuous mode
[ 2678.339358][ T3884] hsr_slave_1: left promiscuous mode
[ 2678.676589][ T3884] veth1_macvtap: left promiscuous mode
[ 2678.712013][ T3884] veth0_macvtap: left promiscuous mode
[ 2678.723934][ T3884] veth1_vlan: left promiscuous mode
[ 2678.740260][ T3884] veth0_vlan: left promiscuous mode
[ 2696.104855][ T4465] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 2697.098574][ T4465] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 2697.409700][ T4465] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 2698.421574][ T4465] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 2702.639047][ T3884] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2703.754263][ T3884] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2704.714553][ T3884] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2706.183976][ T3884] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2709.328533][ T4470] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2709.625385][ T4470] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2710.539711][ T4470] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2711.568757][ T4470] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2722.922383][ T3884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2723.033001][ T3884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2723.090816][ T3884] bond0 (unregistering): Released all slaves
[ 2724.711933][ T3884] hsr_slave_0: left promiscuous mode
[ 2724.790528][ T3884] hsr_slave_1: left promiscuous mode
[ 2725.283991][ T3884] veth1_macvtap: left promiscuous mode
[ 2725.327673][ T3884] veth0_macvtap: left promiscuous mode
[ 2725.335409][ T3884] veth1_vlan: left promiscuous mode
[ 2725.351003][ T3884] veth0_vlan: left promiscuous mode
[ 2744.502419][ T4465] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2761.681875][ T4470] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2830.908205][ T4465] veth0_vlan: entered promiscuous mode
[ 2831.700286][ T4465] veth1_vlan: entered promiscuous mode
[ 2834.749546][ T4465] veth0_macvtap: entered promiscuous mode
[ 2835.220211][ T4465] veth1_macvtap: entered promiscuous mode
[ 2838.117501][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2838.190587][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2838.208442][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2838.224210][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2850.125027][ T4470] veth0_vlan: entered promiscuous mode
[ 2851.100291][ T4470] veth1_vlan: entered promiscuous mode
[ 2854.590816][ T4470] veth0_macvtap: entered promiscuous mode
[ 2855.042071][ T4470] veth1_macvtap: entered promiscuous mode
[ 2857.987207][ T4303] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2857.988360][ T4303] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2858.011021][ T4641] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2858.071756][ T4641] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2915.442817][ T4303] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2917.730955][ T4303] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2919.744816][ T4303] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2921.264876][ T4303] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2941.773692][ T4303] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2942.127256][ T4303] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2942.339820][ T4303] bond0 (unregistering): Released all slaves
[ 2944.377514][ T4303] hsr_slave_0: left promiscuous mode
[ 2944.459751][ T4303] hsr_slave_1: left promiscuous mode
[ 2945.128160][ T4303] veth1_macvtap: left promiscuous mode
[ 2945.134503][ T4303] veth0_macvtap: left promiscuous mode
[ 2945.179077][ T4303] veth1_vlan: left promiscuous mode
[ 2945.189612][ T4303] veth0_vlan: left promiscuous mode
[ 3032.013579][ T4695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3032.431808][ T4695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3043.941382][ T4712] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3044.261906][ T4712] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3066.095333][ T4695] hsr_slave_0: entered promiscuous mode
[ 3066.274238][ T4695] hsr_slave_1: entered promiscuous mode
[ 3082.365600][ T4712] hsr_slave_0: entered promiscuous mode
[ 3082.453811][ T4712] hsr_slave_1: entered promiscuous mode
[ 3082.507991][ T4712] debugfs: 'hsr0' already exists in 'hsr'
[ 3082.527778][ T4712] Cannot create hsr debugfs directory
[ 3091.498257][ T4695] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 3092.578671][ T4695] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 3093.020195][ T4695] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 3094.004183][ T4695] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 3109.438634][ T4712] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 3111.285497][ T4303] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3111.848498][ T4712] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 3113.014955][ T4303] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3113.574572][ T4712] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 3114.174003][ T4712] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 3115.445488][ T4303] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3117.353392][ T4303] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3140.534102][ T4303] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3140.841962][ T4303] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3141.054003][ T4303] bond0 (unregistering): Released all slaves
[ 3144.137138][ T4303] hsr_slave_0: left promiscuous mode
[ 3144.246946][ T4303] hsr_slave_1: left promiscuous mode
[ 3144.977802][ T4303] veth1_macvtap: left promiscuous mode
[ 3144.979168][ T4303] veth0_macvtap: left promiscuous mode
[ 3144.990260][ T4303] veth1_vlan: left promiscuous mode
[ 3144.998222][ T4303] veth0_vlan: left promiscuous mode
[ 3174.165258][ T4695] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3183.239355][ T4712] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3299.669039][ T4695] veth0_vlan: entered promiscuous mode
[ 3300.667096][ T4695] veth1_vlan: entered promiscuous mode
[ 3304.160129][ T4695] veth0_macvtap: entered promiscuous mode
[ 3304.720500][ T4695] veth1_macvtap: entered promiscuous mode
[ 3309.695492][ T4812] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3309.711430][ T3381] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3309.770111][ T3884] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3309.783642][ T3884] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3310.084533][ T4712] veth0_vlan: entered promiscuous mode
[ 3312.631011][ T4712] veth1_vlan: entered promiscuous mode
[ 3318.270989][ T4712] veth0_macvtap: entered promiscuous mode
[ 3319.320771][ T4712] veth1_macvtap: entered promiscuous mode
[ 3323.139396][ T4511] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3323.210688][ T4718] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3323.231377][ T4718] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3323.244124][ T4718] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3605.769172][ T4641] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3608.189937][ T4641] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3610.538012][ T4641] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3613.127022][ T4641] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3645.457882][ T4641] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3645.857388][ T4641] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3646.080201][ T4641] bond0 (unregistering): Released all slaves
[ 3649.179377][ T4641] hsr_slave_0: left promiscuous mode
[ 3649.387122][ T4641] hsr_slave_1: left promiscuous mode
[ 3650.420120][ T4641] veth1_macvtap: left promiscuous mode
[ 3650.468954][ T4641] veth0_macvtap: left promiscuous mode
[ 3650.481529][ T4641] veth1_vlan: left promiscuous mode
[ 3650.483152][ T4641] veth0_vlan: left promiscuous mode
[ 3757.071504][ T5101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3757.404434][ T5101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3798.998952][ T5101] hsr_slave_0: entered promiscuous mode
[ 3799.104668][ T5101] hsr_slave_1: entered promiscuous mode
[ 3799.278366][ T5101] debugfs: 'hsr0' already exists in 'hsr'
[ 3799.287677][ T5101] Cannot create hsr debugfs directory
[ 3824.085649][ T5101] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 3824.700464][ T5101] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 3825.132852][ T5101] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 3825.761619][ T5101] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 3866.807381][ T5101] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4041.492521][ T5101] veth0_vlan: entered promiscuous mode
[ 4042.920820][ T5101] veth1_vlan: entered promiscuous mode
[ 4047.649511][ T5101] veth0_macvtap: entered promiscuous mode
[ 4048.531306][ T5101] veth1_macvtap: entered promiscuous mode
[ 4053.410159][ T4511] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4053.422922][ T4511] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4053.529748][ T4511] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4053.548443][ T4511] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4746.118605][   T25] audit: type=1400 audit(4745.310:111): avc:  denied  { map } for  pid=5741 comm="syz.6.435" path="pipe:[25256]" dev="pipefs" ino=25256 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 4831.292084][ T5111] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4835.111659][ T5111] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4837.242856][ T5111] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4839.345397][ T5111] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4870.659371][ T5111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4871.341561][ T5111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4871.760680][ T5111] bond0 (unregistering): Released all slaves
[ 4874.951339][ T5111] hsr_slave_0: left promiscuous mode
[ 4875.088900][ T5111] hsr_slave_1: left promiscuous mode
[ 4875.884186][ T5111] veth1_macvtap: left promiscuous mode
[ 4875.939952][ T5111] veth0_macvtap: left promiscuous mode
[ 4875.951249][ T5111] veth1_vlan: left promiscuous mode
[ 4875.952992][ T5111] veth0_vlan: left promiscuous mode
[ 4908.961702][ T5111] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4910.529317][ T5111] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4912.069662][ T5111] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4914.274200][ T5111] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4939.989635][ T5111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4940.234946][ T5111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4940.360654][ T5111] bond0 (unregistering): Released all slaves
[ 4942.639677][ T5111] hsr_slave_0: left promiscuous mode
[ 4942.799982][ T5111] hsr_slave_1: left promiscuous mode
[ 4943.387011][ T5111] veth1_macvtap: left promiscuous mode
[ 4943.390410][ T5111] veth0_macvtap: left promiscuous mode
[ 4943.419453][ T5111] veth1_vlan: left promiscuous mode
[ 4943.428220][ T5111] veth0_vlan: left promiscuous mode
[ 4979.015114][ T5760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4979.390364][ T5760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4987.929967][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4988.301920][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5012.505479][ T5760] hsr_slave_0: entered promiscuous mode
[ 5012.641721][ T5760] hsr_slave_1: entered promiscuous mode
[ 5022.037257][ T5775] hsr_slave_0: entered promiscuous mode
[ 5022.089646][ T5775] hsr_slave_1: entered promiscuous mode
[ 5022.103038][ T5775] debugfs: 'hsr0' already exists in 'hsr'
[ 5022.148103][ T5775] Cannot create hsr debugfs directory
[ 5034.030184][ T5760] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 5034.575169][ T5760] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 5035.698623][ T5760] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 5038.048565][ T5760] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 5048.080121][ T5775] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 5048.673969][ T5775] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 5049.235050][ T5775] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 5049.764012][ T5775] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 5078.124206][ T5760] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5087.022706][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5239.998703][ T5760] veth0_vlan: entered promiscuous mode
[ 5241.363392][ T5760] veth1_vlan: entered promiscuous mode
[ 5245.641603][ T5760] veth0_macvtap: entered promiscuous mode
[ 5246.459589][ T5760] veth1_macvtap: entered promiscuous mode
[ 5251.938462][ T5775] veth0_vlan: entered promiscuous mode
[ 5253.792612][ T4718] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5253.820779][ T4303] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5253.860053][ T4303] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5253.890243][ T5486] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5255.318317][ T5775] veth1_vlan: entered promiscuous mode
[ 5263.260330][ T5775] veth0_macvtap: entered promiscuous mode
[ 5264.321740][ T5775] veth1_macvtap: entered promiscuous mode
[ 5269.181644][ T3349] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5269.188606][ T3349] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5269.313403][ T3349] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5269.333717][ T3349] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5402.010192][ T5931] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5404.862123][ T5931] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5407.937156][ T5931] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5410.502365][ T5931] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5440.245040][ T5931] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5440.553141][ T5931] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5440.724858][ T5931] bond0 (unregistering): Released all slaves
[ 5445.808462][ T5931] hsr_slave_0: left promiscuous mode
[ 5445.983730][ T5931] hsr_slave_1: left promiscuous mode
[ 5447.077992][ T5931] veth1_macvtap: left promiscuous mode
[ 5447.079330][ T5931] veth0_macvtap: left promiscuous mode
[ 5447.098616][ T5931] veth1_vlan: left promiscuous mode
[ 5447.151181][ T5931] veth0_vlan: left promiscuous mode
[ 5500.864051][ T6062] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5502.813035][ T6062] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5504.339153][ T6062] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5506.393635][ T6062] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5537.060563][ T6062] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5537.432593][ T6062] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5537.631679][ T6062] bond0 (unregistering): Released all slaves
[ 5540.868844][ T6062] hsr_slave_0: left promiscuous mode
[ 5540.998344][ T6062] hsr_slave_1: left promiscuous mode
[ 5541.858961][ T6062] veth1_macvtap: left promiscuous mode
[ 5541.860478][ T6062] veth0_macvtap: left promiscuous mode
[ 5541.862855][ T6062] veth1_vlan: left promiscuous mode
[ 5541.864337][ T6062] veth0_vlan: left promiscuous mode
[ 5605.235044][ T6053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5605.679180][ T6053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5612.838137][ T6058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5613.239385][ T6058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5642.513644][ T6053] hsr_slave_0: entered promiscuous mode
[ 5642.661227][ T6053] hsr_slave_1: entered promiscuous mode
[ 5652.712912][ T6058] hsr_slave_0: entered promiscuous mode
[ 5652.850953][ T6058] hsr_slave_1: entered promiscuous mode
[ 5652.919420][ T6058] debugfs: 'hsr0' already exists in 'hsr'
[ 5652.938029][ T6058] Cannot create hsr debugfs directory
[ 5678.432239][ T6053] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 5681.442426][ T6053] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 5683.488882][ T6053] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 5685.981938][ T6053] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 5695.600869][ T6058] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 5696.015506][ T6058] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 5696.653985][ T6058] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 5697.295704][ T6058] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 5725.273470][ T6053] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5737.904230][ T6058] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5883.220553][ T6058] veth0_vlan: entered promiscuous mode
[ 5884.634998][ T6058] veth1_vlan: entered promiscuous mode
[ 5889.404125][ T6058] veth0_macvtap: entered promiscuous mode
[ 5890.529229][ T6058] veth1_macvtap: entered promiscuous mode
[ 5894.802662][ T6283] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5894.808415][ T4511] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5894.809228][ T4511] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5894.809978][ T4511] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5904.614315][ T6053] veth0_vlan: entered promiscuous mode
[ 5906.702322][ T6053] veth1_vlan: entered promiscuous mode
[ 5912.450997][ T6053] veth0_macvtap: entered promiscuous mode
[ 5913.488382][ T6053] veth1_macvtap: entered promiscuous mode
[ 5920.298104][ T4303] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5920.525170][ T5777] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5920.679788][ T5777] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5920.695084][ T5777] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6749.554640][ T6596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6750.277595][ T6596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6758.453056][ T6599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6759.119714][ T6599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6814.483764][ T6596] hsr_slave_0: entered promiscuous mode
[ 6814.635138][ T6596] hsr_slave_1: entered promiscuous mode
[ 6814.849164][ T6596] debugfs: 'hsr0' already exists in 'hsr'
[ 6814.861375][ T6596] Cannot create hsr debugfs directory
[ 6823.273789][ T6599] hsr_slave_0: entered promiscuous mode
[ 6823.492213][ T6599] hsr_slave_1: entered promiscuous mode
[ 6823.545093][ T6599] debugfs: 'hsr0' already exists in 'hsr'
[ 6823.677204][ T6599] Cannot create hsr debugfs directory
[ 6890.481279][ T6596] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 6891.849086][ T6596] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 6893.010445][ T6596] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 6895.949069][ T6596] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 6905.439166][ T6599] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 6906.218850][ T6599] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 6907.117395][ T6599] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 6907.840118][ T6599] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 6958.904404][ T6596] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6965.863803][ T6599] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6976.618434][   T27] INFO: task syz.1.491:6573 blocked for more than 430 seconds.
[ 6976.667456][   T27]       Not tainted syzkaller #0
[ 6976.735169][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 6976.758865][   T27] task:syz.1.491       state:D stack:0     pid:6573  tgid:6573  ppid:6058   task_flags:0x400040 flags:0x00000019
[ 6976.809914][   T27] Call trace:
[ 6976.810604][   T27]  __switch_to+0x584/0xb20 (T)
[ 6976.812707][   T27]  __schedule+0x1eec/0x33a4
[ 6976.813244][   T27]  schedule+0xac/0x27c
[ 6976.813737][   T27]  schedule_timeout+0x5c/0x1e4
[ 6976.814218][   T27]  do_wait_for_common+0x28c/0x444
[ 6976.814704][   T27]  wait_for_completion+0x44/0x5c
[ 6976.815136][   T27]  __synchronize_srcu+0x2a4/0x320
[ 6976.815677][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 6976.969364][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 6976.988926][   T27]  kvm_put_kvm+0x698/0xbe8
[ 6976.989589][   T27]  kvm_vm_release+0x58/0x78
[ 6976.990059][   T27]  __fput+0x4ac/0x980
[ 6976.990540][   T27]  ____fput+0x20/0x58
[ 6976.990992][   T27]  task_work_run+0x1bc/0x254
[ 6976.991438][   T27]  exit_to_user_mode_loop+0xfc/0x178
[ 6976.991884][   T27]  el0_svc+0x170/0x234
[ 6976.992403][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 6976.992884][   T27]  el0t_64_sync+0x198/0x19c
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 6977.111626][   T27] 
[ 6977.111626][   T27] Showing all locks held in the system:
[ 6977.147690][   T27] 3 locks held by kworker/u4:0/12:
[ 6977.181840][   T27] 1 lock held by khungtaskd/27:
[ 6977.182422][   T27]  #0: ffff800087957208 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 6977.184872][   T27] 2 locks held by getty/3195:
[ 6977.185235][   T27]  #0: e1f0000011c328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 6977.334830][   T27]  #1: c0ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 6977.378846][   T27] 2 locks held by syz-executor/3320:
[ 6977.379196][   T27] 2 locks held by kworker/u4:7/4511:
[ 6977.379521][   T27]  #0: 3df000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 6977.381126][   T27]  #1: ffff80008eaa7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 6977.382754][   T27] 3 locks held by kworker/u4:8/5769:
[ 6977.383073][   T27] 2 locks held by kworker/u4:12/5777:
[ 6977.383384][   T27]  #0: 3df000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 6977.384933][   T27]  #1: ffff80008f0b7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 6977.598818][   T27] 3 locks held by kworker/u4:14/5931:
[ 6977.599185][   T27] 2 locks held by kworker/u4:15/6062:
[ 6977.599560][   T27] 3 locks held by kworker/u4:11/6283:
[ 6977.599898][   T27] 2 locks held by syz.9.492/6578:
[ 6977.600233][   T27] 3 locks held by kworker/u4:2/6672:
[ 6977.600595][   T27] 2 locks held by modprobe/6738:
[ 6977.600894][   T27] 3 locks held by dhcpcd-run-hook/6740:
[ 6977.669511][   T27] 
[ 6977.676670][   T27] =============================================
[ 6977.676670][   T27] 
[ 6997.758239][   T27] INFO: task syz.1.491:6573 blocked for more than 451 seconds.
[ 6997.761948][   T27]       Not tainted syzkaller #0
[ 6997.787379][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 6997.788202][   T27] task:syz.1.491       state:D stack:0     pid:6573  tgid:6573  ppid:6058   task_flags:0x400040 flags:0x00000019
[ 6997.789027][   T27] Call trace:
[ 6997.789283][   T27]  __switch_to+0x584/0xb20 (T)
[ 6997.789822][   T27]  __schedule+0x1eec/0x33a4
[ 6997.790266][   T27]  schedule+0xac/0x27c
[ 6997.790743][   T27]  schedule_timeout+0x5c/0x1e4
[ 6997.791226][   T27]  do_wait_for_common+0x28c/0x444
[ 6997.791703][   T27]  wait_for_completion+0x44/0x5c
[ 6997.792179][   T27]  __synchronize_srcu+0x2a4/0x320
[ 6997.792691][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 6997.793160][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 6997.793632][   T27]  kvm_put_kvm+0x698/0xbe8
[ 6997.794035][   T27]  kvm_vm_release+0x58/0x78
[ 6997.794485][   T27]  __fput+0x4ac/0x980
[ 6997.794965][   T27]  ____fput+0x20/0x58
[ 6997.795433][   T27]  task_work_run+0x1bc/0x254
[ 6997.964208][   T27]  exit_to_user_mode_loop+0xfc/0x178
[ 6997.964861][   T27]  el0_svc+0x170/0x234
[ 6997.965380][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 6997.987012][   T27]  el0t_64_sync+0x198/0x19c
[ 6997.987757][   T27] 
[ 6997.987757][   T27] Showing all locks held in the system:
[ 6997.988085][   T27] 3 locks held by kworker/u4:0/12:
[ 6997.988435][   T27] 3 locks held by kworker/u4:1/21:
[ 6997.988758][   T27] 1 lock held by khungtaskd/27:
[ 6997.989039][   T27]  #0: ffff800087957208 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 6997.990839][   T27] 2 locks held by getty/3195:
[ 6997.991156][   T27]  #0: e1f0000011c328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 6997.992903][   T27]  #1: c0ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 6997.994575][   T27] 3 locks held by kworker/u4:3/3381:
[ 6997.994895][   T27] 3 locks held by kworker/u4:4/4303:
[ 6997.995189][   T27] 3 locks held by kworker/u4:9/4641:
[ 6997.995493][   T27] 3 locks held by kworker/u4:10/4718:
[ 6998.148467][   T27] 2 locks held by syz.9.492/6578:
[ 6998.148938][   T27] 1 lock held by syz-executor/6596:
[ 6998.149244][   T27]  #0: ffff8000879585f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x208/0x548
[ 6998.151039][   T27] 1 lock held by syz-executor/6599:
[ 6998.151484][   T27] 
[ 6998.151728][   T27] =============================================
[ 6998.151728][   T27]