last executing test programs:

43m56.940916783s ago: executing program 1 (id=211):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000040)={0xe4, 0x0, 0x1000})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x109a42, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x26)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x5)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r6 = openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REGS(r9, 0x8360ae81, 0x0)
r10 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000040)={0x40, 0x14000, 0x0, 0xffffffffffffffff, 0x9})
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CHECK_EXTENSION_VM(r12, 0xae03, 0xc2)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x400)

43m49.433935803s ago: executing program 0 (id=212):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x7e)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xeeee0000, 0x1000, &(0x7f0000fd1000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000ec2000/0x1000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000100)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000080)})

43m42.669262816s ago: executing program 1 (id=213):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000000180)=0x4)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) (async)
syz_kvm_vgic_v3_setup(r3, 0x3, 0x180)
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x240000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r7, 0x5761, 0x2000001c)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_CHECK_EXTENSION_VM(r9, 0xae03, 0x4000000000009)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x7, 0x7, &(0x7f00000001c0)=0xffffffffffffffff})
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ff1000/0x3000)=nil, 0x0, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0x40086602, 0x110e02ffff)
r10 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@irq_setup={0x46, 0x18, {0xfffffffd, 0x86}}, @msr={0x14, 0x20, {0x603000000013df7f, 0x8000}}], 0x38}, &(0x7f0000000280)=[@featur2={0x1, 0x81}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r12, r13, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)

43m37.076945352s ago: executing program 0 (id=214):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x400000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x3000, 0x1000, &(0x7f0000fdb000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x80100, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_vgic_v3_setup(r1, 0x2, 0xc0)
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x3, 0x4, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r6 = eventfd2(0x2, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000040)={0x1000, 0x2, 0x0, r6})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000d2c000/0x3000)=nil, 0x930, 0x2, 0xb9ee487a86b74fd3, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f00006b1000/0x1000)=nil, 0x0, 0x0, 0x4f832, r2, 0x1000000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
r10 = ioctl$KVM_CREATE_VM(r9, 0x894c, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f00004dc000/0x400000)=nil)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xa5)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x145541, 0x0)

43m24.611904835s ago: executing program 0 (id=215):
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000015c0)={0x5555555555556d7})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013c4f6, 0x3ff}}, @eret={0xe6, 0x18, 0x2}, @irq_setup={0x46, 0x18, {0x1, 0x2b4}}, @mrs={0xbe, 0x18, {0x603000000013df06}}, @msr={0x14, 0x20, {0xa050000000344654, 0x7}}, @eret={0xe6, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x1, 0x153}}, @uexit={0x0, 0x18, 0x5}, @code={0xa, 0xb4, {"0078201e0048214e007008d50008603ca01b9ad20060b8f2810180d2220080d2c30180d2040080d2020000d4000028d580478dd20080b8f2c10080d2420080d2030180d2640080d2020000d4e06f82d200e0b0f2410180d2220080d2430180d2e40180d2020000d4609686d20060b0f2810180d2220180d2a30180d2440180d2020000d4e0a090d20040b8f2010080d2420180d2e30180d2240080d2020000d4"}}, @smc={0x1e, 0x40, {0x1c8007ff9, [0x3ff, 0x9, 0x1, 0x1c000, 0x1]}}], 0x1c4}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_DIRTY_TLB(r2, 0x4010aeaa, &(0x7f0000000140)={0x6, 0x9})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x4)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f00000000c0)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000080)=0x2})
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_SIGNAL_MASK(r5, 0x4004ae8b, &(0x7f0000000580)={0x1000, "486957b20ece1b2553a74b784975f8424b3d771d4f356a5a8ff086e1add0b597368970237e4f0975668ed14559979fdabd93e3a9a98215bd4edcdf634267ace417aca528fffbf52670054ff7ed6c336d9abd5186ea039b927a73fd7f5e1fd280d9b1fefd4c69116495ffffdaa0cb1a5a3019ffc2ead812f29e5bbc35f907feebacf2ae13fe5b0a1ac732d7b6043216684f80ec77b4050c9ac523eb46b902fdfd5a3ebcf9d435fd38ff14ffec810ce29196e33c16a2d46a3288f7b54a9bd7dc32a4872c1850ca26bb4a46740f7361d096de1518f3e70736dd6d9ed9e37c296e35a7efd45cf8acb7c2b5d7796a18a576c5ec72bcc49081e47471a6f9e44533efa844550265eb78e224e9d33cb99408707a6a2c0e1496aba8db4b0caa5e432f8cd144b897edb5ca265792f56e4237a384a8d33847189b002991e6761cd743418f24bbaf38ec3dd789b1d7f2b12968c7e3e1c111dedfaaaa74773e989b8b1dc81439b36323bf5e936fddc8893b2ccf56db297fe7f31dd31ab310a930717c0f50a491febc24850732b32c51e2e29c0cadc4167018f84db15dcc3fc360bd9635823a893b6ecc28bca2c86570147c2f6234df2f3f6f50e5349689f243ae94f36be8e8ffe9164c446492803fdc2f2e7d5a71b0d9dd82741e97f019ac1dc57bc94cfa535899c9a70d7a66b2c8980c8dfb26a8ddcb4f14c90104921fbe127087eb3a07beacf3daf177f290e8821d58e8950c11b5a5a4bafb252c4024ef43014e2c1d2ae01feea927362bdc50b20f728b4fab330cc87c11478d3bc2c38b8f40a4ef9b2e67d1a0149f54b80d19211835bb30e95791bb0cb7aed39ff57a10ed152193a9b0be2b4b18c4edaec5cfc71f8910e501160b60772b8172f4c8eeffcd4e6ae8fd85ed12b2f00a726ddc8f1a9f7b75cb13ae2a6224e265ce071def010830462504b991dbc31541f849a6833c451257aa0268efd4478df5b72c573443d86e94db4e35b5b8e03d6c9c4f46fa1ef2438834bf85431918e9d9361d76841f9a98642784585c5dcb8b957379a20be0dff57c7ffb6262a3d886405c12860177ec835347fd23a6370a0b0e9e3602cb1ed3115c08f71d99548f2ff0944b5cc37079d3a3846ce943592dd1d34bef53fb6f35b711c28dedc1bf35079c0e3d61b9be51e95608781969b3b8516e3f3af284786308aabd9511f353445dd92fd59c818bc811190164d900d5110f1c994c821963e429cfb69c1a2a28575a2d5a9956a11bd4c9e854158ee84f180e18363c1a2080f53c91a28c822dc04afa09a572966d7690bb52b80ca2d3e5115dcfa2a691cec6f3ba5aaeede79b53eda2f5eba2be1ec1d5e19e757316a1a3386a4c544a9c35fdcc139a63312a5e359fd35b3fb60256a34e63bf9884641642d53d6ee068d0a3d6017d3571d4496fcd76c4d946d045e2ce419d8bb10235ec9e11a5aefcfedbeb718b68b3b57bdd53e5a65af14234bff50ecc6705c8f1e01c826adc745427cc9c9fa0a750fdf51dc321dba1ef6a3c09001935b0805dbce1465b88dc141775ef2a51cbdee47cb155e5b8c8825273d259b196e9eaf4e4c553bde62d36d5cbbfbe1f9fe3b1a626131a7ea4900c3548da71715c643256ece07c3918d27f905836e908b08d60199387215664615f9b54f900a6afc19a2b2dd0f354ced5e94fc2b38cb885ab4cec3c109d5ee09dbf316e9820a2bbdc154e035fab12e76bb18fa3b072863d4be5c79f8b7e7618cfbadc411d389b034c37fc98e91f3c1025aa45c81c461df61ec42ed346afc63b243a0b76fd58d1ac0647a2392b662532e3b7bc23ed538227e098478d19f20a332b075cdb54331ec3df204402ea3095332313f640892fdee752559cc44d35f9356b431391cbabeb363804cfd556527b8ead7114680c47e9e00eb2307cbf1e841fe1c838269d766716d51e25e2a0578defc4d62089769d7784a846f3ec025ea74d161ecb2028832f9972873513105674ac766358259cd6e1a71476f4e4daa23c6e1f6f8ecebaf0a85a9ae46892adf0d50eb6cf9fd6477e7909b76b57c13ec346982bae18245f35178196c54e511510736ff0b9597df0b18487e5abcbea1e89d46a41990c28f9518d5a07333adc2e73ce8e27e8f1195b3db9913fded9881a16e0860b2f50b85f89bcadb1717d3b761a94d899f4ddb108cb1ec56661f68f20c7ba13d5d8a25fe10b1557097f0ebba4bb95439d785ba7778930ebd77a84752c496535077f53ad43e0d32d4b12ed20296478cf72da237b616f81edb46d76a41fc520f15386b8e5aeee152a7d9a6333b1abbc96c490c5370289e8f27f88d3a0bff33d3449b51955496bac44ecad0ee5cc1ee011298a73f2edc423cf41c2842a30d378504e65ce952e9def165795d3b0c520fdc44b338604bde44273387e611ae892a99e900843712ff81562f3ab501d14fcaa74cf007ad8e37ed4fb323deb616b94b5047c250234ef620ee9b93b97ac6757a2a7e9d2f1431202021bba20c7c1fe84d82feec33cea1902ec7a2c6b0ba97b6ee4b56f5af10345180e67fa9eae8dd9d4fb3198ca6275d2ab87fbdbb465553b33ae25c4647c53d16749613dd01f99391bd465fd79b978e0138c7d22d4136d9468598bdf4d486ff360d6f2f27ae534cfefa09d0a7e5121d4331b883456a6a20b44f803a810aaa5393016f6c3c5287d25bcdfe89d216b196a204dc813c38abed15527614840f6a3852753fe9988725c1ac6534c553c1c3e9dd9fb5bd41097da7dab6225c163cedbdc187efec8881193cf4a3fde8d845a247b24fa17915e61017275816d75b191b90fa77dbda9e798527bbc49c1929a21a25b121746826751fbb8e0402b68d44b9e0ad009225fae1f714ea3c6c11778a0ab33ba5c9cff23b275b2d3938eff8e998468920ba3e6832c4a6dc2071063887f50385c99a52c48efc49e4d44ebebf248532756326ca6a69f83de0f9df0bed18d76a55fc2509577ac4d0d07a9fb4dee9214b599a4cc5cfb5c2e8374ef65ba2f06a8f9b00e88646fb65b4e64c83991e8305aedf3f981e92be6c769c557cddc4b6f8bb14e881f75d280cc38bbff7c60f9c9e2a39a0c24439739b607368b2ee19bed398358559f1087a99bc19396c62778b87eae1fc6afc84ab5b7a09d9db5ab7a487dcaf243fb992cbbc33f8be0046f52bb5dad64177a9f64ff20f5b0aacb228f07da24bbec6a6bb7cc65715ccd734b058c0f667fe25908079182ce30308e91366a7a3cfae761b8325fe5924c6812f59d7d5e90752d951b603d9a075b72249742ffc97c7df5ff4f36a040461737d710dd6162cf0c58cbe318aa5b585351c011ed2637b5353feca83d5307da81b687c2b0149f78a87a7c705c39aad1e63798be89d9ac17a114d03767a4d89c682a5fbfab334bc00817082612fd903049966004f35e020574eed4364e8021fa18eb1c32589f40f2fbb0c6ef946cbae70c20fdf51972a9f630182ef95605cd1f61c16a7c290be19a594b4719f6bb798b6130a045799a8db1c9a8fb056fecc0fb98a045c5552081aee0e907c1c1a9e0801e737e26da6c267dfb2c2b3d2a23d0761d11f20b18328c0278b986f3dd14e72bc5a923b068442ae862dab669a0e20f2d3055f2f160114692baf8b0e9c9c52e2fd12bf59650c2f8838a8dbef37c62b01089c8e7d529fb0e71fa3b9ee7e7891cfd90d8c9723280bd74e752db333414623b997eb9955c8c3008bf589e9ac8afa2aaa142cd00625b4759d54479a023d1ec7e65753726570d423f2345fa5463b2129ba4788de83efc6ba85aae445116d69bde743582524d47855938e1947bd6d15f319808aaedbfcf459fb54b453d9ce27ac291076dec882e27439afc7429558489420fc67b9a82d10491a8e1afb6d0520ade539bc18875d38880ab4b9226ec36568653667d9134e1d1d036005ed9428de29b7f9ad378efbd0fc18a2070c376e02a06014cf38df951b5e55717ca0d9d79d57ac28bd09c69e6f24aaf11a2011f5782accbe6016c3adddc39d6b591dca48d04ba10d69a4752ad705c9b052c23f29d5860ba54eb76dd0420ca5d64a656b34dfa78cb0424cffe42e73c57405ae3c5b6e3936b2810f0ffd6c82aef2011d1f9ad41ee12b3386b7dc1ebbd876b60dadebdd948f1890c7a26218ac034239531f5a4f829d27c896b49a1cb770126915dfb712fee2f35466f7885fdbb98248ad2cfddace0e720cb5a025f47ed1a31bca17747b460fa2ac6f7c53545c9576b34dcce2e21f16c6e8627cdce920ca9b108c1b460825475b4a0b5e678d9fd6e7f82e0a60d316e717099d63075d4cc80fcf0f345fc75efbc7d90edea99b340d9b819c6c944008cc86cc81c98daec0e309f30c1c8170537aa62d14936f698bcf2aa1711eedf531b4d10ab578cbb8bbc22dd775386850d222e8ffc74b4792b6b89c6435646c3137571ac6004a869069884e357846a9a79bf21eeb58c13292a49160daafbc5d4e414e85e1a7002466982239f0ada9628dc1319084a882e7644764a455fdc3d8ece6211d85e3675359285fbd30a7dba12a289019ceebcec0616b3cadc59c6715eacc86de9caa3fba98dbc1437be528171884d23b5202eb649b91d3294d2df7363c619d531511e050774680f51c0988ee0c9c66afa56c5243976ecbaee021e984f3ff789f706edfd6cd211de03fb58b2063eca771c5e59a576158918c53a8cd6bfbf06f72969191b12dc4e3c4de26e4b52860f5243064bed9c6c94f0e0560113d3f558d36ceb471dbe77430784d003484466a682caa2e0385e8cc2bc81b7b9e068218dbd0107ec32c33ab58bf98aba3771c915c1653a59565d4f5eaf4ef0f5fd3f153b4bf28a1e730673da5ab90fc9524780affaeaca544ede7f4038b57caf689ae2ede9b3509d369ed2df7c7769527a96ee88b7fc4f3b3a9600f0e9a129bdcab58a6d8d266bedfed3426df325bf1e7d54f118f07ddac979c4d47ddd2508b8ffc35f9b015b219eefa2074088926fb19d4dabb7a2e2ab773f8fc7a98ba582b63d860a9c42f366a066f0b177134c4bfe8fc73d6f2cd0677f73fa286b3568d5ca365fe626ea427660b8ed632fbbd467b1d38a20b931bd202e4e61dc33ba712ab09d6c44f37ed96bd41980a91646f9a20a6295276b0c7322d2bff6bbe6c3896577117ab3d7171ba1d3550d2b0dbeac75fdb65657dd0a4deff185e503136ea4c053fe37fd91818a81d334426c80fde00fb90c0377bf9e1c3cc0150bc2668472cbfea8a663cdc0a6415710d99aa21eaf08023475bd107ce5280416610a5ca6bfcdb0158d0b60351700f7a5402e84d3412594584375ac5b42b37f16291d587b9d2084f26168da760aeedc0fe346f71de8009fe1dcd678a34be44f1433195186e86fac3f6bafbc8f011821add215c37d95233dc8df100c3830b052a67ca37b546c12bd5c3c90ab58f673622900b73ca2f4bb573bbfad09dc0b702daa710a95c38db4db1599a3f6ea82db2636c3c9eb857b09b8916732aeedd59e8f0d8f6c630448183a59a18db16313611f3f91089ae9bee2187d50442af3757446496a9644d3f9394bbc755d4e0673660a036134406150130ba5854750d588d56f70a1d65d6053e1238d025b4a2c8a63597f8d4ec9ea557513420f4de59863867ab59c9b5723d569e96b56027a1283d15ac75017965530790521dfa3cdc56f715655f59eded2c43623d46d7ec19ee56126858a0378128a6673cc731163c4415f3cbb8f247ead9997683ac3c9bf2cf3e91aeee61295c8ef3ae9422ef367b9df3d52b7adc2fe64a753edf2534c9d32a31d"})
r8 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bfd000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x2d0})

43m20.195541575s ago: executing program 1 (id=216):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000edf000/0x3000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3c)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bf9000/0x400000)=nil)

43m14.617107076s ago: executing program 1 (id=217):
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b0300000000000000010000005a9610fbff6754ebb2aa7fc869d22627e700", 0x0, 0x48)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4020ae46, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000001000000000000000800"])
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f00000001c0), 0xe80)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x109a42, 0x0)
r4 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xf)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x7)
ioctl$KVM_IOEVENTFD(r7, 0xc0189436, &(0x7f0000000180)={0x0, 0xd000, 0x8, 0xffffffffffffffff, 0x5})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x28)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x25)
r12 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000b9d000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000240)=@arm64_fp={0x60400000001000c8, &(0x7f0000000040)=0x8})
ioctl$KVM_SET_VCPU_EVENTS(r10, 0xc018ae85, 0x0)
ioctl$KVM_IRQFD(r9, 0x4020ae76, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r15, r16, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r16, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x603000000010000c, &(0x7f0000000100)=0xc5c5})
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x4000402)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)

43m10.503241638s ago: executing program 0 (id=218):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x400000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80000001, [0xfffffffffffffde5, 0x3ff, 0x1, 0x4, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r5, 0x1, 0x12, r3, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_GET_DEVICE_ATTR(r12, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0})
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x4, 0xdddd1004, 0x1000, &(0x7f0000c06000/0x1000)=nil})
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138010, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r17, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r13, 0x8, 0x13, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r13, 0x1000001, 0x12, r3, 0x0)

43m0.273299582s ago: executing program 1 (id=219):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0xfffffffa, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r6})
r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r10, 0x2, 0x12, r9, 0x0) (async)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r10, 0x2, 0x12, r9, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r10, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async)
r11 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r10, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a1e000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000240)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
syz_kvm_add_vcpu$arm64(r3, 0x0, 0x0, 0xfffffffffffffe8f) (async)
r12 = syz_kvm_add_vcpu$arm64(r3, 0x0, 0x0, 0xfffffffffffffe8f)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
munmap(&(0x7f0000d8c000/0x2000)=nil, 0x2000)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x376}}, @hvc={0x32, 0x40, {0x80000001, [0x0, 0x6, 0x1, 0x4, 0xbd]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xffe8, 0x80000001, 0xd}}, @irq_setup={0x46, 0x18, {0x4, 0x151}}, @mrs={0xbe, 0x18, {0x603000000013c039}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x1, 0x7, 0xf, 0x7f, 0x2}}, @msr={0x14, 0x20, {0x603000000013da17}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x2, 0x6, 0x41ee, 0x4, 0x4}}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x84000001, [0x8, 0x40, 0x10000, 0x9, 0xffffffff]}}, @svc={0x122, 0x40, {0x40000000, [0x0, 0x9, 0x40000, 0x8, 0x401]}}, @uexit={0x0, 0x18, 0x9}, @smc={0x1e, 0x40, {0xc400000d, [0x7, 0xfffffffffffffffe, 0xb, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xffe8, 0x1, 0xc}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0x4, 0x3, 0x7, 0x4}}], 0x280}, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x376}}, @hvc={0x32, 0x40, {0x80000001, [0x0, 0x6, 0x1, 0x4, 0xbd]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xffe8, 0x80000001, 0xd}}, @irq_setup={0x46, 0x18, {0x4, 0x151}}, @mrs={0xbe, 0x18, {0x603000000013c039}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x1, 0x7, 0xf, 0x7f, 0x2}}, @msr={0x14, 0x20, {0x603000000013da17}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x2, 0x6, 0x41ee, 0x4, 0x4}}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x84000001, [0x8, 0x40, 0x10000, 0x9, 0xffffffff]}}, @svc={0x122, 0x40, {0x40000000, [0x0, 0x9, 0x40000, 0x8, 0x401]}}, @uexit={0x0, 0x18, 0x9}, @smc={0x1e, 0x40, {0xc400000d, [0x7, 0xfffffffffffffffe, 0xb, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xffe8, 0x1, 0xc}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0x4, 0x3, 0x7, 0x4}}], 0x280}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0xffffffffffbffffc, 0x120) (async)
syz_kvm_vgic_v3_setup(r1, 0xffffffffffbffffc, 0x120)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x25)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)

42m56.577134357s ago: executing program 0 (id=220):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000140)=[@mrs={0xbe, 0x18, {0x603000000013e65f}}, @msr={0x14, 0x20, {0x603000000013e091, 0x8d1}}, @eret={0xe6, 0x18, 0x2}, @uexit={0x0, 0x18, 0x5}, @eret={0xe6, 0x18, 0x7fffffff}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x3d1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0xa, 0xa05460ea, 0xc1d}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x0, 0x2, 0x8, 0x8, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x4, 0xc, 0x2, 0x7}}, @svc={0x122, 0x40, {0x80000000, [0x1, 0xfffffffffffffffa, 0x9, 0x1d49, 0x10001]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0xc6}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x3a0}}, @eret={0xe6, 0x18}, @smc={0x1e, 0x40, {0xc4000012, [0x8, 0x1, 0x0, 0x29, 0x1]}}], 0x208}, &(0x7f0000000040)=[@featur2={0x1, 0x9}], 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2b)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000380)=@other={0xfffffffffffffff7, &(0x7f0000000080)=0x1f4})
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x25)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r10, 0x4208ae9b, &(0x7f0000000400)={0x1, 0x0, {[0xfffffffffffffffb, 0x3ff, 0x1000, 0xe26f, 0x3, 0x6, 0x9, 0x0, 0x4, 0x5, 0x7, 0x81, 0x0, 0x7fffffffffffffff, 0x1, 0x2], [0x80000001, 0x8, 0x34f, 0x80000001, 0x8000000000000000, 0xfffffffffffffffb, 0x8, 0x5, 0x7ff, 0x6, 0xa87f, 0x1, 0x5, 0x7fffffffffffffff, 0x9, 0x7fffffff], [0x6, 0x2, 0x3, 0xfff, 0xe7, 0x1, 0x100000001, 0x0, 0x8, 0x3ff, 0x8, 0x401, 0x3, 0x3, 0x100000001], [0xe, 0xffffffffffff37a5, 0x80000000, 0x54435a02, 0x2, 0x2, 0x4, 0xff, 0xa4c, 0x2, 0x400, 0x1, 0xfffffffff14d8e2e, 0x44, 0x400, 0xfffffffffffff2f2]}})
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000040)=@arm64_bitmap={0x6030000000160002, &(0x7f00000000c0)=0x2})
r11 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, 0x930, 0x100000c, 0x4d832, r10, 0x0)

42m47.792025006s ago: executing program 1 (id=221):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0xac)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0x1, 0x0})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x33)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r7, 0x400454d1, 0x110c230020)
mmap$KVM_VCPU(&(0x7f0000c17000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x20)
r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r10, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000980)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r10, 0xaec7)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r14, 0x40000)

42m40.242700373s ago: executing program 0 (id=222):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
close(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r6 = syz_kvm_vgic_v3_setup(r4, 0x3, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x6, 0x4, &(0x7f0000000000)=0x4})
r7 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb4149dd033be3ac2ca5a22332a70000000000000071b14c94a6ab8031d1dfd90f05000000010000521ce16f8f1f449a7a8356733169d22627e70300", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) (async)
close(0xffffffffffffffff) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r4, 0x3, 0xa0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x6, 0x4, &(0x7f0000000000)=0x4}) (async)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb4149dd033be3ac2ca5a22332a70000000000000071b14c94a6ab8031d1dfd90f05000000010000521ce16f8f1f449a7a8356733169d22627e70300", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0) (async)

42m1.930013679s ago: executing program 32 (id=221):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0xac)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0x1, 0x0})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x33)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r7, 0x400454d1, 0x110c230020)
mmap$KVM_VCPU(&(0x7f0000c17000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x20)
r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r10, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000980)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r10, 0xaec7)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r14, 0x40000)

41m53.710383667s ago: executing program 33 (id=222):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
close(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r6 = syz_kvm_vgic_v3_setup(r4, 0x3, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x6, 0x4, &(0x7f0000000000)=0x4})
r7 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb4149dd033be3ac2ca5a22332a70000000000000071b14c94a6ab8031d1dfd90f05000000010000521ce16f8f1f449a7a8356733169d22627e70300", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) (async)
close(0xffffffffffffffff) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r4, 0x3, 0xa0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x6, 0x4, &(0x7f0000000000)=0x4}) (async)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb4149dd033be3ac2ca5a22332a70000000000000071b14c94a6ab8031d1dfd90f05000000010000521ce16f8f1f449a7a8356733169d22627e70300", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0) (async)

27m29.762231537s ago: executing program 3 (id=293):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2c)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100038, &(0x7f0000000000)=0x5})
r12 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
r13 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000040)={0x5})
ioctl$KVM_RUN(r15, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r14, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000000)={0x10002, 0x6, 0x1, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r12, 0xc018aec0, &(0x7f00000000c0)={0x1})
ioctl$KVM_SET_REGS(r3, 0x4360ae82, &(0x7f00000000c0)={[0xa9, 0x2, 0x3, 0x401, 0x1, 0x2, 0xffffffffffff6eab, 0x1, 0x8, 0x9, 0x5, 0x7f, 0x0, 0x4, 0x0, 0x2], 0x10000, 0x40})

27m6.222915438s ago: executing program 3 (id=296):
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0xef)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, 0x0, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
close(r6)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
close(r7)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bde000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@smc={0x1e, 0x40, {0xc4000053, [0x3, 0x4b8, 0x3, 0x3, 0xa]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

26m48.962881432s ago: executing program 2 (id=297):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
write$eventfd(r1, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)

26m48.962693632s ago: executing program 3 (id=298):
mmap$KVM_VCPU(&(0x7f0000f72000/0x1000)=nil, 0x930, 0xc, 0xe832, 0xffffffffffffffff, 0x0)

26m42.49037932s ago: executing program 2 (id=299):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100008, &(0x7f0000000240)=0x2})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100016, &(0x7f0000000100)=0xc5c5})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x4010aeb5, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) (async, rerun: 64)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013e71a}) (async)
r14 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000bfd000/0x400000)=nil)
r15 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
r17 = syz_kvm_setup_syzos_vm$arm64(r16, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r17, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x971fe1cdf56b3eff)

26m41.34934226s ago: executing program 3 (id=300):
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0xfffffffa, 0x80001)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f00000004c0)={0xdf, 0x0, 0x8000})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000080)=[@featur1={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r2})
r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000200)={0x48, 0xdddd1000, 0x0, r10})
close(r10)
close(r9)
r11 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r13, 0x2, 0x12, r12, 0x0)
r14 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r13, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f00009af000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)

26m32.259059938s ago: executing program 2 (id=301):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2)
r3 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
close(r3)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000200)={0x1, 0x0, [{0x78, 0x3, 0x1, 0x0, @adapter={0x800, 0x3, 0x0, 0xab, 0xa28}}]})

26m24.221950684s ago: executing program 2 (id=302):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bc2000/0x400000)=nil) (rerun: 64)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 32)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 32)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0x80111500, 0x20000000)
write$eventfd(r8, &(0x7f0000000000), 0xfffffdef) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
openat$kvm(0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) (async)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x103) (async)
r10 = ioctl$KVM_CREATE_VM(r9, 0x80111500, 0x20000000)
write$eventfd(r10, &(0x7f0000000040), 0x8) (async)
r11 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x4, 0x60) (async, rerun: 32)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x197902, 0x0) (async, rerun: 32)
r12 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013c031, &(0x7f00000001c0)=0x10003}) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r14, 0x1, 0x240)

26m14.594221531s ago: executing program 3 (id=303):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
write$eventfd(r1, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)

26m11.047452763s ago: executing program 2 (id=304):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x90, &(0x7f0000000000)=0x10}) (async)
r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (rerun: 64)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

26m8.261932448s ago: executing program 3 (id=305):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r5 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r4, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2e)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r8, r11, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0xfffe)
r12 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b15000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)

25m59.362024392s ago: executing program 2 (id=306):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x2080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x6, 0x2, &(0x7f0000000080)=0x8}) (async, rerun: 64)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) (rerun: 64)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000140)="38ce8347fc1e86008cfc72bb312c8659dcc9225b48cb5cb00c73b0b30800000073f7f1f493e89c859e17625ad1b19c73a7fd4ce992bfc316bd22ccc646cd69c72800", 0x0, 0x1f) (async)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94) (async, rerun: 64)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r2, 0x4068aea3, &(0x7f0000000000)={0xe4, 0x0, 0x7}) (async, rerun: 64)
r3 = mmap$KVM_VCPU(&(0x7f0000e8b000/0x3000)=nil, 0x0, 0x8, 0x10, 0xffffffffffffffff, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r5, 0x4068aea3, &(0x7f00000000c0)={0xe1, 0x0, 0x8}) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r3, 0x20, &(0x7f0000000200)="7ea5993c469c0d4a26c3f267b43ad6284dca954e840d8dd6", 0x0, 0x18) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r3, 0x20, &(0x7f00000001c0)="1751b0841f3e450fca02aac9cfaed33ca8381c27c7ec72c9", 0x0, 0x18)

25m21.620153479s ago: executing program 34 (id=305):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r5 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r4, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2e)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r8, r11, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0xfffe)
r12 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b15000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)

25m10.161188011s ago: executing program 35 (id=306):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x2080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x6, 0x2, &(0x7f0000000080)=0x8}) (async, rerun: 64)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) (rerun: 64)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000140)="38ce8347fc1e86008cfc72bb312c8659dcc9225b48cb5cb00c73b0b30800000073f7f1f493e89c859e17625ad1b19c73a7fd4ce992bfc316bd22ccc646cd69c72800", 0x0, 0x1f) (async)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94) (async, rerun: 64)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r2, 0x4068aea3, &(0x7f0000000000)={0xe4, 0x0, 0x7}) (async, rerun: 64)
r3 = mmap$KVM_VCPU(&(0x7f0000e8b000/0x3000)=nil, 0x0, 0x8, 0x10, 0xffffffffffffffff, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r5, 0x4068aea3, &(0x7f00000000c0)={0xe1, 0x0, 0x8}) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r3, 0x20, &(0x7f0000000200)="7ea5993c469c0d4a26c3f267b43ad6284dca954e840d8dd6", 0x0, 0x18) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r3, 0x20, &(0x7f00000001c0)="1751b0841f3e450fca02aac9cfaed33ca8381c27c7ec72c9", 0x0, 0x18)

17m28.006948618s ago: executing program 4 (id=307):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x1, 0x800000000008, &(0x7f00000004c0)=0x1})
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000200)=[@uexit={0x0, 0x18, 0xe72}, @smc={0x1e, 0x40, {0x8400000b, [0x10000, 0x80000000, 0xfffffffffffff800, 0x2, 0x6]}}, @svc={0x122, 0x40, {0x84000011, [0x80000001, 0x4, 0x82b, 0xb, 0x2d9]}}, @code={0xa, 0x9c, {"007008d57f2003d5a0338ed200c0b8f2410180d2a20080d2030180d2c40180d2020000d400004039007008d5e0f195d200e0b0f2410180d2c20180d2030180d2240180d2020000d4000028d5800f87d200e0b0f2c10080d2e20080d2430080d2c40080d2020000d440348dd20020b0f2a10080d2c20180d2c30080d2240080d2020000d4007008d5"}}, @svc={0x122, 0x40, {0x32000000, [0x80000001, 0x2, 0x5, 0x7, 0x5]}}, @memwrite={0x6e, 0x30, @generic={0xd000, 0x82d, 0xe7, 0x2}}, @hvc={0x32, 0x40, {0x84000006, [0x4, 0x5, 0x1000, 0x0, 0x7]}}, @uexit={0x0, 0x18, 0x1a}, @smc={0x1e, 0x40, {0x1000, [0x0, 0x6, 0x2, 0x9, 0x3]}}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x1, 0xe, 0xfffffffc, 0x9, 0x3}}, @smc={0x1e, 0x40, {0x84000052, [0x7, 0x401, 0x1, 0x3, 0x6]}}, @uexit={0x0, 0x18, 0x7}, @code={0xa, 0xb4, {"40e29ad20060b8f2c10080d2820180d2430080d2a40080d2020000d4802a98d20040b8f2c10180d2820080d2630180d2a40180d2020000d4007008d50000649e008008d580b180d200a0b0f2210080d2620180d2430180d2e40080d2020000d4801688d20060b0f2410180d2420180d2230180d2040180d2020000d480eb8fd200a0b0f2410080d2020080d2030180d2840180d2020000d40080202e000008d5"}}, @eret={0xe6, 0x18, 0xa90}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0x1, 0x0, 0x6, 0x2}}, @memwrite={0x6e, 0x30, @generic={0x2000, 0x4cd, 0x1, 0x3}}], 0x3f8}, &(0x7f00000000c0)=[@featur2={0x1, 0x36}], 0x1)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
write$eventfd(r8, &(0x7f00000001c0)=0x1, 0x11)
r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r10 = syz_kvm_vgic_v3_setup(r9, 0x1, 0x40)
r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x29)
r12 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3f, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0xffffffff, 0x4, 0x0})
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r13, 0xae03, 0xe3)

17m18.111343419s ago: executing program 5 (id=308):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x36) (async, rerun: 64)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = eventfd2(0x7, 0x1)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x0, 0x1000, 0x2, r3, 0x8})
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f00000001c0)={0x8, 0xfffe1000, 0x0, r3, 0xa}) (async)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x20101, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) (async, rerun: 32)
r13 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) (async, rerun: 32)
r14 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x401]}}], 0x6b}, 0x0, 0x0) (async, rerun: 64)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04) (rerun: 64)
mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r16, 0x2000003, 0x11, r15, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0x0, 0x5, 0x4, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f0000000000)={0x9, 0x4}) (async)
ioctl$KVM_RUN(r17, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

17m3.181805525s ago: executing program 4 (id=309):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
write$eventfd(r1, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)

16m59.213695236s ago: executing program 5 (id=310):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r2, 0x1})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001340)={0x100, 0x80a0000, 0x2, r2})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x9, 0x0, 0x0, r2, 0xf})

16m50.684875281s ago: executing program 4 (id=311):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010001c, &(0x7f0000000000)=0x3ff})
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100030, &(0x7f0000000000)=0x3ff})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0xf4, 0x0)

16m44.660723974s ago: executing program 5 (id=312):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0xf3)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000100)="fb0149dd033be3ac2cc4a29ea6af8031d1dfd900080001000000315f9731c10d097fd66f8f1f44f9ffffffffffffffebb207000000000000000000002a2900", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x10, r2, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)

16m29.911037487s ago: executing program 4 (id=313):
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101240, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@mrs={0xbe, 0x18, {0x603000000013c298}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

16m28.262161505s ago: executing program 5 (id=314):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000200)={0x6, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r5, 0x400454d0, 0x2d)
r6 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004c, 0x0})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x10001, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000000000)=@attr_arm64={0x0, 0x8, 0x4, 0x0})
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xd)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xc5000020, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x9)
syz_kvm_setup_cpu$arm64(r11, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil)
r18 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000240)={0x0, &(0x7f00000003c0)}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r17, 0x1, 0x100)
ioctl$KVM_RUN(r18, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100030, &(0x7f0000000000)=0x3ff})

16m14.919274062s ago: executing program 4 (id=315):
r0 = eventfd2(0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x0, 0x1000004, 0x11, r0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0x894c, 0x1b)
ioctl$KVM_CREATE_VCPU(r7, 0x8004b709, 0x80002)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r10, 0xaec7)
r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f00000001c0)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_GET_DEVICE_ATTR(r13, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x8, &(0x7f0000000080)=0x2e09})
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r14, 0x2000000, 0x14012, r4, 0x0)

15m40.214155458s ago: executing program 36 (id=314):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000200)={0x6, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r5, 0x400454d0, 0x2d)
r6 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004c, 0x0})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x10001, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000000000)=@attr_arm64={0x0, 0x8, 0x4, 0x0})
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xd)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xc5000020, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x9)
syz_kvm_setup_cpu$arm64(r11, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil)
r18 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000240)={0x0, &(0x7f00000003c0)}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r17, 0x1, 0x100)
ioctl$KVM_RUN(r18, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100030, &(0x7f0000000000)=0x3ff})

15m23.917111234s ago: executing program 37 (id=315):
r0 = eventfd2(0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x0, 0x1000004, 0x11, r0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0x894c, 0x1b)
ioctl$KVM_CREATE_VCPU(r7, 0x8004b709, 0x80002)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r10, 0xaec7)
r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f00000001c0)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_GET_DEVICE_ATTR(r13, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x8, &(0x7f0000000080)=0x2e09})
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r14, 0x2000000, 0x14012, r4, 0x0)

3m21.657012375s ago: executing program 6 (id=335):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0xc4180, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000100)={0x0, 0x5000, 0x0, 0xffffffffffffffff, 0xc})
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x9)

2m56.38136617s ago: executing program 6 (id=337):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x6243, 0x1}}], 0x30}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r3, 0x4208ae9b, &(0x7f0000000280)={0x10000, 0x0, {[0xccf, 0x8000000000000001, 0x6, 0x19e, 0x6, 0x7f, 0x8000000000000001, 0x3, 0xffffffffffffff80, 0x10001, 0x9, 0x3, 0x0, 0x9, 0x3, 0x4], [0x5, 0x7, 0x7, 0xfff, 0xcff4, 0xf6, 0x9, 0x8b, 0xe73, 0x3, 0x1, 0x100000000, 0x9, 0x7, 0x8, 0x80000001], [0xa293, 0x3, 0x6, 0x6, 0x5, 0xffffffffffffffff, 0x6, 0x1, 0x3, 0x4, 0x6, 0xfffffffffffffff8, 0x4, 0x9a, 0xffffffff00000001, 0xd587], [0x401, 0x8, 0x0, 0x172, 0x4, 0x6, 0x8001, 0x6, 0x40, 0x8, 0x6, 0x6, 0x9, 0x0, 0xfffffffffffffffb, 0x1]}})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m49.403172332s ago: executing program 7 (id=338):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 32)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x58) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2e)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, 0x0}) (async)
r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0) (async)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r9, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0) (async, rerun: 32)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r0) (async)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0xa) (async)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f0000000140))
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r11, 0x40a0ae49, &(0x7f0000000040)={0x1fd, 0x2, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x1ff}) (async)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000139823, 0x3}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)

2m36.486868995s ago: executing program 6 (id=339):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x3)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x1, 0x1000, 0x2000, &(0x7f0000c5f000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x2710, 0x1, 0x10000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (rerun: 64)

2m17.057233974s ago: executing program 7 (id=340):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
eventfd2(0x9, 0x800)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
syz_kvm_vgic_v3_setup(r6, 0x2, 0x0)
close(r6)
r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000340)=[@uexit={0x0, 0x18, 0x1f95}, @svc={0x122, 0x40, {0x100, [0x9, 0x7030, 0x3, 0x5, 0x3]}}, @code={0xa, 0x6c, {"008008d50044207e0000809a007008d5006c200e007c001b20ec99d20040b8f2810180d2e20180d2230180d2240180d2020000d4a0a19dd20080b0f2810180d2620080d2630080d2640080d2020000d40820601e000008d5"}}], 0xc4}, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
r10 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r9, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x202, 0x2, 0x1, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x13, r2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc0602, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
close(0x5)

2m15.05215949s ago: executing program 6 (id=341):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f00000e1000/0x400000)=nil)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_vgic_v3_setup(r4, 0x3, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x3, 0x0, &(0x7f0000000100)=0x101})
close(r1)

1m48.456605525s ago: executing program 6 (id=342):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000008c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0x34c7, 0xa}}, @mrs={0xbe, 0x18, {0x603000000013da21}}, @mrs={0xbe, 0x18, {0x603000000013c029}}, @irq_setup={0x46, 0x18, {0x80000003, 0x34c}}, @code={0xa, 0x6c, {"007008d5002cc09a0080001fe0918fd20060b0f2010080d2a20180d2230180d2240180d2020000d460f393d20080b0f2610180d2c20180d2e30180d2e40080d2020000d4000028d50024c09a00d8215e0000003a1f0020ab"}}, @hvc={0x32, 0x40, {0xc4000010, [0x1, 0x7fffffffffffffff, 0xa, 0x8, 0x2]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x3c8}}, @its_setup={0x82, 0x28, {0x2003, 0x3, 0x3b6}}, @svc={0x122, 0x40, {0x200, [0x0, 0x3, 0xbdf, 0xffffffffffffffff, 0x200]}}, @code={0xa, 0x9c, {"0070200ec06583d200c0b8f2a10080d2a20080d2830080d2440180d2020000d4203594d20020b8f2410180d2220080d2630080d2040180d2020000d4007008d50060005e80758ed20020b0f2c10180d2420080d2830080d2c40080d2020000d4000008d500a4800d000028d5801c94d200e0b0f2610080d2220080d2630180d2640180d2020000d4"}}, @uexit={0x0, 0x18, 0x3}, @msr={0x14, 0x20, {0x603000000013e200, 0x2}}, @irq_setup={0x46, 0x18, {0x2, 0x1d9}}, @smc={0x1e, 0x40, {0x0, [0x6, 0x0, 0x5, 0x3, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013e6cf}}, @hvc={0x32, 0x40, {0x10, [0x4bc5, 0x800, 0x0, 0x2, 0xfffffffffffffff8]}}], 0x338}, &(0x7f00000000c0)=[@featur2], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, r0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r2, 0x4000004, 0x4f833, 0xffffffffffffffff, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
syz_kvm_vgic_v3_setup(r5, 0x5, 0x1c0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000080)=0x11}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff, 0x1}}) (async)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) (async)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000140)={0x4, <r14=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r14, 0x400454d1, 0x110c230020) (async)
syz_kvm_vgic_v3_setup(r11, 0x2, 0x100)
ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x40100, 0x0)

1m48.192730791s ago: executing program 7 (id=343):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000240)=@arm64_bitmap={0x6030000000160002, &(0x7f00000000c0)=0x3})
r7 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r8, 0x8040ae9f, 0xffffffffffffffff)
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r9, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0x80000002, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r1, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000001c0)=[@smc={0x1e, 0x40, {0x1000000, [0x3ff, 0x0, 0x8000000000000000, 0x80000000]}}, @eret={0xe6, 0x18}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x339}}, @hvc={0x32, 0x40, {0x84000007, [0x0, 0x40, 0x7, 0x2e, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x1}}, @memwrite={0x6e, 0x30, @generic={0x4, 0x706, 0x6, 0x1}}, @code={0xa, 0x84, {"006a90d200a0b0f2a10080d2c20180d2e30180d2a40080d2020000d400a0000c007008d50000202b208296d20040b8f2c10080d2820180d2630080d2040080d2020000d4007008d5007008d5000028d50000002a801296d200a0b0f2e10080d2c20180d2630080d2e40180d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013e72a, 0x1}}, @code={0xa, 0x84, {"805497d20060b8f2810080d2620080d2630180d2a40180d2020000d40000004a802990d20020b8f2610180d2a20080d2a30080d2e40080d2020000d40004002f00b793d20040b8f2610180d2c20180d2830080d2040180d2020000d4007008d500c0e00d007008d5000028d5000028d5"}}], 0x248}], 0x1, 0x0, &(0x7f0000000040)=[@featur2={0x1, 0x96}], 0x1)

1m29.588823485s ago: executing program 6 (id=344):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x17)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x2710, 0x3, 0x8080000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000002c0)={0x0, &(0x7f0000000040)=[@irq_setup={0x46, 0x18, {0x3, 0x27}}, @uexit={0x0, 0x18, 0x81}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1200, 0x80000000, 0x2}}, @hvc={0x32, 0x40, {0x8400000d, [0x3, 0x5, 0x2a, 0xe9, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013da28}}, @eret={0xe6, 0x18, 0x5f}, @eret={0xe6, 0x18, 0x2}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x31f}}, @smc={0x1e, 0x40, {0xa400fffd, [0xc7, 0x6, 0x80000000, 0x8, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013df40}}, @hvc={0x32, 0x40, {0x8400000f, [0x2, 0x4, 0x5, 0xf2, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xffd0, 0x9, 0x4}}, @code={0xa, 0x84, {"008008d5000028d5008008d50068000e40bd82d200e0b0f2e10180d2820180d2e30080d2040180d2020000d400000072007008d580469ed200e0b8f2610180d2420080d2230180d2840080d2020000d480d099d20020b8f2c10180d2220180d2a30080d2840080d2020000d4007008d5"}}], 0x25c}, &(0x7f0000000300)=[@featur1={0x1, 0xe2}], 0x1)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000340)={0xffffffff, 0x1})
r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000380)={0x4, 0xffffffffffffff3a})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x40a00, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x23)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r0, 0x4068aea3, &(0x7f0000000400))
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f0000000480)={0x10004, 0x6, 0xeeee8000, 0x2000, &(0x7f0000f9f000/0x2000)=nil, 0xffffffff, r2})
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x34)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r6, 0x4068aea3, &(0x7f0000000540))
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f00000005c0)={0xdf, 0x0, 0x10000})
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000007c0)={0x0, &(0x7f0000000640)=[@irq_setup={0x46, 0x18, {0x3, 0x114}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x1df}}, @hvc={0x32, 0x40, {0x80003fff, [0xe, 0x3, 0x3, 0x1, 0xa59]}}, @mrs={0xbe, 0x18, {0x603000000013df7f}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x2, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x4, 0x9, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013801f}}, @smc={0x1e, 0x40, {0xc4000001, [0x3d, 0xffffffffffff0001, 0x1, 0x0, 0x10]}}], 0x150}, &(0x7f0000000800)=[@featur1={0x1, 0x61}], 0x1)
ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000840)={0x8000000, 0xf7ff1004, 0x0, 0x1, 0x1})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_GET_API_VERSION(r3, 0xae00, 0x0)
r7 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000880)={0x1000, 0x16000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f00000008c0)={0x8080000, 0x14000, 0x1})
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2c)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000900)={0x2, 0x0, [{0x86, 0x5, 0x0, 0x0, @irqchip={0x2, 0xe}}, {0x0, 0x3, 0x0, 0x0, @msi={0x0, 0xa, 0x5, 0xf7}}]})
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000980)={0x9, 0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@svc={0x122, 0x40, {0x84000011, [0x4, 0x1ff, 0x9, 0x2, 0x3]}}, @svc={0x122, 0x40, {0xc4000004, [0x1c93, 0x3ff, 0x2, 0x7, 0x234f]}}, @irq_setup={0x46, 0x18, {0x4, 0x28a}}, @irq_setup={0x46, 0x18, {0x1, 0x31}}, @msr={0x14, 0x20, {0x603000000013deab, 0x8}}, @msr={0x14, 0x20, {0x603000000013def0, 0xfc4}}, @msr={0x14, 0x20, {0x603000000013e641, 0xe1}}, @eret={0xe6, 0x18, 0x7}, @eret={0xe6, 0x18, 0x7}, @uexit={0x0, 0x18, 0x9}, @svc={0x122, 0x40, {0x80003fff, [0x3, 0x3902, 0x6, 0xe3, 0x5]}}], 0x198}, &(0x7f0000000bc0)=[@featur2={0x1, 0xc3}], 0x1)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r7, 0x4018aee3, &(0x7f0000000c40)=@attr_other={0x0, 0x3, 0x15, &(0x7f0000000c00)=0x7c})
ioctl$KVM_CAP_DIRTY_LOG_RING(r8, 0x4068aea3, &(0x7f0000000c80)={0xc0, 0x0, 0x8000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f0000000d00)={0xdf, 0x0, 0xe000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1m20.901842931s ago: executing program 7 (id=345):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_REGS(r0, 0x8360ae81, &(0x7f0000000000))
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r1, 0x1000000, 0x10, r0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c0, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000100)={0x9, [0xffffffffffffff1a, 0x8, 0x0, 0x9, 0x4, 0x3, 0x1, 0x0, 0x7]})
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000580)={0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0x80, [0x80000001, 0x6, 0x9, 0x9, 0x9]}}, @msr={0x14, 0x20, {0x603000000013df57, 0x8}}, @irq_setup={0x46, 0x18, {0x2, 0x1d3}}, @smc={0x1e, 0x40, {0x8400000e, [0xe, 0x1, 0xd, 0x0, 0x80000001]}}, @uexit={0x0, 0x18, 0x9aa8}, @uexit={0x0, 0x18, 0x4}, @svc={0x122, 0x40, {0x5000000, [0x3, 0x7, 0x1, 0x401, 0x9]}}, @uexit={0x0, 0x18, 0x1c000000000000}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xd00, 0x70f, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x9, 0xa}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0x8, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0xb, 0x9, 0x6, 0x1}}, @code={0xa, 0xb4, {"007008d5000000f8003c0013c0289cd200e0b0f2a10080d2220080d2230180d2040080d2020000d400a892d20000b0f2610180d2c20080d2630080d2440080d2020000d4e0a580d200c0b8f2610080d2020180d2630080d2640080d2020000d4000c40fc20c793d200e0b0f2a10080d2820180d2430180d2c40180d2020000d400c0231ea07791d20020b8f2210180d2c20080d2c30180d2e40080d2020000d4"}}, @uexit={0x0, 0x18, 0x4}, @hvc={0x32, 0x40, {0xc4000012, [0x8, 0x0, 0x0, 0x4, 0x2000000000000]}}, @msr={0x14, 0x20, {0x6030000000138016, 0x9}}, @irq_setup={0x46, 0x18, {0x2, 0x32e}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x9, 0x8, 0x4}}, @smc={0x1e, 0x40, {0x3f000000, [0x1, 0x9, 0x6, 0x2, 0x9]}}, @smc={0x1e, 0x40, {0xc4000053, [0x1, 0x9, 0x4, 0x5, 0xe]}}], 0x3e4}, &(0x7f00000005c0)=[@featur1={0x1, 0x2}], 0x1)
r4 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece)
close(r3)
r5 = ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000640)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000600)=0x7ff})
mmap$KVM_VCPU(&(0x7f0000ea1000/0x2000)=nil, r1, 0xa, 0x8010, r3, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000680)=@arm64={0x1, 0x0, 0x8c, '\x00', 0x1})
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000700)=@other={0x5ec8, &(0x7f00000006c0)=0x200})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000780)=@attr_other={0x0, 0x8, 0x1, &(0x7f0000000740)=0x8001})
openat$kvm(0xffffffffffffff9c, &(0x7f00000007c0), 0x18341, 0x0)
mmap$KVM_VCPU(&(0x7f0000fc4000/0x3000)=nil, r1, 0x8, 0x11, r0, 0x0)
munmap(&(0x7f0000ea8000/0x4000)=nil, 0x4000)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000800)={0xb, 0xffffffffffffffff, 0x1})
syz_kvm_setup_cpu$arm64(r4, r4, &(0x7f0000be3000/0x400000)=nil, &(0x7f0000000b00)=[{0x0, &(0x7f0000000840)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xd00, 0x25e, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x2, 0xd, 0x8, 0x97, 0x3}}, @irq_setup={0x46, 0x18, {0x0, 0x57}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x1, 0x4, 0x2, 0x3, 0x3}}, @msr={0x14, 0x20, {0x603000000013c2a9, 0x80000000}}, @code={0xa, 0x6c, {"0028216e007008d500009f0d0000581e0000679e0040651e20589ad200c0b0f2a10180d2e20080d2430180d2240180d2020000d4a0f098d200e0b0f2610080d2220180d2a30080d2c40180d2020000d4000028d50030200e"}}, @msr={0x14, 0x20, {0x603000000013def1, 0x4}}, @hvc={0x32, 0x40, {0x80008000, [0x8000000000000000, 0xdad1, 0x4, 0x8, 0x1]}}, @smc={0x1e, 0x40, {0xc400000d, [0x7, 0xfffffffffffffff7, 0x2b02, 0x2, 0x8]}}, @hvc={0x32, 0x40, {0xc4000053, [0xff47, 0x6, 0xff, 0x1, 0x4]}}, @code={0xa, 0x9c, {"000008d50000299ec08393d200c0b8f2c10080d2e20180d2830080d2a40080d2020000d4000028d5a0818fd20080b0f2010180d2820180d2e30180d2c40180d2020000d4204982d20020b8f2810080d2620180d2e30180d2a40080d2020000d4000028d5000c205e007008d5806a9dd20060b8f2e10180d2c20180d2630180d2840180d2020000d4"}}], 0x2a0}], 0x1, 0x0, &(0x7f0000000b40)=[@featur2], 0x1)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_GET_STATS_FD_cpu(r3, 0xaece)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_INTERRUPT(r4, 0x4004ae86, &(0x7f0000000b80)=0x8)
ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000bc0)=0xfff)

1m3.486988307s ago: executing program 7 (id=346):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x483e2, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x100000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x4, 0x10000, 0x2000, &(0x7f0000de7000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r2, 0xc, 0x20010, r1, 0x20000000)

49.433191435s ago: executing program 7 (id=347):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r11 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_kvm_setup_cpu$arm64(r1, r11, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f0000000c40)=ANY=[], 0x318}], 0x1, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0x2}], 0x1)

39.832718089s ago: executing program 38 (id=344):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x17)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x2710, 0x3, 0x8080000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000002c0)={0x0, &(0x7f0000000040)=[@irq_setup={0x46, 0x18, {0x3, 0x27}}, @uexit={0x0, 0x18, 0x81}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1200, 0x80000000, 0x2}}, @hvc={0x32, 0x40, {0x8400000d, [0x3, 0x5, 0x2a, 0xe9, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013da28}}, @eret={0xe6, 0x18, 0x5f}, @eret={0xe6, 0x18, 0x2}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x31f}}, @smc={0x1e, 0x40, {0xa400fffd, [0xc7, 0x6, 0x80000000, 0x8, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013df40}}, @hvc={0x32, 0x40, {0x8400000f, [0x2, 0x4, 0x5, 0xf2, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xffd0, 0x9, 0x4}}, @code={0xa, 0x84, {"008008d5000028d5008008d50068000e40bd82d200e0b0f2e10180d2820180d2e30080d2040180d2020000d400000072007008d580469ed200e0b8f2610180d2420080d2230180d2840080d2020000d480d099d20020b8f2c10180d2220180d2a30080d2840080d2020000d4007008d5"}}], 0x25c}, &(0x7f0000000300)=[@featur1={0x1, 0xe2}], 0x1)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000340)={0xffffffff, 0x1})
r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000380)={0x4, 0xffffffffffffff3a})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x40a00, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x23)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r0, 0x4068aea3, &(0x7f0000000400))
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f0000000480)={0x10004, 0x6, 0xeeee8000, 0x2000, &(0x7f0000f9f000/0x2000)=nil, 0xffffffff, r2})
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x34)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r6, 0x4068aea3, &(0x7f0000000540))
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f00000005c0)={0xdf, 0x0, 0x10000})
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000007c0)={0x0, &(0x7f0000000640)=[@irq_setup={0x46, 0x18, {0x3, 0x114}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x1df}}, @hvc={0x32, 0x40, {0x80003fff, [0xe, 0x3, 0x3, 0x1, 0xa59]}}, @mrs={0xbe, 0x18, {0x603000000013df7f}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x2, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x4, 0x9, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013801f}}, @smc={0x1e, 0x40, {0xc4000001, [0x3d, 0xffffffffffff0001, 0x1, 0x0, 0x10]}}], 0x150}, &(0x7f0000000800)=[@featur1={0x1, 0x61}], 0x1)
ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000840)={0x8000000, 0xf7ff1004, 0x0, 0x1, 0x1})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_GET_API_VERSION(r3, 0xae00, 0x0)
r7 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000880)={0x1000, 0x16000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f00000008c0)={0x8080000, 0x14000, 0x1})
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2c)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000900)={0x2, 0x0, [{0x86, 0x5, 0x0, 0x0, @irqchip={0x2, 0xe}}, {0x0, 0x3, 0x0, 0x0, @msi={0x0, 0xa, 0x5, 0xf7}}]})
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000980)={0x9, 0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@svc={0x122, 0x40, {0x84000011, [0x4, 0x1ff, 0x9, 0x2, 0x3]}}, @svc={0x122, 0x40, {0xc4000004, [0x1c93, 0x3ff, 0x2, 0x7, 0x234f]}}, @irq_setup={0x46, 0x18, {0x4, 0x28a}}, @irq_setup={0x46, 0x18, {0x1, 0x31}}, @msr={0x14, 0x20, {0x603000000013deab, 0x8}}, @msr={0x14, 0x20, {0x603000000013def0, 0xfc4}}, @msr={0x14, 0x20, {0x603000000013e641, 0xe1}}, @eret={0xe6, 0x18, 0x7}, @eret={0xe6, 0x18, 0x7}, @uexit={0x0, 0x18, 0x9}, @svc={0x122, 0x40, {0x80003fff, [0x3, 0x3902, 0x6, 0xe3, 0x5]}}], 0x198}, &(0x7f0000000bc0)=[@featur2={0x1, 0xc3}], 0x1)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r7, 0x4018aee3, &(0x7f0000000c40)=@attr_other={0x0, 0x3, 0x15, &(0x7f0000000c00)=0x7c})
ioctl$KVM_CAP_DIRTY_LOG_RING(r8, 0x4068aea3, &(0x7f0000000c80)={0xc0, 0x0, 0x8000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f0000000d00)={0xdf, 0x0, 0xe000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

0s ago: executing program 39 (id=347):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r11 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_kvm_setup_cpu$arm64(r1, r11, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f0000000c40)=ANY=[], 0x318}], 0x1, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0x2}], 0x1)

kernel console output (not intermixed with test programs):

[  467.799886][ T3166] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:37328' (ED25519) to the list of known hosts.
[  665.147460][   T25] audit: type=1400 audit(664.280:61): avc:  denied  { name_bind } for  pid=3325 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  666.079748][   T25] audit: type=1400 audit(665.220:62): avc:  denied  { execute } for  pid=3326 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  666.107809][   T25] audit: type=1400 audit(665.240:63): avc:  denied  { execute_no_trans } for  pid=3326 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  688.381166][   T25] audit: type=1400 audit(687.520:64): avc:  denied  { mounton } for  pid=3326 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  688.425407][   T25] audit: type=1400 audit(687.560:65): avc:  denied  { mount } for  pid=3326 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  688.517083][ T3326] cgroup: Unknown subsys name 'net'
[  688.599331][   T25] audit: type=1400 audit(687.740:66): avc:  denied  { unmount } for  pid=3326 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  689.116376][ T3326] cgroup: Unknown subsys name 'cpuset'
[  689.256248][ T3326] cgroup: Unknown subsys name 'rlimit'
[  690.310673][   T25] audit: type=1400 audit(689.450:67): avc:  denied  { setattr } for  pid=3326 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  690.339790][   T25] audit: type=1400 audit(689.470:68): avc:  denied  { mounton } for  pid=3326 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  690.357025][   T25] audit: type=1400 audit(689.500:69): avc:  denied  { mount } for  pid=3326 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  691.460107][ T3330] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  691.480071][   T25] audit: type=1400 audit(690.620:70): avc:  denied  { relabelto } for  pid=3330 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  691.507464][   T25] audit: type=1400 audit(690.650:71): avc:  denied  { write } for  pid=3330 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  691.707631][   T25] audit: type=1400 audit(690.850:72): avc:  denied  { read } for  pid=3326 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  691.728858][   T25] audit: type=1400 audit(690.860:73): avc:  denied  { open } for  pid=3326 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  691.779062][ T3326] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  747.866495][   T25] audit: type=1400 audit(746.980:74): avc:  denied  { execmem } for  pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  752.706506][   T25] audit: type=1400 audit(751.850:75): avc:  denied  { read } for  pid=3333 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  752.748671][   T25] audit: type=1400 audit(751.890:76): avc:  denied  { open } for  pid=3334 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  752.818465][   T25] audit: type=1400 audit(751.940:77): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  753.107256][   T25] audit: type=1400 audit(752.250:78): avc:  denied  { module_request } for  pid=3334 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  754.135196][   T25] audit: type=1400 audit(753.270:79): avc:  denied  { sys_module } for  pid=3333 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  782.596362][ T3333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  782.786439][ T3333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  784.476685][ T3334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  784.644339][ T3334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  795.948893][ T3333] hsr_slave_0: entered promiscuous mode
[  795.981324][ T3333] hsr_slave_1: entered promiscuous mode
[  797.427859][ T3334] hsr_slave_0: entered promiscuous mode
[  797.459093][ T3334] hsr_slave_1: entered promiscuous mode
[  797.498643][ T3334] debugfs: 'hsr0' already exists in 'hsr'
[  797.504718][ T3334] Cannot create hsr debugfs directory
[  803.174669][   T25] audit: type=1400 audit(802.310:80): avc:  denied  { create } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  803.235643][   T25] audit: type=1400 audit(802.360:81): avc:  denied  { write } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  803.305366][   T25] audit: type=1400 audit(802.410:82): avc:  denied  { read } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  803.444460][ T3333] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  803.776197][ T3333] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  804.066261][ T3333] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  804.620949][ T3333] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  806.381433][ T3334] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  806.585163][ T3334] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  806.755299][ T3334] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  806.920079][ T3334] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  820.019916][ T3333] 8021q: adding VLAN 0 to HW filter on device bond0
[  822.677559][ T3334] 8021q: adding VLAN 0 to HW filter on device bond0
[  886.198516][ T3333] veth0_vlan: entered promiscuous mode
[  886.874975][ T3333] veth1_vlan: entered promiscuous mode
[  889.520651][ T3334] veth0_vlan: entered promiscuous mode
[  890.556042][ T3333] veth0_macvtap: entered promiscuous mode
[  890.987307][ T3334] veth1_vlan: entered promiscuous mode
[  891.356353][ T3333] veth1_macvtap: entered promiscuous mode
[  894.873180][ T3334] veth0_macvtap: entered promiscuous mode
[  895.229405][ T3378] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  895.312458][ T3378] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  895.333701][ T3378] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  895.398720][ T3353] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  895.777423][ T3334] veth1_macvtap: entered promiscuous mode
[  899.283967][   T25] audit: type=1400 audit(898.370:83): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  899.568791][   T25] audit: type=1400 audit(898.710:84): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzkaller.VQG0PJ/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  899.874868][   T25] audit: type=1400 audit(899.010:85): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  899.969632][ T3406] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  899.980087][ T3406] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  900.023149][ T3406] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  900.044103][ T3406] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  900.615021][   T25] audit: type=1400 audit(899.640:86): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzkaller.VQG0PJ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  900.895339][   T25] audit: type=1400 audit(899.940:87): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzkaller.VQG0PJ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3793 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  902.020175][   T25] audit: type=1400 audit(901.160:88): avc:  denied  { unmount } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  902.518010][   T25] audit: type=1400 audit(901.510:89): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  902.673988][   T25] audit: type=1400 audit(901.810:90): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="gadgetfs" ino=3804 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  903.145501][   T25] audit: type=1400 audit(902.220:91): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  903.331093][   T25] audit: type=1400 audit(902.470:92): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  904.990513][ T3333] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  907.119753][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  907.139783][   T25] audit: type=1400 audit(906.070:94): avc:  denied  { read write } for  pid=3333 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  907.150097][   T25] audit: type=1400 audit(906.250:95): avc:  denied  { open } for  pid=3333 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  907.203217][   T25] audit: type=1400 audit(906.340:96): avc:  denied  { ioctl } for  pid=3333 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  916.214477][   T25] audit: type=1400 audit(915.350:97): avc:  denied  { read } for  pid=3491 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  916.265977][   T25] audit: type=1400 audit(915.400:98): avc:  denied  { open } for  pid=3491 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  917.127571][   T25] audit: type=1400 audit(916.250:99): avc:  denied  { ioctl } for  pid=3491 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  918.904270][   T25] audit: type=1400 audit(918.030:100): avc:  denied  { write } for  pid=3493 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  921.367292][   T25] audit: type=1400 audit(920.510:101): avc:  denied  { create } for  pid=3493 comm="syz.1.2" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  929.397903][   T25] audit: type=1400 audit(928.510:102): avc:  denied  { map } for  pid=3499 comm="syz.1.3" path="pipe:[2799]" dev="pipefs" ino=2799 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  947.838759][   T25] audit: type=1400 audit(946.970:103): avc:  denied  { append } for  pid=3514 comm="syz.1.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1005.930992][   T25] audit: type=1400 audit(1005.070:104): avc:  denied  { execute } for  pid=3548 comm="syz.1.17" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4680 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1112.287455][ T3607] KVM: debugfs: duplicate directory 3607-9
[ 1112.644194][ T3607] KVM: debugfs: duplicate directory 3607-9
[ 1202.513360][   T25] audit: type=1400 audit(1201.620:105): avc:  denied  { ioctl } for  pid=3656 comm="syz.1.47" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0x5839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1252.287651][   T25] audit: type=1400 audit(1251.420:106): avc:  denied  { setattr } for  pid=3683 comm="syz.1.57" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1372.204787][   T25] audit: type=1400 audit(1371.340:107): avc:  denied  { map } for  pid=3761 comm="syz.0.77" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1372.264625][   T25] audit: type=1400 audit(1371.380:108): avc:  denied  { execute } for  pid=3761 comm="syz.0.77" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1518.976143][   T25] audit: type=1400 audit(1518.110:109): avc:  denied  { map } for  pid=3843 comm="syz.1.99" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=9393 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1519.069722][   T25] audit: type=1400 audit(1518.170:110): avc:  denied  { read } for  pid=3843 comm="syz.1.99" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=9393 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1802.663097][   T25] audit: type=1400 audit(1801.770:111): avc:  denied  { ioctl } for  pid=3983 comm="syz.0.142" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=11470 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1829.561082][ T3996] KVM: debugfs: duplicate directory 3996-12
[ 1829.961138][ T3996] KVM: debugfs: duplicate directory 3996-12
[ 2046.113753][ T4126] FAULT_INJECTION: forcing a failure.
[ 2046.113753][ T4126] name failslab, interval 1, probability 0, space 0, times 1
[ 2046.139311][ T4126] CPU: 0 UID: 0 PID: 4126 Comm: syz.1.190 Not tainted syzkaller #0 PREEMPT 
[ 2046.139984][ T4126] Hardware name: linux,dummy-virt (DT)
[ 2046.140487][ T4126] Call trace:
[ 2046.140898][ T4126]  show_stack+0x2c/0x3c (C)
[ 2046.144679][ T4126]  __dump_stack+0x30/0x40
[ 2046.144971][ T4126]  dump_stack_lvl+0xd8/0x12c
[ 2046.145214][ T4126]  dump_stack+0x1c/0x28
[ 2046.145440][ T4126]  should_fail_ex+0x570/0x6e0
[ 2046.145696][ T4126]  should_failslab+0xb8/0xec
[ 2046.145929][ T4126]  __kmalloc_noprof+0xdc/0x668
[ 2046.146271][ T4126]  tomoyo_realpath_from_path+0xdc/0x628
[ 2046.146659][ T4126]  tomoyo_path_number_perm+0x13c/0x33c
[ 2046.146972][ T4126]  tomoyo_file_ioctl+0x2c/0x3c
[ 2046.147226][ T4126]  security_file_ioctl+0xe8/0x2f0
[ 2046.147482][ T4126]  __arm64_sys_ioctl+0xd0/0x244
[ 2046.147727][ T4126]  invoke_syscall+0x90/0x238
[ 2046.148058][ T4126]  el0_svc_common+0x180/0x2f4
[ 2046.148392][ T4126]  do_el0_svc+0x58/0x74
[ 2046.148704][ T4126]  el0_svc+0x5c/0x234
[ 2046.149033][ T4126]  el0t_64_sync_handler+0x84/0x12c
[ 2046.149373][ T4126]  el0t_64_sync+0x198/0x19c
[ 2046.322963][ T4126] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2092.336158][ T4148] kvm [4148]: Failed to find VMA for hva 0x20c01000
[ 2359.004112][   T21] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2360.308965][   T21] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2361.800173][   T21] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2363.441119][   T21] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2373.137072][ T4231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2380.644290][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2380.844160][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2381.020313][   T21] bond0 (unregistering): Released all slaves
[ 2381.546073][ T4231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2382.354697][   T21] hsr_slave_0: left promiscuous mode
[ 2382.409099][   T21] hsr_slave_1: left promiscuous mode
[ 2382.858488][   T21] veth1_macvtap: left promiscuous mode
[ 2382.883711][   T21] veth0_macvtap: left promiscuous mode
[ 2382.888586][   T21] veth1_vlan: left promiscuous mode
[ 2382.909710][   T21] veth0_vlan: left promiscuous mode
[ 2401.339381][ T4238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2401.846519][ T4238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2406.608771][   T21] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2408.124141][   T21] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2409.730456][   T21] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2411.317194][   T21] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2428.444769][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2428.567895][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2428.647236][   T21] bond0 (unregistering): Released all slaves
[ 2430.063983][   T21] hsr_slave_0: left promiscuous mode
[ 2430.364670][   T21] hsr_slave_1: left promiscuous mode
[ 2431.054369][   T21] veth1_macvtap: left promiscuous mode
[ 2431.058122][   T21] veth0_macvtap: left promiscuous mode
[ 2431.088479][   T21] veth1_vlan: left promiscuous mode
[ 2431.113933][   T21] veth0_vlan: left promiscuous mode
[ 2447.029698][ T4231] hsr_slave_0: entered promiscuous mode
[ 2447.147261][ T4231] hsr_slave_1: entered promiscuous mode
[ 2451.933435][ T4238] hsr_slave_0: entered promiscuous mode
[ 2451.970420][ T4238] hsr_slave_1: entered promiscuous mode
[ 2452.008090][ T4238] debugfs: 'hsr0' already exists in 'hsr'
[ 2452.014487][ T4238] Cannot create hsr debugfs directory
[ 2466.168054][ T4231] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 2466.720913][ T4231] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 2467.254852][ T4231] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 2467.906469][ T4231] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 2473.669401][ T4238] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2474.193973][ T4238] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2474.666515][ T4238] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2475.114678][ T4238] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2494.450343][ T4231] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2500.059417][ T4238] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2592.159267][ T4231] veth0_vlan: entered promiscuous mode
[ 2593.135355][ T4231] veth1_vlan: entered promiscuous mode
[ 2596.515836][ T4231] veth0_macvtap: entered promiscuous mode
[ 2597.229808][ T4231] veth1_macvtap: entered promiscuous mode
[ 2600.364184][ T4238] veth0_vlan: entered promiscuous mode
[ 2602.589542][ T4238] veth1_vlan: entered promiscuous mode
[ 2603.213978][ T3426] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2603.218473][ T3426] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2603.236706][ T3426] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2603.479649][ T3378] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2608.052773][   T25] audit: type=1400 audit(2607.090:112): avc:  denied  { mounton } for  pid=4231 comm="syz-executor" path="/syzkaller.Qp6OGX/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 2609.409418][ T4238] veth0_macvtap: entered promiscuous mode
[ 2610.594751][ T4238] veth1_macvtap: entered promiscuous mode
[ 2613.751348][ T4267] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2613.767976][ T3426] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2613.770972][ T3426] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2613.857263][ T3353] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3388.194609][ T4843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3388.568457][ T4843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3399.779498][ T4848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3400.130824][ T4848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3419.048383][ T4843] hsr_slave_0: entered promiscuous mode
[ 3419.147498][ T4843] hsr_slave_1: entered promiscuous mode
[ 3419.253493][ T4843] debugfs: 'hsr0' already exists in 'hsr'
[ 3419.262989][ T4843] Cannot create hsr debugfs directory
[ 3434.987928][ T4848] hsr_slave_0: entered promiscuous mode
[ 3435.118430][ T4848] hsr_slave_1: entered promiscuous mode
[ 3435.204210][ T4848] debugfs: 'hsr0' already exists in 'hsr'
[ 3435.207339][ T4848] Cannot create hsr debugfs directory
[ 3448.143584][ T4843] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 3448.999602][ T4843] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 3449.844264][ T4843] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 3450.493487][ T4843] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 3461.641306][ T4848] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 3462.243470][ T4848] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 3462.753157][ T4848] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 3463.304770][ T4848] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 3487.706632][ T4843] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3499.858279][ T4848] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3569.506876][ T3378] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3571.668972][ T3378] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3573.657443][ T3378] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3575.625176][ T3378] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3601.178772][ T3378] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3601.595466][ T3378] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3601.794274][ T3378] bond0 (unregistering): Released all slaves
[ 3606.329598][ T3378] hsr_slave_0: left promiscuous mode
[ 3606.739893][ T3378] hsr_slave_1: left promiscuous mode
[ 3607.682284][ T3378] veth1_macvtap: left promiscuous mode
[ 3607.743356][ T3378] veth0_macvtap: left promiscuous mode
[ 3607.794634][ T3378] veth1_vlan: left promiscuous mode
[ 3607.827970][ T3378] veth0_vlan: left promiscuous mode
[ 3643.979397][ T3378] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3645.829337][ T3378] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3647.285063][ T3378] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3648.959243][ T3378] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3674.795943][ T3378] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3675.384918][ T3378] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3675.613762][ T3378] bond0 (unregistering): Released all slaves
[ 3678.402496][ T3378] hsr_slave_0: left promiscuous mode
[ 3678.631263][ T3378] hsr_slave_1: left promiscuous mode
[ 3679.390748][ T3378] veth1_macvtap: left promiscuous mode
[ 3679.456473][ T3378] veth0_macvtap: left promiscuous mode
[ 3679.461403][ T3378] veth1_vlan: left promiscuous mode
[ 3679.474196][ T3378] veth0_vlan: left promiscuous mode
[ 3744.817112][ T4843] veth0_vlan: entered promiscuous mode
[ 3746.178919][ T4843] veth1_vlan: entered promiscuous mode
[ 3749.790984][ T4843] veth0_macvtap: entered promiscuous mode
[ 3750.555767][ T4843] veth1_macvtap: entered promiscuous mode
[ 3755.989847][ T4848] veth0_vlan: entered promiscuous mode
[ 3756.474382][ T3426] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3756.488445][ T3426] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3756.499178][ T3426] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3756.528611][ T3426] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3758.505548][ T4848] veth1_vlan: entered promiscuous mode
[ 3763.716334][ T4848] veth0_macvtap: entered promiscuous mode
[ 3764.497865][ T4848] veth1_macvtap: entered promiscuous mode
[ 3768.168491][ T3693] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3768.327679][ T4850] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3768.348295][ T4850] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3768.445838][ T3353] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3927.347179][ T3378] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3929.600914][ T3378] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3931.787418][ T3378] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3933.791090][ T3378] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3956.739148][ T3378] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3956.896931][ T3378] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3957.007519][ T3378] bond0 (unregistering): Released all slaves
[ 3960.706808][ T3378] hsr_slave_0: left promiscuous mode
[ 3960.873492][ T3378] hsr_slave_1: left promiscuous mode
[ 3961.596524][ T3378] veth1_macvtap: left promiscuous mode
[ 3961.618884][ T3378] veth0_macvtap: left promiscuous mode
[ 3961.657975][ T3378] veth1_vlan: left promiscuous mode
[ 3961.659887][ T3378] veth0_vlan: left promiscuous mode
[ 3999.635964][ T3378] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4001.106725][ T3378] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4002.967693][ T3378] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4004.614334][ T3378] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4032.499892][ T3378] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4032.770622][ T3378] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4032.930151][ T3378] bond0 (unregistering): Released all slaves
[ 4036.049104][ T3378] hsr_slave_0: left promiscuous mode
[ 4036.223527][ T3378] hsr_slave_1: left promiscuous mode
[ 4036.988179][ T3378] veth1_macvtap: left promiscuous mode
[ 4037.013304][ T3378] veth0_macvtap: left promiscuous mode
[ 4037.045292][ T3378] veth1_vlan: left promiscuous mode
[ 4037.075617][ T3378] veth0_vlan: left promiscuous mode
[ 4083.934389][ T5097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4084.258079][ T5107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4084.456858][ T5097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4085.219064][ T5107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4118.016585][ T5097] hsr_slave_0: entered promiscuous mode
[ 4118.107891][ T5097] hsr_slave_1: entered promiscuous mode
[ 4120.473099][ T5107] hsr_slave_0: entered promiscuous mode
[ 4120.566990][ T5107] hsr_slave_1: entered promiscuous mode
[ 4120.643809][ T5107] debugfs: 'hsr0' already exists in 'hsr'
[ 4120.656656][ T5107] Cannot create hsr debugfs directory
[ 4138.990603][ T5097] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 4139.848274][ T5097] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 4140.628172][ T5097] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 4141.684122][ T5097] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 4149.641241][ T5107] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 4150.219186][ T5107] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 4150.912991][ T5107] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 4151.724898][ T5107] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 4186.257793][ T5097] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4192.949971][ T5107] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4362.057659][ T5097] veth0_vlan: entered promiscuous mode
[ 4363.590001][ T5097] veth1_vlan: entered promiscuous mode
[ 4369.300079][ T5097] veth0_macvtap: entered promiscuous mode
[ 4370.834358][ T5097] veth1_macvtap: entered promiscuous mode
[ 4371.356262][ T5107] veth0_vlan: entered promiscuous mode
[ 4374.036237][ T5107] veth1_vlan: entered promiscuous mode
[ 4377.822715][ T5254] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4377.829933][ T5254] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4378.028413][ T5254] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4378.194704][ T5254] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4382.650926][ T5107] veth0_macvtap: entered promiscuous mode
[ 4384.539892][ T5107] veth1_macvtap: entered promiscuous mode
[ 4391.610615][ T4850] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4391.677298][ T5254] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4391.766356][ T5254] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4391.778521][ T5254] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4949.798548][ T5512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4950.451127][ T5512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4996.128179][ T5527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4996.897851][ T5527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5016.073166][ T5512] hsr_slave_0: entered promiscuous mode
[ 5016.237630][ T5512] hsr_slave_1: entered promiscuous mode
[ 5016.449851][ T5512] debugfs: 'hsr0' already exists in 'hsr'
[ 5016.472730][ T5512] Cannot create hsr debugfs directory
[ 5056.726273][ T5512] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 5057.577205][ T5512] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 5060.033634][ T5512] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 5061.054456][ T5512] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 5068.390833][ T5527] hsr_slave_0: entered promiscuous mode
[ 5068.550848][ T5527] hsr_slave_1: entered promiscuous mode
[ 5068.765678][ T5527] debugfs: 'hsr0' already exists in 'hsr'
[ 5068.798226][ T5527] Cannot create hsr debugfs directory
[ 5110.918774][ T5527] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 5112.016238][ T5527] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 5113.064772][ T5527] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 5114.074204][ T5527] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 5131.603480][ T5512] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5180.756766][ T5527] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5214.164425][   T27] INFO: task syz.7.347:5502 blocked for more than 430 seconds.
[ 5214.179225][   T27]       Not tainted syzkaller #0
[ 5214.248605][   T27]       Blocked by coredump.
[ 5214.254892][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 5214.255599][   T27] task:syz.7.347       state:D stack:0     pid:5502  tgid:5500  ppid:5107   task_flags:0x40044c flags:0x00000018
[ 5214.256848][   T27] Call trace:
[ 5214.257297][   T27]  __switch_to+0x584/0xb20 (T)
[ 5214.257912][   T27]  __schedule+0x1eec/0x33a4
[ 5214.258438][   T27]  schedule+0xac/0x27c
[ 5214.258953][   T27]  schedule_timeout+0x5c/0x1e4
[ 5214.259516][   T27]  do_wait_for_common+0x28c/0x444
[ 5214.260011][   T27]  wait_for_completion+0x44/0x5c
[ 5214.260525][   T27]  __synchronize_srcu+0x2a4/0x320
[ 5214.261051][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 5214.445849][   T27]  __mmu_notifier_release+0x424/0x614
[ 5214.471083][   T27]  exit_mmap+0xbc/0xbbc
[ 5214.494071][   T27]  __mmput+0x10c/0x530
[ 5214.494812][   T27]  mmput+0x70/0xac
[ 5214.495393][   T27]  exit_mm+0x158/0x258
[ 5214.495890][   T27]  do_exit+0x788/0x2378
[ 5214.496409][   T27]  do_group_exit+0x1d4/0x2ac
[ 5214.496898][   T27]  get_signal+0x1440/0x1554
[ 5214.497447][   T27]  arch_do_signal_or_restart+0x23c/0x4d98
[ 5214.497988][   T27]  exit_to_user_mode_loop+0x7c/0x178
[ 5214.498479][   T27]  el0_svc+0x170/0x234
[ 5214.499049][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 5214.499593][   T27]  el0t_64_sync+0x198/0x19c
[ 5214.501059][   T27] 
[ 5214.501059][   T27] Showing all locks held in the system:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5214.693511][   T27] 1 lock held by khungtaskd/27:
[ 5214.694308][   T27]  #0: ffff800087957208 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 5214.697135][   T27] 2 locks held by getty/3196:
[ 5214.697537][   T27]  #0: 7bf00000120328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 5214.699457][   T27]  #1: eeff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 5214.701272][   T27] 1 lock held by sshd-session/3325:
[ 5214.874474][   T27]  #0: fff0000072d6bd58 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2f0/0x33a4
[ 5214.876526][   T27] 2 locks held by syz-executor/3326:
[ 5214.876886][   T27] 2 locks held by kworker/u4:4/3378:
[ 5214.877239][   T27] 2 locks held by kworker/u4:6/3406:
[ 5214.877567][   T27] 3 locks held by kworker/u4:7/3426:
[ 5214.877883][   T27] 3 locks held by kworker/u4:5/4258:
[ 5214.878227][   T27] 3 locks held by kworker/u4:8/4266:
[ 5214.878600][   T27] 2 locks held by kworker/u4:1/4774:
[ 5214.878945][   T27]  #0: 3cf000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5214.880701][   T27]  #1: ffff80008f4f7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5215.043702][   T27] 3 locks held by kworker/u4:10/4907:
[ 5215.044082][   T27] 3 locks held by kworker/u4:12/4940:
[ 5215.044481][   T27] 2 locks held by syz.6.344/5487:
[ 5215.044814][   T27] 2 locks held by kworker/u4:2/5522:
[ 5215.045151][   T27]  #0: 3cf000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5215.046896][   T27]  #1: ffff80008eef7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5215.048671][   T27] 1 lock held by modprobe/5672:
[ 5215.049006][   T27] 1 lock held by dhcpcd-run-hook/5674:
[ 5215.194330][   T27] 
[ 5215.194976][   T27] =============================================
[ 5215.194976][   T27] 
[ 5235.304891][   T27] INFO: task syz.7.347:5502 blocked for more than 451 seconds.
[ 5235.345712][   T27]       Not tainted syzkaller #0
[ 5235.351171][   T27]       Blocked by coredump.
[ 5235.383016][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 5235.383496][   T27] task:syz.7.347       state:D stack:0     pid:5502  tgid:5500  ppid:5107   task_flags:0x40044c flags:0x00000018
[ 5235.384324][   T27] Call trace:
[ 5235.384614][   T27]  __switch_to+0x584/0xb20 (T)
[ 5235.385182][   T27]  __schedule+0x1eec/0x33a4
[ 5235.385672][   T27]  schedule+0xac/0x27c
[ 5235.386166][   T27]  schedule_timeout+0x5c/0x1e4
[ 5235.386731][   T27]  do_wait_for_common+0x28c/0x444
[ 5235.387264][   T27]  wait_for_completion+0x44/0x5c
[ 5235.387747][   T27]  __synchronize_srcu+0x2a4/0x320
[ 5235.388292][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 5235.388794][   T27]  __mmu_notifier_release+0x424/0x614
[ 5235.389278][   T27]  exit_mmap+0xbc/0xbbc
[ 5235.389739][   T27]  __mmput+0x10c/0x530
[ 5235.390277][   T27]  mmput+0x70/0xac
[ 5235.390814][   T27]  exit_mm+0x158/0x258
[ 5235.391333][   T27]  do_exit+0x788/0x2378
[ 5235.543632][   T27]  do_group_exit+0x1d4/0x2ac
[ 5235.544339][   T27]  get_signal+0x1440/0x1554
[ 5235.544887][   T27]  arch_do_signal_or_restart+0x23c/0x4d98
[ 5235.545467][   T27]  exit_to_user_mode_loop+0x7c/0x178
[ 5235.545926][   T27]  el0_svc+0x170/0x234
[ 5235.546474][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 5235.547054][   T27]  el0t_64_sync+0x198/0x19c
[ 5235.547769][   T27] 
[ 5235.547769][   T27] Showing all locks held in the system:
[ 5235.548117][   T27] 1 lock held by khungtaskd/27:
[ 5235.548452][   T27]  #0: ffff800087957208 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 5235.550382][   T27] 2 locks held by getty/3196:
[ 5235.550750][   T27]  #0: 7bf00000120328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 5235.676421][   T27]  #1: eeff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 5235.678288][   T27] 3 locks held by kworker/u4:0/3353:
[ 5235.678669][   T27] 3 locks held by kworker/u4:7/3426:
[ 5235.679001][   T27] 3 locks held by kworker/u4:5/4258:
[ 5235.679392][   T27] 3 locks held by kworker/u4:1/4774:
[ 5235.679711][   T27] 3 locks held by kworker/u4:9/4850:
[ 5235.680021][   T27] 3 locks held by kworker/u4:11/4936:
[ 5235.680406][   T27] 3 locks held by kworker/u4:13/5260:
[ 5235.680743][   T27] 2 locks held by syz.6.344/5487:
[ 5235.681085][   T27] 2 locks held by syz-executor/5512:
[ 5235.814416][   T27] 2 locks held by syz-executor/5527:
[ 5235.815251][   T27] 2 locks held by kworker/u4:3/5572:
[ 5235.815679][   T27] 4 locks held by dhcpcd-run-hook/5679:
[ 5235.816104][   T27] 
[ 5235.816365][   T27] =============================================
[ 5235.816365][   T27]