last executing test programs:

52m51.4489486s ago: executing program 1 (id=46):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x179}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x3550, 0x3}}], 0x58}, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x16d99c2b4a92b42c, 0x80a0000, 0x2000, &(0x7f0000fc5000/0x2000)=nil})
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
r7 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f00000001c0)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xc5000020, [0x0, 0x43, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000000)=[@featur1={0x1, 0xa}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r16, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0xc, 0xca}})

52m45.45023537s ago: executing program 0 (id=47):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
r7 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000340)={0x1a64afb6, 0x8000000, 0x4, r7}) (async, rerun: 64)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async, rerun: 64)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async)
r8 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@smc={0x1e, 0x40, {0x84000053, [0x80000000000, 0x6, 0xf1, 0x6f4, 0x1]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

52m33.128315223s ago: executing program 1 (id=48):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0xd000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0xa600000000000000, r2}) (async)
r3 = mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r7 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r7, 0xb}) (async)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r7, 0x3}) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="4e90976a4a01d58b9d9297922ae99ee001e313bf6ebf06ddc0e3d081ff6d113394f90514bb9047962d589c88dcfbbb55bbbc808e095e73c99bfad1e6b719a4eb63d82467edd8d3b1", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

52m33.127893223s ago: executing program 0 (id=49):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x204080, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x0, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000cb1000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x7, 0x60)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r7, 0x4208ae9b, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0})

52m25.947959873s ago: executing program 1 (id=50):
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000000))
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

52m24.250827726s ago: executing program 0 (id=51):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000040)=@arm64_extra={0x603000000013c036, &(0x7f0000000100)=0x78b})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r6, 0x800454d3, 0xfffffffffffffffa)

52m21.139856522s ago: executing program 1 (id=52):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)={0x4, 0x0, [{0x3, 0x5, 0x1, 0x0, @msi={0x6, 0x80, 0xffff5744, 0x8}}, {0x2, 0x5, 0x0, 0x0, @irqchip={0xffff, 0x37}}, {0x0, 0x2, 0x1, 0x0, @irqchip={0x772b4cd4, 0x2}}, {0xa55, 0x3, 0x0, 0x0, @sint={0x9, 0x1}}]})
r4 = eventfd2(0xd, 0x1)
close(r4)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x36)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
write$eventfd(r4, 0x0, 0x500)
r5 = eventfd2(0x0, 0x0)
close(r5)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0)
mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x2000004, 0x2011, r5, 0x0)

52m17.016491382s ago: executing program 0 (id=53):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000040)=0x2d0})

52m11.187045575s ago: executing program 1 (id=54):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xab)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_ARM_VCPU_FINALIZE(r3, 0x4004aec2, &(0x7f00000001c0)=0x4)
openat$kvm(0x0, 0x0, 0x0, 0x0)
close(0x4)
close(0x5)

52m10.948865799s ago: executing program 0 (id=55):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x240)
r5 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0, 0x310}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x3, 0x0})

52m5.032872801s ago: executing program 1 (id=56):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x12)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x33)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000001c0)=@attr_other={0x0, 0x0, 0x5, &(0x7f0000000180)=0x4})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x6030000000138006, &(0x7f00000000c0)=0x100000000})

51m58.799690155s ago: executing program 0 (id=57):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df61, &(0x7f00000001c0)=0x20000000004})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f0000000000)=0x3})

51m19.196798387s ago: executing program 32 (id=56):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x12)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x33)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000001c0)=@attr_other={0x0, 0x0, 0x5, &(0x7f0000000180)=0x4})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x6030000000138006, &(0x7f00000000c0)=0x100000000})

51m12.078769312s ago: executing program 33 (id=57):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df61, &(0x7f00000001c0)=0x20000000004})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f0000000000)=0x3})

46m27.368032483s ago: executing program 3 (id=59):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110003, &(0x7f00000001c0)=0x7})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x59)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r6 = syz_kvm_vgic_v3_setup(r5, 0x3, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0xc, &(0x7f0000000240)=0x80000001})
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r10, 0x4018aee3, &(0x7f00000000c0)=@attr_pmu_irq={0x0, 0x0, 0x500, 0x0})
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x1, 0x180)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000100)={0x7, <r16=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0xc, &(0x7f00000000c0)=0x45d4970})
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8, <r17=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r17, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r13, 0xae80, 0x0)

46m26.580400787s ago: executing program 2 (id=60):
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0)
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@msr={0x14, 0x20, {0x603000000013807e, 0xfff}}, @eret={0xe6, 0x18, 0x2}, @msr={0x14, 0x20, {0x603000000013f601, 0x1000}}, @hvc={0x32, 0x40, {0x80003fff, [0x5, 0xffffffff, 0x4, 0x81, 0x8]}}, @mrs={0xbe, 0x18, {0x301800000009dd22}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x233}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x1, 0x8, 0x10, 0x4, 0x1}}, @code={0xa, 0xcc, {"007008d560dd95d20080b8f2210180d2020080d2030080d2240180d2020000d4000028d5a0dd82d200c0b8f2e10180d2220180d2e30180d2840180d2020000d4007681d20040b0f2010080d2620080d2a30180d2a40180d2020000d4007008d560678dd20060b0f2c10080d2220080d2630080d2240180d2020000d440e28dd20080b0f2c10080d2420080d2830180d2c40180d2020000d4000080d2c0429fd20080b0f2010180d2020180d2030180d2040180d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x2, 0xc, 0x1, 0x1, 0x3}}, @code={0xa, 0x6c, {"0000289e0088201e007008d5000028d5405990d200e0b8f2e10180d2220180d2a30080d2c40080d2020000d4007008d50004005ec01d96d200c0b8f2210080d2620180d2a30080d2840180d2020000d4000008d500710803"}}, @eret={0xe6, 0x18, 0x7fffffffffffffff}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x2, 0x2}}, @eret={0xe6, 0x18, 0x1}, @smc={0x1e, 0x40, {0x80, [0x240, 0x5ff, 0xfffffffffffffffd, 0xfffffffffffff339, 0x3]}}, @svc={0x122, 0x40, {0x84000007, [0x777, 0x7fff, 0x9, 0x5, 0x5]}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x388}}], 0x368}, &(0x7f0000000040)=[@featur2={0x1, 0x22}], 0x1)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100002, &(0x7f0000000080)=0x797f})
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000001c0)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8004000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
r8 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000340)={0x1a64afb6, 0x8000000, 0x4, r8})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e700", 0x0, 0x48)

46m13.026376093s ago: executing program 3 (id=61):
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff8000/0x4000)=nil, 0x0, 0x3000005, 0x41812, r2, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000040)={0x7, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x541b, 0x0)
syz_kvm_assert_reg(r4, 0x1, 0x8000)

46m12.132760486s ago: executing program 2 (id=62):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_vgic_v3_setup(r1, 0x6, 0xe481b4756cf4de1f)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x3, 0x5})
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r6, 0x4018aee2, &(0x7f0000000040)=@attr_set_pmu={0x0, 0x0, 0x3, 0x0})
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x18002, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x2, 0x100)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
r11 = eventfd2(0x10000, 0x0)
ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000000)={r11, 0x3})
r12 = eventfd2(0x0, 0x80000)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, 0x930, 0x3000005, 0x110, r12, 0x0)
ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000100)={r12, 0xb163, 0x2, r11})
r13 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x1000, 0x40000000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, <r15=>0xffffffffffffffff})
r16 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r17, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0xd000})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r14, 0xae80, 0x0)

45m58.522042925s ago: executing program 3 (id=63):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000040), 0x301800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r5})
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x29)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r9, 0x2, 0x12, r8, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r9, 0x300000e, 0x16831, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a1e000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000240)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r11 = syz_kvm_add_vcpu$arm64(r3, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
munmap(&(0x7f0000d8c000/0x2000)=nil, 0x2000)
r12 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_GET_REG_LIST(r13, 0xc008aeb0, &(0x7f0000000000))
r14 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x20}, 0x0, 0x0)

45m56.342349744s ago: executing program 2 (id=64):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x18d42, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x2, 0x8000000, 0x2000, &(0x7f0000ecf000/0x2000)=nil})
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r6 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x4, &(0x7f0000000080)=0x100000000})

45m43.446592091s ago: executing program 2 (id=65):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x8000000000007ffc, 0x5000, 0x8, 0xffffffffffffffff, 0x7ffffff9})
r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2c000000008000000000ff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xfffffffffffffeea)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x603000000010000c, &(0x7f0000000100)=0xc5c5})
ioctl$KVM_CAP_HALT_POLL(r5, 0x4068aea3, &(0x7f0000000180)={0xb6, 0x0, 0xffffffffffff0000})
r7 = eventfd2(0xd, 0x1)
close(r7)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
write$eventfd(r7, 0x0, 0x500)
r8 = eventfd2(0x0, 0x0)
close(r8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x2000004, 0x2011, r8, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x25)
r11 = ioctl$KVM_GET_STATS_FD_vm(r10, 0xaece)
ioctl$KVM_CREATE_VM(r11, 0x80086601, 0x20000008)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)

45m37.134524095s ago: executing program 3 (id=66):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x4800, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x7, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION2(r3, 0x40a0ae49, &(0x7f0000000300)={0x10003, 0x4, 0xeeee0000, 0x1000, &(0x7f0000ffe000/0x1000)=nil, 0x7fff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r9 = eventfd2(0x8801, 0x800)
r10 = eventfd2(0x3ff, 0x0)
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r10, 0x5, 0x2, r10})
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000080)={r9, 0x1, 0x2, r10})
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000140)={r9, 0x5, 0x1, r9})
r11 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
r13 = ioctl$KVM_GET_STATS_FD_cpu(r12, 0xaece)
close(r13)
r14 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, 0xfffffffffffffffe)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x3})
ioctl$KVM_CAP_ARM_USER_IRQ(r1, 0x4068aea3, &(0x7f00000001c0))
r15 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_SIGNAL_MASK(r12, 0x4004ae8b, &(0x7f00000003c0)={0x1000, "26b2567cf42757f60a44d2a7071c6d56aa6ab1061af79ffb01fcc522623e125ab87985d3804afa12948368814c1731cb77496f408ad8a5928a8f232cec91200c3255539b341aac11ec8c747e2659caa125befc65a3e3072692d28e1c091955e5c941f09abe8f1373977d79c847181abd21a173053b2d3f42957ff1d40bedf68d52af8150d7f309018dc5d2f2d609314b556df696d155f47c116cc4da6d8e6e790b1e0f4e14d6cb9eb1d533586b338a541ca51ba887d9e42c86ecc80282681583e630e88e9ead452244aa4c55db8a7ce2348804682535ccd9c2227a849df554322e707d67b6b792f8cd55f1baf708d4b29a6c79832c1db5032e1f47585c50aeccffcde5e73d9ca62b15a4d0e307861a18df3bbaea8e6b8a1cc067dff96cf2a5d24baf3fe2c1a1a145f2fd3c978545612d22ce2e67ab0f7c471ab4e7043c7ad7c229493eca5098992b7b9fe45f38bd00d1560e465659e68b0dde679d6aa97001213b085747ebf0682e4f775654ef432919a94e32a327cae4b0ee8c576f5d25c61b9da5304ab187eab30a392a82b3beae67c4da0ae12c79ac4d9fab6592faafb87a7a9274c32919dbcbde7a8c85aeee91de15ced65e5f330a9d6b67f4f39a587b3a708e7f9e73bdf8b927c26ed04a18016267f8da1ed8372ead382fc7979ccb145eb6edbb3771a83dfb551c35535f342f8b19d09b22cdb0cbad1245b7f02738f05908627f515b84cc52eeb70a5b036c51a60d51e77904fe5062febfde73a80d107d2876aa7443b3893cc8f3728d58b59804c5da6e679409a882f45d6b2627559f9d918efe9a5e4eac528190e5960e9066efe0ab4beebb97dbf6cef933e8585edf2683ad8b3a7db1dd9551b00fa48616c7ab8bed0f723e8beb692a1599b893019de1932f22b3ed22dd7934570da3868ff13e650de6bb22571975422e651614d4cbe0bc18763ffbd88a98d914298becc450dd3876f818a7303f6d9d6d96959e03d35a20056994ee72a6a11ae52f3c0bb4169ddbe493bacbb2ff8e39199779be41a55312e848b112e238bc730b229ea1cd1669cbad838d8c66254e6819f7a3e1ceae3aa9281fb0f8984f7d83459e2223b28d0dff230a072b3fb0523fb7b98cc318ef37d7f6df86274921950c4b15b9fd25f044052ddfcfa9108c4c5f42780f83ade8c6754342241e260276d7e617622efb073a090a112ab81451db72c9e842e7bd5d65bdc692888b61c2f09b9fdc3a6e7377bf613e971aa608ce9dfd31aa7b962ce8135bcbcfd013dfd0de6767ac1ffef52fc0afc196cdc36969f82e1b5c4a1e5d521b87a3d73654bc839414278d9dd414a522ef026ecf2586e56800767fd2fceee58ce690bde408105f8ee4f4c285d8c71d7da953a9905fd223952d71548d62d1d0b3430c2e4541b66509c8639c4b386ca86a2e1dca752abf2fd867d89d1c4d594890fc4071aca6673104c8f59fa59272acc40980877fe30235bae47738397b9fecfe9c7ec17dc424f9d815ad8803a4c47b5730b114b7bd55f759c4d4e3b1841183a631c1645077e60ce1689495d744b238029711660fd5ead414bc8ed63f9b1f550f9d895c6caf846740927c24ebae38636ab6a5409787dcc4c1b07a1385487ef19f360bb3dbcd2f4596906fbe03312e31aeedc93363d9bc62c53bd38dd4749e92c04ead5cf51b6fbceb8813b26adb844d33c6d29192ce2fb2518e470fe6fcb43a29cf7b3cec81021c37190f1a05e8c39a7179f503fc6ff47a8aa37eac558776a8b0accb0697b33c4b57ed3b15db1d541035c02ac7509c5b2ba7372d7ab01f034c6483a45cc54eb55809ec90648ae19d378107f45818dde5d4ce715e8b3da965cccdca731475f18aa450a014b444ee913cc8e230398d2fc3b233f2ad2746444a188d407963279af5126a65e772847f9a7b4f54b54ff0b69d3574fb5f3877a5f2ede22bb7c15fa82468575a5ab1f9f2292d5432a79087ac60d7a6f74b08e7049e703b61962b67e1a871d10dc53310aa38c3f7cc15db5cec5a7ca4d9087f42b01af5a6f230ee518adc3239ab5336bcd07cd99ccb5fd8140a6d4a2eb47055992838e90af9595b1df491204ef16b827d5a73749c676795e3f44fa01a68c48ab132d1d7f53d48c516dc3fd3e2f1509dab4bb63758724398c9011c347972498633386f6f97d898601b0c1ff03fcec5cb4ec5c4253b67f274824c341e587f6b626078c72a1d12c5d861293c74b9c233e46405c6e37620730374481520d1c2f4a21715be4580d410757a4495cd7b968ef860b2ecb446aa0aee8de6c9cd79430303c0ddc72b778fc561f558e7a1fd699a05cae952b7f662b336a561dedf4dce92942c98df27c9d3f42554aba539ed547f4eadab80f6a1ed754ee8bcd80136a5f077b8222edff5b930665343f83ce4396ee0c3f4e81c8cb7583fc43c5ef1eec88193d1dc268c762527cc889971addcabd85c03d28ca39fb039f0e2f9b852d1c804f0cafc4b12aaa81b4363133ae6308a27c7bce06380c4bf70ac9fd33e050fb57e241249de778506ce38b338bd08bc8c24b461b785a3356a6a2b2f4bbf717e87ddacc80200edf5b6a4def585696b37679a714b241239a31215c24856a3c617376f896cdaae779041260ab6b1946d0e0dd8cfbf6b26f406aa9b6012d66f3d05a9113f1763ff5138eb07d03c423ed2b90aa78de55e1448336ce8dd3edb2cb6125cf4d8af30b61f81697729282f052f7f6183d682bed5a709f90c8255185ed82b9a7bc593f7c30e361a509ce8ddce43671d1874f7539d7d33aa08211df0786d384471e586b6e1cb484379b7e7e9a4b54b49797b86fb097abe1eb5ae78e87017a428b4bf60a143c70435dba0d18a6a896097fc149a03bf42dfc083772fbd8fdebf39096977d6d50a72f5adc2367b0578b063eb3bf58e227a43e5dee3422083ecbc2de2bedc9aa0909c8fc5871fc06c0d63e9095b063b779c555c4c87d3452583d4fcf24ca41dfb0876ecd82c9f882985b867d51ad5231106e9d3d9ef0cd3e50edf58930b082fdabecc9e0ab76c32c6af0bca745f04db893ab92a5f8a1c70609652256d0806ac88325bf8454a067b4fe679464158de75132c3ff46deb713d50d7f274049aec4003557c196f87c6eae5d96fba92dc7880ac0ab94108de83b1ab48866a21d852bf7e150df80cfd79059176d7d24a3bcfd96dd82dfb7a1e19c6c8f184dedda6136522d34eb3430a5a1e215d6b2377616ae197e4b57a83c45da98ca02f500fb437c9e2b5fb0f26d6bb28fa74172d19cd5e60f362c1ca3471ff946df34131f6bd181b1a99a06ab1677cb3ce60979489e590683d4040d57fa880d7123dd567d9d357514e214470a0af9a0d2b560dfcc3ae2c079dc0c7e79877ffde8d393b378ce764b39a970cb80b8d28c9dba29b040cf5c28dd2102837c939022ca34536e9773c6204c97ef15d09550f85dc98fdec96b92d18e52b4470ba8da0aa42671de8cfad338ceda36d66ff249c06aa5ee5ca44c30613340aff1779815e3527ea8280f9aa3f77d2e4f5c0114520c18465522ef706366608b181f6d64bd9a6bba4d3cbabf96b86f8ee42a424a24e1ff5485307b55f64e80c2bcc5b359922b8f64cf7e7e90a592eefcefe05176ca22cedf3be47c50608d4461660033144c6349532b88813a0833f2b3ba63a821c5aa44ab83cbaac7cb82196d9b755192a4feccb72884b53ea87d43042761b765032eb6073d5d17c74d717942de2c8e8cf6d29ecea8f17663a8501120fb574aacff304563d9c26728176872ede7deb9c4eaeacb698cf7dc3e98f631e6f9feebfe8f96e39062e40457d78d9a11edb3ee5dd9a3509b094f0393bd629215c181d9c5a16ca2ffacff203a4d04592d77647550bf882148ab679d54cf3e1d101a90acfe6b324e533b5f7e0fe85c9b28b0f554b2eb58157d68ac036fdb3bf9863aac740ddc6298c35ea1524896f7eb338e3b08f96df9ef6e7bd57a2a1a0683e88443be3fb83089266078ac3618a0539a81007e39a1d4d74745ddf2017c586e9540f6c01aa4958ab6c0503c3e279f018583620599be22395ce961a61c0e2dbf4e48dfa607448704a3696ffadbecb1fb8e5bcfae0d3fabf8c8fc3e486b33dbacc8f3d099ea3f7679e0418a9e4c49b7863d4daeae6a96460f8976f93e48a9d9020ce492f5218017c0c4d2c59625352cda35e451f973fc00cab0f6e08149ccfc6fbe58f7bee7febc58b17ad589f654273eae844b1949b38a3036a315cda68586bdd9f8f82d47ed5d424af8fc36e98dac6f2fa397244d112576a1c1d2d3443034f47a4e819aa5ab4921a55c32179641699eaddd36554e0870990aa1ebac258155c22209ee2d42b9c8afcdcb1021ba9b4d5723da0bebd4131abf315e6003403d85cea2f69214c045ba2b2c7a255e6577ece386b4ae5b7da5105fc7e38b0fc2f6971df5afd5ac2a7bad76ce9d64b79c5a9ee06c140c294822d3fbd421e7f0a06edbbeeb7ebd46682ffe8b24ad789eb8e8884d02c936e4d65d78d9a568c2b496804c6b3090f5c07414eae1835521c109dac336ad7246259a205cdee95998043ea27830f1a7abb6fc92b218081e0ea7debb364f4ddae774b5ba9d7b01a2f139324675582a05dee81889f8ee1a091a4de50f086495a8b2bd0822a8b6cf42c52adfefbf93691e9f85b3e3f4c5d995c62aaac1ca46d23e2cdf6448fbd43af45fd5c4f8d37f503fa6fbf6babb703609d225f939da8339968f4eecdaeb014b355864e0f8a86d71b476fa5706616dfa80dc7ffbacc8be8fa85b4500286b3793d87d95299161631e3328bc37e03dd3ae7945d3a6cae1caac20a8cf0a245b1bf2a4078ed1a2ee7774bfc23be178abfa5c5cce2e1950c2764febece6e84cf745c1029f8a0b11572d9df99951996be83f99f5a500ec3581c1fe92a68f8e965e47daf4fb4ddf278a118f7d284d7a21350048494463f0e0ae068cc145a8f6a88b7b04365679ebba580f431e64d1b43c347dbc8c413d72e9cca295d8a4398e5e998265133762e7be010559389de44d2fe37d8994d8fa6ffcb9f577bb180381c4beb5bcca170ff7a73188afc9fd04de10a1bd5f007e5629fc2772039b58f0bf70faf2234bc778ab7fe7b48c31c3c72c3a1d25fa476c31e29d67c80108e8c41b8c8d032fdd6410a0209142fd0132f0f0494a0083d5e013d693201f40448876c4b87948758a156b550c8d03d48a5dfb88c2c428d702c5c22a2efa024180aba65efc37dd58cc600e6baf1f756cd200bd3ca27823cfe650f501e7f4edd24c5516f6a9bbb013250577f783537761c44ec0fb2c1d2cd53fbc87986e17e6259b9660604e1d09222049e4d2dc9f89753a17bdd8f523b0188cd50f5264076ad87a034b2f2d05d9e68f40d7cdbf54fd438b99185e69402cd796e4313dbae4be879f5e3804aa0edcc7219907acd82dbb9d237214a633dcb6d3cb61f5bb2de67f63874ea2cf6b9ba3504039a09c9f445177d283617aa86f04fb4d89ac77b3e48d5d4efedbf9d4f0ec78cf623c11a220c0e6908eaca810426698e5f80ed27a77737119e09749fc2d7504e3abb50caa02805ee7408f217028af4247b01e953f9fc6aa53c93ac663d41f5e3f77b6bac28c6bc6c88af2bcb06a326e253c5bbb245daf2db82700d597da0bfc3d8b8a96635b03110af88cf7348d6a2968f8ac32d94dffa81a9358f546481fc0ecce8e2a76e58ca5f7c777e91c386955e05e6335a542df7562210ffac04ae4b2b816d010b981956461cb9ca7176cafdf8b803d0d5f71439ffa0b17beacb11b11c2d4b368b7cc742bbfe"})
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r16, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000240)={0x0, 0x5ded})

45m21.556568153s ago: executing program 2 (id=67):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@mrs={0xbe, 0x18, {0x603000000013808c}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0x4b47, 0xfffffffffffffffe)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_GET_API_VERSION(r9, 0xae00, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@irq_setup={0x46, 0x18, {0x0, 0x205}}, @code={0xa, 0x54, {"007008d5000080f8007008d50060c00d0068201e00b281d20020b8f2410180d2a20180d2630080d2e40180d2020000d4007008d500c0601e000008d5007008d5"}}], 0x6c}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000000)=@attr_other={0x0, 0x3, 0x0, &(0x7f00000001c0)=0x2})
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r8, 0x2, 0x12, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000f56000/0x2000)=nil, r8, 0x100000a, 0x4000012, r7, 0x0)
r15 = mmap$KVM_VCPU(&(0x7f0000e22000/0x2000)=nil, 0x930, 0x4, 0x80010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xa0a00, 0x0)

45m19.200169831s ago: executing program 3 (id=68):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f00000002c0)={0x200})
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x2, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x3, 0x10000, 0x0, 0x100, 0x2}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

45m7.426239578s ago: executing program 3 (id=69):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r2, 0x2})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r2, 0x3})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x7, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
openat$kvm(0xffffffffffffff9c, 0x0, 0x161642, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, 0x0)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, &(0x7f0000000000)=0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)

45m4.367461116s ago: executing program 2 (id=70):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2f)
ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f0000000000))
ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000080))
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000100)={0xffff3bf7, 0x7})
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r2 = mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x2000008, 0x4000010, 0xffffffffffffffff, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000000540)={0x1fd, 0x140, 0x200, &(0x7f0000000140)=[0x3, 0x401, 0xbb, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1, 0x5c15, 0x0, 0x7ff, 0x100000000, 0x6, 0x9, 0x8, 0xc, 0xd161, 0x200, 0x8, 0x9, 0xffffffffffffffff, 0xdaba, 0x9, 0x1, 0x5, 0x5, 0x1, 0x20000000, 0x5, 0x1, 0x5, 0x47b3, 0x7, 0x4, 0xf3f, 0x7fffffffffffffff, 0x4, 0x6, 0xfffffffffffffffc, 0x6, 0x9, 0x8000000000000001, 0x4, 0x3, 0x0, 0x9e2e, 0x2, 0x100, 0xbc6, 0xf80, 0x8000, 0x40b, 0x3, 0x58, 0xfffffffffffffffa, 0xfff, 0x400, 0x6, 0x7, 0x3, 0x3, 0x1, 0x1, 0xc, 0x8, 0x3, 0x9, 0x200000000000, 0x6, 0x9, 0x98, 0x200, 0x7, 0x1, 0x58, 0x0, 0x9, 0x1, 0x1, 0x8, 0x7, 0x0, 0x9, 0x6, 0x0, 0x0, 0x9dc5, 0x7fffffffffffffff, 0xfffffffffffffffd, 0x9, 0x10, 0x7, 0x592da446, 0xdfe, 0x9, 0x8, 0xa65c, 0x2, 0xffffffffffffffff, 0x3, 0x4b51, 0x6, 0x7, 0x0, 0xd187, 0x10, 0x7fff, 0x6, 0x7, 0xcd, 0xce35, 0x40, 0xf7, 0x80000001, 0x10000, 0x5d, 0x0, 0x2, 0x1, 0x8c26, 0x6, 0x2, 0x50, 0x401, 0x5, 0x66, 0x9, 0x2, 0x1ff]})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000580)={0xdf, 0x0, 0xc000})
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r0, 0x4068aea3, &(0x7f0000000600))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x100, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x1)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000006c0)="d50036ffd082f860eb83792ef58901a53a13c089489b94f03f2d50cfadc15a9a3839693fdf5adf2c078237d7a503dcbc62fdf545b7a67642d813785581fbe519e0510e7ee739d5f9", 0x0, 0x48)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, &(0x7f0000000780)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000740)={0x2, 0x5}})
syz_kvm_vgic_v3_setup(r0, 0x1, 0x200)
r4 = mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x0, 0x80010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f00000007c0)="e12020d5761114dc6b4123234fd63d1623cee754e73c42b9", 0x0, 0x18)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e)
ioctl$KVM_RESET_DIRTY_RINGS(r5, 0xaec7)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000800)={0x5bd9adc9748ebf33, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000880)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000840)})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f00000008c0)={0x4, 0x1})
ioctl$KVM_CAP_PTP_KVM(r5, 0x4068aea3, &(0x7f0000000900))
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000980)={0x8, 0x2, 0x9})
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, 0x0)
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x32)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000009c0)={0x9, 0xffffffffffffffff, 0x1})
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000ec0)={0x0, &(0x7f0000000a00)=[@svc={0x122, 0x40, {0x84000010, [0x4b, 0x2, 0xffffffffffffff5e, 0x553a, 0x100000000]}}, @memwrite={0x6e, 0x30, @generic={0x1, 0xdf3, 0x3, 0x1}}, @smc={0x1e, 0x40, {0x84000013, [0xeb1, 0x1, 0x80, 0x9, 0x6]}}, @code={0xa, 0x84, {"0004805a007388d200a0b8f2610080d2820180d2e30080d2640180d2020000d40080800d007008d5606188d200a0b8f2810180d2420080d2230180d2640180d2020000d400008078000028d580c290d200a0b8f2c10180d2a20080d2230080d2a40180d2020000d4007008d5007008d5"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x6, 0xa}}, @mrs={0xbe, 0x18, {0x603000000013de94}}, @mrs={0xbe, 0x18, {0x603000000013f518}}, @mrs={0xbe, 0x18, {0x603000000013e08f}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x48, 0x9, 0x8}}, @eret={0xe6, 0x18, 0x4}, @eret={0xe6, 0x18, 0xf}, @memwrite={0x6e, 0x30, @generic={0x4000, 0xb3, 0x62, 0x2}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x375}}, @uexit={0x0, 0x18, 0x6}, @msr={0x14, 0x20, {0x603000000013800e, 0x2}}, @smc={0x1e, 0x40, {0x20, [0x415, 0x100000001, 0x20, 0x4, 0x10000]}}, @svc={0x122, 0x40, {0x2000, [0x0, 0x7, 0xa9, 0x72, 0x8001]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x315}}, @irq_setup={0x46, 0x18, {0x0, 0x3db}}, @svc={0x122, 0x40, {0x2000, [0x4, 0x3, 0x4, 0x800, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x14, 0x7, 0x4}}, @uexit={0x0, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013c201}}, @msr={0x14, 0x20, {0x603000000013c110, 0x3}}, @memwrite={0x6e, 0x30, @generic={0xddddd000, 0x9f9, 0x6}}, @hvc={0x32, 0x40, {0x84000010, [0x5, 0x10001, 0x5, 0x2, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x4, 0xa, 0x7, 0x1}}], 0x4b4}, &(0x7f0000000f00)=[@featur2={0x1, 0x16}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x1000000, 0x810, r8, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000f40)={0x8000000000000001, 0x5})

44m19.935286086s ago: executing program 34 (id=69):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r2, 0x2})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r2, 0x3})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x7, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
openat$kvm(0xffffffffffffff9c, 0x0, 0x161642, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, 0x0)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, &(0x7f0000000000)=0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)

44m15.207962851s ago: executing program 35 (id=70):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2f)
ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f0000000000))
ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000080))
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000100)={0xffff3bf7, 0x7})
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r2 = mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x2000008, 0x4000010, 0xffffffffffffffff, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000000540)={0x1fd, 0x140, 0x200, &(0x7f0000000140)=[0x3, 0x401, 0xbb, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1, 0x5c15, 0x0, 0x7ff, 0x100000000, 0x6, 0x9, 0x8, 0xc, 0xd161, 0x200, 0x8, 0x9, 0xffffffffffffffff, 0xdaba, 0x9, 0x1, 0x5, 0x5, 0x1, 0x20000000, 0x5, 0x1, 0x5, 0x47b3, 0x7, 0x4, 0xf3f, 0x7fffffffffffffff, 0x4, 0x6, 0xfffffffffffffffc, 0x6, 0x9, 0x8000000000000001, 0x4, 0x3, 0x0, 0x9e2e, 0x2, 0x100, 0xbc6, 0xf80, 0x8000, 0x40b, 0x3, 0x58, 0xfffffffffffffffa, 0xfff, 0x400, 0x6, 0x7, 0x3, 0x3, 0x1, 0x1, 0xc, 0x8, 0x3, 0x9, 0x200000000000, 0x6, 0x9, 0x98, 0x200, 0x7, 0x1, 0x58, 0x0, 0x9, 0x1, 0x1, 0x8, 0x7, 0x0, 0x9, 0x6, 0x0, 0x0, 0x9dc5, 0x7fffffffffffffff, 0xfffffffffffffffd, 0x9, 0x10, 0x7, 0x592da446, 0xdfe, 0x9, 0x8, 0xa65c, 0x2, 0xffffffffffffffff, 0x3, 0x4b51, 0x6, 0x7, 0x0, 0xd187, 0x10, 0x7fff, 0x6, 0x7, 0xcd, 0xce35, 0x40, 0xf7, 0x80000001, 0x10000, 0x5d, 0x0, 0x2, 0x1, 0x8c26, 0x6, 0x2, 0x50, 0x401, 0x5, 0x66, 0x9, 0x2, 0x1ff]})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000580)={0xdf, 0x0, 0xc000})
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r0, 0x4068aea3, &(0x7f0000000600))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x100, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x1)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000006c0)="d50036ffd082f860eb83792ef58901a53a13c089489b94f03f2d50cfadc15a9a3839693fdf5adf2c078237d7a503dcbc62fdf545b7a67642d813785581fbe519e0510e7ee739d5f9", 0x0, 0x48)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, &(0x7f0000000780)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000740)={0x2, 0x5}})
syz_kvm_vgic_v3_setup(r0, 0x1, 0x200)
r4 = mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x0, 0x80010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f00000007c0)="e12020d5761114dc6b4123234fd63d1623cee754e73c42b9", 0x0, 0x18)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e)
ioctl$KVM_RESET_DIRTY_RINGS(r5, 0xaec7)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000800)={0x5bd9adc9748ebf33, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000880)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000840)})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f00000008c0)={0x4, 0x1})
ioctl$KVM_CAP_PTP_KVM(r5, 0x4068aea3, &(0x7f0000000900))
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000980)={0x8, 0x2, 0x9})
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, 0x0)
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x32)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000009c0)={0x9, 0xffffffffffffffff, 0x1})
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000ec0)={0x0, &(0x7f0000000a00)=[@svc={0x122, 0x40, {0x84000010, [0x4b, 0x2, 0xffffffffffffff5e, 0x553a, 0x100000000]}}, @memwrite={0x6e, 0x30, @generic={0x1, 0xdf3, 0x3, 0x1}}, @smc={0x1e, 0x40, {0x84000013, [0xeb1, 0x1, 0x80, 0x9, 0x6]}}, @code={0xa, 0x84, {"0004805a007388d200a0b8f2610080d2820180d2e30080d2640180d2020000d40080800d007008d5606188d200a0b8f2810180d2420080d2230180d2640180d2020000d400008078000028d580c290d200a0b8f2c10180d2a20080d2230080d2a40180d2020000d4007008d5007008d5"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x6, 0xa}}, @mrs={0xbe, 0x18, {0x603000000013de94}}, @mrs={0xbe, 0x18, {0x603000000013f518}}, @mrs={0xbe, 0x18, {0x603000000013e08f}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x48, 0x9, 0x8}}, @eret={0xe6, 0x18, 0x4}, @eret={0xe6, 0x18, 0xf}, @memwrite={0x6e, 0x30, @generic={0x4000, 0xb3, 0x62, 0x2}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x375}}, @uexit={0x0, 0x18, 0x6}, @msr={0x14, 0x20, {0x603000000013800e, 0x2}}, @smc={0x1e, 0x40, {0x20, [0x415, 0x100000001, 0x20, 0x4, 0x10000]}}, @svc={0x122, 0x40, {0x2000, [0x0, 0x7, 0xa9, 0x72, 0x8001]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x315}}, @irq_setup={0x46, 0x18, {0x0, 0x3db}}, @svc={0x122, 0x40, {0x2000, [0x4, 0x3, 0x4, 0x800, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x14, 0x7, 0x4}}, @uexit={0x0, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013c201}}, @msr={0x14, 0x20, {0x603000000013c110, 0x3}}, @memwrite={0x6e, 0x30, @generic={0xddddd000, 0x9f9, 0x6}}, @hvc={0x32, 0x40, {0x84000010, [0x5, 0x10001, 0x5, 0x2, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x4, 0xa, 0x7, 0x1}}], 0x4b4}, &(0x7f0000000f00)=[@featur2={0x1, 0x16}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x1000000, 0x810, r8, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000f40)={0x8000000000000001, 0x5})

14m5.567914091s ago: executing program 5 (id=245):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xa000, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000180)={0x80000000, 0x6000, 0x0, 0xffffffffffffffff, 0xf})
r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x3})
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x1a9203, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r8, 0x6, 0x8000)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x63})
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0xa600000000000000, r4})

13m52.874136639s ago: executing program 5 (id=247):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r1, 0x2, 0x12, 0xffffffffffffffff, 0x0)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000280)={0x0, &(0x7f0000000ec0)=[@its_setup={0x82, 0x28, {0x0, 0x0, 0xbc}}, @mrs={0xbe, 0x18, {0x603000000013c4d7}}, @code={0xa, 0x6c, {"20359ad20020b0f2e10080d2220180d2030180d2440180d2020000d40000191e007008d5406688d200e0b0f2210080d2020080d2c30180d2c40180d2020000d4007008d50074005f007008d50000000d0070df0c007008d5"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xffe8, 0x5, 0x8}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x348}}, @smc={0x1e, 0x40, {0xc5000020, [0x5, 0x1, 0x7, 0x0, 0x1000]}}, @mrs={0xbe, 0x18, {0x603000000013e703}}, @code={0xa, 0x6c, {"0004201e000008d5000008d5608d84d20000b0f2810180d2220080d2630080d2e40080d2020000d4000040fda09b8cd200c0b8f2810080d2420180d2430180d2e40180d2020000d4008008d5007008d5007008d50008c05a"}}, @smc={0x1e, 0x40, {0x5000000, [0x8, 0x10, 0x900, 0x27, 0xbc1]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x1, 0xf, 0x2, 0x8}}, @svc={0x122, 0x40, {0x84000011, [0x8, 0x0, 0x3, 0x4]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x1, 0x3}}, @smc={0x1e, 0x40, {0x41000022, [0x4, 0xffffffff00000000, 0xff, 0xd724, 0x6]}}, @mrs={0xbe, 0x18, {0x5a3f6ae3b1c8e0c3}}, @svc={0x122, 0x40, {0x84000009, [0x3b35, 0x101, 0x1000, 0x30d, 0xbce]}}, @svc={0x122, 0x40, {0xc4000004, [0x9, 0x7, 0x93, 0xd9, 0x81]}}, @smc={0x1e, 0x40, {0x80, [0x7, 0x2217, 0x100000001, 0x80000007, 0x200]}}, @svc={0x122, 0x40, {0xffff, [0x1, 0x7, 0x80000001, 0x7c4d, 0x462]}}, @smc={0x1e, 0x40, {0x4, [0x2, 0xa093, 0x6, 0x96b, 0x8001]}}, @uexit={0x0, 0x18, 0x10}, @uexit={0x0, 0x18, 0x7f}, @code={0xa, 0x84, {"000008d5000008d5601783d200c0b0f2a10180d2c20180d2c30180d2840080d2020000d4007008d580fd9fd20060b0f2e10080d2420080d2a30080d2240080d2020000d4007008d5a03780d20040b0f2a10180d2a20080d2e30080d2440180d2020000d4007008d50010005e001c0053"}}, @smc={0x1e, 0x40, {0x84000010, [0x7fffffffffffffff, 0xfff, 0x2792089a, 0x6, 0x10]}}, @svc={0x122, 0x40, {0x80008000, [0x4589, 0xfff, 0x7, 0x1, 0xd]}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0xfc}}], 0x594}, &(0x7f0000000180)=[@featur2={0x1, 0x28}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r1, 0x0, 0x110, r3, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0xaa)
ioctl$KVM_CAP_PTP_KVM(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0))
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c37000/0x3000)=nil, 0x0, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r2, 0x20, &(0x7f0000000140)="e4615a289c4356d302add976a32a97fc3c34aca6dcc659ca", 0x0, 0x18)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2c)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000240)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x283c016f706fc1dc, 0x7ffe}}, @smc={0x1e, 0x40, {0x84000010, [0x8, 0x9, 0x7, 0x7fff, 0xffff]}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f00000001c0)=0x90000})
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000040)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000000)=0x80040000000000e})
ioctl$KVM_GET_API_VERSION(r6, 0x2, 0x1000000000000)
munmap(&(0x7f0000e82000/0x4000)=nil, 0x4000)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r16, &(0x7f0000c00000/0x400000)=nil)

13m43.080082216s ago: executing program 4 (id=248):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x59)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0xc3033, 0xffffffffffffffff, 0x0)

13m31.206468802s ago: executing program 4 (id=249):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x22)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r5 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
close(r5)
close(0x4)
close(0x5)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x3, 0xa0)
r10 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x2000000000001}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x3)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3c)
ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_CHECK_EXTENSION(r0, 0x541b, 0xac)

13m29.359566066s ago: executing program 5 (id=250):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @msr={0x14, 0x20, {0x603000000013e66c, 0xa}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2, 0x2, 0x5}}], 0x68}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0xc)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

13m12.878443152s ago: executing program 5 (id=251):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f00000001c0)=0x1, 0x11)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)=0xbc8})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
write$eventfd(r5, &(0x7f00000001c0)=0x9, 0x1d)

13m3.533506885s ago: executing program 4 (id=252):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8902, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x69)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4200, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x20000024)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
r6 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r5, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0xfffe)
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_USER_IRQ(r7, 0x4068aea3, &(0x7f00000002c0))
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000939000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013df40, 0x8000}}], 0x20}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r10, 0x3, 0x11, r9, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r11, 0xffffffffffffffff)
syz_kvm_assert_reg(r9, 0x603000000013df40, 0x8000)
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x10000, 0x0, 0x100, 0x2}}], 0x50}, 0x0, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @msr={0x14, 0x20, {0x603000000013e66c, 0xa}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2, 0x2, 0x5}}], 0x68}, 0x0, 0x0)
ioctl$KVM_RUN(r17, 0xae80, 0x0)

12m57.451181733s ago: executing program 5 (id=253):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000040)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000000)=0x6}) (async)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000040)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000000)=0x6})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x428202, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r2, 0x0, 0x4008011, r0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r2, 0x2000005, 0x100010, r0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x6)
r4 = syz_kvm_vgic_v3_setup(r3, 0x3, 0x80)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0xfffffff2, 0x8000000000000001, &(0x7f00000000c0)=0xfffffffffffffffb}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0xfffffff2, 0x8000000000000001, &(0x7f00000000c0)=0xfffffffffffffffb})
syz_kvm_setup_cpu$arm64(r3, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000001c0)=[{0x0, &(0x7f0000000140)=[@mrs={0xbe, 0x18, {0x603000000013df76}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x2, 0x2, 0xfff, 0x3, 0x4}}, @irq_setup={0x46, 0x18, {0x1, 0xc8}}, @eret={0xe6, 0x18, 0xb}], 0x70}], 0x1, 0x0, &(0x7f0000000200)=[@featur1={0x1, 0xf7}], 0x1)
ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece) (async)
r5 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x17) (async)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x17)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000240)=0x4) (async)
ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000240)=0x4)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x200802, 0x0) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x200802, 0x0)
ioctl$KVM_GET_API_VERSION(r8, 0xae00, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x4, &(0x7f00000002c0)})
write$eventfd(r5, &(0x7f0000000340)=0x8001, 0x8)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000380)={0x2, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000380)={0x2, 0xffffffffffffffff, 0x1})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000003c0)={0x4, 0x2, 0x0, r5})
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f0000000440)=@arm64_sys={0x603000000013e18e, &(0x7f0000000400)=0x7})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
close(r5) (async)
close(r5)
ioctl$KVM_GET_API_VERSION(r8, 0xae00, 0x0)
ioctl$KVM_INTERRUPT(r5, 0x4004ae86, &(0x7f0000000480)=0x4) (async)
ioctl$KVM_INTERRUPT(r5, 0x4004ae86, &(0x7f0000000480)=0x4)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x401)
mmap$KVM_VCPU(&(0x7f0000d92000/0x2000)=nil, r7, 0x3000004, 0x20010, r5, 0x0)

12m48.646867652s ago: executing program 5 (id=254):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33)
ioctl$KVM_RESET_DIRTY_RINGS(r6, 0xaec7)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x27)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0)
r10 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x6, 0xffffffffffffffff, 0x0})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x90, &(0x7f0000000000)=0x10})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x7, 0x60000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
r11 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000340)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xc, 0xf, 0xfffffffe, 0x3, 0x0, 0x79, 0x3}}], 0x50}, 0x0, 0xffffffffffffff6c)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x3a0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r11, 0x4010aeab, &(0x7f00000000c0)={0x5, 0xf000})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x6, 0x5, &(0x7f0000000280)})
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f00000002c0)=@other={0x8, &(0x7f0000000240)=0x7})
ioctl$KVM_RUN(r11, 0xae80, 0x0)

12m40.490150387s ago: executing program 4 (id=255):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r1, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r4, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x402)

12m31.109812044s ago: executing program 4 (id=256):
r0 = eventfd2(0x1, 0x80000)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x7, 0xfec00000, 0x2, r0, 0x9})
r2 = eventfd2(0x37, 0x1)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x14)
ioctl$KVM_PPC_ALLOCATE_HTAB(r3, 0xc004aea7, &(0x7f0000000040)=0xd33f)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x2})
close(r2)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x14)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x10201, 0x1, 0x1000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000180)=@arm64_fp={0x60400000001000b5, &(0x7f0000000140)=0x6})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r5, 0x4010aeab, &(0x7f00000001c0)={0x1, 0x3000})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x10001, 0xb, 0x5000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r4, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000700)=[{0x0, &(0x7f0000000240)=[@its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x1, 0x3, 0x80000001, 0x83}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x300, 0x2, 0xa}}, @svc={0x122, 0x40, {0x8400000c, [0xb7f7, 0x100, 0x80000000, 0x6, 0x9]}}, @memwrite={0x6e, 0x30, @generic={0xeeee8000, 0xdab, 0x80000000, 0x4}}, @irq_setup={0x46, 0x18, {0x1, 0x57}}, @mrs={0xbe, 0x18, {0x603000000013c091}}, @eret={0xe6, 0x18, 0x4}, @hvc={0x32, 0x40, {0x5000000, [0x0, 0xc5, 0x8, 0x3, 0x4]}}, @uexit={0x0, 0x18, 0x9}, @msr={0x14, 0x20, {0x383f, 0x100}}, @eret={0xe6, 0x18, 0x6}, @mrs={0xbe, 0x18, {0x603000000013df5e}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x9, 0x2}}, @svc={0x122, 0x40, {0x3f000000, [0x1, 0x1, 0x7, 0x1, 0xa4ba]}}, @msr={0x14, 0x20, {0x301800000009fd96, 0x6}}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0xcc8, 0x8, 0x4}}, @code={0xa, 0x9c, {"007008d50008a0b8809493d20000b8f2610080d2020080d2430080d2a40080d2020000d400b994d20000b8f2010080d2620180d2e30180d2a40080d2020000d40010601e0000403d007008d5807e9ed20020b8f2610080d2220180d2430180d2640180d2020000d40000e00d007496d200c0b0f2610080d2420080d2630080d2040080d2020000d4"}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x64}}, @uexit={0x0, 0x18}, @eret={0xe6, 0x18, 0x4}, @msr={0x14, 0x20, {0x603000000013e721, 0x1}}, @eret={0xe6, 0x18, 0x8}, @uexit={0x0, 0x18, 0xe8ef}, @irq_setup={0x46, 0x18, {0x0, 0x1ec}}, @svc={0x122, 0x40, {0x0, [0x3, 0xfffffffffffffffb, 0x80, 0x4, 0x1]}}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013c64a}}, @hvc={0x32, 0x40, {0x10, [0x0, 0x6, 0x2, 0x5, 0x7d]}}], 0x484}], 0x1, 0x0, &(0x7f0000000740)=[@featur1={0x1, 0x80}], 0x1)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000aaa000/0x400000)=nil, &(0x7f0000000dc0)=[{0x0, &(0x7f0000000780)=[@mrs={0xbe, 0x18, {0x603000000013e6c8}}, @uexit={0x0, 0x18, 0x9}, @eret={0xe6, 0x18, 0x7}, @code={0xa, 0x54, {"007008d5000008d5000880b8000028d50008e03c000c40bc007008d500004093007008d560669cd20060b0f2610180d2220080d2630080d2c40180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1600, 0xfffffffffffff62c, 0xe}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x280, 0xb1, 0xc}}, @smc={0x1e, 0x40, {0x86000000, [0x9, 0x27feea62, 0x4247, 0x1, 0x3e2]}}, @mrs={0xbe, 0x18, {0x4f19}}, @uexit={0x0, 0x18, 0x1}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x9, 0xf9ef, 0x2, 0x2}}, @smc={0x1e, 0x40, {0x84000012, [0x8, 0x2, 0x240, 0xfd9, 0x7fffffff]}}, @eret={0xe6, 0x18, 0x7fffffffffffffff}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x47}}, @mrs={0xbe, 0x18, {0x3eb2}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x7e}}, @hvc={0x32, 0x40, {0x84000000, [0x3, 0x0, 0x3, 0x8000, 0x9]}}, @code={0xa, 0x84, {"000028d5a07a9fd20000b8f2a10180d2820180d2a30180d2a40180d2020000d4008008d5000028d5007008d5e0f380d20080b0f2c10080d2220180d2c30080d2040080d2020000d40000799ec0999cd20060b0f2c10180d2420080d2430180d2c40080d2020000d4009c202e007008d5"}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x8, 0x5, 0x7}}, @smc={0x1e, 0x40, {0x84000009, [0x0, 0x1, 0xff, 0x10000, 0x6]}}, @eret={0xe6, 0x18, 0xf}, @msr={0x14, 0x20, {0x603000000013df41, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x4, 0x7, 0x94, 0x3, 0x2}}, @code={0xa, 0x54, {"0060004f000008d50080600d000008d5a0de89d200c0b8f2810080d2420180d2030080d2440180d2020000d41f00206b000008d5008008d5000008d5008040c8"}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x27a}}, @uexit={0x0, 0x18, 0x7}, @hvc={0x32, 0x40, {0x86000001, [0x80000001, 0x6, 0x0, 0xa5b4, 0xfffffffffffffffe]}}, @svc={0x122, 0x40, {0xc5000020, [0x7, 0x5, 0x3, 0x7, 0x9]}}, @smc={0x1e, 0x40, {0xc5000021, [0xc590, 0x57, 0x8, 0x1, 0x800]}}, @code={0xa, 0x6c, {"00084038a0689ed20060b0f2810080d2c20080d2c30080d2040080d2020000d4000008d500008012007008d5000040a8007008d50000c0adc0be98d20020b8f2a10080d2820180d2a30080d2c40080d2020000d4007008d5"}}, @mrs={0xbe, 0x18, {0x603000000013e101}}, @svc={0x122, 0x40, {0x40000000, [0x6, 0x2, 0x7fffffffffffffff, 0xfffffffffffffff8, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x1, 0x8, 0x7, 0x9}}], 0x620}], 0x1, 0x0, &(0x7f0000000e00)=[@featur2={0x1, 0x42}], 0x1)
ioctl$KVM_CAP_DIRTY_LOG_RING(r3, 0x4068aea3, &(0x7f0000000e40)={0xc0, 0x0, 0x8000})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000ec0)={0x3, 0x0, &(0x7f0000df7000/0x2000)=nil})
close(r4)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r5, 0x4018aee2, &(0x7f0000000f00)=@attr_pmu_init)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2c)
ioctl$KVM_RESET_DIRTY_RINGS(r6, 0xaec7)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r5, 0x4010aeab, &(0x7f0000000f40)={0x1, 0xf000})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000f80)=@x86={0x3, 0x5, 0x4, 0x0, 0x2, 0x3, 0x3, 0x9, 0xe7, 0x3, 0x7, 0x7, 0x0, 0xd, 0x1, 0xb, 0x1, 0xfd, 0xfd, '\x00', 0x2, 0x4})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000fc0)={0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000001000)={0xe4, 0x0, 0x3088})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r3, 0x4018aee3, &(0x7f00000010c0)=@attr_other={0x0, 0x1, 0x368, &(0x7f0000001080)=0x77b})
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000001100)={r0, 0x7ff, 0x0, r2})
ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000001140)={0x10001, 0x0, &(0x7f0000b04000/0x2000)=nil})
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000001180)={0x7ff, 0x8})

12m22.001595699s ago: executing program 4 (id=257):
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x1, <r0=>0xffffffffffffffff})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000040)) (async)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f00000000c0)=0x3}) (async)
ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000140)=0x1000}) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000200)=@arm64_sve={0x608000000015047d, &(0x7f00000001c0)}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000240)={0x9, <r3=>0xffffffffffffffff})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x181000, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) (async)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000480)=[{0x0, &(0x7f00000002c0)=[@smc={0x1e, 0x40, {0x8, [0x5, 0x8000000000000001, 0xc15e, 0xff2, 0xffffffffffffffff]}}, @memwrite={0x6e, 0x30, @generic={0x60000, 0x3d3, 0x2, 0x8}}, @smc={0x1e, 0x40, {0x1000, [0xffffffff00000001, 0x7fffffffffffffff, 0x1, 0x9, 0x6c08]}}, @smc={0x1e, 0x40, {0x8400000c, [0x6, 0x7ff, 0x2, 0x8, 0x9]}}, @smc={0x1e, 0x40, {0x770000b5, [0x7, 0xd, 0xa, 0x7, 0x1f]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x4, 0x8, 0x9, 0x3, 0x1}}, @smc={0x1e, 0x40, {0xc4000005, [0x7, 0x3c5cf267, 0x6, 0x6, 0x80000000]}}], 0x198}], 0x1, 0x0, &(0x7f00000004c0)=[@featur1={0x1, 0xc4}], 0x1) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000500)={0x40000, 0x4000, 0x1})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x4100, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x402, 0x0) (async)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x22)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000005c0)={0x5, 0xffffffffffffffff, 0x1}) (async)
mmap$KVM_VCPU(&(0x7f0000cc4000/0x1000)=nil, r6, 0x2000002, 0x810, r2, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r11 = mmap$KVM_VCPU(&(0x7f0000d3b000/0x2000)=nil, r10, 0x0, 0x10010, r2, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000600)={0xe4, 0x0, 0x4}) (async)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x3b) (async)
ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f00000006c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000680)=0xa88})
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
r12 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000700)="a3c17a653cf8f7a1474a509d51844b5606f4344f47d7fdfb9cf17666f731ccd3ab1fd632797c996e7ad396c2855290778b51896db736683c3825cbb0550c255fa7c79f5f6f9d8392", 0x0, 0x48) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000780))

12m1.628057211s ago: executing program 36 (id=254):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33)
ioctl$KVM_RESET_DIRTY_RINGS(r6, 0xaec7)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x27)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0)
r10 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x6, 0xffffffffffffffff, 0x0})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x90, &(0x7f0000000000)=0x10})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x7, 0x60000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
r11 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000340)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xc, 0xf, 0xfffffffe, 0x3, 0x0, 0x79, 0x3}}], 0x50}, 0x0, 0xffffffffffffff6c)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x3a0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r11, 0x4010aeab, &(0x7f00000000c0)={0x5, 0xf000})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x6, 0x5, &(0x7f0000000280)})
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f00000002c0)=@other={0x8, &(0x7f0000000240)=0x7})
ioctl$KVM_RUN(r11, 0xae80, 0x0)

11m35.058540284s ago: executing program 37 (id=257):
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x1, <r0=>0xffffffffffffffff})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000040)) (async)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f00000000c0)=0x3}) (async)
ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000140)=0x1000}) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000200)=@arm64_sve={0x608000000015047d, &(0x7f00000001c0)}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000240)={0x9, <r3=>0xffffffffffffffff})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x181000, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) (async)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000480)=[{0x0, &(0x7f00000002c0)=[@smc={0x1e, 0x40, {0x8, [0x5, 0x8000000000000001, 0xc15e, 0xff2, 0xffffffffffffffff]}}, @memwrite={0x6e, 0x30, @generic={0x60000, 0x3d3, 0x2, 0x8}}, @smc={0x1e, 0x40, {0x1000, [0xffffffff00000001, 0x7fffffffffffffff, 0x1, 0x9, 0x6c08]}}, @smc={0x1e, 0x40, {0x8400000c, [0x6, 0x7ff, 0x2, 0x8, 0x9]}}, @smc={0x1e, 0x40, {0x770000b5, [0x7, 0xd, 0xa, 0x7, 0x1f]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x4, 0x8, 0x9, 0x3, 0x1}}, @smc={0x1e, 0x40, {0xc4000005, [0x7, 0x3c5cf267, 0x6, 0x6, 0x80000000]}}], 0x198}], 0x1, 0x0, &(0x7f00000004c0)=[@featur1={0x1, 0xc4}], 0x1) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000500)={0x40000, 0x4000, 0x1})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x4100, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x402, 0x0) (async)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x22)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000005c0)={0x5, 0xffffffffffffffff, 0x1}) (async)
mmap$KVM_VCPU(&(0x7f0000cc4000/0x1000)=nil, r6, 0x2000002, 0x810, r2, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r11 = mmap$KVM_VCPU(&(0x7f0000d3b000/0x2000)=nil, r10, 0x0, 0x10010, r2, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000600)={0xe4, 0x0, 0x4}) (async)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x3b) (async)
ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f00000006c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000680)=0xa88})
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
r12 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000700)="a3c17a653cf8f7a1474a509d51844b5606f4344f47d7fdfb9cf17666f731ccd3ab1fd632797c996e7ad396c2855290778b51896db736683c3825cbb0550c255fa7c79f5f6f9d8392", 0x0, 0x48) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000780))

3m9.955005787s ago: executing program 6 (id=266):
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x3, 0xa0)
r0 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7}) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = eventfd2(0x0, 0x80800) (async)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000040)={0xeeee0000, 0x3000, 0xce2, 0x1, 0x5})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x4, r2})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x8})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000100)={0xc0, 0x0, 0x4800}) (async)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x6000}) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x22)

2m51.494862424s ago: executing program 6 (id=267):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff, 0x1})
openat$kvm(0x0, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x40305839, &(0x7f0000000040)=@attr_other={0x1000000, 0xab, 0x7f, 0x0})
r9 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000100)={0x1fd, 0x1, 0x0, 0x1000, &(0x7f0000ee6000/0x1000)=nil})
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@smc={0x1e, 0x40, {0x8000, [0x1, 0x4de8, 0xef23, 0x4, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x9, 0x7}}, @hvc={0x32, 0x40, {0x84000051, [0x45, 0x20000000000, 0x7, 0xd26d, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x9a, 0x4, 0x9, 0x6, 0x6, 0x2}}], 0xd8}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
r14 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xf, 0x2}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r14, 0xae80, 0x0)

2m45.368091726s ago: executing program 7 (id=268):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000080)={0x4, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, 0xffffffffffffffff)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r6 = syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0x7, 0x100, &(0x7f0000000000)=0x5})

2m25.1029714s ago: executing program 7 (id=269):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x10002})
r6 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000b80)={0x0, &(0x7f0000000640)=[@smc={0x1e, 0x40, {0x84000011, [0x0, 0x4, 0x0, 0x4, 0x8001]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(r7, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x13, r8, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc0602, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
close(0x5)
r9 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000000)=0x401})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)

2m22.359138073s ago: executing program 6 (id=270):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7, <r4=>0xffffffffffffffff})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000714000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0xb, 0x7, 0x0})
r11 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, &(0x7f00000011c0)=@arm64={0x5, 0xff, 0xc, '\x00', 0x1e00000000000})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0x9, 0x5, &(0x7f0000000000)=0x16})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000)
r12 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r13 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x600040, 0x0)
close(r15)

1m55.381522661s ago: executing program 7 (id=271):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
eventfd2(0xeffffffd, 0x801) (async)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x58)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x20) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x6, 0x2}) (async)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000002c0)={0x10, 0x6000, 0x1, 0xffffffffffffffff, 0x4})
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f00000001c0)={0x1ff, 0x5, 0xeeee8000, 0x1000, &(0x7f0000ffc000/0x1000)=nil, 0xab, r3}) (async)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x210840007fffe)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000180)={0x9, 0x1}) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r9, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x10, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x9, 0xf4a, 0x1}}) (async)
close(0x5) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x0, 0x2800007, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1m49.460176852s ago: executing program 6 (id=272):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x9}) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000001c0)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) (async)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x8, &(0x7f0000000080)=0x2e09})
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
r9 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae03, 0xc3) (async)
r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r8, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100024, &(0x7f00000000c0)=0x80003fe})
r11 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000003c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f00000001c0)=@arm64_sve={0x6080000000150008, 0x0})

1m40.606596735s ago: executing program 7 (id=273):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xe3) (async)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)

1m21.061961224s ago: executing program 7 (id=274):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c0c000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c015, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000000)=0x100000})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
r10 = mmap$KVM_VCPU(&(0x7f0000ed7000/0x1000)=nil, 0x930, 0x2800002, 0x10, r9, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r9, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r11, 0x40086602, 0x110e227ffe)
r12 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r13, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)

1m20.604769156s ago: executing program 6 (id=275):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@other={0x100000000004, &(0x7f0000000000)=0x43d})

55.056826594s ago: executing program 6 (id=276):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0xfffffffa, 0x80001)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r6, 0x1})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r6, 0x3})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r6, 0xf})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r8, 0xc018aec0, &(0x7f0000000040)={0x5, 0x100, 0x80, 0x0})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r3})
r9 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

53.228388439s ago: executing program 7 (id=277):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x82802, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bff000/0x400000)=nil)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000d51000/0x1000)=nil, r4, 0xa, 0x110, r0, 0x0)
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000040)=0x7) (async)
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000040)=0x7)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f00000000c0)=@arm64_ccsidr={0x6020000000110005, &(0x7f0000000080)=0x100000000})
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000004c0)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x86000053, [0x80000001, 0x0, 0x2, 0xfffffffffffffffb, 0x200]}}, @msr={0x14, 0x20, {0x603000000013c4c8, 0x1}}, @uexit={0x0, 0x18, 0x9}, @eret={0xe6, 0x18, 0xfff}, @msr={0x14, 0x20, {0x603000000013f100, 0x4}}, @msr={0x14, 0x20, {0x603000000013c005, 0x7}}, @hvc={0x32, 0x40, {0x5000000, [0xca03, 0xc1f, 0x101, 0x3, 0x80]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x10}}, @memwrite={0x6e, 0x30, @generic={0x4, 0x4ad, 0xfffffffffffffffe, 0x2}}, @uexit={0x0, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0xbc4b, 0xe}}, @svc={0x122, 0x40, {0x2, [0x5, 0x0, 0x8000000000000001, 0x8, 0xdd74]}}, @mrs={0xbe, 0x18, {0x603000000013e281}}, @hvc={0x32, 0x40, {0xc4000001, [0x7ff, 0xf073, 0x9, 0x7, 0xf]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x6, 0x1, 0x7, 0x1}}, @eret={0xe6, 0x18, 0x533206a5}, @eret={0xe6, 0x18, 0x993}, @msr={0x14, 0x20, {0x603000000013e201, 0x5c7}}, @irq_setup={0x46, 0x18, {0x3, 0x233}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0xaf}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0xea}}, @uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x3, 0x40, 0x10001, 0x1}}, @svc={0x122, 0x40, {0x2000000, [0x9, 0x3, 0x0, 0x6, 0x8000]}}, @irq_setup={0x46, 0x18, {0x3, 0x341}}], 0x3c0}, &(0x7f0000000500)=[@featur2={0x1, 0x80}], 0x1) (async)
r6 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000004c0)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x86000053, [0x80000001, 0x0, 0x2, 0xfffffffffffffffb, 0x200]}}, @msr={0x14, 0x20, {0x603000000013c4c8, 0x1}}, @uexit={0x0, 0x18, 0x9}, @eret={0xe6, 0x18, 0xfff}, @msr={0x14, 0x20, {0x603000000013f100, 0x4}}, @msr={0x14, 0x20, {0x603000000013c005, 0x7}}, @hvc={0x32, 0x40, {0x5000000, [0xca03, 0xc1f, 0x101, 0x3, 0x80]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x10}}, @memwrite={0x6e, 0x30, @generic={0x4, 0x4ad, 0xfffffffffffffffe, 0x2}}, @uexit={0x0, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0xbc4b, 0xe}}, @svc={0x122, 0x40, {0x2, [0x5, 0x0, 0x8000000000000001, 0x8, 0xdd74]}}, @mrs={0xbe, 0x18, {0x603000000013e281}}, @hvc={0x32, 0x40, {0xc4000001, [0x7ff, 0xf073, 0x9, 0x7, 0xf]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x6, 0x1, 0x7, 0x1}}, @eret={0xe6, 0x18, 0x533206a5}, @eret={0xe6, 0x18, 0x993}, @msr={0x14, 0x20, {0x603000000013e201, 0x5c7}}, @irq_setup={0x46, 0x18, {0x3, 0x233}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0xaf}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0xea}}, @uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x3, 0x40, 0x10001, 0x1}}, @svc={0x122, 0x40, {0x2000000, [0x9, 0x3, 0x0, 0x6, 0x8000]}}, @irq_setup={0x46, 0x18, {0x3, 0x341}}], 0x3c0}, &(0x7f0000000500)=[@featur2={0x1, 0x80}], 0x1)
ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000540)={0x7, 0x1})
ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f0000000580)) (async)
ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f0000000580))
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r6, 0x4018aee3, &(0x7f0000000640)=@attr_other={0x0, 0x3ff, 0xe, &(0x7f0000000600)=0x8})
mmap$KVM_VCPU(&(0x7f0000f7c000/0x4000)=nil, 0x0, 0x8, 0x10010, r6, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000f7c000/0x4000)=nil, 0x0, 0x8, 0x10010, r6, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000680)={0x9, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000680)={0x9, 0xffffffffffffffff, 0x1})
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000006c0)="40a9fb078f5d659820bdf4d4b1306c2498f4005bd7f4c8c0d7dffe457a94a3b8bd9ce97c3a5cada3b8b18a474003a3ca716ed23c38e7d310ed6a6b67403782306db7d4f743adeadd", 0x0, 0x48)
r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000c80)={0x0, &(0x7f0000000740)=[@its_setup={0x82, 0x28, {0x3, 0x3, 0x284}}, @eret={0xe6, 0x18}, @mrs={0xbe, 0x18, {0x603000000013df11}}, @svc={0x122, 0x40, {0xc4000012, [0x0, 0x9, 0x8001, 0x7ff, 0x6]}}, @msr={0x14, 0x20, {0x603000000013c299, 0x7}}, @msr={0x14, 0x20, {0x603000000013df12, 0x3}}, @irq_setup={0x46, 0x18, {0x2, 0x141}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x1, 0x2}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x3, 0x4, 0x8, 0x400, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x2, 0xc}}, @hvc={0x32, 0x40, {0x2, [0x3, 0xffffffffffffffff, 0x1000, 0x7, 0x6]}}, @uexit={0x0, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x4, 0x310}}, @eret={0xe6, 0x18, 0x2}, @uexit={0x0, 0x18, 0xfc}, @code={0xa, 0x84, {"0004803c000008d5e0c39ed20020b0f2610080d2420080d2430080d2c40080d2020000d40000803c007008d580a985d20020b0f2e10180d2620180d2630080d2040180d2020000d40098212e00b8a15e0008a03ca0dc95d200e0b8f2010180d2620080d2030080d2a40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x10, 0x4, 0xf}}, @eret={0xe6, 0x18, 0x7}, @eret={0xe6, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x3, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x1e5}}, @code={0xa, 0xb4, {"e0b093d20040b0f2010180d2a20080d2630180d2e40080d2020000d4000c000e007008d580d986d200e0b0f2810080d2420180d2c30180d2840180d2020000d400008012802699d200c0b8f2e10080d2420180d2030180d2c40180d2020000d40070204ea08c9ed20040b0f2810080d2620180d2030080d2c40180d2020000d4000008d5605595d20040b0f2c10180d2220180d2630080d2c40180d2020000d4"}}, @hvc={0x32, 0x40, {0x8400000f, [0x1, 0x6, 0x1, 0x32a, 0x6]}}, @uexit={0x0, 0x18, 0x6}, @eret={0xe6, 0x18, 0x8}, @code={0xa, 0x84, {"c07c8ed20060b0f2010080d2420080d2e30080d2040180d2020000d4007008d500068dd20000b0f2810180d2c20080d2a30180d2a40180d2020000d4008008d5a0038ed200c0b8f2210080d2420080d2630180d2040080d2020000d4007008d50044205e000028d5007008d5001ce02e"}}, @eret={0xe6, 0x18, 0x300}], 0x52c}, &(0x7f0000000cc0)=[@featur1={0x1, 0xd7}], 0x1)
ioctl$KVM_DIRTY_TLB(r8, 0x4010aeaa, &(0x7f0000000d00)={0xffffffffffffff62, 0x8000}) (async)
ioctl$KVM_DIRTY_TLB(r8, 0x4010aeaa, &(0x7f0000000d00)={0xffffffffffffff62, 0x8000})
r9 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000f00)={0x0, &(0x7f0000000d40)=[@its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x2, 0x10, 0x65, 0x5, 0x1}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0xfc}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x8}}, @msr={0x14, 0x20, {0x6030000000138044}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x202}}, @irq_setup={0x46, 0x18, {0x2, 0x3be}}, @code={0xa, 0x84, {"00a0800c0004809ae0be9cd20060b0f2010080d2e20180d2030080d2e40180d2020000d4000028d50068601ec0c686d200e0b0f2410080d2020080d2a30180d2e40080d2020000d4007008d5a0598ed20080b8f2c10080d2020180d2630080d2c40080d2020000d40080c00d00a09f0d"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x40, 0x5, 0x2}}], 0x194}, &(0x7f0000000f40)=[@featur2={0x1, 0x8}], 0x1)
mmap$KVM_VCPU(&(0x7f0000c68000/0x2000)=nil, r7, 0x2, 0x10010, r9, 0x0)
ioctl$KVM_GET_SREGS(r0, 0x8000ae83, &(0x7f0000000f80))
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000001100)=@arm64_fp_extra={0x60200000001000d5, &(0x7f00000010c0)=0x8000000000000000}) (async)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000001100)=@arm64_fp_extra={0x60200000001000d5, &(0x7f00000010c0)=0x8000000000000000})
ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000001140))
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_S390_VCPU_FAULT(r6, 0x4008ae52, &(0x7f0000001180)=0x100000001)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f00000011c0)={0x80})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000001200)={0x6, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000001200)={0x6, 0xffffffffffffffff, 0x1})

7.676678783s ago: executing program 38 (id=276):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0xfffffffa, 0x80001)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r6, 0x1})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r6, 0x3})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r6, 0xf})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r8, 0xc018aec0, &(0x7f0000000040)={0x5, 0x100, 0x80, 0x0})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r3})
r9 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

0s ago: executing program 39 (id=277):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x82802, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bff000/0x400000)=nil)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000d51000/0x1000)=nil, r4, 0xa, 0x110, r0, 0x0)
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000040)=0x7) (async)
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000040)=0x7)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f00000000c0)=@arm64_ccsidr={0x6020000000110005, &(0x7f0000000080)=0x100000000})
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000004c0)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x86000053, [0x80000001, 0x0, 0x2, 0xfffffffffffffffb, 0x200]}}, @msr={0x14, 0x20, {0x603000000013c4c8, 0x1}}, @uexit={0x0, 0x18, 0x9}, @eret={0xe6, 0x18, 0xfff}, @msr={0x14, 0x20, {0x603000000013f100, 0x4}}, @msr={0x14, 0x20, {0x603000000013c005, 0x7}}, @hvc={0x32, 0x40, {0x5000000, [0xca03, 0xc1f, 0x101, 0x3, 0x80]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x10}}, @memwrite={0x6e, 0x30, @generic={0x4, 0x4ad, 0xfffffffffffffffe, 0x2}}, @uexit={0x0, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0xbc4b, 0xe}}, @svc={0x122, 0x40, {0x2, [0x5, 0x0, 0x8000000000000001, 0x8, 0xdd74]}}, @mrs={0xbe, 0x18, {0x603000000013e281}}, @hvc={0x32, 0x40, {0xc4000001, [0x7ff, 0xf073, 0x9, 0x7, 0xf]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x6, 0x1, 0x7, 0x1}}, @eret={0xe6, 0x18, 0x533206a5}, @eret={0xe6, 0x18, 0x993}, @msr={0x14, 0x20, {0x603000000013e201, 0x5c7}}, @irq_setup={0x46, 0x18, {0x3, 0x233}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0xaf}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0xea}}, @uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x3, 0x40, 0x10001, 0x1}}, @svc={0x122, 0x40, {0x2000000, [0x9, 0x3, 0x0, 0x6, 0x8000]}}, @irq_setup={0x46, 0x18, {0x3, 0x341}}], 0x3c0}, &(0x7f0000000500)=[@featur2={0x1, 0x80}], 0x1) (async)
r6 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000004c0)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x86000053, [0x80000001, 0x0, 0x2, 0xfffffffffffffffb, 0x200]}}, @msr={0x14, 0x20, {0x603000000013c4c8, 0x1}}, @uexit={0x0, 0x18, 0x9}, @eret={0xe6, 0x18, 0xfff}, @msr={0x14, 0x20, {0x603000000013f100, 0x4}}, @msr={0x14, 0x20, {0x603000000013c005, 0x7}}, @hvc={0x32, 0x40, {0x5000000, [0xca03, 0xc1f, 0x101, 0x3, 0x80]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x10}}, @memwrite={0x6e, 0x30, @generic={0x4, 0x4ad, 0xfffffffffffffffe, 0x2}}, @uexit={0x0, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0xbc4b, 0xe}}, @svc={0x122, 0x40, {0x2, [0x5, 0x0, 0x8000000000000001, 0x8, 0xdd74]}}, @mrs={0xbe, 0x18, {0x603000000013e281}}, @hvc={0x32, 0x40, {0xc4000001, [0x7ff, 0xf073, 0x9, 0x7, 0xf]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x6, 0x1, 0x7, 0x1}}, @eret={0xe6, 0x18, 0x533206a5}, @eret={0xe6, 0x18, 0x993}, @msr={0x14, 0x20, {0x603000000013e201, 0x5c7}}, @irq_setup={0x46, 0x18, {0x3, 0x233}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0xaf}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0xea}}, @uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x3, 0x40, 0x10001, 0x1}}, @svc={0x122, 0x40, {0x2000000, [0x9, 0x3, 0x0, 0x6, 0x8000]}}, @irq_setup={0x46, 0x18, {0x3, 0x341}}], 0x3c0}, &(0x7f0000000500)=[@featur2={0x1, 0x80}], 0x1)
ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000540)={0x7, 0x1})
ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f0000000580)) (async)
ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f0000000580))
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r6, 0x4018aee3, &(0x7f0000000640)=@attr_other={0x0, 0x3ff, 0xe, &(0x7f0000000600)=0x8})
mmap$KVM_VCPU(&(0x7f0000f7c000/0x4000)=nil, 0x0, 0x8, 0x10010, r6, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000f7c000/0x4000)=nil, 0x0, 0x8, 0x10010, r6, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000680)={0x9, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000680)={0x9, 0xffffffffffffffff, 0x1})
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000006c0)="40a9fb078f5d659820bdf4d4b1306c2498f4005bd7f4c8c0d7dffe457a94a3b8bd9ce97c3a5cada3b8b18a474003a3ca716ed23c38e7d310ed6a6b67403782306db7d4f743adeadd", 0x0, 0x48)
r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000c80)={0x0, &(0x7f0000000740)=[@its_setup={0x82, 0x28, {0x3, 0x3, 0x284}}, @eret={0xe6, 0x18}, @mrs={0xbe, 0x18, {0x603000000013df11}}, @svc={0x122, 0x40, {0xc4000012, [0x0, 0x9, 0x8001, 0x7ff, 0x6]}}, @msr={0x14, 0x20, {0x603000000013c299, 0x7}}, @msr={0x14, 0x20, {0x603000000013df12, 0x3}}, @irq_setup={0x46, 0x18, {0x2, 0x141}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x1, 0x2}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x3, 0x4, 0x8, 0x400, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x2, 0xc}}, @hvc={0x32, 0x40, {0x2, [0x3, 0xffffffffffffffff, 0x1000, 0x7, 0x6]}}, @uexit={0x0, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x4, 0x310}}, @eret={0xe6, 0x18, 0x2}, @uexit={0x0, 0x18, 0xfc}, @code={0xa, 0x84, {"0004803c000008d5e0c39ed20020b0f2610080d2420080d2430080d2c40080d2020000d40000803c007008d580a985d20020b0f2e10180d2620180d2630080d2040180d2020000d40098212e00b8a15e0008a03ca0dc95d200e0b8f2010180d2620080d2030080d2a40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x10, 0x4, 0xf}}, @eret={0xe6, 0x18, 0x7}, @eret={0xe6, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x3, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x1e5}}, @code={0xa, 0xb4, {"e0b093d20040b0f2010180d2a20080d2630180d2e40080d2020000d4000c000e007008d580d986d200e0b0f2810080d2420180d2c30180d2840180d2020000d400008012802699d200c0b8f2e10080d2420180d2030180d2c40180d2020000d40070204ea08c9ed20040b0f2810080d2620180d2030080d2c40180d2020000d4000008d5605595d20040b0f2c10180d2220180d2630080d2c40180d2020000d4"}}, @hvc={0x32, 0x40, {0x8400000f, [0x1, 0x6, 0x1, 0x32a, 0x6]}}, @uexit={0x0, 0x18, 0x6}, @eret={0xe6, 0x18, 0x8}, @code={0xa, 0x84, {"c07c8ed20060b0f2010080d2420080d2e30080d2040180d2020000d4007008d500068dd20000b0f2810180d2c20080d2a30180d2a40180d2020000d4008008d5a0038ed200c0b8f2210080d2420080d2630180d2040080d2020000d4007008d50044205e000028d5007008d5001ce02e"}}, @eret={0xe6, 0x18, 0x300}], 0x52c}, &(0x7f0000000cc0)=[@featur1={0x1, 0xd7}], 0x1)
ioctl$KVM_DIRTY_TLB(r8, 0x4010aeaa, &(0x7f0000000d00)={0xffffffffffffff62, 0x8000}) (async)
ioctl$KVM_DIRTY_TLB(r8, 0x4010aeaa, &(0x7f0000000d00)={0xffffffffffffff62, 0x8000})
r9 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000f00)={0x0, &(0x7f0000000d40)=[@its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x2, 0x10, 0x65, 0x5, 0x1}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0xfc}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x8}}, @msr={0x14, 0x20, {0x6030000000138044}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x202}}, @irq_setup={0x46, 0x18, {0x2, 0x3be}}, @code={0xa, 0x84, {"00a0800c0004809ae0be9cd20060b0f2010080d2e20180d2030080d2e40180d2020000d4000028d50068601ec0c686d200e0b0f2410080d2020080d2a30180d2e40080d2020000d4007008d5a0598ed20080b8f2c10080d2020180d2630080d2c40080d2020000d40080c00d00a09f0d"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x40, 0x5, 0x2}}], 0x194}, &(0x7f0000000f40)=[@featur2={0x1, 0x8}], 0x1)
mmap$KVM_VCPU(&(0x7f0000c68000/0x2000)=nil, r7, 0x2, 0x10010, r9, 0x0)
ioctl$KVM_GET_SREGS(r0, 0x8000ae83, &(0x7f0000000f80))
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000001100)=@arm64_fp_extra={0x60200000001000d5, &(0x7f00000010c0)=0x8000000000000000}) (async)
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000001100)=@arm64_fp_extra={0x60200000001000d5, &(0x7f00000010c0)=0x8000000000000000})
ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000001140))
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_S390_VCPU_FAULT(r6, 0x4008ae52, &(0x7f0000001180)=0x100000001)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f00000011c0)={0x80})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000001200)={0x6, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000001200)={0x6, 0xffffffffffffffff, 0x1})

kernel console output (not intermixed with test programs):

[  440.468721][ T3166] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:62862' (ED25519) to the list of known hosts.
[  613.489432][   T25] audit: type=1400 audit(612.690:60): avc:  denied  { name_bind } for  pid=3327 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  614.364329][   T25] audit: type=1400 audit(613.570:61): avc:  denied  { execute } for  pid=3328 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  614.384976][   T25] audit: type=1400 audit(613.580:62): avc:  denied  { execute_no_trans } for  pid=3328 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  635.897342][   T25] audit: type=1400 audit(635.100:63): avc:  denied  { mounton } for  pid=3328 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  635.958722][   T25] audit: type=1400 audit(635.160:64): avc:  denied  { mount } for  pid=3328 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  636.123450][ T3328] cgroup: Unknown subsys name 'net'
[  636.222280][   T25] audit: type=1400 audit(635.420:65): avc:  denied  { unmount } for  pid=3328 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  636.888146][ T3328] cgroup: Unknown subsys name 'cpuset'
[  637.087638][ T3328] cgroup: Unknown subsys name 'rlimit'
[  639.281913][   T25] audit: type=1400 audit(638.480:66): avc:  denied  { setattr } for  pid=3328 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  639.321870][   T25] audit: type=1400 audit(638.510:67): avc:  denied  { mounton } for  pid=3328 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  639.361643][   T25] audit: type=1400 audit(638.540:68): avc:  denied  { mount } for  pid=3328 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  641.593270][ T3332] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  641.612303][   T25] audit: type=1400 audit(640.810:69): avc:  denied  { relabelto } for  pid=3332 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  641.642169][   T25] audit: type=1400 audit(640.840:70): avc:  denied  { write } for  pid=3332 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  641.933238][   T25] audit: type=1400 audit(641.120:71): avc:  denied  { read } for  pid=3328 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  641.948523][   T25] audit: type=1400 audit(641.150:72): avc:  denied  { open } for  pid=3328 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  642.023598][ T3328] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  691.382296][   T25] audit: type=1400 audit(690.580:73): avc:  denied  { execmem } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  696.777375][   T25] audit: type=1400 audit(695.980:74): avc:  denied  { read } for  pid=3335 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  696.839316][   T25] audit: type=1400 audit(695.990:75): avc:  denied  { open } for  pid=3336 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  696.922044][   T25] audit: type=1400 audit(696.110:76): avc:  denied  { mounton } for  pid=3335 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  697.474377][   T25] audit: type=1400 audit(696.620:77): avc:  denied  { module_request } for  pid=3336 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  698.884791][   T25] audit: type=1400 audit(698.090:78): avc:  denied  { sys_module } for  pid=3336 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  723.517691][ T3336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  723.758893][ T3336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  723.985811][ T3335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  724.457502][ T3335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  735.739659][ T3336] hsr_slave_0: entered promiscuous mode
[  735.768375][ T3336] hsr_slave_1: entered promiscuous mode
[  736.825288][ T3335] hsr_slave_0: entered promiscuous mode
[  736.864657][ T3335] hsr_slave_1: entered promiscuous mode
[  736.894056][ T3335] debugfs: 'hsr0' already exists in 'hsr'
[  736.901478][ T3335] Cannot create hsr debugfs directory
[  742.352186][   T25] audit: type=1400 audit(741.550:79): avc:  denied  { create } for  pid=3336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  742.422675][   T25] audit: type=1400 audit(741.570:80): avc:  denied  { write } for  pid=3336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  742.482542][   T25] audit: type=1400 audit(741.620:81): avc:  denied  { read } for  pid=3336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  742.622628][ T3336] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  742.934994][ T3336] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  743.259181][ T3336] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  743.645994][ T3336] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  745.198358][ T3335] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  745.393682][ T3335] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  745.557400][ T3335] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  745.735609][ T3335] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  758.246183][ T3336] 8021q: adding VLAN 0 to HW filter on device bond0
[  761.727037][ T3335] 8021q: adding VLAN 0 to HW filter on device bond0
[  813.167674][ T3336] veth0_vlan: entered promiscuous mode
[  813.635431][ T3336] veth1_vlan: entered promiscuous mode
[  815.585779][ T3335] veth0_vlan: entered promiscuous mode
[  815.687527][ T3336] veth0_macvtap: entered promiscuous mode
[  816.069505][ T3336] veth1_macvtap: entered promiscuous mode
[  816.507428][ T3335] veth1_vlan: entered promiscuous mode
[  819.225525][   T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  819.237032][   T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  819.373344][   T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  819.377912][   T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  820.655256][ T3335] veth0_macvtap: entered promiscuous mode
[  821.253086][ T3335] veth1_macvtap: entered promiscuous mode
[  822.847933][   T25] audit: type=1400 audit(822.050:82): avc:  denied  { mount } for  pid=3336 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  823.097397][   T25] audit: type=1400 audit(822.300:83): avc:  denied  { mounton } for  pid=3336 comm="syz-executor" path="/syzkaller.MfwVEV/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  823.441447][   T25] audit: type=1400 audit(822.540:84): avc:  denied  { mount } for  pid=3336 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  824.052014][   T25] audit: type=1400 audit(823.230:85): avc:  denied  { mounton } for  pid=3336 comm="syz-executor" path="/syzkaller.MfwVEV/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  824.263964][   T25] audit: type=1400 audit(823.350:86): avc:  denied  { mounton } for  pid=3336 comm="syz-executor" path="/syzkaller.MfwVEV/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3799 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  824.767878][   T35] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  824.789261][   T35] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  824.812666][   T35] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  824.816563][   T35] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  825.305260][   T25] audit: type=1400 audit(824.450:87): avc:  denied  { unmount } for  pid=3336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  825.772443][   T25] audit: type=1400 audit(824.860:88): avc:  denied  { mounton } for  pid=3336 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  825.836789][   T25] audit: type=1400 audit(825.030:89): avc:  denied  { mount } for  pid=3336 comm="syz-executor" name="/" dev="gadgetfs" ino=3809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  826.414045][   T25] audit: type=1400 audit(825.560:90): avc:  denied  { mount } for  pid=3336 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  826.557670][   T25] audit: type=1400 audit(825.710:91): avc:  denied  { mounton } for  pid=3336 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  828.549375][ T3336] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  830.056105][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  830.102666][   T25] audit: type=1400 audit(829.230:93): avc:  denied  { read write } for  pid=3336 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  830.103940][   T25] audit: type=1400 audit(829.270:94): avc:  denied  { open } for  pid=3336 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  830.261567][   T25] audit: type=1400 audit(829.440:95): avc:  denied  { ioctl } for  pid=3336 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  841.062120][   T25] audit: type=1400 audit(840.250:96): avc:  denied  { read } for  pid=3487 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  841.115463][   T25] audit: type=1400 audit(840.320:97): avc:  denied  { open } for  pid=3487 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  841.552748][   T25] audit: type=1400 audit(840.750:98): avc:  denied  { ioctl } for  pid=3487 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  859.703021][   T25] audit: type=1400 audit(858.890:99): avc:  denied  { write } for  pid=3498 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  890.732561][   T25] audit: type=1400 audit(889.930:100): avc:  denied  { append } for  pid=3520 comm="syz.0.10" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  902.135070][   T25] audit: type=1400 audit(901.300:101): avc:  denied  { execute } for  pid=3525 comm="syz.0.11" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4579 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  926.712400][   T25] audit: type=1400 audit(925.900:102): avc:  denied  { execute } for  pid=3540 comm="syz.1.17" path="/8/T" dev="tmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1195.484466][   T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1196.524298][   T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1197.947973][   T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1199.053671][   T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1211.984697][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1212.085754][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1212.145142][   T35] bond0 (unregistering): Released all slaves
[ 1213.423211][   T35] hsr_slave_0: left promiscuous mode
[ 1213.463579][   T35] hsr_slave_1: left promiscuous mode
[ 1213.617429][   T35] veth1_macvtap: left promiscuous mode
[ 1213.628784][   T35] veth0_macvtap: left promiscuous mode
[ 1213.639234][   T35] veth1_vlan: left promiscuous mode
[ 1213.645457][   T35] veth0_vlan: left promiscuous mode
[ 1230.897001][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1231.908948][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1232.999124][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1234.235319][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1253.157293][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1253.434169][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1253.683364][   T35] bond0 (unregistering): Released all slaves
[ 1254.992479][ T3663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1255.336671][   T35] hsr_slave_0: left promiscuous mode
[ 1255.385219][   T35] hsr_slave_1: left promiscuous mode
[ 1255.678093][   T35] veth1_macvtap: left promiscuous mode
[ 1255.701308][   T35] veth0_macvtap: left promiscuous mode
[ 1255.705673][   T35] veth1_vlan: left promiscuous mode
[ 1255.718471][   T35] veth0_vlan: left promiscuous mode
[ 1265.935006][ T3663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1274.844838][ T3670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1275.944704][ T3670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1284.274306][ T3663] hsr_slave_0: entered promiscuous mode
[ 1284.307066][ T3663] hsr_slave_1: entered promiscuous mode
[ 1294.753580][ T3670] hsr_slave_0: entered promiscuous mode
[ 1294.794451][ T3670] hsr_slave_1: entered promiscuous mode
[ 1294.834865][ T3670] debugfs: 'hsr0' already exists in 'hsr'
[ 1294.838084][ T3670] Cannot create hsr debugfs directory
[ 1297.468871][ T3663] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1298.414856][ T3663] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1298.646241][ T3663] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1299.121613][ T3663] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1309.666441][ T3670] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1310.119462][ T3670] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1310.517838][ T3670] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1310.819098][ T3670] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1327.061597][ T3663] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1335.205846][ T3670] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1414.694136][ T3663] veth0_vlan: entered promiscuous mode
[ 1415.546848][ T3663] veth1_vlan: entered promiscuous mode
[ 1418.376719][ T3663] veth0_macvtap: entered promiscuous mode
[ 1418.874136][ T3663] veth1_macvtap: entered promiscuous mode
[ 1421.985777][ T3286] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1421.993305][ T3286] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1422.099006][ T3286] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1422.112678][ T3286] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1426.295203][ T3670] veth0_vlan: entered promiscuous mode
[ 1426.672107][   T25] audit: type=1400 audit(1425.740:103): avc:  denied  { mounton } for  pid=3663 comm="syz-executor" path="/syzkaller.YZK75m/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 1427.806651][ T3670] veth1_vlan: entered promiscuous mode
[ 1431.692954][ T3670] veth0_macvtap: entered promiscuous mode
[ 1432.304032][ T3670] veth1_macvtap: entered promiscuous mode
[ 1436.106420][ T3685] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1436.114221][ T3685] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1436.263106][ T3685] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1436.265053][ T3685] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1499.518805][   T25] audit: type=1400 audit(1498.660:104): avc:  denied  { map } for  pid=3919 comm="syz.2.65" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1499.633743][   T25] audit: type=1400 audit(1498.750:105): avc:  denied  { execute } for  pid=3919 comm="syz.2.65" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1620.058055][ T3878] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1621.871592][ T3878] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1623.694712][ T3878] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1625.496516][ T3878] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1642.985852][ T3878] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1643.106133][ T3878] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1643.160922][ T3878] bond0 (unregistering): Released all slaves
[ 1645.793186][ T3878] hsr_slave_0: left promiscuous mode
[ 1645.855783][ T3878] hsr_slave_1: left promiscuous mode
[ 1646.452253][ T3878] veth1_macvtap: left promiscuous mode
[ 1646.455728][ T3878] veth0_macvtap: left promiscuous mode
[ 1646.503785][ T3878] veth1_vlan: left promiscuous mode
[ 1646.519584][ T3878] veth0_vlan: left promiscuous mode
[ 1677.564707][ T3385] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1680.667227][ T3385] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1682.023304][ T3385] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1683.885931][ T3385] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1700.666496][ T3385] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1700.775860][ T3385] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1700.835678][ T3385] bond0 (unregistering): Released all slaves
[ 1702.682195][ T3385] hsr_slave_0: left promiscuous mode
[ 1702.941819][ T3385] hsr_slave_1: left promiscuous mode
[ 1703.673129][ T3385] veth1_macvtap: left promiscuous mode
[ 1703.674479][ T3385] veth0_macvtap: left promiscuous mode
[ 1703.687961][ T3385] veth1_vlan: left promiscuous mode
[ 1703.714367][ T3385] veth0_vlan: left promiscuous mode
[ 1736.782022][ T3970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1737.452559][ T3970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1738.554899][ T3974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1738.834538][ T3974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1759.805139][ T3970] hsr_slave_0: entered promiscuous mode
[ 1759.847562][ T3970] hsr_slave_1: entered promiscuous mode
[ 1762.314450][ T3974] hsr_slave_0: entered promiscuous mode
[ 1762.398375][ T3974] hsr_slave_1: entered promiscuous mode
[ 1762.443404][ T3974] debugfs: 'hsr0' already exists in 'hsr'
[ 1762.453074][ T3974] Cannot create hsr debugfs directory
[ 1774.988595][ T3970] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1775.553672][ T3970] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1775.922662][ T3970] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1776.487412][ T3970] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1781.219421][ T3974] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1781.679506][ T3974] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1782.281248][ T3974] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1782.763888][ T3974] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1808.449494][ T3970] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1815.364898][ T3974] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1934.875711][ T3970] veth0_vlan: entered promiscuous mode
[ 1936.175381][ T3970] veth1_vlan: entered promiscuous mode
[ 1939.548409][ T3970] veth0_macvtap: entered promiscuous mode
[ 1940.604621][ T3970] veth1_macvtap: entered promiscuous mode
[ 1942.364604][ T3974] veth0_vlan: entered promiscuous mode
[ 1944.004667][ T3974] veth1_vlan: entered promiscuous mode
[ 1945.635074][   T35] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1945.669058][ T3429] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1945.751646][ T3429] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1945.766870][ T3429] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1950.656310][ T3974] veth0_macvtap: entered promiscuous mode
[ 1951.334078][ T3974] veth1_macvtap: entered promiscuous mode
[ 1955.292247][ T3878] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1955.306026][ T3994] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1955.411714][   T35] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1955.415488][   T35] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2010.026405][   T25] audit: type=1400 audit(2009.210:106): avc:  denied  { create } for  pid=4249 comm="syz.4.76" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2723.471045][   T25] audit: type=1400 audit(2722.660:107): avc:  denied  { map } for  pid=4615 comm="syz.5.156" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=14918 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2723.633494][   T25] audit: type=1400 audit(2722.770:108): avc:  denied  { read } for  pid=4615 comm="syz.5.156" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=14918 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2734.503713][   T25] audit: type=1400 audit(2733.700:109): avc:  denied  { setattr } for  pid=4619 comm="syz.4.157" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 3232.495819][ T4841] FAULT_INJECTION: forcing a failure.
[ 3232.495819][ T4841] name failslab, interval 1, probability 0, space 0, times 1
[ 3232.542614][ T4841] CPU: 0 UID: 0 PID: 4841 Comm: syz.5.220 Not tainted syzkaller #0 PREEMPT 
[ 3232.543305][ T4841] Hardware name: linux,dummy-virt (DT)
[ 3232.543778][ T4841] Call trace:
[ 3232.544201][ T4841]  show_stack+0x2c/0x3c (C)
[ 3232.546142][ T4841]  __dump_stack+0x30/0x40
[ 3232.546450][ T4841]  dump_stack_lvl+0xd8/0x12c
[ 3232.546672][ T4841]  dump_stack+0x1c/0x28
[ 3232.546893][ T4841]  should_fail_ex+0x570/0x6e0
[ 3232.547142][ T4841]  should_failslab+0xb8/0xec
[ 3232.547371][ T4841]  kmem_cache_alloc_noprof+0x84/0x5a8
[ 3232.547668][ T4841]  pte_alloc_one_noprof+0xa0/0x360
[ 3232.547955][ T4841]  handle_mm_fault+0x1edc/0x5860
[ 3232.548255][ T4841]  __get_user_pages+0x2d44/0x3888
[ 3232.548485][ T4841]  populate_vma_page_range+0x234/0x318
[ 3232.548725][ T4841]  __mm_populate+0x198/0x35c
[ 3232.548980][ T4841]  vm_mmap_pgoff+0x364/0x3e8
[ 3232.549231][ T4841]  ksys_mmap_pgoff+0xec/0x448
[ 3232.549469][ T4841]  __arm64_sys_mmap+0x13c/0x198
[ 3232.549812][ T4841]  invoke_syscall+0x90/0x238
[ 3232.550155][ T4841]  el0_svc_common+0x180/0x2f4
[ 3232.550515][ T4841]  do_el0_svc+0x58/0x74
[ 3232.550851][ T4841]  el0_svc+0x5c/0x234
[ 3232.551168][ T4841]  el0t_64_sync_handler+0x84/0x12c
[ 3232.551474][ T4841]  el0t_64_sync+0x198/0x19c
[ 3244.827976][ T4843] KVM: debugfs: duplicate directory 4843-5
[ 3269.489619][ T4856] FAULT_INJECTION: forcing a failure.
[ 3269.489619][ T4856] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 3269.532587][ T4856] CPU: 0 UID: 0 PID: 4856 Comm: syz.4.225 Not tainted syzkaller #0 PREEMPT 
[ 3269.532971][ T4856] Hardware name: linux,dummy-virt (DT)
[ 3269.533084][ T4856] Call trace:
[ 3269.533165][ T4856]  show_stack+0x2c/0x3c (C)
[ 3269.533527][ T4856]  __dump_stack+0x30/0x40
[ 3269.533735][ T4856]  dump_stack_lvl+0xd8/0x12c
[ 3269.533966][ T4856]  dump_stack+0x1c/0x28
[ 3269.534170][ T4856]  should_fail_ex+0x570/0x6e0
[ 3269.534443][ T4856]  should_fail_alloc_page+0xd4/0xd8
[ 3269.534686][ T4856]  prepare_alloc_pages+0x20c/0x5e0
[ 3269.534975][ T4856]  __alloc_frozen_pages_noprof+0xd8/0x2d0
[ 3269.535198][ T4856]  alloc_pages_mpol+0x204/0x4c8
[ 3269.535504][ T4856]  folio_alloc_mpol_noprof+0x4c/0x2b4
[ 3269.535826][ T4856]  shmem_alloc_and_add_folio+0x364/0x16e4
[ 3269.536062][ T4856]  shmem_get_folio_gfp+0x538/0x18e8
[ 3269.536370][ T4856]  shmem_fault+0x1b4/0x444
[ 3269.536581][ T4856]  __do_fault+0x1c8/0x518
[ 3269.536803][ T4856]  handle_mm_fault+0x38d8/0x5860
[ 3269.537113][ T4856]  __get_user_pages+0x2d44/0x3888
[ 3269.537345][ T4856]  populate_vma_page_range+0x234/0x318
[ 3269.537579][ T4856]  __mm_populate+0x198/0x35c
[ 3269.537822][ T4856]  vm_mmap_pgoff+0x364/0x3e8
[ 3269.538071][ T4856]  ksys_mmap_pgoff+0xec/0x448
[ 3269.538304][ T4856]  __arm64_sys_mmap+0x13c/0x198
[ 3269.538633][ T4856]  invoke_syscall+0x90/0x238
[ 3269.538961][ T4856]  el0_svc_common+0x180/0x2f4
[ 3269.539261][ T4856]  do_el0_svc+0x58/0x74
[ 3269.539546][ T4856]  el0_svc+0x5c/0x234
[ 3269.539871][ T4856]  el0t_64_sync_handler+0x84/0x12c
[ 3269.540183][ T4856]  el0t_64_sync+0x198/0x19c
[ 3300.708054][ T4875] FAULT_INJECTION: forcing a failure.
[ 3300.708054][ T4875] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3300.741258][ T4875] CPU: 0 UID: 0 PID: 4875 Comm: syz.4.231 Not tainted syzkaller #0 PREEMPT 
[ 3300.741639][ T4875] Hardware name: linux,dummy-virt (DT)
[ 3300.741745][ T4875] Call trace:
[ 3300.741846][ T4875]  show_stack+0x2c/0x3c (C)
[ 3300.742263][ T4875]  __dump_stack+0x30/0x40
[ 3300.742509][ T4875]  dump_stack_lvl+0xd8/0x12c
[ 3300.742717][ T4875]  dump_stack+0x1c/0x28
[ 3300.742948][ T4875]  should_fail_ex+0x570/0x6e0
[ 3300.743192][ T4875]  should_fail_alloc_page+0xd4/0xd8
[ 3300.743431][ T4875]  prepare_alloc_pages+0x20c/0x5e0
[ 3300.743642][ T4875]  __alloc_frozen_pages_noprof+0xd8/0x2d0
[ 3300.743880][ T4875]  alloc_pages_mpol+0x204/0x4c8
[ 3300.744191][ T4875]  folio_alloc_mpol_noprof+0x4c/0x2b4
[ 3300.744497][ T4875]  shmem_alloc_and_add_folio+0x364/0x16e4
[ 3300.744716][ T4875]  shmem_get_folio_gfp+0x538/0x18e8
[ 3300.745046][ T4875]  shmem_fault+0x1b4/0x444
[ 3300.745278][ T4875]  __do_fault+0x1c8/0x518
[ 3300.745491][ T4875]  handle_mm_fault+0x38d8/0x5860
[ 3300.745799][ T4875]  __get_user_pages+0x2d44/0x3888
[ 3300.746058][ T4875]  populate_vma_page_range+0x234/0x318
[ 3300.746298][ T4875]  __mm_populate+0x198/0x35c
[ 3300.746558][ T4875]  vm_mmap_pgoff+0x364/0x3e8
[ 3300.746813][ T4875]  ksys_mmap_pgoff+0xec/0x448
[ 3300.747068][ T4875]  __arm64_sys_mmap+0x13c/0x198
[ 3300.747400][ T4875]  invoke_syscall+0x90/0x238
[ 3300.747731][ T4875]  el0_svc_common+0x180/0x2f4
[ 3300.748081][ T4875]  do_el0_svc+0x58/0x74
[ 3300.748409][ T4875]  el0_svc+0x5c/0x234
[ 3300.748703][ T4875]  el0t_64_sync_handler+0x84/0x12c
[ 3300.749029][ T4875]  el0t_64_sync+0x198/0x19c
[ 3384.273123][ T4916] FAULT_INJECTION: forcing a failure.
[ 3384.273123][ T4916] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 3384.287582][ T4916] CPU: 0 UID: 0 PID: 4916 Comm: syz.5.244 Not tainted syzkaller #0 PREEMPT 
[ 3384.288000][ T4916] Hardware name: linux,dummy-virt (DT)
[ 3384.288110][ T4916] Call trace:
[ 3384.288189][ T4916]  show_stack+0x2c/0x3c (C)
[ 3384.288550][ T4916]  __dump_stack+0x30/0x40
[ 3384.288753][ T4916]  dump_stack_lvl+0xd8/0x12c
[ 3384.288992][ T4916]  dump_stack+0x1c/0x28
[ 3384.289194][ T4916]  should_fail_ex+0x570/0x6e0
[ 3384.289438][ T4916]  should_fail+0x14/0x24
[ 3384.289675][ T4916]  should_fail_usercopy+0x20/0x30
[ 3384.289947][ T4916]  simple_read_from_buffer+0xd0/0x298
[ 3384.290241][ T4916]  proc_fail_nth_read+0x184/0x218
[ 3384.290562][ T4916]  vfs_read+0x220/0x9a8
[ 3384.290843][ T4916]  ksys_read+0x100/0x1f4
[ 3384.291102][ T4916]  __arm64_sys_read+0x98/0xcc
[ 3384.291356][ T4916]  invoke_syscall+0x90/0x238
[ 3384.291648][ T4916]  el0_svc_common+0x180/0x2f4
[ 3384.291971][ T4916]  do_el0_svc+0x58/0x74
[ 3384.292257][ T4916]  el0_svc+0x5c/0x234
[ 3384.292548][ T4916]  el0t_64_sync_handler+0x84/0x12c
[ 3384.292876][ T4916]  el0t_64_sync+0x198/0x19c
[ 3401.252648][   T25] audit: type=1400 audit(3400.400:110): avc:  denied  { ioctl } for  pid=4923 comm="syz.4.246" path="net:[4026532716]" dev="nsfs" ino=4026532716 ioctlcmd=0xb70d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 3599.379557][ T4972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3601.467025][ T4972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3635.689134][ T2146] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3637.578226][ T2146] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3639.127742][ T2146] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3640.514946][ T2146] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3650.263920][ T4972] hsr_slave_0: entered promiscuous mode
[ 3650.344990][ T4972] hsr_slave_1: entered promiscuous mode
[ 3650.447936][ T4972] debugfs: 'hsr0' already exists in 'hsr'
[ 3650.472528][ T4972] Cannot create hsr debugfs directory
[ 3651.369548][ T4983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3652.358300][ T4983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3668.747177][ T2146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3668.982462][ T2146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3669.135424][ T2146] bond0 (unregistering): Released all slaves
[ 3671.864037][ T2146] hsr_slave_0: left promiscuous mode
[ 3671.941327][ T2146] hsr_slave_1: left promiscuous mode
[ 3672.543364][ T2146] veth1_macvtap: left promiscuous mode
[ 3672.546857][ T2146] veth0_macvtap: left promiscuous mode
[ 3672.608940][ T2146] veth1_vlan: left promiscuous mode
[ 3672.641898][ T2146] veth0_vlan: left promiscuous mode
[ 3698.979564][ T4848] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3700.407547][ T4848] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3702.506488][ T4848] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3704.787672][ T4848] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3709.346744][ T4972] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 3711.221197][ T4972] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 3713.752404][ T4972] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 3715.098104][ T4983] hsr_slave_0: entered promiscuous mode
[ 3715.245574][ T4983] hsr_slave_1: entered promiscuous mode
[ 3715.575680][ T4972] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 3734.219230][ T4848] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3734.434350][ T4848] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3734.599415][ T4848] bond0 (unregistering): Released all slaves
[ 3736.952495][ T4848] hsr_slave_0: left promiscuous mode
[ 3737.121682][ T4848] hsr_slave_1: left promiscuous mode
[ 3737.761724][ T4848] veth1_macvtap: left promiscuous mode
[ 3737.765489][ T4848] veth0_macvtap: left promiscuous mode
[ 3737.793849][ T4848] veth1_vlan: left promiscuous mode
[ 3737.806361][ T4848] veth0_vlan: left promiscuous mode
[ 3769.076916][ T4983] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 3769.664749][ T4983] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 3770.268799][ T4983] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 3770.992956][ T4983] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 3787.218375][ T4972] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3807.304195][ T4983] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3938.637019][ T4972] veth0_vlan: entered promiscuous mode
[ 3939.832588][ T4972] veth1_vlan: entered promiscuous mode
[ 3943.363193][ T4972] veth0_macvtap: entered promiscuous mode
[ 3944.172719][ T4972] veth1_macvtap: entered promiscuous mode
[ 3947.932813][ T3878] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3947.956976][ T4583] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3948.128938][ T2146] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3948.203359][ T3878] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3961.485956][ T4983] veth0_vlan: entered promiscuous mode
[ 3963.422355][ T4983] veth1_vlan: entered promiscuous mode
[ 3968.486465][ T4983] veth0_macvtap: entered promiscuous mode
[ 3969.416969][ T4983] veth1_macvtap: entered promiscuous mode
[ 3975.082895][ T3286] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3975.093478][ T3286] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3975.167105][ T3286] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3975.365075][ T5162] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4389.987386][ T5315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4390.676619][ T5315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4398.139048][ T5318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4398.842468][ T5318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4446.309173][ T5315] hsr_slave_0: entered promiscuous mode
[ 4446.503715][ T5315] hsr_slave_1: entered promiscuous mode
[ 4446.714182][ T5315] debugfs: 'hsr0' already exists in 'hsr'
[ 4446.728835][ T5315] Cannot create hsr debugfs directory
[ 4454.722771][ T5318] hsr_slave_0: entered promiscuous mode
[ 4454.823941][ T5318] hsr_slave_1: entered promiscuous mode
[ 4455.013856][ T5318] debugfs: 'hsr0' already exists in 'hsr'
[ 4455.044896][ T5318] Cannot create hsr debugfs directory
[ 4490.682601][ T5315] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 4492.028587][ T5315] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 4493.266847][ T5315] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 4494.575829][ T5315] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 4507.118173][ T5318] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 4508.076978][ T5318] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 4509.115872][ T5318] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 4510.345951][ T5318] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 4556.195875][ T5315] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4569.095704][ T5318] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4628.533425][   T27] INFO: task syz.6.276:5289 blocked for more than 430 seconds.
[ 4628.539287][   T27]       Not tainted syzkaller #0
[ 4628.566450][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 4628.567177][   T27] task:syz.6.276       state:D stack:0     pid:5289  tgid:5289  ppid:4972   task_flags:0x400040 flags:0x00000019
[ 4628.568437][   T27] Call trace:
[ 4628.568861][   T27]  __switch_to+0x584/0xb20 (T)
[ 4628.569501][   T27]  __schedule+0x1eec/0x33a4
[ 4628.682428][   T27]  schedule+0xac/0x27c
[ 4628.683122][   T27]  schedule_timeout+0x5c/0x1e4
[ 4628.683666][   T27]  do_wait_for_common+0x28c/0x444
[ 4628.684192][   T27]  wait_for_completion+0x44/0x5c
[ 4628.684675][   T27]  __synchronize_srcu+0x2a4/0x320
[ 4628.685218][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 4628.685713][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 4628.686216][   T27]  kvm_put_kvm+0x698/0xbe8
[ 4628.686686][   T27]  kvm_vm_release+0x58/0x78
[ 4628.687185][   T27]  __fput+0x4ac/0x980
[ 4628.687674][   T27]  ____fput+0x20/0x58
[ 4628.688185][   T27]  task_work_run+0x1bc/0x254
[ 4628.688639][   T27]  exit_to_user_mode_loop+0xfc/0x178
[ 4628.689117][   T27]  el0_svc+0x170/0x234
[ 4628.689627][   T27]  el0t_64_sync_handler+0x84/0x12c
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 4628.891109][   T27]  el0t_64_sync+0x198/0x19c
[ 4628.894699][   T27] 
[ 4628.894699][   T27] Showing all locks held in the system:
[ 4628.895286][   T27] 1 lock held by khungtaskd/27:
[ 4628.895690][   T27]  #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 4628.898124][   T27] 3 locks held by kworker/u4:2/35:
[ 4628.898548][   T27] 3 locks held by kworker/u4:4/50:
[ 4628.899008][   T27] 1 lock held by klogd/3129:
[ 4628.899359][   T27] 2 locks held by getty/3196:
[ 4629.087864][   T27]  #0: 80f00000120328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 4629.122539][   T27]  #1: 95ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 4629.124341][   T27] 2 locks held by syz-executor/3328:
[ 4629.124679][   T27] 2 locks held by kworker/u4:9/3824:
[ 4629.125013][   T27] 2 locks held by kworker/u4:10/3878:
[ 4629.125318][   T27]  #0: f5f000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 4629.126951][   T27]  #1: ffff80008e847c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 4629.128604][   T27] 3 locks held by kworker/u4:3/4583:
[ 4629.128983][   T27] 3 locks held by kworker/u4:8/5022:
[ 4629.129307][   T27] 3 locks held by kworker/u4:12/5023:
[ 4629.129621][   T27] 3 locks held by kworker/u4:13/5162:
[ 4629.251812][   T27] 2 locks held by kworker/u4:14/5184:
[ 4629.252265][   T27]  #0: f5f000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 4629.253979][   T27]  #1: ffff80008eed7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 4629.255649][   T27] 2 locks held by syz.7.277/5291:
[ 4629.256020][   T27] 3 locks held by kworker/u4:0/5322:
[ 4629.256385][   T27] 3 locks held by kworker/u4:7/5434:
[ 4629.256706][   T27] 1 lock held by modprobe/5479:
[ 4629.257036][   T27] 3 locks held by kworker/u4:16/5480:
[ 4629.257343][   T27] 1 lock held by dhcpcd-run-hook/5481:
[ 4629.257633][   T27] 1 lock held by modprobe/5482:
[ 4629.258111][   T27] 
[ 4629.258404][   T27] =============================================
[ 4629.258404][   T27]