last executing test programs:

1h12m24.175207084s ago: executing program 0 (id=59):
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x1000000) (async)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f0000000200)=[@eret={0xe6, 0x18, 0x8}], 0x18}], 0x1, 0x0, 0x0, 0x0) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140000, &(0x7f0000000000)=0x7}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x2, 0x3, &(0x7f0000000000)=0x62efb0ff})

1h12m17.417661236s ago: executing program 0 (id=61):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000008c0)={0x2000, 0x0, 0x4})
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x26)
ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, &(0x7f0000000000)={0x1fe, 0x300, 0x1c0, &(0x7f0000000100)=[0x6, 0x1, 0x6, 0x800, 0x7fffffffffffffff, 0x8, 0xf, 0x8, 0x4, 0x100, 0x1, 0x10001, 0x6, 0x3, 0x10, 0x7, 0xfb, 0x6, 0x8, 0x4f4a, 0x3090000000, 0x7, 0x1, 0x8, 0x8, 0x0, 0x1, 0x5, 0x0, 0x8, 0x4, 0xfffffffffffffff7, 0x7f, 0x1, 0x62, 0x5, 0x8000, 0x7, 0x7, 0x1000, 0x18, 0x10001, 0x0, 0x3, 0x7, 0x5, 0x2, 0x2, 0x3, 0x200, 0x8, 0x6, 0xa, 0x4, 0x3, 0x5, 0x8001, 0x3, 0x0, 0xc6fe, 0x8, 0x6, 0x6, 0x4, 0x7, 0x7fffffff, 0x80, 0x1d99, 0xc, 0x5, 0xfffffffffffffff8, 0x100000000, 0x9, 0x5, 0x1c000000000, 0x2, 0x1, 0x9, 0x2, 0xb09, 0x8, 0x0, 0x6, 0x6, 0xc, 0x0, 0x6, 0x9, 0x6a5, 0x3, 0x1ecda000000, 0x3ff, 0xfff, 0x81, 0x1, 0x100000001, 0x401, 0xfffffffffffffffa, 0x7, 0x728, 0x3ff, 0xacf, 0x8, 0xfda2, 0x7f, 0x2, 0x5, 0x7, 0x2, 0xfffffffffffffffd, 0xb9, 0x1, 0x4, 0x62a, 0xf, 0x7, 0x3, 0x4, 0x7995, 0x400, 0x80, 0x0, 0x7, 0x3, 0x6bc, 0x1, 0x4, 0x8]})

1h11m54.2171352s ago: executing program 0 (id=62):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000080)=@arm64_ccsidr={0x6020000000110001, &(0x7f0000000040)=0x2})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x401c5820, &(0x7f00000000c0)=@attr_other={0x0, 0x8dc, 0xfffffffffffffffd, 0x0})
ioctl$KVM_DIRTY_TLB(r8, 0x4010aeaa, &(0x7f0000000000)={0x0, 0x54e})
ioctl$KVM_SET_REGS(r8, 0x4360ae82, &(0x7f0000000100)={[0x8000000000000000, 0x800000000000000, 0x4, 0x7, 0x4, 0x80, 0x5, 0x8, 0x40, 0x7628, 0xc9, 0xfffffffffffffff7, 0x0, 0x9, 0xfffffffffffffff7, 0x8000000000000000], 0x2, 0x100})

1h11m45.546072394s ago: executing program 0 (id=64):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c65d, 0xfffdffffc1af0ec0}}], 0x20}, 0x0, 0xffffffffffffff92)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000000)={0xc834, 0xdec})
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1h11m38.158492653s ago: executing program 0 (id=67):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f00000002c0), 0x2e4641, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x9, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f00000001c0)=@attr_arm64={0x0, 0x4, 0x1, &(0x7f0000000180)=0x6})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000280)=@attr_arm64={0x0, 0x8, 0x3, &(0x7f0000000200)=0x2})
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010000a, &(0x7f00000000c0)=0x80003fe})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000240)={0xdddd1000, 0x1000})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2e)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x6)
syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100026, &(0x7f0000000000)=0x10})
r10 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

1h11m28.617834538s ago: executing program 0 (id=69):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1f)
openat$kvm(0x0, &(0x7f0000000080), 0x1d9001af6df0802d, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = syz_kvm_vgic_v3_setup(r1, 0x3, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x8, <r3=>0xffffffffffffffff})
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xd)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x2, 0x100)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x8000000, 0x5000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000680)=[@code={0xa, 0x84, {"0038216e000028d50000791e00f8a15e008008d50000000ce0508ad20020b0f2410180d2620180d2c30180d2240180d2020000d4007008d5c0dd99d20060b8f2c10080d2420080d2e30080d2640180d2020000d420dc88d20000b8f2210180d2c20180d2c30080d2c40180d2020000d4"}}, @uexit={0x0, 0x18, 0x9}, @msr={0x14, 0x20, {0x603000000013c510, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0xa7}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x3, 0x1}}, @irq_setup={0x46, 0x18, {0x3, 0x2d0}}, @mrs={0xbe, 0x18, {0xbae066f026a9bc80}}, @eret={0xe6, 0x18, 0xfffffffffffffffe}, @eret={0xe6, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x603000000013c013}}, @eret={0xe6, 0x18, 0xfffffffffffffff7}, @eret={0xe6, 0x18, 0x7}, @svc={0x122, 0x40, {0x3f000000, [0x6, 0x7, 0x7, 0x2, 0x8000]}}, @mrs={0xbe, 0x18, {0x603000000013c4f1}}, @hvc={0x32, 0x40, {0x10, [0x8, 0x0, 0x7fffffff, 0xffffffff, 0x9]}}, @code={0xa, 0x84, {"000000100000201e000080a8607e95d20060b0f2a10080d2c20080d2c30180d2a40080d2020000d400000011802e8ed20060b8f2a10080d2020080d2230080d2840180d2020000d4007008d580b794d20000b8f2e10080d2a20180d2630080d2c40080d2020000d4007008d5000008d5"}}, @code={0xa, 0x9c, {"000008d5a04085d200e0b0f2e10080d2620180d2e30080d2240080d2020000d40068214e00c0631e002c207e600498d20040b8f2810180d2220080d2a30180d2c40180d2020000d4805f83d200c0b8f2610080d2020080d2430080d2440180d2020000d4206a87d200a0b0f2810080d2020180d2c30080d2e40180d2020000d4001c004e000008d5"}}, @svc={0x122, 0x40, {0x2000000, [0xfffffffffffffeff, 0x0, 0x7, 0x3, 0x3]}}, @code={0xa, 0x84, {"007008d5007008d5000028d50068201e007008d5c02a83d200a0b8f2a10180d2020180d2030080d2040180d2020000d460eb92d20080b8f2410180d2820080d2230080d2e40180d2020000d4000028d5000008d580f799d200c0b0f2010180d2c20080d2630080d2640080d2020000d4"}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0xf3}}, @uexit={0x0, 0x18, 0xd}, @mrs={0xbe, 0x18, {0x603000000013807f}}], 0x490}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0xb, 0x3ff, &(0x7f0000000640)=0xfff})
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000340)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000300)=0x3})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000240)={0xeeef0000})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x446, 0x101, &(0x7f0000000200)=0xfff})
ioctl$KVM_SET_GUEST_DEBUG_arm64(0xffffffffffffffff, 0x4208ae9b, &(0x7f0000000400)={0x0, 0x0, {[0xc9, 0x0, 0x3, 0x401, 0x66e4557d, 0x3, 0xffff, 0x5, 0xe77, 0x6, 0x80000000006, 0x6, 0x5, 0x7, 0xfff, 0x1], [0x6, 0x5, 0x4, 0x9, 0x7ff, 0xfffffffffffffffc, 0x5, 0xffffffffffffffff, 0xfffffffffffffff9, 0x10000, 0x22, 0x6, 0x3fd, 0x59, 0x5, 0x1], [0x7fff, 0x7fffffffffffffff, 0x1, 0x2, 0xa, 0x2, 0x6, 0x0, 0x12000000, 0xfffffffffffff909, 0xf11, 0x1c, 0x3, 0x7a19, 0x0, 0x4008093f], [0xd, 0x7, 0x0, 0x7, 0xa, 0x1, 0x1, 0x8, 0x80000000, 0x1, 0x10, 0x400, 0x40, 0x4, 0xc13f, 0xd8b9]}})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x33)
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)

1h10m42.009463969s ago: executing program 32 (id=69):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1f)
openat$kvm(0x0, &(0x7f0000000080), 0x1d9001af6df0802d, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = syz_kvm_vgic_v3_setup(r1, 0x3, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x8, <r3=>0xffffffffffffffff})
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xd)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x2, 0x100)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x8000000, 0x5000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000680)=[@code={0xa, 0x84, {"0038216e000028d50000791e00f8a15e008008d50000000ce0508ad20020b0f2410180d2620180d2c30180d2240180d2020000d4007008d5c0dd99d20060b8f2c10080d2420080d2e30080d2640180d2020000d420dc88d20000b8f2210180d2c20180d2c30080d2c40180d2020000d4"}}, @uexit={0x0, 0x18, 0x9}, @msr={0x14, 0x20, {0x603000000013c510, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0xa7}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x3, 0x1}}, @irq_setup={0x46, 0x18, {0x3, 0x2d0}}, @mrs={0xbe, 0x18, {0xbae066f026a9bc80}}, @eret={0xe6, 0x18, 0xfffffffffffffffe}, @eret={0xe6, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x603000000013c013}}, @eret={0xe6, 0x18, 0xfffffffffffffff7}, @eret={0xe6, 0x18, 0x7}, @svc={0x122, 0x40, {0x3f000000, [0x6, 0x7, 0x7, 0x2, 0x8000]}}, @mrs={0xbe, 0x18, {0x603000000013c4f1}}, @hvc={0x32, 0x40, {0x10, [0x8, 0x0, 0x7fffffff, 0xffffffff, 0x9]}}, @code={0xa, 0x84, {"000000100000201e000080a8607e95d20060b0f2a10080d2c20080d2c30180d2a40080d2020000d400000011802e8ed20060b8f2a10080d2020080d2230080d2840180d2020000d4007008d580b794d20000b8f2e10080d2a20180d2630080d2c40080d2020000d4007008d5000008d5"}}, @code={0xa, 0x9c, {"000008d5a04085d200e0b0f2e10080d2620180d2e30080d2240080d2020000d40068214e00c0631e002c207e600498d20040b8f2810180d2220080d2a30180d2c40180d2020000d4805f83d200c0b8f2610080d2020080d2430080d2440180d2020000d4206a87d200a0b0f2810080d2020180d2c30080d2e40180d2020000d4001c004e000008d5"}}, @svc={0x122, 0x40, {0x2000000, [0xfffffffffffffeff, 0x0, 0x7, 0x3, 0x3]}}, @code={0xa, 0x84, {"007008d5007008d5000028d50068201e007008d5c02a83d200a0b8f2a10180d2020180d2030080d2040180d2020000d460eb92d20080b8f2410180d2820080d2230080d2e40180d2020000d4000028d5000008d580f799d200c0b0f2010180d2c20080d2630080d2640080d2020000d4"}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0xf3}}, @uexit={0x0, 0x18, 0xd}, @mrs={0xbe, 0x18, {0x603000000013807f}}], 0x490}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0xb, 0x3ff, &(0x7f0000000640)=0xfff})
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000340)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000300)=0x3})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000240)={0xeeef0000})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x446, 0x101, &(0x7f0000000200)=0xfff})
ioctl$KVM_SET_GUEST_DEBUG_arm64(0xffffffffffffffff, 0x4208ae9b, &(0x7f0000000400)={0x0, 0x0, {[0xc9, 0x0, 0x3, 0x401, 0x66e4557d, 0x3, 0xffff, 0x5, 0xe77, 0x6, 0x80000000006, 0x6, 0x5, 0x7, 0xfff, 0x1], [0x6, 0x5, 0x4, 0x9, 0x7ff, 0xfffffffffffffffc, 0x5, 0xffffffffffffffff, 0xfffffffffffffff9, 0x10000, 0x22, 0x6, 0x3fd, 0x59, 0x5, 0x1], [0x7fff, 0x7fffffffffffffff, 0x1, 0x2, 0xa, 0x2, 0x6, 0x0, 0x12000000, 0xfffffffffffff909, 0xf11, 0x1c, 0x3, 0x7a19, 0x0, 0x4008093f], [0xd, 0x7, 0x0, 0x7, 0xa, 0x1, 0x1, 0x8, 0x80000000, 0x1, 0x10, 0x400, 0x40, 0x4, 0xc13f, 0xd8b9]}})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x33)
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)

35m15.989251074s ago: executing program 1 (id=408):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013df64, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df7f, 0x8000}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000240)={0x4, 0x9, 0x1}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r5, 0x5421, 0x20004000)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(r7, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r8, 0x200001fe0000)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce4, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, 0x0, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, 0x0)
r16 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r17 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r18 = ioctl$KVM_CREATE_VCPU(r17, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r17, r18, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000000000002000000000000000002080d2a0bbbbf21f004219"], 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r18, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r16, 0xc00caee0, 0x0)
openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0)

35m11.795305682s ago: executing program 2 (id=409):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x2b)
ioctl$KVM_REGISTER_COALESCED_MMIO(r12, 0x4010ae67, &(0x7f0000000240)={0x1, 0xe000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r12, 0x4010ae67, &(0x7f0000000080)={0x3000, 0x122000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r12, 0x4010ae68, &(0x7f0000001480)={0x0, 0x13000, 0x1})
r13 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

34m56.124215344s ago: executing program 1 (id=410):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xffffffffffffffff)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, 0xffffffffffffffff)

34m54.90590764s ago: executing program 2 (id=411):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x941, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000)
write$eventfd(r4, &(0x7f0000000000), 0xfffffdef)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VM(r2, 0x894c, 0x0)
r6 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae03, 0xc0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000200)=0xa})
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f0000000040)=@arm64_core={0x6030000000100014, &(0x7f0000000180)=0x4})
r16 = eventfd2(0x0, 0x0)
close(r16)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20100, 0x0)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000140)={0x1ff, 0xdddc1000, 0x0, r16, 0x4})
ioctl$KVM_CREATE_VCPU(r5, 0xb701, 0x0)

34m49.104997473s ago: executing program 1 (id=412):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (rerun: 64)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x7}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x7, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000200)=0x8000000}) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r11 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0x0, 0x4, &(0x7f0000000240)=0x3}) (async, rerun: 64)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000000)={0xfe2, 0x4}) (rerun: 64)

34m44.93963747s ago: executing program 2 (id=413):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r15, 0x3, 0x11, r14, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r15, 0x1, 0x12, r9, 0x0)
r16 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r17 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r17, 0x8, 0x13, r9, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r17, 0x1000001, 0x12, r9, 0x0)
r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r18, 0x3, 0x11, r8, 0x0)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r18, 0x3, 0x11, r16, 0x0)
r19 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r19, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r19, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df61, &(0x7f00000001c0)=0x20000000004})

34m40.822102419s ago: executing program 1 (id=414):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xc0189436, 0x1ffffffc) (async)
ioctl$KVM_CREATE_VM(r3, 0xc0189436, 0x1ffffffc)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) (async)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80400, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2b) (async)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2b)
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000240)={0x1, 0xe000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000100)={0x0, 0x1000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r8, 0x4010ae68, &(0x7f0000001480)={0xfffffffffffffdfd, 0x13000, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) (async)
ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, 0x0) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, 0x0)

34m32.769189008s ago: executing program 2 (id=415):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8f961a5f6eaa8303, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x10)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2f)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000180)="aad6c8fa992e3b6638c83ac5a68ff39c452a828f1f17ea4fa5439d763a2f2b3f53c0b1ab2e7067b6b00110109119402eba70be0c7b8a714b5ffc5970a20fd8775ac36279ffeaf650", 0x0, 0x48)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece)
ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000080)={0x5, 0x2})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xf5)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r9 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r9, 0x2})
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r9, 0x3})
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_GET_API_VERSION(r10, 0xae00, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x2c)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100038, &(0x7f0000000000)=0x80000000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r11, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x15000})

34m30.92760239s ago: executing program 1 (id=416):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@its_setup={0x82, 0x28, {0xfffffffffffffffe, 0x0, 0x200000000179}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x3550}}], 0x58}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

34m21.477718812s ago: executing program 2 (id=417):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = syz_kvm_vgic_v3_setup(r0, 0x4, 0x0)
close(r0)
r2 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000000400)={0x2, 0x280, 0xc0, &(0x7f0000000000)=[0x7, 0x5, 0x8000, 0xc6, 0x3, 0x8000, 0x0, 0x8, 0xc3, 0x400, 0x8, 0x9, 0x3, 0x9, 0x8b, 0x2, 0x7fffffff, 0x0, 0x8, 0xfffffffffffffffd, 0x4, 0x9, 0x7ff, 0x8, 0x8, 0x9, 0x4, 0x2, 0x100000001, 0x52, 0x2, 0x3, 0x7, 0x8, 0x3, 0xfffffffffffffff1, 0xb53c, 0x4, 0x8, 0x7fffffffffffffff, 0xaeed, 0xffffffff, 0x4, 0x2, 0x40000000000, 0x9, 0x9, 0x4, 0x9, 0x100, 0x9, 0x7fffffffffffffff, 0x9, 0x3, 0x7, 0x2, 0x1, 0x4, 0xc, 0x5, 0x9, 0xffffffffffffff7e, 0x9, 0x2, 0x6, 0xfff, 0x5, 0x9, 0x4, 0x3, 0x0, 0x8, 0x5, 0x39, 0x6, 0x6, 0xfffffffffffff6f1, 0x1, 0xff, 0x100000000, 0x7, 0x1, 0xfff, 0x5, 0xca7, 0xfc, 0xfffffffffffffff8, 0x5, 0x7, 0x0, 0x3, 0xfa, 0x2, 0x0, 0x5, 0x8, 0x1, 0x532, 0x8, 0x7b5, 0xffffffffffffffb0, 0x80000001, 0x94e1, 0x0, 0xffffffffffff0001, 0x280000000000000, 0x8, 0x477, 0x8, 0xfd, 0x62c8cd82, 0x8, 0x2, 0x2, 0x4, 0x7fff, 0x100000000, 0x2, 0x0, 0x0, 0xc, 0x4, 0x9, 0x1, 0x7fff, 0x8, 0x0, 0x7fff]})
close(r1)
ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000440)={0xc0, 0x0, 0x2000})
syz_kvm_vgic_v3_setup(r0, 0x0, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f00000004c0)={0x10201, 0x0, &(0x7f0000ffc000/0x4000)=nil})
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x1)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000500)={0x3, 0xffffffffffffffff, 0x1})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1e)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000540)={0xdf, 0x0, 0xe000})
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
syz_kvm_setup_cpu$arm64(r0, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000b40)=[{0x0, &(0x7f00000005c0)=[@uexit={0x0, 0x18, 0x5000000000000}, @msr={0x14, 0x20, {0x50280000001a0336, 0x9}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0x9, 0x8, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x380, 0x4, 0x1}}, @irq_setup={0x46, 0x18, {0x4, 0xb6}}, @code={0xa, 0x9c, {"007008d540cf95d200c0b0f2e10180d2820180d2630180d2640180d2020000d40000204b000008d50020201e000080a80080000c00cf84d20040b0f2410180d2420180d2e30180d2a40080d2020000d4e09a94d20020b8f2210180d2a20180d2c30080d2440180d2020000d4e04f80d200a0b8f2010180d2820080d2630180d2040180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013dea7}}, @code={0xa, 0xb4, {"809193d20020b0f2010180d2a20080d2c30180d2040180d2020000d4006586d20020b0f2810180d2e20180d2e30180d2440080d2020000d4c0e789d20000b0f2010180d2820180d2a30180d2240180d2020000d4000008d5602680d20020b8f2810180d2620180d2630080d2040080d2020000d40078000e00d8215e0078202e007008d560e791d200a0b8f2010080d2c20080d2230080d2440180d2020000d4"}}, @code={0xa, 0x6c, {"007008d50060c00d007008d50000208b40e590d200a0b8f2c10080d2420180d2a30080d2040080d2020000d4400d95d20060b8f2010180d2e20180d2030180d2e40080d2020000d40068203c00d4200e0050202e007008d5"}}, @smc={0x1e, 0x40, {0x84000006, [0x6, 0x6, 0x4, 0x48d, 0xae]}}, @hvc={0x32, 0x40, {0x84000011, [0x2, 0x1, 0x8, 0x8, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0xa, 0x7, 0x6, 0x4}}, @uexit={0x0, 0x18, 0x1000}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @code={0xa, 0x6c, {"0000005c008008d5000008d50000c029008008d50000000bc02a94d20020b0f2410080d2420180d2e30080d2240180d2020000d4008008d580da8fd20000b8f2a10180d2e20080d2c30180d2e40180d2020000d4007008d5"}}, @memwrite={0x6e, 0x30, @generic={0xffffffff, 0xb40, 0x2, 0x5}}, @hvc={0x32, 0x40, {0x84000053, [0x3, 0x4d7, 0x2, 0x62, 0x4]}}, @code={0xa, 0xe4, {"00a8310e60df89d20020b8f2c10180d2420080d2030180d2840080d2020000d4a0e08cd200a0b0f2a10080d2220080d2c30180d2240180d2020000d40084000de07b8cd20040b8f2610180d2020080d2230080d2c40180d2020000d4000028d5e0c18dd20020b0f2810080d2a20180d2630080d2640180d2020000d4003f81d200e0b0f2a10180d2820080d2030180d2e40080d2020000d480f084d200e0b0f2a10180d2620180d2a30180d2c40180d2020000d420cc9cd20020b8f2210080d2220080d2630080d2c40080d2020000d4"}}, @hvc={0x32, 0x40, {0x800, [0x1, 0xffffffffffff8108, 0xe, 0xe54, 0x8]}}], 0x564}], 0x1, 0x0, &(0x7f0000000b80)=[@featur2={0x1, 0x45}], 0x1)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000bc0)={0x400, 0x7, 0x4})
ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000000c40)=@attr_other={0x0, 0x0, 0x3ff, &(0x7f0000000c00)=0x83})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r4, 0x4068aea3, &(0x7f0000000c80)={0xe4, 0x0, 0xcf6c})
ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000d00)={0x5, 0x6})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
eventfd2(0x1ff, 0x80000)
syz_kvm_setup_cpu$arm64(r3, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000001380)=[{0x0, &(0x7f0000000d40)=[@svc={0x122, 0x40, {0xc4000011, [0xffffffff00000001, 0x4, 0x4, 0xb2]}}, @uexit={0x0, 0x18, 0x8}, @msr={0x14, 0x20, {0x603000000013c01e, 0xf53}}, @uexit={0x0, 0x18, 0x7}, @smc={0x1e, 0x40, {0x84000003, [0x3, 0x3, 0x3, 0x700000, 0x4000000000000000]}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x5, 0x10, 0x1, 0x8330, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8000, 0x6, 0x8}}, @eret={0xe6, 0x18, 0x7ff}, @code={0xa, 0xcc, {"400e81d20020b8f2a10080d2420180d2a30180d2840080d2020000d4406386d200c0b8f2810180d2c20180d2e30180d2a40080d2020000d440c189d200e0b0f2e10180d2220080d2a30080d2a40080d2020000d4e05b89d20040b8f2410080d2420080d2c30180d2440180d2020000d4007008d5000028d5008c207e60bd85d20060b0f2210180d2a20080d2a30080d2040180d2020000d4007008d5401d85d20020b8f2a10180d2220080d2e30180d2840180d2020000d4"}}, @code={0xa, 0x6c, {"0000202e007008d50000202a0000031ee0c485d20060b8f2810180d2620080d2e30180d2640180d2020000d460ec83d20040b0f2810180d2620080d2030180d2240080d2020000d4002c004e000028d5007008d5007008d5"}}, @mrs={0xbe, 0x18, {0x6030000000138080}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x300, 0x2e, 0x2}}, @svc={0x122, 0x40, {0xc4000012, [0x80000001, 0x3, 0x8, 0x5, 0x7]}}, @smc={0x1e, 0x40, {0xc4000007, [0xfffffffffffffff7, 0xb77b, 0xfffffffffffff801, 0x7, 0x40000000000000]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x2, 0x9, 0x80, 0x5, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x3, 0x0, 0x0, 0xffff8001, 0x2}}, @svc={0x122, 0x40, {0x80000001, [0x347e4bf3, 0x4, 0x9, 0x800, 0x4]}}, @hvc={0x32, 0x40, {0x5000000, [0x1, 0xc9e7, 0x8, 0x5d11, 0xffffffff]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x23}}, @code={0xa, 0x9c, {"0000c03c407897d20000b0f2410180d2420180d2030080d2c40180d2020000d400fc009be0a993d20000b8f2410180d2220080d2230080d2e40080d2020000d480c88ad20040b0f2410080d2020080d2e30080d2040180d2020000d4c0de9ed20020b8f2c10180d2a20180d2e30080d2840080d2020000d4008008d5008008d5000008d5000028d5"}}, @uexit={0x0, 0x18, 0xf49}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x8, 0xe61, 0x4}}, @smc={0x1e, 0x40, {0x4, [0x5, 0x1ff, 0x8, 0x0, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc00, 0x3, 0xe}}, @mrs={0xbe, 0x18, {0x603000000013c510}}, @hvc={0x32, 0x40, {0xc400000c, [0xc0, 0x8, 0x0, 0x0, 0x2]}}, @svc={0x122, 0x40, {0x3f000000, [0xffffffffffffff7f, 0x9, 0xec5, 0x9799, 0x800]}}, @eret={0xe6, 0x18, 0x100}], 0x63c}], 0x1, 0x0, &(0x7f00000013c0)=[@featur1={0x1, 0x10}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000001440)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000001400)=0x2})
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000001480)={0x3, [0x7, 0x1, 0x3ff]})
ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f00000014c0))
ioctl$KVM_CAP_ARM_MTE(r3, 0x4068aea3, &(0x7f0000001500))
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000001780)={0x0, &(0x7f0000001580)=[@its_setup={0x82, 0x28, {0x4, 0x1, 0x34f}}, @msr={0x14, 0x20, {0x603000000013deb9, 0x2bfb}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x366}}, @msr={0x14, 0x20, {0x603000000013e648, 0x8}}, @smc={0x1e, 0x40, {0x102, [0xe2, 0xb, 0x7, 0x8, 0x7fff]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x25f}}, @irq_setup={0x46, 0x18, {0x0, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x12f}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0xc0}}, @irq_setup={0x46, 0x18, {0x0, 0x106}}, @eret={0xe6, 0x18}, @msr={0x14, 0x20, {0x603000000013c020, 0x5}}, @eret={0xe6, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x1, 0x255}}], 0x1e0}, &(0x7f00000017c0)=[@featur2], 0x1)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)

34m18.24670323s ago: executing program 1 (id=418):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xc0189436, 0x20004000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xc0189436, 0x20004000) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)

34m14.244141356s ago: executing program 2 (id=419):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x4})
ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000000)={0x3, 0x400, 0x200, &(0x7f0000000080)=[0x0, 0x10, 0x6, 0x100000000, 0x80000001, 0xa, 0x8, 0x65f, 0xffffffff, 0x7f, 0x5, 0x9, 0x2, 0x9, 0x0, 0xff, 0x7, 0x2, 0x81, 0x400, 0x4, 0x0, 0x4, 0x0, 0x5, 0x7, 0x9, 0x0, 0x7, 0x8781, 0x3, 0x9, 0x1, 0x10001, 0x8, 0x8, 0x10000, 0x9, 0x0, 0x8, 0x9, 0x6, 0x80000000, 0x9, 0x40, 0x6, 0x6, 0x8, 0x7, 0x2, 0x1, 0x10, 0x0, 0x5, 0x8000000000000000, 0x4, 0x5, 0x6, 0x76d000000000000, 0x9, 0xe9, 0x8, 0x7fff, 0x8, 0x2, 0x7, 0x100, 0x296cec91, 0x5, 0x6, 0x2, 0x0, 0x7, 0x8, 0x7, 0x2, 0x7bfb7ee7, 0x1, 0x8, 0xa, 0x0, 0x2, 0xffffffff, 0x8000000000000001, 0x158, 0x7, 0x46af, 0x4, 0x80000000, 0x9, 0xbcb1, 0x4, 0x6db6, 0x9, 0x1, 0x3800000000, 0x8, 0xfffffffffffff1f9, 0x5, 0x8, 0x9, 0xa, 0x400000000000000, 0x2, 0x315, 0xf8, 0x0, 0x3ff, 0x3, 0x10001, 0x6, 0x5, 0xff, 0x19673e26, 0x6, 0x0, 0x1, 0xfffffffffffffffd, 0x4, 0xd, 0x4, 0xfffffffffffff98e, 0x0, 0x7, 0x4, 0x5, 0x4, 0x4]})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000480)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0xc0}], 0x1)
syz_kvm_assert_reg(r7, 0x603000000013c4f1, 0x8000)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x8040aeb6, 0x0)

33m31.936674246s ago: executing program 33 (id=418):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xc0189436, 0x20004000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xc0189436, 0x20004000) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)

33m27.105652077s ago: executing program 34 (id=419):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x4})
ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000000)={0x3, 0x400, 0x200, &(0x7f0000000080)=[0x0, 0x10, 0x6, 0x100000000, 0x80000001, 0xa, 0x8, 0x65f, 0xffffffff, 0x7f, 0x5, 0x9, 0x2, 0x9, 0x0, 0xff, 0x7, 0x2, 0x81, 0x400, 0x4, 0x0, 0x4, 0x0, 0x5, 0x7, 0x9, 0x0, 0x7, 0x8781, 0x3, 0x9, 0x1, 0x10001, 0x8, 0x8, 0x10000, 0x9, 0x0, 0x8, 0x9, 0x6, 0x80000000, 0x9, 0x40, 0x6, 0x6, 0x8, 0x7, 0x2, 0x1, 0x10, 0x0, 0x5, 0x8000000000000000, 0x4, 0x5, 0x6, 0x76d000000000000, 0x9, 0xe9, 0x8, 0x7fff, 0x8, 0x2, 0x7, 0x100, 0x296cec91, 0x5, 0x6, 0x2, 0x0, 0x7, 0x8, 0x7, 0x2, 0x7bfb7ee7, 0x1, 0x8, 0xa, 0x0, 0x2, 0xffffffff, 0x8000000000000001, 0x158, 0x7, 0x46af, 0x4, 0x80000000, 0x9, 0xbcb1, 0x4, 0x6db6, 0x9, 0x1, 0x3800000000, 0x8, 0xfffffffffffff1f9, 0x5, 0x8, 0x9, 0xa, 0x400000000000000, 0x2, 0x315, 0xf8, 0x0, 0x3ff, 0x3, 0x10001, 0x6, 0x5, 0xff, 0x19673e26, 0x6, 0x0, 0x1, 0xfffffffffffffffd, 0x4, 0xd, 0x4, 0xfffffffffffff98e, 0x0, 0x7, 0x4, 0x5, 0x4, 0x4]})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000480)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0xc0}], 0x1)
syz_kvm_assert_reg(r7, 0x603000000013c4f1, 0x8000)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x8040aeb6, 0x0)

25m8.717157628s ago: executing program 3 (id=444):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000000c0)={0x836, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x801}}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x10002})
r7 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f0000000640)=[@smc={0x1e, 0x40, {0x84000011, [0x0, 0x4, 0x0, 0x4, 0x8001]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

24m53.554597754s ago: executing program 3 (id=446):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x88001, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)

24m40.315850762s ago: executing program 3 (id=448):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x100000c, 0x4d832, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x7fffffff})
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r4, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})
r11 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_HAS_DEVICE_ATTR(r11, 0x4018aee3, &(0x7f0000000380)=@attr_other={0x0, 0x5, 0x0, 0x0})
r12 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@svc={0x122, 0x40, {0x84000011, [0x1ae000000, 0x7, 0x9, 0x2ff00, 0x7fffffffffffffff]}}, @hvc={0x32, 0x40, {0x84000006, [0x4, 0x76, 0x7ff, 0x0, 0x5]}}], 0x80}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x180)
r14 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000240)={0x3, <r15=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000000)=0x8})
ioctl$KVM_RUN(r13, 0xae80, 0x0)

24m23.515314317s ago: executing program 3 (id=450):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close(r1) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000000)={0x7}) (async)
r4 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000080)={0x0, 0xf000, 0x0, r4}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000}) (async, rerun: 32)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000000c0)={0x8}) (async, rerun: 32)
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0x6000}) (async, rerun: 32)
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (rerun: 32)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async, rerun: 64)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r6, 0x4018aee3, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x1000}) (async, rerun: 64)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

24m9.864227408s ago: executing program 3 (id=452):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r7 = syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4, <r10=>0xffffffffffffffff})
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x13, r10, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r11 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80000001, [0xfffffffffffffde5, 0x3ff, 0x1, 0x4, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4}) (async)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x13, r10, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80000001, [0xfffffffffffffde5, 0x3ff, 0x1, 0x4, 0x9]}}], 0x40}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r11, 0xae80, 0x0) (async)

23m51.306169206s ago: executing program 3 (id=454):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x0, 0x1000004, 0x11, r4, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x21)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000c24000/0x2000)=nil, 0x930, 0x1, 0x11, r8, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
r9 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000100)=@arm64_fp={0x6040000000100075, &(0x7f0000000140)=0x3})

23m3.185445742s ago: executing program 35 (id=454):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x0, 0x1000004, 0x11, r4, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x21)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000c24000/0x2000)=nil, 0x930, 0x1, 0x11, r8, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
r9 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000100)=@arm64_fp={0x6040000000100075, &(0x7f0000000140)=0x3})

22m59.199701579s ago: executing program 4 (id=458):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b})
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x0, 0x1, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
eventfd2(0x2, 0x800)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181d40, 0x0)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r11, 0x400454d4, 0x21)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0xc4003ff5, [0xc, 0x3, 0x2, 0xa92b, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x3, 0xfffffffd, 0x8, 0x8}}], 0x68}, 0x0, 0x0)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r10, 0x4068aea3, &(0x7f0000000240))
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8})
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)

22m34.428271977s ago: executing program 4 (id=459):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = syz_kvm_vgic_v3_setup(r2, 0x3, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x5, 0xc, &(0x7f0000000240)=0x80000001})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000002c0)={0x2, 0x0, [{0x0, 0x2, 0x1, 0x0, @adapter={0xffffffff87bdf123, 0x100, 0xfffffffffffffff9, 0x4, 0x80000001}}, {0x10000, 0x1, 0x1, 0x0, @adapter={0x7b, 0x9, 0x0, 0x443, 0x8}}]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
syz_kvm_vgic_v3_setup(r2, 0x3, 0x100) (async)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x5, 0xc, &(0x7f0000000240)=0x80000001}) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000002c0)={0x2, 0x0, [{0x0, 0x2, 0x1, 0x0, @adapter={0xffffffff87bdf123, 0x100, 0xfffffffffffffff9, 0x4, 0x80000001}}, {0x10000, 0x1, 0x1, 0x0, @adapter={0x7b, 0x9, 0x0, 0x443, 0x8}}]}) (async)

22m18.872572829s ago: executing program 4 (id=460):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
munmap(&(0x7f000049b000/0x400000)=nil, 0x400000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r4, 0x0, 0x13, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r4, 0x1000001, 0x12, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

22m5.907851931s ago: executing program 4 (id=461):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f00000000c0))
syz_kvm_vgic_v3_setup(r1, 0x2, 0x200)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x3000005, 0x810, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000c87000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r6, 0x400454d4, 0x110c230007)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000000, 0x10, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f00000000c0))
close(r3)

21m45.212469267s ago: executing program 4 (id=462):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xa}}], 0x30}, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x460443, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r7 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000003c0)="fb413fdd033b07ac2cc4a22332a77b23b08986614d7ba14c9409ab8031d15e20574c000000010000005a449a7a835673316b50ebd2aa7fd86904000000000000e700", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000100), 0x4c4882, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0x40086602, 0x110e227ffe)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0xfffffffa, 0x80001)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0x40086602, 0x110e227ffe)
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r4, 0x4018aee3, &(0x7f0000000140)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x10001})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0x5, 0x8fb, &(0x7f0000000240)=0x8})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x25)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x1, 0x100)
ioctl$KVM_RUN(r15, 0xae80, 0x0)

21m31.75849078s ago: executing program 4 (id=463):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bff000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000180)=@arm64_sys={0x6030000000139828, &(0x7f00000000c0)=0x81})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000d0a000/0x3000)=nil, r1, 0x0, 0x4000010, r5, 0x0)

20m44.051902211s ago: executing program 36 (id=463):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bff000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000180)=@arm64_sys={0x6030000000139828, &(0x7f00000000c0)=0x81})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000d0a000/0x3000)=nil, r1, 0x0, 0x4000010, r5, 0x0)

15m59.042622126s ago: executing program 5 (id=457):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1b)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x10001, 0x5, 0x70000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000040)={0x6000, 0x5000, 0xfff})
syz_kvm_setup_cpu$arm64(r0, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000280)=[{0x0, &(0x7f0000000080)=[@hvc={0x32, 0x40, {0x100, [0x2, 0x9, 0x4, 0xa650]}}, @msr={0x14, 0x20, {0x603000000013e6c7, 0x6a}}, @svc={0x122, 0x40, {0x8600ff01, [0x8, 0x7, 0x7, 0x5, 0x7ff]}}, @code={0xa, 0xb4, {"e0b29bd200c0b8f2810180d2220080d2230180d2c40180d2020000d40088202e007008d5000c205e007008d5e0cd92d200a0b8f2810080d2e20180d2230080d2040080d2020000d400d8210e20da83d200c0b0f2c10180d2420080d2230180d2640180d2020000d4e0da8bd200e0b8f2210180d2220180d2a30180d2640180d2020000d4a0d089d200a0b8f2210080d2e20080d2830080d2040080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0xa, 0x4, 0x8}}, @uexit={0x0, 0x18, 0x1}, @msr={0x14, 0x20, {0x6030000000131a01, 0x3}}, @msr={0x14, 0x20, {0x603000000013e101, 0x3}}], 0x1d4}], 0x1, 0x0, &(0x7f00000002c0)=[@featur1={0x1, 0x1}], 0x1)
r3 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000300)={0xa8, 0x0, 0x2})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x12)
syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000700)={0x0, &(0x7f0000000380)=[@memwrite={0x6e, 0x30, @generic={0x26000, 0x640, 0x401, 0xa}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x12c}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x1, 0xa, 0x8000000, 0x1}}, @msr={0x14, 0x20, {0x603000000013c2a3, 0x6}}, @irq_setup={0x46, 0x18, {0x0, 0x4}}, @smc={0x1e, 0x40, {0x4000000, [0x4, 0x5, 0x1, 0xfffffffffffffffc, 0x1]}}, @msr={0x14, 0x20, {0x60300000001383f6, 0xfffffffffffffffb}}, @irq_setup={0x46, 0x18, {0x2, 0x10e}}, @msr={0x14, 0x20, {0x603000000013f528, 0x1a}}, @msr={0x14, 0x20, {0x603000000013dee7, 0x2}}, @eret={0xe6, 0x18, 0x1}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x0, 0x1, 0xff}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffe8, 0x9, 0x4}}, @svc={0x122, 0x40, {0x86000000, [0x6, 0xfffffffffffffffb, 0x6, 0x5, 0x10]}}, @svc={0x122, 0x40, {0x86000000, [0x6, 0xffffffffffffe61e, 0x8, 0x8000]}}, @msr={0x14, 0x20, {0x603000000013e533, 0xee8}}, @eret={0xe6, 0x18, 0xe1}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x3f9}}, @mrs={0xbe, 0x18, {0x603000000013c64a}}, @mrs={0xbe, 0x18, {0x6030000000138064}}, @hvc={0x32, 0x40, {0x0, [0x0, 0x0, 0x401, 0x200, 0x78298576]}}, @msr={0x14, 0x20, {0x603000000013e102, 0x8}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0xf1}}], 0x378}, &(0x7f0000000740)=[@featur2={0x1, 0xe0}], 0x1)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x24)
ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000780)={0x2, 0x0, [{0x401, 0x1, 0x0, 0x0, @msi={0x7, 0x0, 0x6, 0x3}}, {0x5, 0x1, 0x1, 0x0, @msi={0x3a8, 0x92a, 0x6, 0x7}}]})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000840)=@attr_other={0x0, 0x6, 0x6, &(0x7f0000000800)=0xd567})
ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f00000008c0)=@attr_other={0x0, 0x200, 0x9, &(0x7f0000000880)=0x1000})
r6 = syz_kvm_vgic_v3_setup(r4, 0x3, 0x80)
ioctl$KVM_RESET_DIRTY_RINGS(r5, 0xaec7)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000940)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000900)=0x7})
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x8)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000980)={0x37, 0x5000, 0x2, r3})
syz_kvm_setup_cpu$arm64(r4, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000d40)=[{0x0, &(0x7f00000009c0)=[@eret={0xe6, 0x18, 0xfffffffffffffffd}, @mrs={0xbe, 0x18, {0x603000000013c4f6}}, @code={0xa, 0x6c, {"007008d5007008d50024000f609091d20080b0f2210180d2a20180d2e30180d2840080d2020000d440af85d200c0b8f2010180d2a20080d2230080d2e40180d2020000d4008008d5000028d5004c200e000008d5007008d5"}}, @mrs={0xbe, 0x18, {0x603000000013e65d}}, @msr={0x14, 0x20, {0x603000000013d920, 0x8000000000000000}}, @mrs={0xbe, 0x18, {0x603000000013df6f}}, @uexit={0x0, 0x18, 0x5}, @msr={0x14, 0x20, {0x603000000013c208, 0x8}}, @eret={0xe6, 0x18, 0x2}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x0, 0x0, 0x9, 0x1, 0x2}}, @irq_setup={0x46, 0x18, {0x3, 0x377}}, @code={0xa, 0x84, {"0054200e605c94d20040b8f2410180d2a20180d2630180d2e40080d2020000d4007008d560e598d20040b8f2c10180d2220180d2430180d2a40080d2020000d4000028d50054007f007008d5000028d580cd8bd20080b0f2410080d2a20080d2830080d2240180d2020000d40070200e"}}, @svc={0x122, 0x40, {0x84000050, [0x5, 0x8, 0x5029, 0x5, 0x8]}}, @code={0xa, 0x9c, {"408387d200a0b0f2e10080d2a20080d2430080d2240080d2020000d4e0fa96d200e0b8f2810080d2e20180d2430180d2e40180d2020000d4007008d5007008d5007008d5400f8ad20080b8f2810080d2e20180d2230080d2440080d2020000d4e0aa84d200a0b0f2010180d2e20080d2830080d2040080d2020000d40078200e007008d50080800d"}}, @memwrite={0x6e, 0x30, @generic={0x1000, 0xa8, 0x0, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x100, 0x9, 0x9}}, @smc={0x1e, 0x40, {0x80008000, [0x6, 0x6, 0x4, 0x0, 0xead3]}}], 0x37c}], 0x1, 0x0, &(0x7f0000000d80)=[@featur1={0x1, 0xa6}], 0x1)
ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000dc0)={0x25000, 0x4, 0x9, 0x1, 0x611})
r8 = ioctl$KVM_GET_STATS_FD_vm(r5, 0xaece)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000e00)={r8, 0x10, 0x1, r3})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000e40)={0x50000, 0x0, 0x1})
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r2, 0x4010aeb5, &(0x7f0000000e80)={0x0, 0x20000000000})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000f00)=@attr_arm64={0x0, 0x7, 0x1, &(0x7f0000000ec0)=0x7000000000000000})
ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f0000000f40)={0xc0, 0x0, 0x2000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

15m47.296639918s ago: executing program 5 (id=465):
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r2})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x5000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r7, 0x4068aea3, &(0x7f00000000c0)={0xe1, 0x0, 0x8})
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000180)=[@uexit={0x0, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x0, 0x3, 0x8000, 0x200, 0x3}}, @uexit={0x0, 0x18, 0x6}, @uexit={0x0, 0x18, 0x9}, @uexit={0x0, 0x18, 0x6}, @smc={0x1e, 0x40, {0x8000, [0x0, 0x12000000000000, 0x0, 0xd7, 0x14d]}}, @msr={0x14, 0x20, {0x603000000013801c, 0xffff}}, @code={0xa, 0xb4, {"0028c01a20328bd20020b0f2c10080d2020080d2230180d2c40080d2020000d4000020aa400894d200a0b8f2a10180d2820180d2430180d2240180d2020000d4404f97d200e0b0f2a10180d2a20180d2a30080d2240080d2020000d400b8a12ee03190d20000b0f2a10180d2420080d2630080d2040080d2020000d4000028d50000439e805490d20020b8f2010080d2420180d2230080d2240080d2020000d4"}}, @hvc={0x32, 0x40, {0xc5000020, [0x3, 0x9, 0x8, 0x6, 0x5]}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0xdae}, @uexit={0x0, 0x18, 0x5}, @eret={0xe6, 0x18, 0xb6}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x1, 0x9, 0x7, 0xfffffff7, 0x2}}, @svc={0x122, 0x40, {0x40, [0x40, 0x3, 0xd, 0x2, 0x101]}}, @mrs={0xbe, 0x18, {0x603000000013df65}}, @smc={0x1e, 0x40, {0x4000000, [0x9, 0xffff, 0x1, 0x100000001, 0x2]}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x386}}], 0x324}, &(0x7f0000000040), 0x1)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r8, 0x800454e1, 0x36)

15m28.648149022s ago: executing program 5 (id=466):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000004c0)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013c112}}, @hvc={0x32, 0x40, {0x1000, [0x4, 0x3, 0x9, 0x2, 0x4]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0xf, 0x8, 0x1, 0x5, 0x1}}, @svc={0x122, 0x40, {0x8400000c, [0x3, 0x3, 0x2, 0x7c44cf44, 0x3]}}, @eret={0xe6, 0x18, 0x7}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x3, 0xa}}, @uexit={0x0, 0x18, 0xdd}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x10e}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x0, 0x5, 0x4, 0x4}}, @svc={0x122, 0x40, {0x84000010, [0x7fff, 0xfb02, 0x3, 0x0, 0xdd7]}}, @code={0xa, 0x6c, {"007008d5606792d20060b0f2410180d2c20180d2830180d2640080d2020000d4007008d5e03e91d200e0b8f2610180d2e20180d2c30080d2640080d2020000d4007008d50084400d0000406d007008d5007008d5007008d5"}}, @mrs={0xbe, 0x18, {0x6030000000138005}}, @eret={0xe6, 0x18}, @msr={0x14, 0x20, {0x603000000013e711, 0x1ff}}, @msr={0x14, 0x20, {0x603000000013f528, 0x758b}}, @smc={0x1e, 0x40, {0x80007fff, [0x1, 0x8b58, 0x7fffffffffffffff, 0x9, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xffe8, 0x4, 0x4}}, @smc={0x1e, 0x40, {0x80000000, [0x12d7, 0x8, 0x1800000, 0x7, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x0, 0xbb46, 0x7, 0x4}}, @svc={0x122, 0x40, {0x84000053, [0xe1, 0x3, 0x4, 0x1be, 0x2b9]}}, @smc={0x1e, 0x40, {0x1000000, [0x4, 0xb6e, 0x4, 0xfffffffffffffffe, 0x10000]}}, @mrs={0xbe, 0x18, {0x603000000013e534}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0x1, 0xad43, 0x8000, 0x2}}, @smc={0x1e, 0x40, {0xc400000d, [0x1, 0x8, 0x10001, 0x18000000000, 0x6]}}, @eret={0xe6, 0x18}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x1, 0x1, 0x101, 0xd, 0x1}}], 0x4a4}, &(0x7f0000000500)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000540)=@x86={0x7, 0x3, 0x2, 0x0, 0xffffff1c, 0x1, 0x9, 0x9, 0x0, 0x8, 0x9, 0xf, 0x0, 0x5, 0x0, 0xb, 0x4, 0x9, 0x8, '\x00', 0x5}) (async)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000580)={0x1, 0xffffffffffffffff, 0x1}) (async)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000a40)=[{0x0, &(0x7f00000005c0)=[@code={0xa, 0x9c, {"80e289d200a0b8f2410180d2c20180d2a30080d2040180d2020000d400008052007008d5000008d560f681d200a0b8f2810080d2820080d2030080d2640180d2020000d480a19ad200a0b0f2e10080d2020180d2630180d2440080d2020000d40000c02880859ad20020b8f2a10180d2a20180d2430080d2040080d2020000d400d0205e00000010"}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x3, 0x3, 0xa, 0x6}}, @irq_setup={0x46, 0x18, {0x0, 0x15e}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x4, 0x3, 0x5, 0x40, 0x8, 0x3}}, @eret={0xe6, 0x18, 0xd}, @eret={0xe6, 0x18, 0xba2}, @smc={0x1e, 0x40, {0x30000000, [0x8, 0xfffffffffffffff9, 0x8, 0x4, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0xf, 0x8, 0x6, 0x2}}, @smc={0x1e, 0x40, {0x84000005, [0x36, 0x8000000000000001, 0x6, 0x5, 0x10001]}}, @mrs={0xbe, 0x18, {0x603000000013de98}}, @uexit={0x0, 0x18, 0x8000000000000000}, @code={0xa, 0x84, {"a09480d20020b0f2810180d2220180d2a30180d2640080d2020000d4007008d540d397d200a0b8f2610180d2e20180d2c30080d2640180d2020000d400d8307e007008d50000611e007008d50000621e007008d5804090d20000b0f2c10180d2420080d2630180d2e40180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013c018}}, @its_setup={0x82, 0x28, {0x2b, 0x2, 0x2f1}}, @hvc={0x32, 0x40, {0x2e99d03f7a91bb7b, [0x7, 0x4, 0x100000000, 0x1000, 0x171]}}, @svc={0x122, 0x40, {0x40, [0x3ff, 0x0, 0x9, 0xcdd7, 0xffffffffffffff62]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x4, 0xb, 0x1, 0x5, 0x1}}, @hvc={0x32, 0x40, {0xc400000c, [0x8000000000000001, 0x4, 0x6, 0x8, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x5000, 0x101, 0x2}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1fd}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x2d0}}, @irq_setup={0x46, 0x18, {0x0, 0x38d}}], 0x450}], 0x1, 0x0, &(0x7f0000000a80)=[@featur2={0x1, 0x40}], 0x1) (async)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000cc0)={0x0, &(0x7f0000000ac0)=[@smc={0x1e, 0x40, {0x0, [0x7, 0x401, 0x5d, 0x4, 0x1d]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x0, 0x80, 0x10}}, @svc={0x122, 0x40, {0x10, [0x0, 0x3, 0x57, 0x6caad6b1, 0xffffffffffffc6c4]}}, @msr={0x14, 0x20, {0x6030000000139808, 0x7}}, @uexit={0x0, 0x18, 0x1}, @eret={0xe6, 0x18}, @uexit={0x0, 0x18, 0x8}, @smc={0x1e, 0x40, {0x80000002, [0xfffffffffffff4d8, 0x1, 0x897, 0x8, 0x81]}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x3, 0x1f0}}, @eret={0xe6, 0x18, 0x8}, @msr={0x14, 0x20, {0x603000000013def0, 0x7}}, @hvc={0x32, 0x40, {0xc4000012, [0x8, 0x1, 0x100000000, 0x1000000000000000, 0xb]}}], 0x200}, &(0x7f0000000d00)=[@featur1={0x1, 0x86}], 0x1) (async)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r2, 0x4010aeb5, &(0x7f0000000d40)={0x200, 0x3fe3})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, &(0x7f0000000d80)={0x2, 0x7})
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000dc0)={0x9, 0xfffffffffffffffe}) (async, rerun: 32)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000e00)={0xdf, 0x0, 0x10000}) (async, rerun: 32)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000e80))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000f00)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x775}) (async, rerun: 64)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000f40)={0xffffffff, 0x10000}) (async, rerun: 64)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x38)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000fc0)=@arm64_ccsidr={0x6020000000110008, &(0x7f0000000f80)=0x4}) (async)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r6, 0x4068aea3, &(0x7f0000001000))
syz_kvm_setup_cpu$arm64(r2, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000001100)=[{0x0, &(0x7f0000001080)=[@code={0xa, 0x3c, {"1f000071000028d50000001f008008d5000008d50000003d00004029007008d50054c01a0050200e"}}, @uexit={0x0, 0x18, 0x3}, @msr={0x14, 0x20, {0x603000000013f682, 0x1d4a}}], 0x74}], 0x1, 0x0, &(0x7f0000001140)=[@featur2={0x1, 0x1}], 0x1) (async)
r7 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000001680)={0x0, &(0x7f0000001180)=[@code={0xa, 0x9c, {"00f984d200e0b8f2810080d2620080d2630080d2640080d2020000d4007008d5a0b39cd200c0b0f2610080d2020180d2e30080d2a40180d2020000d400d08ed20060b8f2e10180d2020180d2830080d2440080d2020000d40008a038007008d5008008d560f49cd20060b8f2610180d2020180d2a30180d2c40180d2020000d4006820380000005c"}}, @svc={0x122, 0x40, {0x8400000a, [0x3, 0x2, 0xd4a, 0x200, 0xfffffffffffffff8]}}, @uexit={0x0, 0x18, 0xaf18}, @mrs={0xbe, 0x18, {0x603000000013dee2}}, @irq_setup={0x46, 0x18, {0x2, 0x133}}, @msr={0x14, 0x20, {0x603000000013e4c8, 0xfffffffffffffff7}}, @code={0xa, 0x9c, {"007008d500e397d20020b0f2e10180d2a20080d2a30080d2a40180d2020000d4204780d200c0b0f2010180d2020180d2a30080d2040080d2020000d4803180d20040b0f2410080d2c20180d2e30180d2c40180d2020000d4df3003d560cb93d20000b0f2e10080d2c20180d2a30180d2840180d2020000d4008008d5000028d50048214e000028d5"}}, @smc={0x1e, 0x40, {0xc5000021, [0x2718e20d, 0xffff, 0x6efc, 0xffffffffffffffff, 0x80000001]}}, @hvc={0x32, 0x40, {0x84000008, [0x8000, 0x3, 0x1, 0x15ed, 0x3]}}, @msr={0x14, 0x20, {0x603000000013f081, 0xffffffffffff7725}}, @smc={0x1e, 0x40, {0x8600ff01, [0x5, 0x7fffffff, 0x2, 0x5, 0x1000]}}, @uexit={0x0, 0x18, 0x6}, @svc={0x122, 0x40, {0x40000000, [0x8000, 0x7, 0x5, 0x10, 0xffffffffffffa787]}}, @svc={0x122, 0x40, {0x84000004, [0x1f, 0x4, 0x0, 0x1000, 0x100000000]}}, @hvc={0x32, 0x40, {0x84000002, [0x9, 0x8001, 0x1c000000000000, 0xffffffffffffffff, 0x10000]}}, @smc={0x1e, 0x40, {0x84000001, [0x7, 0x9, 0x3, 0xffff, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x4, 0x5, 0x2, 0x0, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xd, 0xb, 0x1, 0x2}}, @smc={0x1e, 0x40, {0x20, [0x3, 0x2, 0x5, 0x7, 0x9]}}, @memwrite={0x6e, 0x30, @generic={0xd000, 0x478, 0x3, 0x1}}, @svc={0x122, 0x40, {0xc400000c, [0x1000, 0x5, 0xdb, 0x8000000000000001, 0x7]}}, @uexit={0x0, 0x18, 0x400}], 0x4f0}, &(0x7f00000016c0)=[@featur2={0x1, 0x12}], 0x1)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r6, 0xaec7)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r8, 0x2000004, 0x12, r5, 0x0) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000001700)=@x86={0x2, 0x5, 0x6, 0x0, 0x9, 0x77, 0x0, 0xd, 0x5, 0x0, 0x5, 0x7f, 0x0, 0x1, 0x5f0, 0x2, 0x40, 0x8, 0x3, '\x00', 0x3, 0x1}) (async)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000001780)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000001740)=0x1}) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000fd1000/0x2000)=nil, r8, 0x0, 0x4000010, 0xffffffffffffffff, 0x0) (rerun: 64)

15m18.567181021s ago: executing program 5 (id=467):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f00000001c0)=0xffffff7f, 0xff25)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0xc5c8})

15m2.818491429s ago: executing program 5 (id=468):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7})
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0xfffffffffffffffd)
r10 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r10, 0xb})
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r10, 0x3})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000180)={0x1000, 0xfec00000, 0x0, r10, 0x9})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000000)={0x1fe, 0x0, &(0x7f0000ff9000/0x4000)=nil})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x9})
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r12, 0xc018aec0, &(0x7f00000000c0)={0x1})
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r14, 0x1, 0x100)
ioctl$KVM_RUN(r16, 0xae80, 0x0)

14m25.402602s ago: executing program 6 (id=464):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2873f7aecfc88708, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000000)={0xf, 0x3})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$KVM_GET_API_VERSION(r2, 0xae00, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x545f43, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000180)={0x7fffffff, 0x6000, 0x0, 0xffffffffffffffff, 0xf})

14m14.634580673s ago: executing program 37 (id=468):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7})
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0xfffffffffffffffd)
r10 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r10, 0xb})
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r10, 0x3})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000180)={0x1000, 0xfec00000, 0x0, r10, 0x9})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000000)={0x1fe, 0x0, &(0x7f0000ff9000/0x4000)=nil})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x9})
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r12, 0xc018aec0, &(0x7f00000000c0)={0x1})
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r14, 0x1, 0x100)
ioctl$KVM_RUN(r16, 0xae80, 0x0)

13m50.174456912s ago: executing program 6 (id=470):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7}) (async)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000040)={0x0, &(0x7f0000000380)=[@code={0xa, 0x84, {"a06492d200c0b8f2810180d2c20080d2e30080d2040080d2020000d4007008d560c98ad20000b8f2410080d2220080d2230180d2e40080d2020000d40024c01a000008d50004002f0004801a000840ba80de88d20060b8f2a10180d2620180d2e30180d2640180d2020000d400f4000f"}}, @code={0xa, 0x84, {"000028d5000030d540e796d20020b8f2a10180d2220180d2830080d2a40080d2020000d40000319e000028d5e09a9ed20000b0f2010080d2a20180d2830080d2e40180d2020000d40030005f007008d5003e89d20020b0f2410080d2220080d2630180d2e40080d2020000d40020ff0d"}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x19a}}, @smc={0x1e, 0x40, {0x800, [0x2, 0x1, 0x8001, 0xfffffffffffffff9, 0xfffffffffffffffd]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x3, 0x3, 0x3, 0xa, 0x1}}, @hvc={0x32, 0x40, {0x8, [0x9, 0x7, 0x7, 0xfffffffffffffff7, 0x3b6]}}, @svc={0x122, 0x40, {0xc400000c, [0x0, 0x9, 0x6, 0xd97f, 0x1]}}, @code={0xa, 0x9c, {"80f29dd20020b0f2e10180d2620080d2a30080d2040180d2020000d4a06d9cd20080b0f2e10080d2a20180d2c30180d2640180d2020000d4007008d5000008d560fe82d200c0b0f2c10080d2a20180d2a30080d2440180d2020000d400e0df0d000008d540f88dd20080b8f2c10180d2020080d2830080d2a40180d2020000d4007008d5007008d5"}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0xb, 0xc, 0xe5c2}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0xb, 0xffffffff, 0x6}}, @code={0xa, 0xb4, {"007008d5201784d20020b8f2e10180d2220080d2030080d2c40080d2020000d4203e8bd20000b0f2a10180d2420080d2830180d2640080d2020000d400808008e04185d200c0b0f2410180d2820180d2230080d2440080d2020000d4000008d5c08780d20020b8f2610080d2c20180d2230180d2240080d2020000d40000c09b60d59fd200c0b0f2210180d2820080d2c30180d2640180d2020000d4000008d5"}}, @hvc={0x32, 0x40, {0x40000000, [0x9, 0xf35d6fa, 0x7, 0x3, 0x7]}}, @eret={0xe6, 0x18, 0x5}, @svc={0x122, 0x40, {0x8000, [0x5, 0x4, 0x7, 0x1, 0x2729f146]}}, @irq_setup={0x46, 0x18, {0x3, 0x342}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x40, 0x7fffffffffffffff, 0x2}}, @smc={0x1e, 0x40, {0x0, [0x3ff, 0x2, 0x2, 0x10, 0x8]}}, @mrs={0xbe, 0x18, {0xf0780000002e7097}}, @uexit={0x0, 0x18, 0x4}, @code={0xa, 0x3c, {"007008d5000008d50000711e0000002a0000005e000008d5000028d5008008d50028c01a000020ab"}}, @svc={0x122, 0x40, {0xc4000003, [0x9, 0x5, 0x8, 0x8000000000000001, 0xfffffffffffffffb]}}, @smc={0x1e, 0x40, {0xffff, [0x48, 0xffffffff, 0x3, 0x7fffffff]}}, @uexit={0x0, 0x18, 0x101}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8050, 0xfffffffffffeffff, 0x6}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0x7, 0xa}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0xd6}}, @hvc={0x32, 0x40, {0x5000000, [0x6, 0xfff, 0x3, 0xbd14, 0x4]}}, @code={0xa, 0x9c, {"003c207e008008d5a0c486d20020b8f2a10180d2620080d2030180d2040080d2020000d4609482d20080b0f2610180d2c20180d2c30080d2840080d2020000d480399dd200e0b0f2210080d2e20080d2830180d2240080d2020000d4008c002f000c40b80054007f000000a860fa99d200e0b8f2810080d2620180d2a30180d2c40180d2020000d4"}}], 0x740}, &(0x7f0000000080)=[@featur1={0x1, 0xd}], 0x1)
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3480ae0458b668f37f9a8457a3bf000", 0x0, 0x18)
ioctl$KVM_CREATE_VM(r6, 0x40086602, 0x20000000)
r7 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffe}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec2000/0x3000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec2000/0x3000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

13m28.658037652s ago: executing program 6 (id=471):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000000), 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = eventfd2(0x5, 0x800)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000040)={0x5, 0x8080000, 0x2, r5, 0x8})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x8000000008000800, 0x0, 0x0, r5, 0x2})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x0, r5, 0x6})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r7, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, r10, 0x1, 0x2012, r9, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r11, 0x4208ae9b, &(0x7f0000000280)={0x20001, 0x0, {[0x40, 0x9600000000000000, 0x6, 0xfffffffffffffff7, 0x101, 0x5, 0xa6c, 0xffffffffffffffff, 0x8ec, 0x8, 0xbe, 0x3, 0x4, 0x4, 0x7f, 0xfff], [0x2, 0x81, 0xcc1e, 0x4855, 0x200, 0x2, 0x1000, 0x0, 0x2e9, 0x8, 0x3, 0x0, 0x7fffffffffffffff, 0x3, 0x7fffffffffffffff, 0x6], [0xffffffffffff2b57, 0x100000001, 0xd, 0x7, 0x4, 0x1780000000000000, 0x0, 0x4, 0x4, 0x100, 0x0, 0x1ff, 0x2, 0x1, 0x9, 0x100000001], [0x81, 0x7fffffffffffffff, 0xfff, 0x100000001, 0xaad, 0x2, 0x8, 0x4, 0x3, 0x8, 0x0, 0x20e, 0x7, 0xfff, 0x8000000000000001, 0x7]}})

13m3.404440056s ago: executing program 6 (id=472):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0xfffffffffffffffc})
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x4, <r6=>0xffffffffffffffff})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x31)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x27)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r10, 0x4010ae68, 0xfffffffffffffffe)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x5, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x1000, &(0x7f0000c6a000/0x1000)=nil})
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000b1c000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f0000000000)=0x3})

12m15.822005801s ago: executing program 38 (id=472):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0xfffffffffffffffc})
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x4, <r6=>0xffffffffffffffff})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x31)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x27)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r10, 0x4010ae68, 0xfffffffffffffffe)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x5, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x1000, &(0x7f0000c6a000/0x1000)=nil})
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000b1c000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f0000000000)=0x3})

3m5.914323282s ago: executing program 7 (id=485):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x7fffffff})
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2e)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x17})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x2})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r9, 0x400454d1, 0x110c330021)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) (async)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) (async)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f0000000180)={0x100000001, 0x54000})
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81}) (async)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})

2m32.042494169s ago: executing program 7 (id=488):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3d)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="976ceb27c29202036cbdfd4d31cf6ffa23532a14121ef45f7e1aac0808ebfe013eaf203cdebca803aa252fc0dd8f695ffbf935a0635bfd4947851edea7f687c58567c451a674703a", 0x0, 0x48)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
openat$kvm(0x0, 0x0, 0x72483, 0x0)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3d)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e54000/0x2000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r10=>0xffffffffffffffff, 0x1})
r11 = ioctl$KVM_CREATE_VM(r10, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xb702, 0x400000000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x4000000, 0x11, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x20010, r2, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x562c03, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r13, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, 0x0)
r14 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000040)={0x10002, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r14, 0x4010ae42, &(0x7f0000000100)={0x10007, 0x0, &(0x7f0000ec3000/0x4000)=nil})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_assert_reg(r6, 0x603000000013dce8, 0x8000)

2m24.424606625s ago: executing program 8 (id=489):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x74a3e0f2d11fef44, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000140)}, 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
openat$kvm(0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r6, 0x800454e1, 0x36)
syz_kvm_vgic_v3_setup(r1, 0x4, 0x100) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2f) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x7f})

2m11.194924031s ago: executing program 7 (id=490):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000000)={0x5, 0x5})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000140)=@arm64_core={0x6030000000100010, &(0x7f0000000100)=0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m7.187019482s ago: executing program 8 (id=491):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x24)

1m48.267145047s ago: executing program 7 (id=492):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x22300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f00004e3000/0x2000)=nil, 0x930, 0xa, 0x2013, r2, 0x40000)
r3 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION2(r5, 0x40a0ae49, &(0x7f0000000180)={0x0, 0x4, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x48000000000, r6})
ioctl$KVM_SET_USER_MEMORY_REGION2(r5, 0x40a0ae49, &(0x7f0000000080)={0x1, 0x4, 0x5000, 0x2000, &(0x7f0000000000/0x2000)=nil, 0x0, r6})
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000040)={0x5})
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(r0, r9, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000002c0)=[@code={0xa, 0x9c, {"000b8bd20060b0f2210080d2c20080d2e30180d2240180d2020000d40008200e0084200e00cb9dd200c0b0f2010180d2e20080d2a30080d2040080d2020000d400f8a15e002cc01a004385d200e0b0f2810180d2220080d2230080d2840080d2020000d4e0e283d20080b0f2410080d2c20180d2430080d2e40080d2020000d4000028d5000008d5"}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x184}}, @eret={0xe6, 0x18}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x280, 0x1}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x12e}}, @code={0xa, 0x84, {"000c003800004093a0c397d20020b0f2010080d2c20180d2230180d2640080d2020000d4007008d5008008d520e48fd20040b0f2210080d2620080d2230080d2440180d2020000d4000028d500d8217e0028216e60fc8ad20040b0f2c10180d2820080d2830080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0xc4000007, [0x8, 0x7fffffffffffffff, 0x4, 0xfffffffffffffffc, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0xc, 0x9, 0x5, 0x4}}, @hvc={0x32, 0x40, {0x80000002, [0x3, 0x8, 0x3, 0x2, 0xf80]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x180, 0x1c8, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x1, 0x0, 0x800, 0x80000001, 0x2}}, @svc={0x122, 0x40, {0x2000, [0x100000001, 0x6, 0x1f, 0x0, 0x5]}}, @hvc={0x32, 0x40, {0x80003fff, [0x3, 0x3, 0x9b, 0x9, 0x9]}}, @smc={0x1e, 0x40, {0x8400000c, [0x2, 0x9, 0x8, 0x1ed9, 0xb0]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x2c0}}, @eret={0xe6, 0x18, 0x2}, @code={0xa, 0x9c, {"0080004800b4205e008008d5007008d50048284e603184d20020b8f2810080d2e20180d2e30180d2840080d2020000d4203398d20080b8f2210080d2420080d2230080d2c40180d2020000d460ea9bd200c0b8f2610180d2220180d2a30180d2c40080d2020000d40084000f203a9bd20020b8f2610080d2a20180d2a30180d2c40080d2020000d4"}}, @hvc={0x32, 0x40, {0x4000057, [0xffffffffffffff7f, 0xdb8, 0x200, 0x18, 0x100000001]}}, @msr={0x14, 0x20, {0x603000000013c03a, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x10, 0xa, 0x1}}, @msr={0x14, 0x20, {0x603000000013c802, 0x100000000}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x2, 0x2, 0xd3, 0xffffffff, 0x3}}, @msr={0x14, 0x20, {0x603000000013c522, 0x10001}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x0, 0xa, 0x0, 0x2, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xe00, 0xefd, 0xb}}, @eret={0xe6, 0x18, 0x5}, @msr={0x14, 0x20, {0x603000000013c684, 0x1}}, @hvc={0x32, 0x40, {0xc4000005, [0x0, 0x0, 0x4, 0x4aaf, 0x1]}}], 0x61c}], 0x1, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0xc5}], 0x1)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)

1m47.324887833s ago: executing program 8 (id=493):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000140)={0xe888, 0x4})
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})

1m27.715794075s ago: executing program 8 (id=494):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x810, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f00004d2000/0x3000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) (async)
r2 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xfffffffffffffffc) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x7ffb, 0xeeef0000, 0x8, 0xffffffffffffffff, 0x7ffffff9}) (async)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
r8 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000140)={0xf20, 0xeeee0000, 0x0, r8, 0x1})
r9 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xa}}], 0x30}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000100)=@arm64_fp={0x604000000010006e, &(0x7f00000000c0)=0x3}) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)

1m22.916953374s ago: executing program 7 (id=495):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x58)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000160003, &(0x7f0000000000)=0x8})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x25)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r11, 0x4360ae82, &(0x7f0000000240)={[0x9, 0x40, 0x7, 0x3ff, 0x3ff, 0x8, 0x6, 0x7fffffff, 0x0, 0xd, 0x1000000000000, 0x4, 0x7, 0x100000001, 0xd, 0xcc56], 0xffffffff, 0x205202})
r12 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r9, 0x4008ae61, &(0x7f0000000000)={0xfffff828, 0x6})
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f00000000c0)={0x2, 0x88})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x603000000010001e, &(0x7f0000000100)=0xc5c5})

1m11.73209571s ago: executing program 8 (id=496):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xc5000020, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r5, 0x100000d, 0x8010, r3, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
r8 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000000)={0x48, 0xdddd1000, 0x0, r8})
close(r8) (async)
close(r7) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async)
r11 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r11, 0x1}) (async)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r11, 0x3})

55.392726584s ago: executing program 7 (id=497):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000000)=@x86={0xeb, 0x1, 0xec, 0x0, 0x8000, 0xb, 0x9, 0x4, 0x8, 0x65, 0x5, 0x7, 0x0, 0x698, 0x2, 0x9, 0x2, 0x9, 0x4, '\x00', 0x9f, 0xd1ba})
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x8, 0x40, &(0x7f0000000040)=0x4})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x44840, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000140)=@attr_arm64={0x0, 0x5, 0x4, &(0x7f0000000100)=0xffffffffffffff7f})
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r3, 0x2, 0x100010, r0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x10)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x7)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r5, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000700)=[{0x0, &(0x7f0000000180)=[@mrs={0xbe, 0x18, {0x603000000013e21a}}, @uexit={0x0, 0x18, 0x4}, @msr={0x14, 0x20, {0x6030000000138056, 0x5}}, @mrs={0xbe, 0x18, {0x603000000013f102}}, @svc={0x122, 0x40, {0xc5000021, [0x5, 0x4, 0x8, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x1, 0xb, 0x9, 0x6ada, 0x4}}, @svc={0x122, 0x40, {0x80000000, [0x1c000, 0x3ff, 0x269c, 0x4, 0x4]}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0xe9}}, @hvc={0x32, 0x40, {0x84000012, [0xff, 0x9, 0x0, 0xffffffffffffff99, 0x9]}}, @irq_setup={0x46, 0x18, {0x1, 0xfe}}, @smc={0x1e, 0x40, {0x84000012, [0xfff, 0x9, 0x1f, 0x16, 0x7]}}, @code={0xa, 0x84, {"000008d5007008d5e0b69ed20060b8f2a10180d2420080d2a30080d2040180d2020000d4000028d5007008d580ae91d200a0b0f2a10080d2820080d2030080d2c40080d2020000d40000c0da000800b8007008d5c09c97d20000b8f2410180d2820080d2c30080d2040180d2020000d4"}}, @uexit={0x0, 0x18, 0x5}, @code={0xa, 0x6c, {"008008d5007008d5008008d50020ff0d009c002f20209ad200e0b0f2610080d2420180d2e30080d2440180d2020000d4000028d5e0ee9bd20040b0f2a10180d2a20080d2030080d2440080d2020000d4000008d50094006f"}}, @code={0xa, 0x84, {"007008d5008008d540d190d200a0b0f2210080d2c20080d2a30180d2840180d2020000d4c0e69fd200a0b8f2410180d2620080d2630080d2640080d2020000d4007008d5000008d5007008d50000c09b201e95d20040b8f2610180d2620080d2230080d2040180d2020000d4007008d5"}}, @code={0xa, 0x84, {"606995d20040b8f2210180d2820180d2230180d2040180d2020000d41f2003d51f000071007008d5000008d5a0168cd20080b8f2610180d2a20080d2830080d2040180d2020000d460af91d20020b8f2a10180d2420180d2e30180d2c40180d2020000d4000028d5007008d5007008d5"}}, @irq_setup={0x46, 0x18, {0x2, 0x351}}, @msr={0x14, 0x20, {0x603000000013e728}}, @irq_setup={0x46, 0x18, {0x4, 0xe3}}, @smc={0x1e, 0x40, {0x400, [0x5, 0x1b53, 0x200, 0x0, 0x94]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x151}}, @uexit={0x0, 0x18, 0x2}, @hvc={0x32, 0x40, {0x100, [0x4, 0x6, 0x3, 0xfffffffffffffffb, 0x90]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x24e}}, @msr={0x14, 0x20, {0x603000000013dce6, 0x4}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @uexit={0x0, 0x18, 0x200}], 0x568}], 0x1, 0x0, &(0x7f0000000740)=[@featur1={0x1, 0x84}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000780)=@attr_pmu_init)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x5)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000007c0)="87b5397b90c9d0ac27c193fca0ca446203a8a6a7a68d352e6f536bac99f9197285cffd1bb9001876e6cf3ce939bd969f0971be196fe0476eef11d8cb883806c90d192504c1129f3c", 0x0, 0x48)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000840)={0x10000, 0x1000, 0x1})
r7 = eventfd2(0x5, 0x801)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000880)={0x0, 0xeeef0000, 0x8, r7})
munmap(&(0x7f0000d32000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000f3c000/0x4000)=nil, r3, 0x3000008, 0x2010, r1, 0x0)
munmap(&(0x7f0000f06000/0x2000)=nil, 0x2000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x181400, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x34)
r9 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x13)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000900)={0x1})
ioctl$KVM_PRE_FAULT_MEMORY(r1, 0xc040aed5, &(0x7f0000000940)={0x7000, 0x4000})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r6, 0x4018aee3, &(0x7f00000009c0)=@attr_other={0x0, 0x8, 0x4, &(0x7f0000000980)=0x6})
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000a00)={0x0, 0xe})
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000001040)=[{0x0, &(0x7f0000000a40)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x162}}, @code={0xa, 0x9c, {"00000094206f8bd20020b0f2010180d2a20080d2630080d2040180d2020000d4400a8cd20080b0f2810180d2a20180d2a30080d2240180d2020000d4000cc0780044200e0038000e003c95d200c0b0f2210180d2a20180d2a30180d2640080d2020000d4e0b797d20080b0f2410080d2620080d2030180d2a40080d2020000d4007008d5008008d5"}}, @hvc={0x32, 0x40, {0x30000000, [0x9, 0x5, 0x78, 0x8, 0x10be]}}, @uexit={0x0, 0x18, 0x80000000}, @uexit={0x0, 0x18, 0x7}, @hvc={0x32, 0x40, {0x80000000, [0xf90, 0x0, 0x2, 0xfffffffffffffff3, 0x4]}}, @irq_setup={0x46, 0x18, {0x3, 0x2f8}}, @hvc={0x32, 0x40, {0x84000007, [0x6, 0xe1de, 0x7, 0x9c24, 0x8000]}}, @code={0xa, 0x84, {"0000691e007008d500000032800e81d20020b0f2a10180d2220180d2430080d2640180d2020000d4000c4078e0138dd20060b8f2e10180d2020080d2230080d2640080d2020000d40088210e006e94d20080b0f2210180d2420180d2630080d2e40080d2020000d4007008d50040e21e"}}, @code={0xa, 0x9c, {"a07a8fd20060b0f2a10180d2a20080d2830080d2840180d2020000d4000008d520708ed200e0b0f2c10180d2c20080d2630080d2440080d2020000d400cca00e00a4200de08b90d20000b8f2c10180d2c20180d2030080d2c40080d2020000d40000c09b208b95d20040b0f2010080d2820080d2e30180d2040180d2020000d4000008d5000028d5"}}, @eret={0xe6, 0x18, 0x9a}, @hvc={0x32, 0x40, {0x84000004, [0xffffffff, 0xd, 0xa82e, 0x5, 0xfff]}}, @irq_setup={0x46, 0x18, {0x3, 0x2d6}}, @svc={0x122, 0x40, {0x8400000b, [0xfffffffffffffffb, 0xdbb, 0xe00000000, 0x1, 0x5e232df1]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0xfffffffffffffc9d, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013df6a}}, @svc={0x122, 0x40, {0x84000000, [0xb, 0x2, 0x7fffffff, 0x5, 0x9]}}, @memwrite={0x6e, 0x30, @generic={0x1000, 0xa22, 0x8}}, @msr={0x14, 0x20, {0x603000000013deb0, 0x2}}, @uexit={0x0, 0x18, 0xf}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x56}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x78}}, @eret={0xe6, 0x18, 0x400}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x0, 0x8}}, @irq_setup={0x46, 0x18, {0x2, 0x2e6}}, @smc={0x1e, 0x40, {0x84000006, [0x19c, 0x9, 0x9, 0x6, 0x7f]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x8, 0x2}}, @smc={0x1e, 0x40, {0x0, [0xaf2, 0x8, 0x7, 0x6, 0x8000]}}], 0x5ec}], 0x1, 0x0, &(0x7f0000001080)=[@featur2={0x1, 0x20}], 0x1)

54.17887652s ago: executing program 8 (id=498):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8004000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000a48000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0xfffffffffffffe45)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f00000000c0)={0x10000, 0x70000})
r7 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c65d, 0xfffdffffc1af0ec0}}], 0x20}, 0x0, 0xffffffffffffff92)
syz_kvm_vgic_v3_setup(r4, 0x3, 0xa0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000080)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000040)=0x80})

7.66373002s ago: executing program 39 (id=497):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000000)=@x86={0xeb, 0x1, 0xec, 0x0, 0x8000, 0xb, 0x9, 0x4, 0x8, 0x65, 0x5, 0x7, 0x0, 0x698, 0x2, 0x9, 0x2, 0x9, 0x4, '\x00', 0x9f, 0xd1ba})
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x8, 0x40, &(0x7f0000000040)=0x4})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x44840, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000140)=@attr_arm64={0x0, 0x5, 0x4, &(0x7f0000000100)=0xffffffffffffff7f})
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r3, 0x2, 0x100010, r0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x10)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x7)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r5, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000700)=[{0x0, &(0x7f0000000180)=[@mrs={0xbe, 0x18, {0x603000000013e21a}}, @uexit={0x0, 0x18, 0x4}, @msr={0x14, 0x20, {0x6030000000138056, 0x5}}, @mrs={0xbe, 0x18, {0x603000000013f102}}, @svc={0x122, 0x40, {0xc5000021, [0x5, 0x4, 0x8, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x1, 0xb, 0x9, 0x6ada, 0x4}}, @svc={0x122, 0x40, {0x80000000, [0x1c000, 0x3ff, 0x269c, 0x4, 0x4]}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0xe9}}, @hvc={0x32, 0x40, {0x84000012, [0xff, 0x9, 0x0, 0xffffffffffffff99, 0x9]}}, @irq_setup={0x46, 0x18, {0x1, 0xfe}}, @smc={0x1e, 0x40, {0x84000012, [0xfff, 0x9, 0x1f, 0x16, 0x7]}}, @code={0xa, 0x84, {"000008d5007008d5e0b69ed20060b8f2a10180d2420080d2a30080d2040180d2020000d4000028d5007008d580ae91d200a0b0f2a10080d2820080d2030080d2c40080d2020000d40000c0da000800b8007008d5c09c97d20000b8f2410180d2820080d2c30080d2040180d2020000d4"}}, @uexit={0x0, 0x18, 0x5}, @code={0xa, 0x6c, {"008008d5007008d5008008d50020ff0d009c002f20209ad200e0b0f2610080d2420180d2e30080d2440180d2020000d4000028d5e0ee9bd20040b0f2a10180d2a20080d2030080d2440080d2020000d4000008d50094006f"}}, @code={0xa, 0x84, {"007008d5008008d540d190d200a0b0f2210080d2c20080d2a30180d2840180d2020000d4c0e69fd200a0b8f2410180d2620080d2630080d2640080d2020000d4007008d5000008d5007008d50000c09b201e95d20040b8f2610180d2620080d2230080d2040180d2020000d4007008d5"}}, @code={0xa, 0x84, {"606995d20040b8f2210180d2820180d2230180d2040180d2020000d41f2003d51f000071007008d5000008d5a0168cd20080b8f2610180d2a20080d2830080d2040180d2020000d460af91d20020b8f2a10180d2420180d2e30180d2c40180d2020000d4000028d5007008d5007008d5"}}, @irq_setup={0x46, 0x18, {0x2, 0x351}}, @msr={0x14, 0x20, {0x603000000013e728}}, @irq_setup={0x46, 0x18, {0x4, 0xe3}}, @smc={0x1e, 0x40, {0x400, [0x5, 0x1b53, 0x200, 0x0, 0x94]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x151}}, @uexit={0x0, 0x18, 0x2}, @hvc={0x32, 0x40, {0x100, [0x4, 0x6, 0x3, 0xfffffffffffffffb, 0x90]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x24e}}, @msr={0x14, 0x20, {0x603000000013dce6, 0x4}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @uexit={0x0, 0x18, 0x200}], 0x568}], 0x1, 0x0, &(0x7f0000000740)=[@featur1={0x1, 0x84}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000780)=@attr_pmu_init)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x5)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000007c0)="87b5397b90c9d0ac27c193fca0ca446203a8a6a7a68d352e6f536bac99f9197285cffd1bb9001876e6cf3ce939bd969f0971be196fe0476eef11d8cb883806c90d192504c1129f3c", 0x0, 0x48)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000840)={0x10000, 0x1000, 0x1})
r7 = eventfd2(0x5, 0x801)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000880)={0x0, 0xeeef0000, 0x8, r7})
munmap(&(0x7f0000d32000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000f3c000/0x4000)=nil, r3, 0x3000008, 0x2010, r1, 0x0)
munmap(&(0x7f0000f06000/0x2000)=nil, 0x2000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x181400, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x34)
r9 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x13)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000900)={0x1})
ioctl$KVM_PRE_FAULT_MEMORY(r1, 0xc040aed5, &(0x7f0000000940)={0x7000, 0x4000})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r6, 0x4018aee3, &(0x7f00000009c0)=@attr_other={0x0, 0x8, 0x4, &(0x7f0000000980)=0x6})
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000a00)={0x0, 0xe})
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000001040)=[{0x0, &(0x7f0000000a40)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x162}}, @code={0xa, 0x9c, {"00000094206f8bd20020b0f2010180d2a20080d2630080d2040180d2020000d4400a8cd20080b0f2810180d2a20180d2a30080d2240180d2020000d4000cc0780044200e0038000e003c95d200c0b0f2210180d2a20180d2a30180d2640080d2020000d4e0b797d20080b0f2410080d2620080d2030180d2a40080d2020000d4007008d5008008d5"}}, @hvc={0x32, 0x40, {0x30000000, [0x9, 0x5, 0x78, 0x8, 0x10be]}}, @uexit={0x0, 0x18, 0x80000000}, @uexit={0x0, 0x18, 0x7}, @hvc={0x32, 0x40, {0x80000000, [0xf90, 0x0, 0x2, 0xfffffffffffffff3, 0x4]}}, @irq_setup={0x46, 0x18, {0x3, 0x2f8}}, @hvc={0x32, 0x40, {0x84000007, [0x6, 0xe1de, 0x7, 0x9c24, 0x8000]}}, @code={0xa, 0x84, {"0000691e007008d500000032800e81d20020b0f2a10180d2220180d2430080d2640180d2020000d4000c4078e0138dd20060b8f2e10180d2020080d2230080d2640080d2020000d40088210e006e94d20080b0f2210180d2420180d2630080d2e40080d2020000d4007008d50040e21e"}}, @code={0xa, 0x9c, {"a07a8fd20060b0f2a10180d2a20080d2830080d2840180d2020000d4000008d520708ed200e0b0f2c10180d2c20080d2630080d2440080d2020000d400cca00e00a4200de08b90d20000b8f2c10180d2c20180d2030080d2c40080d2020000d40000c09b208b95d20040b0f2010080d2820080d2e30180d2040180d2020000d4000008d5000028d5"}}, @eret={0xe6, 0x18, 0x9a}, @hvc={0x32, 0x40, {0x84000004, [0xffffffff, 0xd, 0xa82e, 0x5, 0xfff]}}, @irq_setup={0x46, 0x18, {0x3, 0x2d6}}, @svc={0x122, 0x40, {0x8400000b, [0xfffffffffffffffb, 0xdbb, 0xe00000000, 0x1, 0x5e232df1]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0xfffffffffffffc9d, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013df6a}}, @svc={0x122, 0x40, {0x84000000, [0xb, 0x2, 0x7fffffff, 0x5, 0x9]}}, @memwrite={0x6e, 0x30, @generic={0x1000, 0xa22, 0x8}}, @msr={0x14, 0x20, {0x603000000013deb0, 0x2}}, @uexit={0x0, 0x18, 0xf}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x56}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x78}}, @eret={0xe6, 0x18, 0x400}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x0, 0x8}}, @irq_setup={0x46, 0x18, {0x2, 0x2e6}}, @smc={0x1e, 0x40, {0x84000006, [0x19c, 0x9, 0x9, 0x6, 0x7f]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x8, 0x2}}, @smc={0x1e, 0x40, {0x0, [0xaf2, 0x8, 0x7, 0x6, 0x8000]}}], 0x5ec}], 0x1, 0x0, &(0x7f0000001080)=[@featur2={0x1, 0x20}], 0x1)

0s ago: executing program 40 (id=498):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8004000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000a48000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0xfffffffffffffe45)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f00000000c0)={0x10000, 0x70000})
r7 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c65d, 0xfffdffffc1af0ec0}}], 0x20}, 0x0, 0xffffffffffffff92)
syz_kvm_vgic_v3_setup(r4, 0x3, 0xa0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000080)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000040)=0x80})

kernel console output (not intermixed with test programs):

[  400.854212][ T3165] 8021q: adding VLAN 0 to HW filter on device bond0
[  443.508618][ T3165] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:15674' (ED25519) to the list of known hosts.
[  602.709271][   T25] audit: type=1400 audit(601.910:60): avc:  denied  { name_bind } for  pid=3328 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  603.557055][   T25] audit: type=1400 audit(602.760:61): avc:  denied  { execute } for  pid=3329 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  603.585096][   T25] audit: type=1400 audit(602.780:62): avc:  denied  { execute_no_trans } for  pid=3329 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  623.558545][   T25] audit: type=1400 audit(622.760:63): avc:  denied  { mounton } for  pid=3329 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  623.603237][   T25] audit: type=1400 audit(622.800:64): avc:  denied  { mount } for  pid=3329 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  623.684541][ T3329] cgroup: Unknown subsys name 'net'
[  623.764923][   T25] audit: type=1400 audit(622.970:65): avc:  denied  { unmount } for  pid=3329 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  624.262268][ T3329] cgroup: Unknown subsys name 'cpuset'
[  624.392834][ T3329] cgroup: Unknown subsys name 'rlimit'
[  625.373572][   T25] audit: type=1400 audit(624.580:66): avc:  denied  { setattr } for  pid=3329 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  625.394092][   T25] audit: type=1400 audit(624.590:67): avc:  denied  { mounton } for  pid=3329 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  625.422616][   T25] audit: type=1400 audit(624.620:68): avc:  denied  { mount } for  pid=3329 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  626.483008][ T3333] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  626.503983][   T25] audit: type=1400 audit(625.700:69): avc:  denied  { relabelto } for  pid=3333 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.529256][   T25] audit: type=1400 audit(625.720:70): avc:  denied  { write } for  pid=3333 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  626.714132][   T25] audit: type=1400 audit(625.910:71): avc:  denied  { read } for  pid=3329 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.732276][   T25] audit: type=1400 audit(625.930:72): avc:  denied  { open } for  pid=3329 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.787089][ T3329] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  679.569328][   T25] audit: type=1400 audit(678.770:73): avc:  denied  { execmem } for  pid=3334 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  683.823372][   T25] audit: type=1400 audit(683.010:74): avc:  denied  { read } for  pid=3336 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  683.842511][   T25] audit: type=1400 audit(683.040:75): avc:  denied  { open } for  pid=3336 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  683.921732][   T25] audit: type=1400 audit(683.120:76): avc:  denied  { mounton } for  pid=3336 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  684.251431][   T25] audit: type=1400 audit(683.440:78): avc:  denied  { module_request } for  pid=3336 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  684.271503][   T25] audit: type=1400 audit(683.430:77): avc:  denied  { module_request } for  pid=3337 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  685.207465][   T25] audit: type=1400 audit(684.400:79): avc:  denied  { sys_module } for  pid=3336 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  711.326917][ T3337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  711.565454][ T3337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  711.777928][ T3336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  712.068604][ T3336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  723.447846][ T3337] hsr_slave_0: entered promiscuous mode
[  723.479206][ T3337] hsr_slave_1: entered promiscuous mode
[  724.194730][ T3336] hsr_slave_0: entered promiscuous mode
[  724.236877][ T3336] hsr_slave_1: entered promiscuous mode
[  724.282197][ T3336] debugfs: 'hsr0' already exists in 'hsr'
[  724.286509][ T3336] Cannot create hsr debugfs directory
[  729.700863][   T25] audit: type=1400 audit(728.890:80): avc:  denied  { create } for  pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.739304][   T25] audit: type=1400 audit(728.940:81): avc:  denied  { write } for  pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.793838][   T25] audit: type=1400 audit(728.990:82): avc:  denied  { read } for  pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.954514][ T3337] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  730.328359][ T3337] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  730.693130][ T3337] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  730.957532][ T3337] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  732.498482][ T3336] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  732.673538][ T3336] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  732.815671][ T3336] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  733.023141][ T3336] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  744.826151][ T3337] 8021q: adding VLAN 0 to HW filter on device bond0
[  747.016297][ T3336] 8021q: adding VLAN 0 to HW filter on device bond0
[  798.853509][ T3337] veth0_vlan: entered promiscuous mode
[  799.285691][ T3337] veth1_vlan: entered promiscuous mode
[  801.073924][ T3337] veth0_macvtap: entered promiscuous mode
[  801.473969][ T3337] veth1_macvtap: entered promiscuous mode
[  802.066529][ T3336] veth0_vlan: entered promiscuous mode
[  802.733726][ T3336] veth1_vlan: entered promiscuous mode
[  804.013554][ T3387] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  804.023796][ T3387] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  804.034420][ T3387] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  804.126037][   T52] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  806.097158][ T3336] veth0_macvtap: entered promiscuous mode
[  806.504743][   T25] audit: type=1400 audit(805.710:83): avc:  denied  { mount } for  pid=3337 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  806.681982][ T3336] veth1_macvtap: entered promiscuous mode
[  806.774806][   T25] audit: type=1400 audit(805.980:84): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/syzkaller.qtsbLY/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  807.104897][   T25] audit: type=1400 audit(806.300:85): avc:  denied  { mount } for  pid=3337 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  807.381688][   T25] audit: type=1400 audit(806.550:86): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/syzkaller.qtsbLY/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  807.463657][   T25] audit: type=1400 audit(806.660:87): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/syzkaller.qtsbLY/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  808.211241][   T25] audit: type=1400 audit(807.320:88): avc:  denied  { unmount } for  pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  808.555511][   T25] audit: type=1400 audit(807.760:89): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  808.668835][   T25] audit: type=1400 audit(807.870:90): avc:  denied  { mount } for  pid=3337 comm="syz-executor" name="/" dev="gadgetfs" ino=3778 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  808.825793][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  808.832522][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  808.852075][ T3356] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  808.862426][ T3356] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  809.074406][   T25] audit: type=1400 audit(808.280:91): avc:  denied  { mount } for  pid=3337 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  809.163244][   T25] audit: type=1400 audit(808.360:92): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  810.912303][ T3337] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  811.941710][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  811.972298][   T25] audit: type=1400 audit(811.140:94): avc:  denied  { read write } for  pid=3337 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  811.988553][   T25] audit: type=1400 audit(811.160:95): avc:  denied  { open } for  pid=3337 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  812.088745][   T25] audit: type=1400 audit(811.280:96): avc:  denied  { ioctl } for  pid=3337 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  821.868547][   T25] audit: type=1400 audit(821.070:97): avc:  denied  { read } for  pid=3488 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  821.946928][   T25] audit: type=1400 audit(821.150:98): avc:  denied  { open } for  pid=3488 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  822.371913][   T25] audit: type=1400 audit(821.570:99): avc:  denied  { ioctl } for  pid=3488 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  832.512210][   T25] audit: type=1400 audit(831.710:100): avc:  denied  { append } for  pid=3498 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  847.088500][   T25] audit: type=1400 audit(846.290:101): avc:  denied  { write } for  pid=3508 comm="syz.1.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  865.658523][   T25] audit: type=1400 audit(864.840:102): avc:  denied  { create } for  pid=3518 comm="syz.0.10" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  876.072864][ T3523] kvm [3523]: Failed to find VMA for hva 0x20dd8000
[  908.711052][   T25] audit: type=1400 audit(907.910:103): avc:  denied  { execute } for  pid=3541 comm="syz.0.18" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4736 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  920.661738][   T25] audit: type=1400 audit(919.800:104): avc:  denied  { map } for  pid=3549 comm="syz.1.21" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1248.109191][ T3384] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1249.254765][ T3384] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1250.602545][ T3384] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1252.271927][ T3384] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1277.813038][ T3384] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1278.095428][ T3384] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1278.239090][ T3384] bond0 (unregistering): Released all slaves
[ 1280.429254][ T3384] hsr_slave_0: left promiscuous mode
[ 1280.483991][ T3384] hsr_slave_1: left promiscuous mode
[ 1280.825370][ T3384] veth1_macvtap: left promiscuous mode
[ 1280.831415][ T3384] veth0_macvtap: left promiscuous mode
[ 1280.839155][ T3384] veth1_vlan: left promiscuous mode
[ 1280.860351][ T3384] veth0_vlan: left promiscuous mode
[ 1344.142531][ T3713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1344.363381][ T3713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1371.406804][ T3713] hsr_slave_0: entered promiscuous mode
[ 1371.556512][ T3713] hsr_slave_1: entered promiscuous mode
[ 1389.656589][ T3713] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1390.006527][ T3713] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1390.256029][ T3713] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1390.684058][ T3713] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1415.606351][ T3713] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1513.411696][   T25] audit: type=1400 audit(1512.610:105): avc:  denied  { map } for  pid=3935 comm="syz.1.96" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=9390 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1513.497140][   T25] audit: type=1400 audit(1512.690:106): avc:  denied  { read } for  pid=3935 comm="syz.1.96" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=9390 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1520.077864][ T3713] veth0_vlan: entered promiscuous mode
[ 1520.878896][ T3713] veth1_vlan: entered promiscuous mode
[ 1523.855321][ T3713] veth0_macvtap: entered promiscuous mode
[ 1524.302060][ T3713] veth1_macvtap: entered promiscuous mode
[ 1527.241142][ T3387] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1527.302330][ T3387] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1527.322619][ T3387] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1527.361452][ T3387] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1530.421887][   T25] audit: type=1400 audit(1529.610:107): avc:  denied  { mounton } for  pid=3713 comm="syz-executor" path="/syzkaller.Q7h0I0/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 1768.776086][   T25] audit: type=1400 audit(1767.980:108): avc:  denied  { execute } for  pid=4075 comm="syz.1.132" path=2F38302FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=420 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 2073.114260][   T25] audit: type=1400 audit(2072.320:109): avc:  denied  { ioctl } for  pid=4249 comm="syz.2.185" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=14053 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2182.581886][   T25] audit: type=1400 audit(2181.740:110): avc:  denied  { setattr } for  pid=4314 comm="syz.1.203" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2430.578729][   T25] audit: type=1400 audit(2429.780:111): avc:  denied  { map } for  pid=4456 comm="syz.1.245" path="/" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 2603.163201][ T4555] kvm [4555]: Failed to find VMA for hva 0x20e51000
[ 3296.533970][ T4953] kvm [4953]: Failed to find VMA for hva 0x20074000
[ 3480.596446][ T3384] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3481.856288][ T3384] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3483.303738][ T3384] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3484.598665][ T3384] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3499.638656][ T3384] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3499.793898][ T3384] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3499.883647][ T3384] bond0 (unregistering): Released all slaves
[ 3501.393163][ T3384] hsr_slave_0: left promiscuous mode
[ 3501.613862][ T3384] hsr_slave_1: left promiscuous mode
[ 3502.182956][ T3384] veth1_macvtap: left promiscuous mode
[ 3502.186428][ T3384] veth0_macvtap: left promiscuous mode
[ 3502.203052][ T3384] veth1_vlan: left promiscuous mode
[ 3502.223227][ T3384] veth0_vlan: left promiscuous mode
[ 3521.558819][ T3384] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3522.662403][ T3384] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3523.464366][ T3384] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3524.576856][ T3384] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3545.881742][ T3384] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3546.089230][ T3384] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3546.295736][ T3384] bond0 (unregistering): Released all slaves
[ 3547.970591][ T3384] hsr_slave_0: left promiscuous mode
[ 3548.014733][ T3384] hsr_slave_1: left promiscuous mode
[ 3548.359159][ T3384] veth1_macvtap: left promiscuous mode
[ 3548.394768][ T3384] veth0_macvtap: left promiscuous mode
[ 3548.397090][ T3384] veth1_vlan: left promiscuous mode
[ 3548.398558][ T3384] veth0_vlan: left promiscuous mode
[ 3574.605747][ T5028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3574.837625][ T5028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3578.175805][ T5033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3578.431734][ T5033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3597.638313][ T5028] hsr_slave_0: entered promiscuous mode
[ 3597.739235][ T5028] hsr_slave_1: entered promiscuous mode
[ 3602.587896][ T5033] hsr_slave_0: entered promiscuous mode
[ 3602.632303][ T5033] hsr_slave_1: entered promiscuous mode
[ 3602.671375][ T5033] debugfs: 'hsr0' already exists in 'hsr'
[ 3602.674678][ T5033] Cannot create hsr debugfs directory
[ 3614.318787][ T5028] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 3614.893038][ T5028] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 3615.463205][ T5028] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 3616.538699][ T5028] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 3619.744828][ T5033] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 3620.111914][ T5033] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 3620.297811][ T5033] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 3620.667442][ T5033] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 3640.834358][ T5028] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3644.887680][ T5033] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3741.608812][ T5028] veth0_vlan: entered promiscuous mode
[ 3742.862304][ T5028] veth1_vlan: entered promiscuous mode
[ 3746.395241][ T5028] veth0_macvtap: entered promiscuous mode
[ 3747.043566][ T5028] veth1_macvtap: entered promiscuous mode
[ 3749.918296][ T5037] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3749.929093][ T5037] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3750.135107][ T5037] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3750.142455][ T5037] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3767.648440][ T5033] veth0_vlan: entered promiscuous mode
[ 3768.892838][ T5033] veth1_vlan: entered promiscuous mode
[ 3772.995986][ T5033] veth0_macvtap: entered promiscuous mode
[ 3773.824780][ T5033] veth1_macvtap: entered promiscuous mode
[ 3777.580758][ T5184] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3777.601991][ T5184] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3777.697821][ T5184] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3777.702876][ T5184] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4111.009009][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4112.946739][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4115.496071][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4117.534267][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4148.543950][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4149.102373][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4149.317686][   T12] bond0 (unregistering): Released all slaves
[ 4153.027166][   T12] hsr_slave_0: left promiscuous mode
[ 4153.325088][   T12] hsr_slave_1: left promiscuous mode
[ 4154.274662][   T12] veth1_macvtap: left promiscuous mode
[ 4154.323702][   T12] veth0_macvtap: left promiscuous mode
[ 4154.343823][   T12] veth1_vlan: left promiscuous mode
[ 4154.381731][   T12] veth0_vlan: left promiscuous mode
[ 4237.125570][ T3356] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4238.617443][ T3356] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4240.136200][ T3356] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4241.859231][ T3356] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4243.542131][ T5472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4243.897722][ T5472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4263.163066][ T3356] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4263.327661][ T3356] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4263.482992][ T3356] bond0 (unregistering): Released all slaves
[ 4266.832492][ T3356] hsr_slave_0: left promiscuous mode
[ 4266.962116][ T3356] hsr_slave_1: left promiscuous mode
[ 4267.655481][ T3356] veth1_macvtap: left promiscuous mode
[ 4267.701600][ T3356] veth0_macvtap: left promiscuous mode
[ 4267.733953][ T3356] veth1_vlan: left promiscuous mode
[ 4267.782804][ T3356] veth0_vlan: left promiscuous mode
[ 4300.013015][ T5472] hsr_slave_0: entered promiscuous mode
[ 4300.047708][ T5472] hsr_slave_1: entered promiscuous mode
[ 4321.113651][ T5472] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 4321.632693][ T5472] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 4322.173588][ T5472] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 4322.635980][ T5472] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 4337.163282][ T5538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4337.474325][ T5538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4349.178156][ T5472] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4366.227036][ T5538] hsr_slave_0: entered promiscuous mode
[ 4366.364990][ T5538] hsr_slave_1: entered promiscuous mode
[ 4366.441273][ T5538] debugfs: 'hsr0' already exists in 'hsr'
[ 4366.446094][ T5538] Cannot create hsr debugfs directory
[ 4388.908457][ T5538] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 4389.524681][ T5538] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 4390.041136][ T5538] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 4390.516498][ T5538] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 4419.894399][ T5538] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4487.814036][ T5472] veth0_vlan: entered promiscuous mode
[ 4489.020218][ T5472] veth1_vlan: entered promiscuous mode
[ 4493.056137][ T5472] veth0_macvtap: entered promiscuous mode
[ 4493.857979][ T5472] veth1_macvtap: entered promiscuous mode
[ 4497.894777][ T3384] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4497.895947][ T3384] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4497.956577][ T4170] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4498.061643][ T4170] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4581.237450][ T5538] veth0_vlan: entered promiscuous mode
[ 4582.933051][ T5538] veth1_vlan: entered promiscuous mode
[ 4587.187611][ T5538] veth0_macvtap: entered promiscuous mode
[ 4588.148024][ T5538] veth1_macvtap: entered promiscuous mode
[ 4592.421594][   T52] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4592.423351][   T52] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4592.453310][   T52] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4592.505859][ T3384] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4664.124566][ T4170] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4666.848620][ T4170] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4669.457723][ T4170] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4672.161637][ T4170] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4707.348515][ T4170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4707.714873][ T4170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4707.927154][ T4170] bond0 (unregistering): Released all slaves
[ 4712.381430][ T4170] hsr_slave_0: left promiscuous mode
[ 4712.753659][ T4170] hsr_slave_1: left promiscuous mode
[ 4713.642751][ T4170] veth1_macvtap: left promiscuous mode
[ 4713.652769][ T4170] veth0_macvtap: left promiscuous mode
[ 4713.654965][ T4170] veth1_vlan: left promiscuous mode
[ 4713.656486][ T4170] veth0_vlan: left promiscuous mode
[ 4762.972555][ T4170] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4764.987874][ T4170] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4768.927153][ T4170] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4770.474929][ T4170] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4793.357522][ T4170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4794.092543][ T4170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4794.615463][ T4170] bond0 (unregistering): Released all slaves
[ 4797.262398][ T4170] hsr_slave_0: left promiscuous mode
[ 4797.314751][ T4170] hsr_slave_1: left promiscuous mode
[ 4797.890689][ T4170] veth1_macvtap: left promiscuous mode
[ 4797.917693][ T4170] veth0_macvtap: left promiscuous mode
[ 4797.945059][ T4170] veth1_vlan: left promiscuous mode
[ 4797.946738][ T4170] veth0_vlan: left promiscuous mode
[ 4837.306352][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4837.551835][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4865.265504][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4865.682209][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4871.308793][ T5781] hsr_slave_0: entered promiscuous mode
[ 4871.468971][ T5781] hsr_slave_1: entered promiscuous mode
[ 4891.053968][ T5781] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 4891.469266][ T5781] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 4891.899358][ T5781] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 4892.362728][ T5781] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 4901.456300][ T5821] hsr_slave_0: entered promiscuous mode
[ 4901.504920][ T5821] hsr_slave_1: entered promiscuous mode
[ 4901.604011][ T5821] debugfs: 'hsr0' already exists in 'hsr'
[ 4901.608177][ T5821] Cannot create hsr debugfs directory
[ 4926.593477][ T5821] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 4927.297791][ T5821] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 4928.164492][ T5821] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 4928.841364][ T5821] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 4930.055305][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4967.807447][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5091.253740][ T5781] veth0_vlan: entered promiscuous mode
[ 5092.547867][ T5781] veth1_vlan: entered promiscuous mode
[ 5097.416082][ T5781] veth0_macvtap: entered promiscuous mode
[ 5098.973970][ T5781] veth1_macvtap: entered promiscuous mode
[ 5103.828370][ T5032] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5103.837299][ T5032] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5104.182093][ T4170] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5104.207246][ T5184] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5135.622552][ T5821] veth0_vlan: entered promiscuous mode
[ 5137.843341][ T5821] veth1_vlan: entered promiscuous mode
[ 5143.007342][ T5821] veth0_macvtap: entered promiscuous mode
[ 5144.167756][ T5821] veth1_macvtap: entered promiscuous mode
[ 5150.046487][ T5037] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5150.087487][ T5502] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5150.314114][   T12] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5150.325330][   T12] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5637.863648][ T6198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5639.610999][ T6198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5644.403650][ T6201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5645.063762][ T6201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5698.511317][ T6198] hsr_slave_0: entered promiscuous mode
[ 5698.676105][ T6198] hsr_slave_1: entered promiscuous mode
[ 5698.753198][ T6198] debugfs: 'hsr0' already exists in 'hsr'
[ 5698.781143][ T6198] Cannot create hsr debugfs directory
[ 5705.088799][ T6201] hsr_slave_0: entered promiscuous mode
[ 5705.268929][ T6201] hsr_slave_1: entered promiscuous mode
[ 5705.338744][ T6201] debugfs: 'hsr0' already exists in 'hsr'
[ 5705.447159][ T6201] Cannot create hsr debugfs directory
[ 5746.723957][ T6198] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 5751.352973][ T6198] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 5755.186725][ T6198] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 5756.501083][ T6198] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 5775.853784][ T6201] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 5776.815103][ T6201] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 5777.388848][ T6201] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 5778.666317][ T6201] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 5816.036124][ T6198] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5833.087161][ T6201] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5866.238260][   T27] INFO: task syz.8.498:6176 blocked for more than 430 seconds.
[ 5866.301849][   T27]       Not tainted syzkaller #0
[ 5866.356175][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 5866.382107][   T27] task:syz.8.498       state:D stack:0     pid:6176  tgid:6176  ppid:5821   task_flags:0x400040 flags:0x00000019
[ 5866.383751][   T27] Call trace:
[ 5866.384254][   T27]  __switch_to+0x584/0xb20 (T)
[ 5866.386298][   T27]  __schedule+0x1eec/0x33a4
[ 5866.386830][   T27]  schedule+0xac/0x27c
[ 5866.387329][   T27]  schedule_timeout+0x5c/0x1e4
[ 5866.387817][   T27]  do_wait_for_common+0x28c/0x444
[ 5866.388287][   T27]  wait_for_completion+0x44/0x5c
[ 5866.388734][   T27]  __synchronize_srcu+0x2a4/0x320
[ 5866.389199][   T27]  synchronize_srcu+0x3cc/0x4f0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5866.642560][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 5866.643202][   T27]  kvm_put_kvm+0x698/0xbe8
[ 5866.643656][   T27]  kvm_vm_release+0x58/0x78
[ 5866.644097][   T27]  __fput+0x4ac/0x980
[ 5866.644585][   T27]  ____fput+0x20/0x58
[ 5866.645035][   T27]  task_work_run+0x1bc/0x254
[ 5866.645487][   T27]  exit_to_user_mode_loop+0xfc/0x178
[ 5866.645913][   T27]  el0_svc+0x170/0x234
[ 5866.646408][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 5866.646913][   T27]  el0t_64_sync+0x198/0x19c
[ 5866.648557][   T27] 
[ 5866.648557][   T27] Showing all locks held in the system:
[ 5866.649016][   T27] 1 lock held by khungtaskd/27:
[ 5866.811249][   T27]  #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 5866.814050][   T27] 3 locks held by kworker/u4:5/52:
[ 5866.814565][   T27] 2 locks held by getty/3194:
[ 5866.814934][   T27]  #0: 90f00000120328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 5866.816650][   T27]  #1: 0dff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 5866.818337][   T27] 2 locks held by syz-executor/3329:
[ 5866.818658][   T27] 2 locks held by kworker/u4:4/3384:
[ 5866.818974][   T27]  #0: 6bf000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5866.955282][   T27]  #1: ffff8000a3c27c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5866.956963][   T27] 3 locks held by kworker/u4:1/4170:
[ 5866.957313][   T27] 3 locks held by kworker/u4:8/5032:
[ 5866.957639][   T27] 2 locks held by kworker/u4:9/5037:
[ 5866.957933][   T27] 3 locks held by kworker/u4:10/5152:
[ 5866.958239][   T27] 3 locks held by kworker/u4:11/5184:
[ 5866.958592][   T27] 3 locks held by kworker/u4:6/5467:
[ 5866.958921][   T27] 3 locks held by kworker/u4:7/5502:
[ 5866.959246][   T27] 3 locks held by kworker/u4:12/5673:
[ 5867.101262][   T27]  #0: 61f000000cc26d48 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5867.103563][   T27]  #1: ffff80008e3e7c88 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5867.105119][   T27]  #2: ffff800087c7a400 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c
[ 5867.106903][   T27] 3 locks held by kworker/u4:14/5971:
[ 5867.107274][   T27] 2 locks held by syz.7.497/6175:
[ 5867.107615][   T27] 1 lock held by syz-executor/6198:
[ 5867.107923][   T27] 3 locks held by kworker/u4:3/6240:
[ 5867.108211][   T27]  #0: 83f0000011a54948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 5867.248569][   T27]  #1: ffff80008fe37c88 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 5867.302050][   T27]  #2: fff0000072d6bd58 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2f0/0x33a4
[ 5867.303839][   T27] 2 locks held by modprobe/6354:
[ 5867.304167][   T27] 4 locks held by dhcpcd-run-hook/6355:
[ 5867.304712][   T27] 
[ 5867.304984][   T27] =============================================
[ 5867.304984][   T27]