last executing test programs:

33m52.426434765s ago: executing program 0 (id=109):
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xab)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bc2000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000440)={0x0, &(0x7f00000000c0)=[@svc={0x122, 0x40, {0xc5000020, [0x6, 0x1, 0x1, 0x711ec83f, 0x8000]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x40, 0x7ff, 0x5}}, @mrs={0xbe, 0x18, {0x603000000013c113}}, @smc={0x1e, 0x40, {0x84000010, [0x7fffffffffffffff, 0xfffffffffffffff7, 0x7, 0x5, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x5}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x8, 0x4, 0x8, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0xa, 0x1, 0x0, 0x4}}], 0x148}, &(0x7f0000000480)=[@featur1={0x1, 0x43}], 0x1)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013df7f, 0x8000}}], 0x20}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0x80111500, 0x20000000)
close(r10)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000d22000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)

33m48.136332073s ago: executing program 1 (id=110):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000000)={0x7})
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0, 0x80}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x302, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r10, 0x80111500, 0x20000000)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f00000003c0)=[@msr={0x14, 0x20, {0x603000000013e6ce, 0xff}}, @code={0xa, 0x6c, {"00d0204e007008d5007008d5000028d50000001ca00a9fd20000b8f2c10080d2820080d2230180d2c40080d2020000d4007008d500000029e07a8cd20040b8f2010180d2a20180d2e30180d2240080d2020000d4020000d4"}}, @uexit={0x0, 0x18, 0xfffffffffffffeff}, @mrs={0xbe, 0x18, {0x603000000013e521}}, @code={0xa, 0x54, {"000000f2007008d50004805a000008d5007008d560859ed20080b0f2e10080d2c20080d2630180d2e40080d2020000d4000040a9004cc09a00d0204e00f4000f"}}, @code={0xa, 0x84, {"603787d200c0b0f2210180d2020080d2e30180d2440080d2020000d400d8210e00a4200e008008d5c0d186d20020b8f2010080d2e20080d2c30080d2040180d2020000d4007008d5008008d5000008d5000028d5a06695d200c0b0f2210180d2c20080d2e30180d2e40180d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x0, 0xe, 0x9, 0x354eb0ec, 0x3}}, @smc={0x1e, 0x40, {0x10, [0x3ff, 0x8, 0x1, 0x5, 0x733]}}, @uexit={0x0, 0x18, 0xec}, @hvc={0x32, 0x40, {0xffff, [0x200, 0x480000000000, 0x2, 0xb51d, 0x10001]}}, @smc={0x1e, 0x40, {0x86000000, [0x2000000000000, 0x3, 0x2, 0x2, 0xeb]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xf80}}, @msr={0x14, 0x20, {0x603000000013801a, 0x4}}, @irq_setup={0x46, 0x18, {0x2, 0x2c3}}, @msr={0x14, 0x20, {0x603000000013e100, 0xfffffffffffffff9}}], 0x31c}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
eventfd2(0x0, 0x0)

33m35.048133969s ago: executing program 1 (id=111):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0x40086602, 0x110e22ffff)

33m34.473308165s ago: executing program 0 (id=112):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x4000000, [0x6, 0x1, 0x9, 0x8a4, 0xa]}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x21}}, @irq_setup={0x46, 0x18, {0x1, 0x14}}, @msr={0x14, 0x20, {0x603000000013ff10, 0x2}}, @msr={0x14, 0x20, {0x603000000013c648, 0xd7}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x1ac}}, @smc={0x1e, 0x40, {0x84000005, [0x81, 0x200, 0xe, 0x100000000, 0xf13a]}}, @eret={0xe6, 0x18, 0x8}, @code={0xa, 0x9c, {"007008d5007008d50034202e009799d20040b8f2e10180d2c20080d2030080d2240180d2020000d4000008d560808ed20000b8f2a10080d2c20180d2830180d2840180d2020000d40000711e0034007fc0e896d20040b0f2c10180d2a20180d2030180d2240180d2020000d4a0728bd20020b8f2210080d2420080d2630080d2e40180d2020000d4"}}, @uexit={0x0, 0x18, 0x10}, @hvc={0x32, 0x40, {0xc4000012, [0x8000, 0x1, 0x62, 0x7, 0xb3e]}}, @msr={0x14, 0x20, {0x603000000013dcea, 0x5}}, @irq_setup={0x46, 0x18, {0x1, 0x53}}, @svc={0x122, 0x40, {0x30000000, [0xad, 0x1ff, 0x34, 0x7fff, 0x8]}}, @svc={0x122, 0x40, {0x8400000a, [0x5, 0x3, 0x6070, 0x2, 0x200]}}, @uexit={0x0, 0x18, 0x10}, @mrs={0xbe, 0x18, {0x603000000013dce1}}, @eret={0xe6, 0x18, 0x8}, @uexit={0x0, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x0, 0x3b}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x1f0}}, @msr={0x14, 0x20, {0x603000000013df18, 0x1}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x313}}, @msr={0x14, 0x20, {0x603000000013c299, 0xf69}}, @mrs={0xbe, 0x18, {0x603000000013da17}}], 0x40c}, &(0x7f0000000040)=[@featur1={0x1, 0xc0f0db17e8af8199}], 0x1)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f00000008c0)=[@hvc={0x32, 0x40, {0xc400000e, [0x3, 0x401, 0x8d94000000, 0x7fff, 0x4]}}, @svc={0x122, 0x40, {0x2, [0x1, 0x9, 0x2, 0xffffffffffffffcb, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013c4cf}}, @irq_setup={0x46, 0x18, {0x0, 0x2f5}}, @uexit={0x0, 0x18, 0x5}, @code={0xa, 0x9c, {"0084200d007008d5402b87d20000b8f2c10180d2620080d2830080d2a40080d2020000d4a0ca8dd20060b0f2c10080d2820180d2630080d2640180d2020000d40000239e000008d5000028d5a0e289d200c0b0f2610180d2e20080d2c30180d2040080d2020000d4000028d5603189d200a0b8f2e10080d2620180d2830180d2c40180d2020000d4"}}, @eret={0xe6, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x603000000013e64b}}, @hvc={0x32, 0x40, {0x2000, [0x8, 0xf, 0xffffffffffffffff, 0x5, 0x63]}}, @hvc={0x32, 0x40, {0x80000001, [0x7f7fffff, 0x8, 0x3, 0x4]}}, @irq_setup={0x46, 0x18, {0x4, 0x33d}}, @uexit={0x0, 0x18, 0xd47}, @svc={0x122, 0x40, {0x8400000c, [0xfffffffeffffffff, 0x7, 0x7ff, 0xffffffffffffffff, 0x9]}}, @svc={0x122, 0x40, {0xc400000d, [0x7, 0x0, 0x6, 0x7bf52f36, 0x80000000]}}, @hvc={0x32, 0x40, {0x84000052, [0x6, 0x200, 0x7, 0x8, 0x9]}}, @eret={0xe6, 0x18, 0x149}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013df6a}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x336}}, @svc={0x122, 0x40, {0x8400000d, [0x3, 0xf5db, 0x4, 0x7fffffffffffffff, 0x3]}}, @svc={0x122, 0x40, {0xc4000005, [0x8, 0xffffffffffffffff, 0x0, 0x1, 0x7]}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x220}}, @code={0xa, 0x6c, {"a0899bd20000b0f2410180d2820080d2a30080d2040180d2020000d4000cc0780060c00d007008d500004008007008d5007008d5000008d520eb91d20040b0f2c10180d2620080d2430180d2440180d2020000d40068203c"}}, @memwrite={0x6e, 0x30, @generic={0x0, 0x299, 0x331, 0x4}}], 0x4b8}, &(0x7f0000000200)=[@featur2={0x1, 0xa}], 0x1)
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f00000000c0)=@riscv64_aia_csr={0x8030000003010005, &(0x7f0000000080)})
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r2, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7})
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x4, 0x1, 0x0, 0x1000, &(0x7f0000ee6000/0x1000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@smc={0x1e, 0x40, {0x8000, [0x1, 0x4de8, 0xef23, 0x4, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x9, 0x7}}, @hvc={0x32, 0x40, {0x84000012, [0x45, 0x20000000000, 0x7, 0xd26d, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x9a, 0x4, 0x9, 0x7, 0x6, 0x2}}], 0xd8}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

33m29.247920931s ago: executing program 1 (id=113):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000540)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000040)={0x3, 0x4}})
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x9c, {"001791d20000b8f2210080d2420080d2e30180d2840080d2020000d4000008d540e182d200e0b0f2810180d2220180d2430180d2c40080d2020000d4000008d5008008d50010206e601994d200c0b8f2810080d2820080d2230080d2240080d2020000d400b8a12e00e4a07ea0fe95d200e0b0f2410180d2e20180d2830080d2840080d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013deea}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x3af}}, @svc={0x122, 0x40, {0xc400000e, [0x3, 0x3, 0xc271, 0x5e, 0x3]}}, @svc={0x122, 0x40, {0xc4000003, [0xd57c, 0x0, 0x1, 0x3b]}}, @mrs={0xbe, 0x18, {0x603000000013c039}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0x5, 0xffffffff, 0x4, 0x3}}, @svc={0x122, 0x40, {0xc4000014, [0x10, 0x5, 0xfffffffffffff601, 0x4, 0x1]}}], 0x1dc}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r5, 0x4068aea3, &(0x7f00000002c0))
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
syz_kvm_vgic_v3_setup(r7, 0x0, 0x60)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

33m25.988258734s ago: executing program 0 (id=114):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x17)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x5, <r1=>0xffffffffffffffff, 0x1})
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@hvc={0x32, 0x40, {0x7f000016, [0x956, 0x3, 0x40, 0x3, 0x4]}}, @code={0xa, 0xb4, {"40ab82d200c0b8f2010080d2e20080d2030080d2040180d2020000d400e4005f60d385d200e0b8f2c10080d2a20180d2630180d2840080d2020000d4000000d2007008d5605686d200e0b8f2a10180d2420080d2230080d2240080d2020000d400628ed20060b8f2a10080d2e20080d2230080d2640180d2020000d4007008d5801288d200c0b8f2210080d2a20080d2030080d2840080d2020000d4000028d5"}}, @mrs={0xbe, 0x18, {0x603000000013deaa}}], 0x10c}, &(0x7f00000001c0)=[@featur1={0x1, 0xa72db300f1e5387a}], 0x1)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000740)=[{0x0, &(0x7f0000000200)=[@irq_setup={0x46, 0x18, {0x3, 0x3bf}}, @eret={0xe6, 0x18, 0x1}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x24d}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x2, 0xa, 0x0, 0x48, 0x2}}, @svc={0x122, 0x40, {0x84000001, [0x80000001, 0x2, 0x2beb, 0x4, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0xe, 0x9, 0x3, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x3, 0x4, 0x6, 0x7, 0x4}}, @code={0xa, 0x84, {"007008d5000028d5e0df95d200e0b0f2410180d2a20180d2230080d2640080d2020000d4601388d200a0b8f2410180d2a20180d2230180d2840180d2020000d4007008d5007008d50034200ec04d83d200c0b0f2a10180d2e20080d2630080d2040080d2020000d4008008d5007008d5"}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x150}}, @code={0xa, 0x84, {"e03389d200a0b8f2410080d2220180d2030080d2240080d2020000d4007008d5e0c09ed20020b0f2c10080d2220080d2830180d2e40080d2020000d4e07391d200a0b8f2410080d2620180d2430180d2640080d2020000d40000199e0004801a0000005e007008d50020c09a008008d5"}}, @smc={0x1e, 0x40, {0x2, [0x8, 0xf5, 0x8, 0x401, 0x1]}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x294}}, @svc={0x122, 0x40, {0x31000000, [0x1054, 0x3, 0x2, 0x7, 0x18]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x3, 0x1, 0x5, 0x1, 0x3}}, @irq_setup={0x46, 0x18, {0x4, 0x64}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x1f5}}, @uexit={0x0, 0x18, 0xffff}, @irq_setup={0x46, 0x18, {0x3, 0x83}}, @hvc={0x32, 0x40, {0x84000013, [0x9, 0x9, 0xfffffffffffffff7, 0x4, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013e000}}, @uexit={0x0, 0x18, 0x4}, @irq_setup={0x46, 0x18, {0x4, 0x22e}}, @hvc={0x32, 0x40, {0x8400000d, [0xe7c, 0x9, 0xd, 0x5981, 0xffffffffffffffff]}}, @code={0xa, 0xcc, {"80dc96d20040b0f2e10180d2420180d2c30180d2040180d2020000d420be83d20040b0f2a10180d2020180d2630080d2840180d2020000d4000028d520ee99d200a0b0f2e10180d2420180d2830080d2c40180d2020000d4000028d5a09c94d200e0b0f2610080d2c20180d2430080d2c40080d2020000d4008008d580528ad20060b8f2210080d2a20080d2630080d2440080d2020000d440e791d20060b0f2610180d2820080d2230180d2640180d2020000d4007008d5"}}, @mrs={0xbe, 0x18, {0x603000000013deec}}], 0x52c}], 0x1, 0x0, &(0x7f0000000780)=[@featur2={0x1, 0x1}], 0x1)
r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f00000007c0)={0x5, 0x56})
r4 = eventfd2(0x3, 0x1)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000800)={0xe212, 0x7000, 0x4, r4, 0x9})
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x31)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000840)={0x5, 0x5, 0x3000, 0x2000, &(0x7f0000d2e000/0x2000)=nil, 0x8, r5})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000900)={0x16})
eventfd2(0x3, 0x80000)
r7 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r8 = eventfd2(0x3, 0x0)
write$eventfd(r8, &(0x7f0000000940)=0x5, 0x8)
ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, &(0x7f0000000d80)={0x0, 0x240, 0x80, &(0x7f0000000980)=[0x9, 0x8, 0x5, 0x2, 0x2, 0x8af, 0xfffffffffffffffd, 0x83a7, 0x11, 0x6, 0xa3, 0x1, 0x617, 0x80000001, 0xc9, 0x8, 0x92, 0x3275, 0x1ff, 0x0, 0x2, 0xe9, 0x6, 0x8000000000000001, 0x9, 0xf508, 0x3ff, 0x1ff, 0x8, 0x6, 0x6, 0xfffffffffffffffb, 0x4, 0xe, 0x63fb, 0x100, 0x4f, 0x3, 0x8000000000000000, 0x80000000, 0x1, 0x4, 0x2, 0x6, 0x9, 0x7, 0x6, 0x2, 0x2, 0x8, 0xfd4d, 0x29e3, 0x6, 0x6, 0x9, 0xd, 0x10000, 0x2, 0x8, 0xe7, 0x7, 0x1, 0x5, 0x4, 0x2, 0x1a, 0x7ff, 0xa31, 0x4, 0x1, 0x6, 0x4, 0x7, 0x0, 0x3, 0x5, 0x200, 0x7f, 0x5, 0x5, 0xffff, 0x94d, 0x2, 0x3d79, 0x6f9, 0x9, 0x9, 0xe2, 0xa0de, 0x8, 0xffff, 0x2, 0x3, 0x30000000000, 0x1, 0x1, 0x101, 0x9, 0xc, 0x9, 0x3ff, 0x4, 0x8000000000000, 0x4, 0x7, 0x0, 0x101, 0xff, 0x1, 0x5, 0x8001, 0x6, 0x1, 0x6, 0x1ff, 0x1, 0x8001, 0x7, 0x3, 0x400, 0x7, 0xfffffffffffffffd, 0x4, 0x7fffffffffffffff, 0x6, 0x3, 0xfffffffffffffffc, 0x1000000000]})
r9 = eventfd2(0x695a, 0x801)
write$eventfd(r9, &(0x7f0000000dc0)=0x2, 0x8)
r10 = ioctl$KVM_GET_STATS_FD_cpu(r6, 0xaece)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000e00)={0x1c, 0x9000, 0x8, r10, 0x5})
write$eventfd(r10, &(0x7f0000000e40)=0x3, 0x8)
close(0xffffffffffffffff)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000e80), 0x90002, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x1b)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x20)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000ec0)={0x5, 0x1})
r12 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000001380)={0x0, &(0x7f0000000f00)=[@svc={0x122, 0x40, {0x84000050, [0x3, 0x1, 0x0, 0x6, 0x9]}}, @hvc={0x32, 0x40, {0x0, [0x2, 0x0, 0xf, 0x1, 0x1e00]}}, @smc={0x1e, 0x40, {0x20, [0x200, 0x67f5, 0xe4fb, 0xfc, 0x6]}}, @smc={0x1e, 0x40, {0x20, [0x1000, 0x80000000, 0xc2a, 0x3d09]}}, @smc={0x1e, 0x40, {0xc4000004, [0x2, 0x4, 0xe, 0x5, 0x1]}}, @eret={0xe6, 0x18, 0x9}, @eret={0xe6, 0x18}, @eret={0xe6, 0x18, 0x7a3}, @uexit={0x0, 0x18, 0x9}, @msr={0x14, 0x20, {0x603000000013f687, 0x9}}, @irq_setup={0x46, 0x18, {0x0, 0x14}}, @mrs={0xbe, 0x18, {0x603000000013e6da}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x10}}, @memwrite={0x6e, 0x30, @generic={0x155542000, 0x9c4, 0x903}}, @svc={0x122, 0x40, {0x84000005, [0x8000000000000001, 0x2, 0x5, 0x400, 0x40]}}, @eret={0xe6, 0x18, 0x33}, @irq_setup={0x46, 0x18, {0x4, 0x350}}, @smc={0x1e, 0x40, {0x84000009, [0x62fb, 0x3, 0x0, 0x0, 0xffffffffffffffff]}}, @msr={0x14, 0x20, {0x0, 0x8001}}, @its_send_cmd={0xaa, 0x28, {0x8210ec41923e3654, 0x1, 0x4, 0x7, 0x0, 0x47e, 0x2}}, @irq_setup={0x46, 0x18, {0x3, 0x19d}}, @eret={0xe6, 0x18, 0x8}, @uexit={0x0, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013defd}}, @uexit={0x0, 0x18, 0xe}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x1b8}}, @svc={0x122, 0x40, {0x84000011, [0x6, 0x3, 0x6, 0x952, 0x1]}}, @smc={0x1e, 0x40, {0xc6000006, [0x4, 0x7fffffffffffffff, 0x7, 0x3, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013deb6}}], 0x480}, &(0x7f00000013c0)=[@featur2={0x1, 0xa8}], 0x1)
ioctl$KVM_GET_REGS(r12, 0x8360ae81, &(0x7f0000001400))

33m20.27984949s ago: executing program 0 (id=115):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r2 = eventfd2(0x5, 0x800)
write$eventfd(r2, &(0x7f0000000000)=0xffffffffffffffff, 0x8)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x3000007, 0x22113, r4, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0xa, 0x4}})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x7, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0xc, &(0x7f00000000c0)=0x1})
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r13, 0x3000003, 0x2011, r4, 0x0)

33m16.562272962s ago: executing program 1 (id=116):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x80080, 0x0})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x1, 0x3, 0xeeeb8000, 0x1000, &(0x7f0000f95000/0x1000)=nil})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000001, 0x12, 0xffffffffffffffff, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

33m4.687720983s ago: executing program 0 (id=117):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0x40086602, 0x110e22ffff)

33m4.687508143s ago: executing program 1 (id=118):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000040)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x1, 0x10000, 0x0, 0x2, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f0000000000)={0x0, 0x7})
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r8, 0x4004ae8b, &(0x7f0000000240)={0x1000, "0cae450458bf7128c56ae29db9c1934401060015c16b1e1b32814f8da5e1134712fc1987792d71cd51a3c40a3ca134b8a6b28bf637247065b0cde13e14b1a05c0d06e313ba772ccaad4b89c2ec2d374ff7dcc3f0bc312b9e9a46668e7e090a472e697516b8de327a9ce5707a0860659273d82b0dc7f89f5bb5116538a6324439cb23f6d4b45f743061038dd6eeacceec5a7213679a4cc0dfe4d21981d7b61ae89baff30c1d35abb9d0caf22b6512e2acb04553ccba8ca0a55c00b2dbe1374c5dccee2dacf3d14f992e4af6a4358081b8d5181fde9cd17ed5133a8efc790a6f19174ad5bcf935e42176d1e232fc9b6e66d370a368df45196b2d8262cc923beb557e1d4b3d9ff43298b4303ca4cc3459660fe169ac0d79cf5b417eba70ac65fb837132644d34848f926698d58c46f499bab5b3a677c4667e95d386fb863f3e20b2f3051279f7b57563453b3cf075a1145b5e9d89c6aea943489dc06f6a1d196e6a9ef367bc0b57296954420893ffb62a83d51891d80c309337562476fd33fd6e44e43f7f23cc48f132111f05c8565705ed5691266f44f1bae40987f736c654fd4e07bc515452e9176f13e5459d0334d8345e3f6645def398075d66599f1d8a5af79447323acff41070e66bb574ead4e2fc6a0c4276fbfdee82d43e7d9a24d2a965d50e087e6877b4ce9edcc7f23c6b9d57080f2605fb3f6d63c1ebc94abdf43448f78b8cfbc0c9223bd90cd35ef8d2ef0995f0826b7ce36ffd1c6b1790361a296710459602a43165f0f3200b7725250cff38e1acfe17dc1eccc860a80461f32cd2b5f194d1126c4af81ffad60561a27fd82f4d0f99ba501083fb2915f7e89d892009a3a1e1861fd108b3805d292cb15e6f709e09282829725beaa4cfad7513fe3d7fee9f0a057dfee4db1a2fb29f68b514f76f35b7473cada200f25e197af7b312f43aa4e1e770bb682f9349e364fda3f42bcbac0e867d88b1b67973c4a60d7b079ed4551e24116d35edcde16100821dced0c054f9336e50c6824ca35ca62f0ead1f61e0f6d6702d4f8661146b47f2bf03d7e875a2ca295699a0b85d9fa957533806fc1c433ba6f93e2eb3172f5ca0a1e48d4a584787616f7e3b8be7b596452fbcf7c39d753dcc7c9e47120f4c10b8d2fe7f2f2432d32307782b821d8582953e23490d9da534fbfe959eab93a4a0cf59ff43585a74172bd7777b81c668414cf8fef57a8aae8dede9c4b438cee22c42039901734fae5b557a13866ef00a8f2834d0a2d5ec3eacb7bcd9f4c03016a10ecdb3f1256664708412d26ad6a16ef1bf1aa9190ae92d6dbda0f2dd3ce3d3ba8e5211af7d00528a2ab959289ffe66fdd26741e89288b766afe6dcf4bf0d737ad19050202fad624fb749c45a63cb145e6ec7010d50e3204125a061e68714fab4ab1d643f46d125e7905437d77e98dabf4440c7c0293dc78ce298697ee65661d3818bb2786d42fa37d3ae57a4875334bab697362bc085273c98d256eaf100d28a79419ac83a3998722b4f50dcc4ac331fba1da70c87ad8daa88f1a655f2745af01fec4733701399e5a25ec08168f55099d518518bd0531b3e3966b0834ee0bf3a31568def77e60791fcea052fcbc805fc56a914df9876f4e0c0466d3392e6162f9b276db14fd4031bcb84853a9cc59209cee183a586f778d0bb7d32cc41dc0210719849f628a3a37d7d419c1bf333cb7144ae5cb5505f86725b326dd985c82b185b42d8e0f1bab0e1d80bd181c36c8386790e103fbf39b3df4d9c24df89166a7d1482be7143072a5deec7a05444a18ef167bd119fe327b895a3f983cb2062fcd763396c926c38c44414934fe3f2aafd6e4f892987cd8b660ca5089c2485e953b7d78567f680b9b8968c5e54a28d4ea701982761fca9301008a07bd5b2f030f425debef590822a78b60022915eb3921eb14357f2444fb44f40dee08d74989752f03bb9a69be317db7daeb8a13c6b0477056aed4d508cec24d30e9b31173f18d9bdce54284304ca4917e73871ef511768ab6ebf717a4ef508fe19602230cd41656263ce24db00fa0ea3a733f8b493a91d4f096f8ec480d731906642f5d4ead5600e75deb0d005ffbadcec6eb9dbca9057534d2be4adcd3067679eb1ff92b1da0e92542d0036a624aa38f21f07fa80f7072a97bd9cc85a7074e7fee1a4dd37185c1c44796d8f9f36b1e24efc2122c9875fce3fa421fe1a249e732bf1880ef16525cefea0a9583430db1e556962fff09a48c27ed893b7d9a1fadd37ee44dbb68802521ffd66a7cdcf18a15dd852544acaf03866a57e1ece4ab75a4f6aa077b51466a03cf5d05f864aeb23ee358414c7cc51088871e566200b53734f04a2933c3e8ef14604b6888a245f50225e77f5c4723793da7661aff19175d2088e8e6464ab078897b6f2e18ee8daaa5dd9e18a261dda3a7ab459f42f1c39480a58b6469453e44ea5965e05aa88692e7a6c72c09cefd1b6b789be4946f9df7a225aa24bc2e1c0f37bbadd3482d04b32eb23ec9c5744e4dc73d7d3862d1ef465b524ec49d6820878c2e1b3c56cfdeef2289afd97110389a1cba12ebeee26a90d14bcd6a7ebf59fbb10178513b9ca06767ffd724b7b74ec9edd0fdf6992e80f28bb7948ec165a175c453d49d6bf04fee9a5d842887d45796a10309c4acf8664bb9ae1a373b647a25372d338eb56928fcbee9e4d9322b282b529667c9eebec56902b8b5a0afe1b83288eef68661fd9a1e0d1a3a630e1e4402718a7015fb99b2d00cbf8116726b9981652d006e4da6a4775f49aec41f6835d4be08afa4296dd28b88aeb4d7922780e16f420503d0c0b99e700ac94224a0c584e3bf3e7eaf2cf5b78c9ac84b1d876ac9f0bdfcdc2149010c7b3944af4632a8c2eb3ed352c298acf64930e54b9ddbca647aa98b3d3813bc29c98add880f2f4d112e850a5349d9d8e55341e6fe76c7111ff7f7b7233bda903957cce98a0384348ede7f5c552432132a4287e8f2426890641cbdd45858d3d200248c374c9e41d85af1ae105a44734ecfdca49b57aa1d961bee37ebf3c818068b3b7bc036dfa1615e1f893d1530ff506bbbd76ad3ef847808156d3bfb1cec60babfa8e8b4aa446de020121a741071ab7d8ce167f5db8e3365f247e4fce2ed13c8ad91e4c5b3216f1ffbcd0efd42e91c497df9512a1555d239a41b0e9808c810017ee0fff154673819687da877148607fe8eba33fd160d9fd9f53f27b720f521f7ed740a24924100a87156d8fbe548962195542f8afa06ab223e5a5cfc31403342d3e74997ad7b8f721fb048de3efba83ccf44ff46dd4d64377a8465650bd06cb08c1a7de0cd73e28c9883ec5b82d9d2426f01f195a81f836c4a7c42947238f531ec8141ae7690a667a189e6372a482a3d526350c4b4cec964790cea672a136261598c7e1c67e2b7a2c60123cae632a8d7d6f8e63ef629ad226f97da78b1e166b85b82fc229b3e5e55d90353c5199ddefc625437ba1a5bca2233f4bf7664506045cb1119ffca2324d478fc1c91e54938dd66b7d9103a2d46963d2f4bc4567be5db3362d283454d8134d00be4ed56de3122ca24819fe31ca9c0f86ef40a74aea40518c92d321b5a00016465451340d3c53ea76e8a8c802bd275c581c5169289bfe57b34283ef32fdb693addfe865a03dbcbf188ceebbf3e5ceeb424c4199ef89a1847889723f7a2c247f6a9031491f187f94b54558b78283dd34a85501d9493e65d7ba3a137c850e27e9b1dcf053d1f3f4e62c1ccef8a40f511012cc72e4ae661e3c83ffb6fe3f1dfe7e983602430f2f8b5b3307af4e37902afaa8d246fa5767c00a4b072e9b32ab87b91bbed0eaac50ba94044854e9b2ba26b13bd5bbca8fbae0388a990c5fbf2b6bbc0545ef3f9a3203cfa6668c40d604f131c64ffe4a9fbd4645936fea8c1ab8b561f7a447cc3a6d791a29e36c217cd4596920bf6f1c9b798e0cbb2d93bd440fcc9d312d3147c202c30e670cf08b04ecff25959523800649c72c09c343dadef4bce32d47f180fbed33deecc6e4d94c5597f743976074e7a154aace18a1342f757c56c6c9bd8af96e728d27b85bd21878cb7871e502409c3e9756d5578f7dc88c0bf3a138145562ac57bb19b2eab3e738320c8f80a005560620325bc597a5b19b314d149fb0629f3233138b776c8ad58394a7c4ef87bf4ada384d021213868c6059b3386e8b73987b8db0296561b09468702e7e4505f379006e82a91f2fbdf318343f509e48604c328f076d96e4584c5573fc8babb79075c0479b97872c0b6b5031514302fe62742c3bb6d3f65e4d26ecdeaedf9e2f66e2a6f3324aec0c20066232e99f5d1109fa8b3fb35036cf397ae7320be82993774ec65e7420060993bd52348fe65eb47814942033a99bc7e6ae47588ed8e98d583e58a0690c14fa38b15fa398b5916ccd57f9cdf7f3e716d3fecb8502450771077539bffe20fad91073188e12ccc31a107def290d3e7d1f913aefe86310f2a23df161030bfe9da21cb19dcbdfeb77e6404213c639bf49818b8b7f87739956399feb41b6ac9cfeb6e6b6fa02ff38f638a6d8c96fed935bc9950a6a9402083947d4b1fe5347eb3ce2e7bebb52220b6e98d7e76de79b9f7717d3cd4529470bc283f6c66a6e1206239524764bd30b338defc6c0011c7aa246d5649b954ada238afd55c9343786be029290f9aea5f96daf89dcb69d3bf77a9ed5bfda2d136dbf5a28a0c3dac3c94d5c958e64e6a43750d7682da9519604daac46df98ae83fadfe5a853355bdab3a29427e19e64a94f3320b5c8c5b772ca4c7835770d0bc8c35825ad0846e606882587a55ae2cb69b630774e33093848270b1186defd723d23a8f0442159451b33d18157fd85f6d315aa01729d2a2440efd1e277ee7249940e774beccde196be9451617eb10007d64d3d57e0320d5ecfde64f8d0ce5e827273e53b37d4e56f1f444422d89222165e353b1d8ea98109b96dfad5f0c91ff0c7e2a3ab73efde07a04261361cc86ffe933ee7bb252329fa7efa8973ad6aa70bf298faba4d3aa1f84e1f8cb6cd62c4f5488348affe95d156e460ec20b327f96add233f73a303dc251fe416aa5cc8d80f6c640c07ba74d353e1306032b5e1e3d7e22fe30768deeef0ed2d8c07b7b22fc900c7fddd471c807011adaa00e24ecd7c1288ee6286976eb9e9bcb659993cd93ff56821692ea793869a56bef4c1204215d651dfc3ee9dfa68ad682e14a44430310224815c6858b57a78c5ce98680645dd85acff3759b0f6cb8d4c04cc1b284e15e14a9fe41943c6af8eb27c67347c7c850a1c55ae5e556ccd5defd83d0843e6ed953f37ff4bb5c40f7d5ec164b313820b7a6e28dd5a800b8415b70b9cf2a167ead0b25989ecb602a4405f8be2c1a848f6722d94215a1064e0a61af83f596464aa0a2b8e3361260410e6e17a564cd8cc58f851bc8f84b093249ed09cce0772e24c8ce892d74b8a71c3c0bf5b2e7e290e015778268ffe81df4165e754f5562b2cb6e315bdd3ce28df0b6b9074616b53477aa42452fa331051b7f7d0b03d91dbfd72768037773e3d34aab0645b8c19736aedacb5c2490af1825750e7b354822506e64c272947f197ee906d881475f43cf3b42ce1092ab09db38f2d1a59f679066aee2db8cdb4ff1f686895dac53943283417d9396f4dec602acd37b33921c21647e63b3a93a3e2688eb4f568005e1c06b624113e2f7b21a5fae0424ee01962380a5521246f9b7b84a44b73e79a828a65eafbf848fe4556ce4cc03892c00993c2b01e44af847453"})
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x27)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x8, 0x0, 0x0})
ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

33m0.208145942s ago: executing program 0 (id=119):
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000002c0)={0x0, &(0x7f0000000000)=[@memwrite={0x6e, 0x30, @generic={0x10000, 0x213, 0xe8c3, 0x4}}, @eret={0xe6, 0x18, 0x14000000000}, @uexit={0x0, 0x18, 0x101}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x1, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff0, 0xb, 0xc}}, @hvc={0x32, 0x40, {0x80008000, [0x9, 0x3, 0x10000, 0x1c00000000000000, 0x7]}}, @smc={0x1e, 0x40, {0xc400000e, [0xe1, 0x9c62, 0x6, 0x1]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x3a}}, @msr={0x14, 0x20, {0x603000000013e720, 0x72067db}}, @code={0xa, 0x6c, {"00688cd200e0b0f2010080d2820180d2830180d2a40080d2020000d4007008d5007008d5007008d50084bf0d0068603ca01a9bd200c0b8f2410180d2e20180d2c30180d2040080d2020000d400a8302e0000031e007008d5"}}, @irq_setup={0x46, 0x18, {0x0, 0x11e}}, @mrs={0xbe, 0x18, {0x603000000013c522}}, @svc={0x122, 0x40, {0x8400000a, [0x7ff, 0x7, 0x0, 0x5, 0x2]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x80, 0x8}}], 0x294}, &(0x7f0000000300)=[@featur2={0x1, 0x30}], 0x1)
r2 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r0, 0x4, 0x4010, r1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000380)=@attr_other={0x0, 0x7f, 0xa4, &(0x7f0000000340)=0x6})
write$eventfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000005c0)={0x0, &(0x7f0000000400)=[@its_setup={0x82, 0x28, {0x3, 0x3, 0x3cf}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8, 0x3, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0xec}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x3d7}}, @hvc={0x32, 0x40, {0x8400000b, [0x7, 0x10000, 0x2, 0x4, 0x9]}}, @memwrite={0x6e, 0x30, @generic={0x100000, 0x88e, 0x4, 0x2}}, @irq_setup={0x46, 0x18, {0x1, 0x149}}, @eret={0xe6, 0x18, 0x9}, @memwrite={0x6e, 0x30, @generic={0x1000, 0xb85, 0x40000000000000, 0x1}}, @msr={0x14, 0x20, {0x6030000000138067, 0x8000}}], 0x188}, &(0x7f0000000600)=[@featur1={0x1, 0x1}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x101000, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r2, 0x20, &(0x7f0000000680)="cebc3ec39a8840376859dc94067b07e3a93020ddf7aa1f85", 0x0, 0x18)
r5 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, r0, 0x8, 0x912, r1, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r5, 0x20, &(0x7f00000006c0)="7ef5a0f59c7edc68875e593c0118d007c53806430c038adf", 0x0, 0x18)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x9)
mmap$KVM_VCPU(&(0x7f0000e82000/0x3000)=nil, r0, 0x1, 0x12, r1, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1b)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x80, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f0000000740)={0x70000, 0x10000})
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x2)
r9 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000940)={0x0, &(0x7f0000000780)=[@its_send_cmd={0xaa, 0x28, {0x2, 0x0, 0x2, 0xc, 0x401, 0x7f}}, @uexit={0x0, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013df6a, 0x2}}, @hvc={0x32, 0x40, {0x80, [0x1, 0x2, 0x0, 0x7, 0x9a]}}, @smc={0x1e, 0x40, {0x84000002, [0x100000000, 0x69, 0x8, 0xd8, 0x1]}}, @smc={0x1e, 0x40, {0x84000050, [0x7ff, 0x1000, 0x100000000, 0x1ff, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013df74}}, @mrs={0xbe, 0x18, {0x603000000013def1}}, @hvc={0x32, 0x40, {0x800, [0x4046, 0x93105d8, 0xe, 0x9, 0x2]}}], 0x190}, &(0x7f0000000980)=[@featur1={0x1, 0x91}], 0x1)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, 0xfffffffffffffffe)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0xa)
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x33)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f00000009c0)={0x7, 0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x30)
ioctl$KVM_CAP_PTP_KVM(r6, 0x4068aea3, &(0x7f0000000a00))
r11 = syz_kvm_vgic_v3_setup(r10, 0x0, 0x120)
ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, &(0x7f0000000ac0)=@attr_other={0x0, 0x0, 0x3, &(0x7f0000000a80)=0x4})
ioctl$KVM_GET_SREGS(r8, 0x8000ae83, &(0x7f0000000b00))

32m48.445976876s ago: executing program 1 (id=120):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, 0xffffffffffffffff)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r7 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000007c0)=@attr_arm64={0x0, 0x5, 0x3, &(0x7f0000000800)=0x428})
r8 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000540)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000040)={0x3, 0x4}})
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x9c, {"001791d20000b8f2210080d2420080d2e30180d2840080d2020000d4000008d540e182d200e0b0f2810180d2220180d2430180d2c40080d2020000d4000008d5008008d50010206e601994d200c0b8f2810080d2820080d2230080d2240080d2020000d400b8a12e00e4a07ea0fe95d200e0b0f2410180d2e20180d2830080d2840080d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013deea}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x3af}}, @svc={0x122, 0x40, {0xc400000e, [0x3, 0x3, 0xc271, 0x5e, 0x3]}}, @svc={0x122, 0x40, {0xc4000003, [0xd57c, 0x0, 0x1, 0x3b]}}, @mrs={0xbe, 0x18, {0x603000000013c039}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0x5, 0xffffffff, 0x4, 0x3}}, @svc={0x122, 0x40, {0xc4000014, [0x10, 0x5, 0xfffffffffffff601, 0x4, 0x1]}}], 0x1dc}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

32m13.61074173s ago: executing program 32 (id=119):
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000002c0)={0x0, &(0x7f0000000000)=[@memwrite={0x6e, 0x30, @generic={0x10000, 0x213, 0xe8c3, 0x4}}, @eret={0xe6, 0x18, 0x14000000000}, @uexit={0x0, 0x18, 0x101}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x1, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff0, 0xb, 0xc}}, @hvc={0x32, 0x40, {0x80008000, [0x9, 0x3, 0x10000, 0x1c00000000000000, 0x7]}}, @smc={0x1e, 0x40, {0xc400000e, [0xe1, 0x9c62, 0x6, 0x1]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x3a}}, @msr={0x14, 0x20, {0x603000000013e720, 0x72067db}}, @code={0xa, 0x6c, {"00688cd200e0b0f2010080d2820180d2830180d2a40080d2020000d4007008d5007008d5007008d50084bf0d0068603ca01a9bd200c0b8f2410180d2e20180d2c30180d2040080d2020000d400a8302e0000031e007008d5"}}, @irq_setup={0x46, 0x18, {0x0, 0x11e}}, @mrs={0xbe, 0x18, {0x603000000013c522}}, @svc={0x122, 0x40, {0x8400000a, [0x7ff, 0x7, 0x0, 0x5, 0x2]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x80, 0x8}}], 0x294}, &(0x7f0000000300)=[@featur2={0x1, 0x30}], 0x1)
r2 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r0, 0x4, 0x4010, r1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000380)=@attr_other={0x0, 0x7f, 0xa4, &(0x7f0000000340)=0x6})
write$eventfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000005c0)={0x0, &(0x7f0000000400)=[@its_setup={0x82, 0x28, {0x3, 0x3, 0x3cf}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8, 0x3, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0xec}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x3d7}}, @hvc={0x32, 0x40, {0x8400000b, [0x7, 0x10000, 0x2, 0x4, 0x9]}}, @memwrite={0x6e, 0x30, @generic={0x100000, 0x88e, 0x4, 0x2}}, @irq_setup={0x46, 0x18, {0x1, 0x149}}, @eret={0xe6, 0x18, 0x9}, @memwrite={0x6e, 0x30, @generic={0x1000, 0xb85, 0x40000000000000, 0x1}}, @msr={0x14, 0x20, {0x6030000000138067, 0x8000}}], 0x188}, &(0x7f0000000600)=[@featur1={0x1, 0x1}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x101000, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r2, 0x20, &(0x7f0000000680)="cebc3ec39a8840376859dc94067b07e3a93020ddf7aa1f85", 0x0, 0x18)
r5 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, r0, 0x8, 0x912, r1, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r5, 0x20, &(0x7f00000006c0)="7ef5a0f59c7edc68875e593c0118d007c53806430c038adf", 0x0, 0x18)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x9)
mmap$KVM_VCPU(&(0x7f0000e82000/0x3000)=nil, r0, 0x1, 0x12, r1, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1b)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x80, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f0000000740)={0x70000, 0x10000})
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x2)
r9 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000940)={0x0, &(0x7f0000000780)=[@its_send_cmd={0xaa, 0x28, {0x2, 0x0, 0x2, 0xc, 0x401, 0x7f}}, @uexit={0x0, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013df6a, 0x2}}, @hvc={0x32, 0x40, {0x80, [0x1, 0x2, 0x0, 0x7, 0x9a]}}, @smc={0x1e, 0x40, {0x84000002, [0x100000000, 0x69, 0x8, 0xd8, 0x1]}}, @smc={0x1e, 0x40, {0x84000050, [0x7ff, 0x1000, 0x100000000, 0x1ff, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013df74}}, @mrs={0xbe, 0x18, {0x603000000013def1}}, @hvc={0x32, 0x40, {0x800, [0x4046, 0x93105d8, 0xe, 0x9, 0x2]}}], 0x190}, &(0x7f0000000980)=[@featur1={0x1, 0x91}], 0x1)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, 0xfffffffffffffffe)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0xa)
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x33)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f00000009c0)={0x7, 0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x30)
ioctl$KVM_CAP_PTP_KVM(r6, 0x4068aea3, &(0x7f0000000a00))
r11 = syz_kvm_vgic_v3_setup(r10, 0x0, 0x120)
ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, &(0x7f0000000ac0)=@attr_other={0x0, 0x0, 0x3, &(0x7f0000000a80)=0x4})
ioctl$KVM_GET_SREGS(r8, 0x8000ae83, &(0x7f0000000b00))

32m3.759856905s ago: executing program 33 (id=120):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, 0xffffffffffffffff)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r7 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000007c0)=@attr_arm64={0x0, 0x5, 0x3, &(0x7f0000000800)=0x428})
r8 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000540)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000040)={0x3, 0x4}})
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x9c, {"001791d20000b8f2210080d2420080d2e30180d2840080d2020000d4000008d540e182d200e0b0f2810180d2220180d2430180d2c40080d2020000d4000008d5008008d50010206e601994d200c0b8f2810080d2820080d2230080d2240080d2020000d400b8a12e00e4a07ea0fe95d200e0b0f2410180d2e20180d2830080d2840080d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013deea}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x3af}}, @svc={0x122, 0x40, {0xc400000e, [0x3, 0x3, 0xc271, 0x5e, 0x3]}}, @svc={0x122, 0x40, {0xc4000003, [0xd57c, 0x0, 0x1, 0x3b]}}, @mrs={0xbe, 0x18, {0x603000000013c039}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0x5, 0xffffffff, 0x4, 0x3}}, @svc={0x122, 0x40, {0xc4000014, [0x10, 0x5, 0xfffffffffffff601, 0x4, 0x1]}}], 0x1dc}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

23m17.366910885s ago: executing program 3 (id=145):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000240)={0xffffffff, 0x4000})
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c65d, 0xfffdffffc1af0ec0}}], 0x20}, 0x0, 0xffffffffffffff92)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x3, 0xa0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000001c0)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000280)={0x0, &(0x7f0000000380)=[@uexit={0x0, 0x18, 0x40}, @code={0xa, 0x54, {"007008d5008008d5e0dd89d20040b8f2410080d2420180d2a30080d2240180d2020000d4000000d8000008d5000028d50000005c00d8a10e0000407c008008d5"}}, @mrs={0xbe, 0x18, {0x603000000013e728}}, @hvc={0x32, 0x40, {0x0, [0x1, 0x8, 0x46fd, 0x80000001, 0xfffffffffffffffb]}}, @msr={0x14, 0x20, {0x603000000013e510, 0x8000000000000001}}, @eret={0xe6, 0x18, 0x3}, @hvc={0x32, 0x40, {0x6000000, [0x80000001, 0x4, 0x6, 0x7, 0x8]}}], 0x13c}, &(0x7f00000002c0)=[@featur1={0x1, 0x12}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0xd089, 0x3, &(0x7f0000000200)=0x5})
ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f0000000000)={0x5, 0x5d})
r9 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f00000001c0)={0x8})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SIGNAL_MSI(r10, 0x4020aea5, &(0x7f0000000040)={0x42001, 0x6000, 0x2dcb, 0x1, 0x1e392347})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

22m50.065161356s ago: executing program 3 (id=147):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x101300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x800000000003a)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, <r2=>0xffffffffffffffff})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xa2)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000001c0)="fb0149dd833be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8faa767969d22627e700", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
r7 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sve={0x60800000001505c1, &(0x7f0000000100)=0x7})
ioctl$KVM_CREATE_VM(r7, 0x401c5820, 0x20000007)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000080)={0x0, 0x7})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000280)=0x400000080a0000})

22m13.729157754s ago: executing program 3 (id=150):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r1, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r1, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x8000000000000004, 0x0, 0x4, r4, 0x3}) (async)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x8000000000000004, 0x0, 0x4, r4, 0x3})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000040)={0x4, 0xd000, 0x8, r4, 0xa})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r4, 0x3}) (async)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r4, 0x3})
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) (async)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110206, 0x0})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)

22m0.379304311s ago: executing program 3 (id=151):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x77)
r3 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r3}) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0xc, 0xeeef0000, 0x2, r3}) (async)
close(r1)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r1, 0x4068aea3, &(0x7f0000000100))

21m47.773111821s ago: executing program 3 (id=153):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2c)
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f0000000040)={0xe4, 0x0, 0x1000})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000a89000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x24000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0xdddd0000, 0x2000, &(0x7f000000a000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
syz_kvm_vgic_v3_setup(r4, 0x2, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(r4, 0xc004aea7, &(0x7f0000000180))
close(r1)

21m28.367602798s ago: executing program 3 (id=155):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0x0, 0x10000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x180)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xc6)
r5 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000d19000/0x1000)=nil, 0x1000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, 0x0, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r5, 0x20, 0x0, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000100), 0x280, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r8, 0xaec7)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x3, 0x8})
syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000240)=[{0x0, &(0x7f00000002c0)=[@mrs={0xbe, 0x18, {0x603000000013e300}}, @code={0xa, 0xcc, {"000008d5007297d20060b0f2810080d2820080d2430080d2840080d2020000d4806c9bd20040b8f2e10180d2e20080d2030180d2240080d2020000d400bb9ad20000b8f2c10180d2820180d2230180d2840180d2020000d480e687d20000b8f2610080d2620080d2630080d2640080d2020000d4a01f93d200a0b0f2210180d2e20180d2430080d2840180d2020000d4008000c80010204e007008d5207584d20020b0f2010180d2220180d2c30080d2040180d2020000d4"}}, @eret={0xe6, 0x18, 0x8}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x75f, 0x10000, 0x7}}, @smc={0x1e, 0x40, {0x8c007ffd, [0x6, 0x0, 0x100000001, 0x3ff, 0x2]}}, @eret={0xe6, 0x18}, @eret={0xe6, 0x18, 0x3}, @msr={0x14, 0x20, {0x603000000013c608, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x1, 0x7, 0x7, 0x35, 0x3}}, @uexit={0x0, 0x18, 0x6}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x2f6}}, @msr={0x14, 0x20, {0x603000000013e08b, 0x5}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x4, 0x7, 0x4f5, 0x1ff, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x95}}, @memwrite={0x6e, 0x30, @generic={0x200000, 0x87b, 0x2}}, @msr={0x14, 0x20, {0x0, 0x7}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0x400, 0x8}}, @irq_setup={0x46, 0x18, {0x2, 0x37a}}, @smc={0x1e, 0x40, {0x100, [0xbe, 0x2, 0x93, 0x48960c49]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0xf, 0xa, 0x1, 0x4}}, @smc={0x1e, 0x40, {0x1734d340511a3abf, [0x0, 0x4, 0x4, 0x0, 0x1]}}, @mrs={0xbe, 0x18, {0x6030000000138024}}, @code={0xa, 0x84, {"007008d5408995d20000b8f2010080d2820080d2830080d2c40180d2020000d4a0a883d20040b8f2c10180d2820180d2a30080d2240080d2020000d400f4a00e0020e00d00008012407b8cd200e0b8f2210180d2620180d2a30180d2a40180d2020000d4000028d5000008d5008008d5"}}, @code={0xa, 0xb4, {"a0989bd200a0b8f2810080d2220080d2c30180d2c40180d2020000d400e8a05e0098a12e007008d580488bd20040b8f2a10180d2420080d2630180d2e40080d2020000d4a04f97d20040b8f2c10080d2620180d2030080d2640080d2020000d4007008d560e296d200e0b8f2c10180d2220080d2830180d2640180d2020000d4008008d5801e88d200a0b8f2c10080d2820080d2430080d2e40180d2020000d4"}}, @hvc={0x32, 0x40, {0x4, [0x7000000000, 0x401, 0x4, 0x0, 0x368]}}, @msr={0x14, 0x20, {0x603000000013e300, 0x7}}, @msr={0x14, 0x20, {0x603000000013c601, 0xda9}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x3, 0xe, 0x5, 0x1}}], 0x5cc}], 0x1, 0x0, &(0x7f00000008c0)=[@featur1={0x1, 0x18}], 0x1)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce4, &(0x7f0000000040)=0x2})
r11 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
r13 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x399972, 0x0)

20m42.858691811s ago: executing program 34 (id=155):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0x0, 0x10000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x180)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xc6)
r5 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000d19000/0x1000)=nil, 0x1000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, 0x0, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r5, 0x20, 0x0, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000100), 0x280, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r8, 0xaec7)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x3, 0x8})
syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000240)=[{0x0, &(0x7f00000002c0)=[@mrs={0xbe, 0x18, {0x603000000013e300}}, @code={0xa, 0xcc, {"000008d5007297d20060b0f2810080d2820080d2430080d2840080d2020000d4806c9bd20040b8f2e10180d2e20080d2030180d2240080d2020000d400bb9ad20000b8f2c10180d2820180d2230180d2840180d2020000d480e687d20000b8f2610080d2620080d2630080d2640080d2020000d4a01f93d200a0b0f2210180d2e20180d2430080d2840180d2020000d4008000c80010204e007008d5207584d20020b0f2010180d2220180d2c30080d2040180d2020000d4"}}, @eret={0xe6, 0x18, 0x8}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x75f, 0x10000, 0x7}}, @smc={0x1e, 0x40, {0x8c007ffd, [0x6, 0x0, 0x100000001, 0x3ff, 0x2]}}, @eret={0xe6, 0x18}, @eret={0xe6, 0x18, 0x3}, @msr={0x14, 0x20, {0x603000000013c608, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x1, 0x7, 0x7, 0x35, 0x3}}, @uexit={0x0, 0x18, 0x6}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x2f6}}, @msr={0x14, 0x20, {0x603000000013e08b, 0x5}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x4, 0x7, 0x4f5, 0x1ff, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x95}}, @memwrite={0x6e, 0x30, @generic={0x200000, 0x87b, 0x2}}, @msr={0x14, 0x20, {0x0, 0x7}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0x400, 0x8}}, @irq_setup={0x46, 0x18, {0x2, 0x37a}}, @smc={0x1e, 0x40, {0x100, [0xbe, 0x2, 0x93, 0x48960c49]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0xf, 0xa, 0x1, 0x4}}, @smc={0x1e, 0x40, {0x1734d340511a3abf, [0x0, 0x4, 0x4, 0x0, 0x1]}}, @mrs={0xbe, 0x18, {0x6030000000138024}}, @code={0xa, 0x84, {"007008d5408995d20000b8f2010080d2820080d2830080d2c40180d2020000d4a0a883d20040b8f2c10180d2820180d2a30080d2240080d2020000d400f4a00e0020e00d00008012407b8cd200e0b8f2210180d2620180d2a30180d2a40180d2020000d4000028d5000008d5008008d5"}}, @code={0xa, 0xb4, {"a0989bd200a0b8f2810080d2220080d2c30180d2c40180d2020000d400e8a05e0098a12e007008d580488bd20040b8f2a10180d2420080d2630180d2e40080d2020000d4a04f97d20040b8f2c10080d2620180d2030080d2640080d2020000d4007008d560e296d200e0b8f2c10180d2220080d2830180d2640180d2020000d4008008d5801e88d200a0b8f2c10080d2820080d2430080d2e40180d2020000d4"}}, @hvc={0x32, 0x40, {0x4, [0x7000000000, 0x401, 0x4, 0x0, 0x368]}}, @msr={0x14, 0x20, {0x603000000013e300, 0x7}}, @msr={0x14, 0x20, {0x603000000013c601, 0xda9}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x3, 0xe, 0x5, 0x1}}], 0x5cc}], 0x1, 0x0, &(0x7f00000008c0)=[@featur1={0x1, 0x18}], 0x1)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce4, &(0x7f0000000040)=0x2})
r11 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
r13 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x399972, 0x0)

14m18.674822923s ago: executing program 2 (id=181):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000100)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x7})
syz_kvm_add_vcpu$arm64(r3, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x2d0}) (fail_nth: 1)

14m6.574567046s ago: executing program 2 (id=182):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40)
ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000080)=@attr_other={0x0, 0x5, 0x2, 0x0})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r5, 0x400454ce, 0x110c230008)

13m50.819300898s ago: executing program 2 (id=183):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, r2, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000688000/0x2000)=nil, r3, 0x2000004, 0x10, r2, 0x0)
r4 = openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000080)=@arm64_fp_extra={0x60200000001000d5, &(0x7f0000000040)=0x3d3})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x161642, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f00005e1000/0x3000)=nil, r9, 0x2000009, 0x213011, r2, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)

13m34.55889334s ago: executing program 2 (id=184):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000000, [0x40000099a, 0x5cf, 0xaca, 0x6, 0x1]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x10001})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x4eed40, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async, rerun: 64)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 64)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r8 = eventfd2(0x0, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000040)=@arm64_sve_vls={0x606000000015ffff, &(0x7f00000001c0)=0x2}) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async, rerun: 32)
ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110006, &(0x7f00000000c0)=0x2}) (async, rerun: 32)
close(r8) (async, rerun: 64)
openat$kvm(0x0, &(0x7f0000000040), 0x103801, 0x0) (async, rerun: 64)
write$eventfd(r8, 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000d99000/0x1000)=nil, 0x930, 0x1000001, 0x810, r7, 0x0) (async)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000040)={0x0, 0x0}, 0x0, 0x0)

13m17.640500662s ago: executing program 2 (id=185):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r3, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000280)=0x3}) (async)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r3, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0x40049409, 0x0)
ioctl$KVM_GET_API_VERSION(r9, 0xae00, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x12, r3, 0x0) (async)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r11, 0x40a0ae49, &(0x7f0000000040)={0x1fd, 0x2, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x1ff}) (async)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xc0189436, 0x1ffffffc)

13m0.769814384s ago: executing program 2 (id=186):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454d8, 0x110c23000a)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x9)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
r6 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r9, 0x400454d9, 0x110c230020)
ioctl$KVM_PPC_ALLOCATE_HTAB(r6, 0xc004aea7, &(0x7f0000000040)=0x3)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, &(0x7f00000002c0)=[@smc={0x1e, 0x40, {0x3000000, [0x8, 0x2, 0x5, 0x6, 0x20000000000]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x2, 0x5, 0x100, 0x5}}, @smc={0x1e, 0x40, {0x8, [0x4, 0x100000000, 0x80000000, 0xffffffff, 0xfffffffffffffff9]}}, @eret={0xe6, 0x18, 0x4}, @eret={0xe6, 0x18, 0x4}, @mrs={0xbe, 0x18, {0x603000000013df48}}, @mrs={0xbe, 0x18, {0x603000000013c642}}, @svc={0x122, 0x40, {0xc5000021, [0x7fff, 0x7fff, 0x6, 0x5, 0xc88]}}, @mrs={0xbe, 0x18, {0x603000000013da17}}, @irq_setup={0x46, 0x18, {0x4, 0xab}}, @irq_setup={0x46, 0x18, {0x3, 0x1a8}}, @msr={0x14, 0x20, {0x6030000000138027, 0x6}}, @uexit={0x0, 0x18, 0x401}, @irq_setup={0x46, 0x18, {0x0, 0x24}}, @svc={0x122, 0x40, {0x84000008, [0x37, 0x7ff, 0x8000000000000001, 0x7, 0xffffffff80000001]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x4, 0x9, 0x998d, 0x4, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x1, 0xc, 0x2912, 0x0, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x72}}, @msr={0x14, 0x20, {0x603000000013c802, 0x2}}, @code={0xa, 0x84, {"000028d5000000ac20988dd20040b0f2210080d2820080d2030180d2040180d2020000d4007008d50098205e007008d5008008d5000028d5c02884d20000b8f2010180d2c20080d2630180d2440080d2020000d4202285d20080b0f2810180d2e20080d2c30080d2a40080d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013df63}}, @uexit={0x0, 0x18, 0x2}, @irq_setup={0x46, 0x18, {0x4, 0x3ce}}, @mrs={0xbe, 0x18, {0x603000000013e6da}}], 0x39c}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfd000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000b80)={0x0, 0x0}, 0x0, 0x0)

12m13.038146078s ago: executing program 35 (id=186):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454d8, 0x110c23000a)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x9)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
r6 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r9, 0x400454d9, 0x110c230020)
ioctl$KVM_PPC_ALLOCATE_HTAB(r6, 0xc004aea7, &(0x7f0000000040)=0x3)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, &(0x7f00000002c0)=[@smc={0x1e, 0x40, {0x3000000, [0x8, 0x2, 0x5, 0x6, 0x20000000000]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x2, 0x5, 0x100, 0x5}}, @smc={0x1e, 0x40, {0x8, [0x4, 0x100000000, 0x80000000, 0xffffffff, 0xfffffffffffffff9]}}, @eret={0xe6, 0x18, 0x4}, @eret={0xe6, 0x18, 0x4}, @mrs={0xbe, 0x18, {0x603000000013df48}}, @mrs={0xbe, 0x18, {0x603000000013c642}}, @svc={0x122, 0x40, {0xc5000021, [0x7fff, 0x7fff, 0x6, 0x5, 0xc88]}}, @mrs={0xbe, 0x18, {0x603000000013da17}}, @irq_setup={0x46, 0x18, {0x4, 0xab}}, @irq_setup={0x46, 0x18, {0x3, 0x1a8}}, @msr={0x14, 0x20, {0x6030000000138027, 0x6}}, @uexit={0x0, 0x18, 0x401}, @irq_setup={0x46, 0x18, {0x0, 0x24}}, @svc={0x122, 0x40, {0x84000008, [0x37, 0x7ff, 0x8000000000000001, 0x7, 0xffffffff80000001]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x4, 0x9, 0x998d, 0x4, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x1, 0xc, 0x2912, 0x0, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x72}}, @msr={0x14, 0x20, {0x603000000013c802, 0x2}}, @code={0xa, 0x84, {"000028d5000000ac20988dd20040b0f2210080d2820080d2030180d2040180d2020000d4007008d50098205e007008d5008008d5000028d5c02884d20000b8f2010180d2c20080d2630180d2440080d2020000d4202285d20080b0f2810180d2e20080d2c30080d2a40080d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013df63}}, @uexit={0x0, 0x18, 0x2}, @irq_setup={0x46, 0x18, {0x4, 0x3ce}}, @mrs={0xbe, 0x18, {0x603000000013e6da}}], 0x39c}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfd000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000b80)={0x0, 0x0}, 0x0, 0x0)

11m4.475059196s ago: executing program 4 (id=192):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000006c0)=[@hvc={0x32, 0x40, {0xc5000021, [0xfffffffffffffde5, 0x3ff, 0x1, 0x7, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (rerun: 64)
r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) (async, rerun: 32)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) (rerun: 32)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x30)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f00000001c0)=@riscv64_sbi_fwft={0x803000000a010001, &(0x7f0000000200)=0x9}) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 64)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0}) (async)
ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000001)

10m50.44449709s ago: executing program 4 (id=193):
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r2, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100012, &(0x7f0000000000)=0x300000000000})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000100)=@arm64_fp={0x604000000010008c, &(0x7f0000000000)=0x400000000000006})
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a46000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x201482, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ff8000/0x8000)=nil, r9, 0x1000000, 0xe637a22295c143f8, 0xffffffffffffffff, 0x0)

10m35.81936618s ago: executing program 4 (id=194):
r0 = eventfd2(0x0, 0x80000)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, 0x930, 0x0, 0x110, r0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0xc018ae85, &(0x7f00000003c0)=@arm64_bitmap={0x6030000000160001, 0x0})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r6, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)

10m19.797660632s ago: executing program 4 (id=195):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x5, 0x4, &(0x7f0000000240)=0x9e93})
r3 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5)

10m1.559421416s ago: executing program 4 (id=196):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

9m51.628313476s ago: executing program 4 (id=197):
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000000)={0x1, 0x300, 0x2c0, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b1c000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bc2000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000440)={0x0, &(0x7f00000000c0)=[@svc={0x122, 0x40, {0xc5000020, [0x6, 0x3, 0x1, 0x711ec83f, 0x8000]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x40, 0x7ff, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013803d}}, @smc={0x1e, 0x40, {0x84000010, [0x7fffffffffffffff, 0xfffffffffffffff7, 0x7, 0x5, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x5}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x8, 0x4, 0x8, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0xa, 0x1, 0x0, 0x4}}], 0x148}, &(0x7f0000000480)=[@featur1={0x1, 0x43}], 0x1)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

9m3.677198284s ago: executing program 36 (id=197):
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000000)={0x1, 0x300, 0x2c0, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b1c000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bc2000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000440)={0x0, &(0x7f00000000c0)=[@svc={0x122, 0x40, {0xc5000020, [0x6, 0x3, 0x1, 0x711ec83f, 0x8000]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x40, 0x7ff, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013803d}}, @smc={0x1e, 0x40, {0x84000010, [0x7fffffffffffffff, 0xfffffffffffffff7, 0x7, 0x5, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x5}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x8, 0x4, 0x8, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0xa, 0x1, 0x0, 0x4}}], 0x148}, &(0x7f0000000480)=[@featur1={0x1, 0x43}], 0x1)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

2m56.947465492s ago: executing program 5 (id=202):
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = ioctl$KVM_CREATE_VM(r2, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0x8004b708, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r6, 0x4068aea3, &(0x7f0000000240)={0xb6, 0x0, 0x4})
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000340)}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000040)={0x1ff, 0x4})
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0xc3033, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000040)={0x7, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x9, 0x1, &(0x7f0000000040)=0xab})
mmap$KVM_VCPU(&(0x7f00005cc000/0x2000)=nil, 0x0, 0xa, 0x10, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x0, 0x3000001, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f000076c000/0x4000)=nil, 0x0, 0xf, 0x10010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)

2m33.687402011s ago: executing program 5 (id=203):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x4, 0x220) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b}) (async)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async, rerun: 32)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 32)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r11, 0x400454ca, 0xd8ffffffffff0f00) (async, rerun: 32)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (rerun: 32)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x603000000013e288, &(0x7f0000000140)=0x20000000009})

2m7.878948044s ago: executing program 5 (id=204):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="3200000000000000400000000000000001ff0086000000000700000000000000090000000000000a666499813eee8400f8ffffffffffffff000100001d000000"], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}}) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="3200000000000000400000000000000001ff0086000000000700000000000000090000000000000a666499813eee8400f8ffffffffffffff000100001d000000"], 0x40}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) (async)

1m49.380178998s ago: executing program 5 (id=205):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000000), 0x3230c1, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8001})
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x21481, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c0c000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x4000000000004)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0x40086602, 0x110e22ffff)
r6 = syz_kvm_add_vcpu$arm64(r4, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7, <r7=>0xffffffffffffffff})
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x40086602, 0x110e22ffff)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r9, 0xc008ae67, 0xfffffffffffffffe)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000000)=0x7})
r13 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)

1m30.58796801s ago: executing program 6 (id=198):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xdddd1000, 0x2000, &(0x7f0000fa4000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1m18.667552969s ago: executing program 5 (id=206):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)

1m6.740168329s ago: executing program 6 (id=207):
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f00000002c0)={0x4, 0x8000, 0x6194})
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0)
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013807f}}, @uexit={0x0, 0x18, 0x128}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013dea2}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x2e2}}, @hvc={0x32, 0x40, {0x80003fff, [0x4, 0xffffffff, 0x80, 0x9, 0x200]}}, @code={0xa, 0x84, {"0008c078205b8ad200a0b8f2210080d2e20180d2630080d2640180d2020000d4c0ae84d20000b0f2410080d2620180d2230180d2e40180d2020000d40088601e00d0204e006c93d20040b0f2010080d2820180d2a30080d2e40180d2020000d4000c00b8007008d5000028d50000002a"}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x0, 0x3, 0x6, 0x10000, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x10, 0x1, 0x0, 0x10, 0x0, 0x400, 0x4}}], 0x19c}, &(0x7f0000000200)=[@featur1={0x1, 0x4c}], 0x1)
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f0000000280)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000240)=0x2})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)

1m4.484954865s ago: executing program 5 (id=208):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xffffffffffffffff)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x282041, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, 0x0)
r5 = mmap$KVM_VCPU(&(0x7f0000ece000/0xb000)=nil, 0x0, 0x0, 0x110, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r7, 0x4020ae46, &(0x7f00000000c0)={0x100, 0x1000})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x2)
r8 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f00000002c0)=@arm64_fw={0x6030000000140002, &(0x7f00000003c0)=0xff})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x23)
ioctl$KVM_CAP_HALT_POLL(r11, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000})
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x34)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)

51.946975301s ago: executing program 6 (id=209):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec2000/0x3000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r4, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r4, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0xf4, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x43fd0b7927145ae5, [0x401, 0x5, 0x2c4, 0x9, 0x5]}}, @msr={0x14, 0x20, {0x603000000013dce8, 0xa415}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x80}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000001c0), 0x18}, 0x0, 0xfffffffffffffdd0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

16.128162105s ago: executing program 37 (id=208):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xffffffffffffffff)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x282041, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, 0x0)
r5 = mmap$KVM_VCPU(&(0x7f0000ece000/0xb000)=nil, 0x0, 0x0, 0x110, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r7, 0x4020ae46, &(0x7f00000000c0)={0x100, 0x1000})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x2)
r8 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f00000002c0)=@arm64_fw={0x6030000000140002, &(0x7f00000003c0)=0xff})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x23)
ioctl$KVM_CAP_HALT_POLL(r11, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000})
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x34)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)

0s ago: executing program 38 (id=209):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec2000/0x3000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r4, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r4, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0xf4, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x43fd0b7927145ae5, [0x401, 0x5, 0x2c4, 0x9, 0x5]}}, @msr={0x14, 0x20, {0x603000000013dce8, 0xa415}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x80}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000001c0), 0x18}, 0x0, 0xfffffffffffffdd0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

[  410.545580][ T3171] 8021q: adding VLAN 0 to HW filter on device bond0
[  475.808312][ T3171] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:39719' (ED25519) to the list of known hosts.
[  633.723094][   T25] audit: type=1400 audit(632.910:61): avc:  denied  { name_bind } for  pid=3331 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  636.424708][   T25] audit: type=1400 audit(635.640:62): avc:  denied  { execute } for  pid=3332 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  636.472997][   T25] audit: type=1400 audit(635.690:63): avc:  denied  { execute_no_trans } for  pid=3332 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  666.254833][   T25] audit: type=1400 audit(665.470:64): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  666.305898][   T25] audit: type=1400 audit(665.520:65): avc:  denied  { mount } for  pid=3332 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  666.399556][ T3332] cgroup: Unknown subsys name 'net'
[  666.475719][   T25] audit: type=1400 audit(665.690:66): avc:  denied  { unmount } for  pid=3332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  666.975271][ T3332] cgroup: Unknown subsys name 'cpuset'
[  667.122294][ T3332] cgroup: Unknown subsys name 'rlimit'
[  668.122378][   T25] audit: type=1400 audit(667.340:67): avc:  denied  { setattr } for  pid=3332 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  668.142699][   T25] audit: type=1400 audit(667.350:68): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  668.171274][   T25] audit: type=1400 audit(667.380:69): avc:  denied  { mount } for  pid=3332 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  669.257344][ T3337] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  669.283435][   T25] audit: type=1400 audit(668.490:70): avc:  denied  { relabelto } for  pid=3337 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  669.311474][   T25] audit: type=1400 audit(668.520:71): avc:  denied  { write } for  pid=3337 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  669.507179][   T25] audit: type=1400 audit(668.720:72): avc:  denied  { read } for  pid=3332 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  669.527296][   T25] audit: type=1400 audit(668.740:73): avc:  denied  { open } for  pid=3332 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  669.575574][ T3332] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  731.177947][   T25] audit: type=1400 audit(730.390:74): avc:  denied  { execmem } for  pid=3343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  735.087454][   T25] audit: type=1400 audit(734.300:75): avc:  denied  { read } for  pid=3345 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  735.116675][   T25] audit: type=1400 audit(734.330:76): avc:  denied  { open } for  pid=3345 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  735.201207][   T25] audit: type=1400 audit(734.410:77): avc:  denied  { mounton } for  pid=3345 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  735.447441][   T25] audit: type=1400 audit(734.660:78): avc:  denied  { module_request } for  pid=3345 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  736.447310][   T25] audit: type=1400 audit(735.660:79): avc:  denied  { sys_module } for  pid=3346 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  761.693460][ T3345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  762.615717][ T3345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  762.775356][ T3346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  763.642865][ T3346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  778.247247][ T3345] hsr_slave_0: entered promiscuous mode
[  778.281905][ T3345] hsr_slave_1: entered promiscuous mode
[  779.366753][ T3346] hsr_slave_0: entered promiscuous mode
[  779.433422][ T3346] hsr_slave_1: entered promiscuous mode
[  779.473104][ T3346] debugfs: 'hsr0' already exists in 'hsr'
[  779.480035][ T3346] Cannot create hsr debugfs directory
[  785.400906][   T25] audit: type=1400 audit(784.560:80): avc:  denied  { create } for  pid=3345 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  785.472475][   T25] audit: type=1400 audit(784.610:81): avc:  denied  { write } for  pid=3345 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  785.518197][   T25] audit: type=1400 audit(784.710:82): avc:  denied  { read } for  pid=3345 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  785.738386][ T3345] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  786.092299][ T3345] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  786.357258][ T3345] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  786.680510][ T3345] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  788.351392][ T3346] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  788.637832][ T3346] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  788.898032][ T3346] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  789.144470][ T3346] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  801.682813][ T3345] 8021q: adding VLAN 0 to HW filter on device bond0
[  804.801580][ T3346] 8021q: adding VLAN 0 to HW filter on device bond0
[  861.582710][ T3345] veth0_vlan: entered promiscuous mode
[  862.152637][ T3345] veth1_vlan: entered promiscuous mode
[  864.375697][ T3345] veth0_macvtap: entered promiscuous mode
[  864.856104][ T3345] veth1_macvtap: entered promiscuous mode
[  865.057638][ T3346] veth0_vlan: entered promiscuous mode
[  866.022042][ T3346] veth1_vlan: entered promiscuous mode
[  867.496449][ T3448] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  867.557472][ T3448] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  867.573684][ T3448] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  867.584000][ T3448] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  869.700949][ T3346] veth0_macvtap: entered promiscuous mode
[  870.342696][   T25] audit: type=1400 audit(869.560:83): avc:  denied  { mount } for  pid=3345 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  870.401875][ T3346] veth1_macvtap: entered promiscuous mode
[  870.505907][   T25] audit: type=1400 audit(869.720:84): avc:  denied  { mounton } for  pid=3345 comm="syz-executor" path="/syzkaller.Q34iT3/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  870.760592][   T25] audit: type=1400 audit(869.960:85): avc:  denied  { mount } for  pid=3345 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  871.228270][   T25] audit: type=1400 audit(870.430:86): avc:  denied  { mounton } for  pid=3345 comm="syz-executor" path="/syzkaller.Q34iT3/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  871.382322][   T25] audit: type=1400 audit(870.590:87): avc:  denied  { mounton } for  pid=3345 comm="syz-executor" path="/syzkaller.Q34iT3/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3756 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  871.895552][   T25] audit: type=1400 audit(871.110:88): avc:  denied  { unmount } for  pid=3345 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  872.183693][   T25] audit: type=1400 audit(871.390:89): avc:  denied  { mounton } for  pid=3345 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  872.292974][   T25] audit: type=1400 audit(871.500:90): avc:  denied  { mount } for  pid=3345 comm="syz-executor" name="/" dev="gadgetfs" ino=3764 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  872.818188][   T25] audit: type=1400 audit(871.970:91): avc:  denied  { mount } for  pid=3345 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  872.900376][   T50] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  872.905394][   T50] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  872.941007][   T50] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  872.944814][   T50] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  872.981738][   T25] audit: type=1400 audit(872.150:92): avc:  denied  { mounton } for  pid=3345 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  874.622699][ T3345] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  875.955977][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  875.980573][   T25] audit: type=1400 audit(875.170:94): avc:  denied  { read write } for  pid=3345 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  876.000895][   T25] audit: type=1400 audit(875.210:95): avc:  denied  { open } for  pid=3345 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  876.061728][   T25] audit: type=1400 audit(875.260:96): avc:  denied  { ioctl } for  pid=3345 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  888.840416][   T25] audit: type=1400 audit(887.920:97): avc:  denied  { read } for  pid=3496 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  888.894518][   T25] audit: type=1400 audit(888.110:98): avc:  denied  { open } for  pid=3496 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  889.860507][   T25] audit: type=1400 audit(889.060:99): avc:  denied  { ioctl } for  pid=3496 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  892.193700][   T25] audit: type=1400 audit(891.410:100): avc:  denied  { write } for  pid=3496 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  893.827996][   T25] audit: type=1400 audit(893.040:101): avc:  denied  { append } for  pid=3496 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  952.530540][   T25] audit: type=1400 audit(951.730:102): avc:  denied  { execute } for  pid=3524 comm="syz.1.10" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4368 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1070.326605][   T25] audit: type=1400 audit(1069.540:103): avc:  denied  { execute } for  pid=3608 comm="syz.1.34" path=2F31362FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1109.377101][   T25] audit: type=1400 audit(1108.590:104): avc:  denied  { setattr } for  pid=3634 comm="syz.1.43" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1162.605811][ T3669] KVM: debugfs: duplicate directory 3669-6
[ 1163.025045][ T3669] KVM: debugfs: duplicate directory 3669-6
[ 1248.843461][   T25] audit: type=1400 audit(1248.050:105): avc:  denied  { map } for  pid=3720 comm="syz.0.69" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1267.432288][   T25] audit: type=1400 audit(1266.640:106): avc:  denied  { execute } for  pid=3729 comm="syz.1.71" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1290.701252][   T25] audit: type=1400 audit(1289.910:107): avc:  denied  { create } for  pid=3744 comm="syz.0.76" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1290.850109][   T25] audit: type=1400 audit(1290.060:108): avc:  denied  { map } for  pid=3744 comm="syz.0.76" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7428 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1290.892880][   T25] audit: type=1400 audit(1290.100:109): avc:  denied  { read } for  pid=3744 comm="syz.0.76" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7428 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1293.680669][   T25] audit: type=1400 audit(1292.890:110): avc:  denied  { map } for  pid=3744 comm="syz.0.76" path="pipe:[2772]" dev="pipefs" ino=2772 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1293.731154][   T25] audit: type=1400 audit(1292.910:111): avc:  denied  { execute } for  pid=3744 comm="syz.0.76" path="pipe:[2772]" dev="pipefs" ino=2772 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1531.806863][   T25] audit: type=1400 audit(1531.020:112): avc:  denied  { execute } for  pid=3868 comm="syz.0.115" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=9304 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1536.187527][   T25] audit: type=1400 audit(1535.400:113): avc:  denied  { write } for  pid=3868 comm="syz.0.115" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=9304 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1661.288012][ T2162] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1661.825710][ T3888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1662.115294][ T2162] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1662.524157][ T3888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1663.088453][ T2162] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1665.043033][ T2162] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1684.416335][ T2162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1684.592981][ T2162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1684.723913][ T2162] bond0 (unregistering): Released all slaves
[ 1688.034416][ T2162] hsr_slave_0: left promiscuous mode
[ 1688.122015][ T2162] hsr_slave_1: left promiscuous mode
[ 1688.984354][ T2162] veth1_macvtap: left promiscuous mode
[ 1689.033197][ T2162] veth0_macvtap: left promiscuous mode
[ 1689.062647][ T2162] veth1_vlan: left promiscuous mode
[ 1689.073613][ T2162] veth0_vlan: left promiscuous mode
[ 1705.095532][ T3897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1705.604276][ T3897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1709.587682][ T2162] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1710.977979][ T2162] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1712.482818][ T2162] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1713.326711][ T3888] hsr_slave_0: entered promiscuous mode
[ 1713.434112][ T3888] hsr_slave_1: entered promiscuous mode
[ 1713.521654][ T3888] debugfs: 'hsr0' already exists in 'hsr'
[ 1713.522639][ T3888] Cannot create hsr debugfs directory
[ 1713.985910][ T2162] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1731.946833][ T2162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1732.100553][ T2162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1732.185982][ T2162] bond0 (unregistering): Released all slaves
[ 1733.572806][ T2162] hsr_slave_0: left promiscuous mode
[ 1733.690780][ T2162] hsr_slave_1: left promiscuous mode
[ 1734.160317][ T2162] veth1_macvtap: left promiscuous mode
[ 1734.161794][ T2162] veth0_macvtap: left promiscuous mode
[ 1734.171290][ T2162] veth1_vlan: left promiscuous mode
[ 1734.183012][ T2162] veth0_vlan: left promiscuous mode
[ 1753.696912][ T3897] hsr_slave_0: entered promiscuous mode
[ 1753.736032][ T3897] hsr_slave_1: entered promiscuous mode
[ 1758.359918][ T3888] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1758.940521][ T3888] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1759.107531][ T3888] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1759.732516][ T3888] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1767.054250][ T3897] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1767.347824][ T3897] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1767.595199][ T3897] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1767.945604][ T3897] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1782.795881][ T3888] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1791.426755][ T3897] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1880.303881][ T3888] veth0_vlan: entered promiscuous mode
[ 1881.192721][ T3888] veth1_vlan: entered promiscuous mode
[ 1884.198029][ T3888] veth0_macvtap: entered promiscuous mode
[ 1884.586672][ T3888] veth1_macvtap: entered promiscuous mode
[ 1887.965029][ T2116] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1887.973133][ T2116] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1887.990449][ T2116] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1888.032627][   T32] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1890.423155][ T3897] veth0_vlan: entered promiscuous mode
[ 1892.205714][ T3897] veth1_vlan: entered promiscuous mode
[ 1894.066549][   T25] audit: type=1400 audit(1893.270:114): avc:  denied  { unmount } for  pid=3888 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1895.813623][ T3897] veth0_macvtap: entered promiscuous mode
[ 1896.362676][ T3897] veth1_macvtap: entered promiscuous mode
[ 1899.860645][   T32] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1899.876167][   T32] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1899.931407][   T32] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1899.961469][   T32] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2322.715660][ T3483] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2324.963575][ T3483] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2327.007145][ T3483] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2329.503187][ T3483] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2357.513727][ T3483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2357.915005][ T3483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2358.322497][ T3483] bond0 (unregistering): Released all slaves
[ 2360.431516][ T3483] hsr_slave_0: left promiscuous mode
[ 2360.612453][ T3483] hsr_slave_1: left promiscuous mode
[ 2361.456610][ T3483] veth1_macvtap: left promiscuous mode
[ 2361.485784][ T3483] veth0_macvtap: left promiscuous mode
[ 2361.514642][ T3483] veth1_vlan: left promiscuous mode
[ 2361.530981][ T3483] veth0_vlan: left promiscuous mode
[ 2458.766757][ T4318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2459.275625][ T4318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2500.430231][ T4318] hsr_slave_0: entered promiscuous mode
[ 2500.556990][ T4318] hsr_slave_1: entered promiscuous mode
[ 2523.761778][ T4318] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2524.316847][ T4318] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2524.826316][ T4318] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2525.461480][ T4318] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2562.767227][ T4318] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2676.354803][ T4534] FAULT_INJECTION: forcing a failure.
[ 2676.354803][ T4534] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 2676.422752][ T4534] CPU: 0 UID: 0 PID: 4534 Comm: syz.2.181 Not tainted syzkaller #0 PREEMPT 
[ 2676.423456][ T4534] Hardware name: linux,dummy-virt (DT)
[ 2676.423922][ T4534] Call trace:
[ 2676.424329][ T4534]  show_stack+0x2c/0x3c (C)
[ 2676.426272][ T4534]  __dump_stack+0x30/0x40
[ 2676.426660][ T4534]  dump_stack_lvl+0xd8/0x12c
[ 2676.426960][ T4534]  dump_stack+0x1c/0x28
[ 2676.427272][ T4534]  should_fail_ex+0x56c/0x6d8
[ 2676.427508][ T4534]  should_fail+0x14/0x24
[ 2676.427710][ T4534]  should_fail_usercopy+0x20/0x30
[ 2676.427933][ T4534]  simple_read_from_buffer+0xd0/0x294
[ 2676.428192][ T4534]  proc_fail_nth_read+0x184/0x214
[ 2676.428467][ T4534]  vfs_read+0x220/0x9d8
[ 2676.428677][ T4534]  ksys_read+0x108/0x1fc
[ 2676.428879][ T4534]  __arm64_sys_read+0x98/0xcc
[ 2676.429099][ T4534]  invoke_syscall+0x90/0x230
[ 2676.429425][ T4534]  el0_svc_common+0x120/0x2f4
[ 2676.429713][ T4534]  do_el0_svc+0x58/0x74
[ 2676.429979][ T4534]  el0_svc+0x5c/0x238
[ 2676.430301][ T4534]  el0t_64_sync_handler+0x84/0x12c
[ 2676.430605][ T4534]  el0t_64_sync+0x198/0x19c
[ 2733.027960][ T4318] veth0_vlan: entered promiscuous mode
[ 2734.726357][ T4318] veth1_vlan: entered promiscuous mode
[ 2738.226811][ T4318] veth0_macvtap: entered promiscuous mode
[ 2739.205648][ T4318] veth1_macvtap: entered promiscuous mode
[ 2742.983330][ T4008] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2743.011021][ T4555] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2743.025254][ T4555] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2743.070044][ T4555] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2814.664167][ T3483] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2816.553247][ T3483] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2818.294939][ T3483] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2820.276265][ T3483] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2847.712266][ T3483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2848.617339][ T3483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2849.006222][ T3483] bond0 (unregistering): Released all slaves
[ 2851.426492][ T3483] hsr_slave_0: left promiscuous mode
[ 2851.539666][ T3483] hsr_slave_1: left promiscuous mode
[ 2852.462874][ T3483] veth1_macvtap: left promiscuous mode
[ 2852.485050][ T3483] veth0_macvtap: left promiscuous mode
[ 2852.532657][ T3483] veth1_vlan: left promiscuous mode
[ 2852.534650][ T3483] veth0_vlan: left promiscuous mode
[ 2967.226659][ T4601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2967.575047][ T4601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3004.992200][ T4601] hsr_slave_0: entered promiscuous mode
[ 3005.104743][ T4601] hsr_slave_1: entered promiscuous mode
[ 3005.231113][ T4601] debugfs: 'hsr0' already exists in 'hsr'
[ 3005.241483][ T4601] Cannot create hsr debugfs directory
[ 3011.034252][ T4279] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3014.057939][ T4279] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3016.311813][ T4279] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3018.338027][ T4279] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3045.257638][ T4279] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3045.475926][ T4279] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3045.705618][ T4279] bond0 (unregistering): Released all slaves
[ 3048.123325][ T4279] hsr_slave_0: left promiscuous mode
[ 3048.195736][ T4279] hsr_slave_1: left promiscuous mode
[ 3048.851250][ T4279] veth1_macvtap: left promiscuous mode
[ 3048.854714][ T4279] veth0_macvtap: left promiscuous mode
[ 3048.871094][ T4279] veth1_vlan: left promiscuous mode
[ 3048.893883][ T4279] veth0_vlan: left promiscuous mode
[ 3078.261956][ T4601] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 3079.520509][ T4601] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 3080.183594][ T4601] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 3080.712541][ T4601] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 3111.144609][ T4601] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3125.026485][ T4690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3125.490212][ T4690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3163.305981][ T4690] hsr_slave_0: entered promiscuous mode
[ 3163.425258][ T4690] hsr_slave_1: entered promiscuous mode
[ 3186.136570][ T4690] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 3187.003333][ T4690] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 3187.631411][ T4690] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 3188.306727][ T4690] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 3222.807476][ T4690] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3260.104779][ T4601] veth0_vlan: entered promiscuous mode
[ 3261.802785][ T4601] veth1_vlan: entered promiscuous mode
[ 3265.773304][ T4601] veth0_macvtap: entered promiscuous mode
[ 3266.645149][ T4601] veth1_macvtap: entered promiscuous mode
[ 3271.450807][ T4844] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3271.542358][ T4844] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3271.624670][ T3783] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3271.756172][ T3783] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3411.316521][ T4690] veth0_vlan: entered promiscuous mode
[ 3412.827561][ T4690] veth1_vlan: entered promiscuous mode
[ 3418.013155][ T4690] veth0_macvtap: entered promiscuous mode
[ 3419.192845][ T4690] veth1_macvtap: entered promiscuous mode
[ 3424.414144][ T3783] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3424.681473][ T3783] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3424.760198][ T3783] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3424.857028][ T3783] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3659.547041][ T4979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3660.175038][ T4979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3677.874215][ T4985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3678.521023][ T4985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3716.464953][ T4979] hsr_slave_0: entered promiscuous mode
[ 3716.625716][ T4979] hsr_slave_1: entered promiscuous mode
[ 3716.782011][ T4979] debugfs: 'hsr0' already exists in 'hsr'
[ 3716.800220][ T4979] Cannot create hsr debugfs directory
[ 3738.157441][ T4985] hsr_slave_0: entered promiscuous mode
[ 3738.356351][ T4985] hsr_slave_1: entered promiscuous mode
[ 3738.474900][ T4985] debugfs: 'hsr0' already exists in 'hsr'
[ 3738.530304][ T4985] Cannot create hsr debugfs directory
[ 3764.734118][ T4979] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 3766.133158][ T4979] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 3767.811390][ T4979] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 3769.141543][ T4979] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 3781.683964][ T4985] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 3782.374659][ T4985] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 3783.271051][ T4985] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 3783.918288][ T4985] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 3821.768125][ T4979] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3833.346142][ T4985] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3942.397478][   T27] INFO: task syz.6.209:4961 blocked for more than 430 seconds.
[ 3942.460393][   T27]       Not tainted syzkaller #0
[ 3942.470965][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3942.471641][   T27] task:syz.6.209       state:D stack:0     pid:4961  tgid:4961  ppid:4690   task_flags:0x400040 flags:0x00000011
[ 3942.472851][   T27] Call trace:
[ 3942.473270][   T27]  __switch_to+0x584/0xb00 (T)
[ 3942.473886][   T27]  __schedule+0x200c/0x3428
[ 3942.474372][   T27]  schedule+0xac/0x27c
[ 3942.474813][   T27]  schedule_timeout+0x68/0x1ec
[ 3942.475325][   T27]  do_wait_for_common+0x28c/0x440
[ 3942.475781][   T27]  wait_for_completion+0x44/0x5c
[ 3942.476258][   T27]  __synchronize_srcu+0x2a4/0x320
[ 3942.476760][   T27]  synchronize_srcu+0x3d0/0x4f8
[ 3942.477269][   T27]  mmu_notifier_unregister+0x320/0x428
[ 3942.477806][   T27]  kvm_put_kvm+0x698/0xbe0
[ 3942.478233][   T27]  kvm_vm_release+0x58/0x78
[ 3942.720651][   T27]  __fput+0x4ac/0x978
[ 3942.741030][   T27]  ____fput+0x20/0x58
[ 3942.741712][   T27]  task_work_run+0x1b8/0x250
[ 3942.742193][   T27]  exit_to_user_mode_loop+0x110/0x188
[ 3942.742690][   T27]  el0_svc+0x17c/0x238
[ 3942.743190][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 3942.743686][   T27]  el0t_64_sync+0x198/0x19c
[ 3942.745205][   T27] 
[ 3942.745205][   T27] Showing all locks held in the system:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 3942.745724][   T27] 1 lock held by khungtaskd/27:
[ 3942.746140][   T27]  #0: ffff800087a86d08 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44
[ 3942.852110][   T27] 3 locks held by kworker/u4:7/2162:
[ 3942.890281][   T27] 2 locks held by getty/3200:
[ 3942.892924][   T27]  #0: cbf00000122e28a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 3942.935510][   T27]  #1: 49ff80008c80b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234
[ 3942.937353][   T27] 2 locks held by syz-executor/3332:
[ 3942.937709][   T27] 2 locks held by kworker/u4:9/3483:
[ 3942.938013][   T27] 3 locks held by kworker/u4:6/4008:
[ 3942.938346][   T27] 3 locks held by kworker/u4:8/4013:
[ 3943.051712][   T27]  #0: fff0000072d59ed8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x368/0x3428
[ 3943.094861][   T27]  #1: fff0000072d45588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x6c/0x6e8
[ 3943.096527][   T27]  #2: fff0000072d46e98 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x5c8/0xe7c
[ 3943.098316][   T27] 2 locks held by kworker/u4:3/4340:
[ 3943.161243][   T27] 2 locks held by kworker/u4:2/4555:
[ 3943.163842][   T27]  #0: baf000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10
[ 3943.227640][   T27]  #1: ffff80008f197c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10
[ 3943.322406][   T27] 4 locks held by kworker/0:3/4585:
[ 3943.322771][   T27] 3 locks held by kworker/u4:12/4631:
[ 3943.323129][   T27] 2 locks held by kworker/u4:13/4839:
[ 3943.323461][   T27]  #0: baf000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10
[ 3943.325365][   T27]  #1: ffff80008eb77c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10
[ 3943.327045][   T27] 2 locks held by syz.5.208/4954:
[ 3943.327436][   T27] 3 locks held by kworker/u4:10/5084:
[ 3943.327762][   T27] 3 locks held by kworker/u4:15/5098:
[ 3943.328057][   T27] 3 locks held by kworker/u4:16/5116:
[ 3943.328381][   T27] 2 locks held by modprobe/5140:
[ 3943.502185][   T27] 1 lock held by modprobe/5141:
[ 3943.502912][   T27] 
[ 3943.503216][   T27] =============================================
[ 3943.503216][   T27] 
[ 3943.504153][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 3943.508984][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 3943.510214][   T27] Hardware name: linux,dummy-virt (DT)
[ 3943.511021][   T27] Call trace:
[ 3943.511675][   T27]  show_stack+0x2c/0x3c (C)
[ 3943.512644][   T27]  __dump_stack+0x30/0x40
[ 3943.513535][   T27]  dump_stack_lvl+0x30/0x12c
[ 3943.514442][   T27]  dump_stack+0x1c/0x28
[ 3943.515329][   T27]  vpanic+0x1d4/0x4e4
[ 3943.516104][   T27]  vpanic+0x0/0x4e4
[ 3943.516864][   T27]  hung_task_panic+0x0/0x2c
[ 3943.517790][   T27]  kthread+0x794/0x99c
[ 3943.518678][   T27]  ret_from_fork+0x10/0x20
[ 3943.520469][   T27] Kernel Offset: disabled
[ 3943.521190][   T27] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f
[ 3943.522260][   T27] Memory Limit: none
[ 3943.524424][   T27] Rebooting in 86400 seconds..