last executing test programs:

1h26m20.909879407s ago: executing program 0 (id=417):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000000000000000000002000000ff"])
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r4})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0xc, 0xeeef0000, 0x2, r4})
close(r3)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8})
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000240)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c00a}}], 0x18}, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r11, 0x2})
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r11, 0x3})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x100, 0x0, r11})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r6, 0x4018aee3, &(0x7f0000000040)=@attr_other={0x0, 0x6, 0x52, &(0x7f0000000000)=0x3})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0)

1h26m10.761847643s ago: executing program 0 (id=419):
openat$kvm(0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bde000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@svc={0x122, 0x40, {0x53, [0x8, 0x4a, 0x0, 0x200, 0x824]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x141000, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x100d7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x40305828, &(0x7f0000000180)=@attr_other={0x0, 0x6, 0x80000000, &(0x7f00000001c0)=0x3e})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0xa, <r11=>0xffffffffffffffff})
close(r11)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000a9d000/0x1000)=nil, 0x0, 0x1000001, 0x40010, r2, 0x0)
r12 = eventfd2(0x0, 0x0)
close(r12)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)

1h25m42.923088245s ago: executing program 1 (id=421):
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xf0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_kvm_vgic_v3_setup(r2, 0xfffffffffffffffd, 0xc0)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000000)=@attr_arm64={0x0, 0x8, 0x5, &(0x7f00000000c0)=0x9})
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)

1h25m42.58311104s ago: executing program 0 (id=422):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000240)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c00a}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000180), 0xa0080, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f0000000140)={0xdf, 0x0, 0x2000})
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r8 = syz_kvm_vgic_v3_setup(r7, 0x2, 0x40)
close(r7)
close(r8)

1h25m34.693375445s ago: executing program 1 (id=423):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0xc0189436, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454cb, 0x2f)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x27)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x3, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1h25m31.409848221s ago: executing program 0 (id=424):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000002c0)={0x2, 0x0, [{0x0, 0x2, 0x1, 0x0, @adapter={0xffffffff87bdf123, 0x100, 0xfffffffffffffff9, 0x4, 0x80000001}}, {0x10000, 0x1, 0x1, 0x0, @adapter={0x7b, 0x9, 0x0, 0x443, 0x8}}]})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x5})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x20)
ioctl$KVM_IOEVENTFD(r4, 0xc0189436, &(0x7f0000000180)={0x0, 0xd000, 0x8, 0xffffffffffffffff, 0x5})
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r6, 0x800454e1, 0x110c230008)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000280)=@arm64_fp_extra={0x60200000001000d5, &(0x7f0000000240)=0x7fffffffffffffff})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000002c0)={0x2, 0x0, [{0x0, 0x2, 0x1, 0x0, @adapter={0xffffffff87bdf123, 0x100, 0xfffffffffffffff9, 0x4, 0x80000001}}, {0x10000, 0x1, 0x1, 0x0, @adapter={0x7b, 0x9, 0x0, 0x443, 0x8}}]}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x5}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x20) (async)
ioctl$KVM_IOEVENTFD(r4, 0xc0189436, &(0x7f0000000180)={0x0, 0xd000, 0x8, 0xffffffffffffffff, 0x5}) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_VM(r6, 0x800454e1, 0x110c230008) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3) (async)
ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) (async)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000280)=@arm64_fp_extra={0x60200000001000d5, &(0x7f0000000240)=0x7fffffffffffffff}) (async)

1h25m23.945313312s ago: executing program 1 (id=425):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x802, 0x40000008, 0x0, 0x80}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x23)
ioctl$KVM_CAP_PTP_KVM(r6, 0x4068aea3, &(0x7f0000000280))

1h25m19.783574539s ago: executing program 0 (id=426):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000000)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bde000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
r12 = eventfd2(0x0, 0x0)
close(r12)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r13 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
write$eventfd(r12, &(0x7f0000000180)=0x5, 0xfffffde3)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r14 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000240)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c00a}}], 0x18}, 0x0, 0x0)

1h25m14.495010761s ago: executing program 1 (id=427):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xe5) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r2, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r4, 0x4208ae9b, &(0x7f0000000240)={0x20003, 0x0, {[0x97ab, 0x10001, 0x3, 0xc08d, 0x8, 0xffffffff00000001, 0x3b880, 0x400, 0x5, 0x2, 0x6, 0x5, 0x2, 0x8, 0x6, 0x7fff], [0x45e1, 0x8000, 0x5d2, 0x0, 0xbb9, 0x0, 0x8, 0xe, 0x10000, 0xfffffffffffffeff, 0x4d681830, 0xffff, 0x5, 0x10000, 0x7, 0xfffffffffffffff6], [0x80000001, 0xfffffffffffffffe, 0xa3, 0x0, 0x8, 0x81, 0x6, 0xfda8, 0x401, 0x5fd6, 0x3, 0x0, 0x40, 0x4, 0xffffffff, 0x9], [0x3, 0x6, 0xe99, 0xe, 0x9, 0x7, 0x8, 0x0, 0xb, 0x2, 0x10, 0x4, 0x9, 0x9, 0xc, 0x6]}})
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r2, 0x2, 0x80010, r4, 0x0) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x7d7b465c1d30afba, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

1h25m8.683940498s ago: executing program 1 (id=428):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x22400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = eventfd2(0x4, 0x80801) (async, rerun: 64)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000000)=@arm64_fw={0x6030000000140002, 0xfffffffffffffffe}) (async)
r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_vgic_v3_setup(r8, 0x4, 0x3a0)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x0, 0xf000, 0x1, r2, 0x3})

1h24m49.683423947s ago: executing program 1 (id=429):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_GET_MP_STATE(0xffffffffffffffff, 0x8004ae98, &(0x7f0000000000))
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x2, 0x80000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x200000000001c)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r4, &(0x7f0000bfe000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x602000000011000b, &(0x7f00000000c0)=0x8000000}) (async)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x602000000011000b, &(0x7f00000000c0)=0x8000000})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x32) (async)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x32)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
write$eventfd(r8, &(0x7f00000001c0), 0xff3c)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r9 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x4, 0x220) (async)
r11 = syz_kvm_vgic_v3_setup(r5, 0x4, 0x220)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) (async)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vm(r7, 0x4018aee2, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)={0x9, 0xff, 0x1}}) (async)
ioctl$KVM_GET_DEVICE_ATTR_vm(r7, 0x4018aee2, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)={0x9, 0xff, 0x1}})
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, &(0x7f00000006c0)={0x10200, 0x3c0, 0x240, &(0x7f00000002c0)=[0x7, 0x177, 0x2, 0x1, 0xb4, 0x7, 0xffffffffffffffe3, 0x5, 0x0, 0x6, 0x10000, 0x101, 0x2, 0xed8, 0x3, 0x800, 0x7, 0x0, 0x0, 0x7, 0x5, 0x4, 0xfffffffffffffff7, 0xfffffffffffffff9, 0x9, 0x7fffffffffffffff, 0x7ff, 0x1, 0x800, 0x4, 0x9, 0xffffffffffffffff, 0x5, 0x0, 0x4, 0x29, 0x6, 0x6f30010b, 0x1ff, 0x0, 0xf, 0x4, 0x2, 0x1, 0x6, 0x6, 0x7ff, 0x34, 0xe, 0x0, 0xf, 0x5, 0x8000, 0x5, 0x6, 0x3, 0xffff, 0x7, 0x3, 0x101, 0x4, 0x7, 0x5, 0x7283, 0x5, 0x8, 0x5, 0x401, 0x2, 0x1de, 0xffffffffffffffff, 0x200, 0x8, 0x7, 0x7fffffffffffffff, 0x4, 0x4, 0x7, 0xfffffffffffffff9, 0x6, 0xffffffffffffff00, 0x0, 0xc, 0x7ff, 0x3, 0x5, 0x5, 0x6, 0x2, 0xed, 0x8800000000000000, 0x3, 0x7ff, 0x7d135462, 0x1, 0x4, 0x5, 0x7, 0xfff, 0xd88, 0x21f2, 0x5eb, 0x7fffffff, 0x4, 0x5, 0x8000000000000000, 0x8, 0x7, 0x9, 0xd57, 0x7fffffffffffffff, 0x7, 0x5360, 0x0, 0xe83e, 0x2, 0x7576, 0xd3, 0x6, 0xb, 0x8, 0x9, 0xffffffffffffffff, 0x9, 0x7, 0x4, 0x7, 0x8]})
ioctl$KVM_HAS_DEVICE_ATTR(r11, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0x0, 0x0})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)

1h24m47.874080147s ago: executing program 0 (id=430):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@code={0xa, 0xe4, {"000008d5e0039fda60fc9dd20060b8f2610080d2020080d2830080d2e40080d2020000d4007008d5009a8dd200e0b8f2c10180d2420180d2830080d2040080d2020000d4e0cd95d200c0b8f2810080d2820180d2a30080d2e40180d2020000d4202f80d200c0b0f2810180d2020180d2e30080d2440180d2020000d4407d97d20000b8f2810180d2020180d2230180d2c40080d2020000d4209a87d200e0b8f2610080d2820180d2230180d2440080d2020000d4809d93d20040b0f2410180d2820080d2c30080d2040080d2020000d4"}}, @smc={0x1e, 0x40, {0x2, [0x8, 0x37e, 0x1ff, 0x9, 0x8]}}, @msr={0x14, 0x20, {0x603000000013debc, 0x2}}, @memwrite={0x6e, 0x30, @generic={0xeeee0000, 0x1c9, 0x101}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0xa, 0x1ff, 0x0, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x200, 0xd, 0x8}}, @code={0xa, 0x84, {"000008d5000028d5e0f298d200a0b8f2e10180d2220180d2230080d2240180d2020000d400000094007008d5000028d5808f9cd20000b8f2e10080d2420180d2030180d2a40080d2020000d440529dd20020b8f2810180d2020080d2030080d2a40180d2020000d400c8212e0000799e"}}, @code={0xa, 0x9c, {"c08399d20060b0f2a10180d2220180d2a30080d2c40180d2020000d4000008d50080ff0de0eb88d20060b8f2610080d2020080d2030080d2640180d2020000d400d8a07e00809f0c00c8a12e00000053201c8fd20020b8f2a10180d2a20180d2230080d2440180d2020000d4e0e986d20000b0f2a10080d2220180d2630080d2840180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013803f}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x2, 0xfffffff7, 0x4, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xc00, 0xfffffffffffff000}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x159}}, @uexit={0x0, 0x18, 0xc8e5}, @eret={0xe6, 0x18, 0x7}, @smc={0x1e, 0x40, {0x40000070, [0x10001, 0x2, 0x7, 0xfa29, 0xfffffffffffffff8]}}, @irq_setup={0x46, 0x18, {0x2, 0x386}}, @svc={0x122, 0x40, {0x84000011, [0x8000000000000001, 0x6, 0xd, 0x42, 0x7]}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x3d5}}], 0x474}, &(0x7f0000000040)=[@featur2={0x1, 0x4}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r2, 0x2000000, 0x621e1a14967554d3, r3, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef000000003a08000000000000010000000000000002c0f7000000000003000000000000000402000000000000140000000000000020000000000000008480130000003060a3"], 0x60}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0) (async)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

1h24m3.750320257s ago: executing program 32 (id=429):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_GET_MP_STATE(0xffffffffffffffff, 0x8004ae98, &(0x7f0000000000))
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x2, 0x80000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x200000000001c)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r4, &(0x7f0000bfe000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x602000000011000b, &(0x7f00000000c0)=0x8000000}) (async)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x602000000011000b, &(0x7f00000000c0)=0x8000000})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x32) (async)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x32)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
write$eventfd(r8, &(0x7f00000001c0), 0xff3c)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r9 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x4, 0x220) (async)
r11 = syz_kvm_vgic_v3_setup(r5, 0x4, 0x220)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) (async)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vm(r7, 0x4018aee2, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)={0x9, 0xff, 0x1}}) (async)
ioctl$KVM_GET_DEVICE_ATTR_vm(r7, 0x4018aee2, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)={0x9, 0xff, 0x1}})
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, &(0x7f00000006c0)={0x10200, 0x3c0, 0x240, &(0x7f00000002c0)=[0x7, 0x177, 0x2, 0x1, 0xb4, 0x7, 0xffffffffffffffe3, 0x5, 0x0, 0x6, 0x10000, 0x101, 0x2, 0xed8, 0x3, 0x800, 0x7, 0x0, 0x0, 0x7, 0x5, 0x4, 0xfffffffffffffff7, 0xfffffffffffffff9, 0x9, 0x7fffffffffffffff, 0x7ff, 0x1, 0x800, 0x4, 0x9, 0xffffffffffffffff, 0x5, 0x0, 0x4, 0x29, 0x6, 0x6f30010b, 0x1ff, 0x0, 0xf, 0x4, 0x2, 0x1, 0x6, 0x6, 0x7ff, 0x34, 0xe, 0x0, 0xf, 0x5, 0x8000, 0x5, 0x6, 0x3, 0xffff, 0x7, 0x3, 0x101, 0x4, 0x7, 0x5, 0x7283, 0x5, 0x8, 0x5, 0x401, 0x2, 0x1de, 0xffffffffffffffff, 0x200, 0x8, 0x7, 0x7fffffffffffffff, 0x4, 0x4, 0x7, 0xfffffffffffffff9, 0x6, 0xffffffffffffff00, 0x0, 0xc, 0x7ff, 0x3, 0x5, 0x5, 0x6, 0x2, 0xed, 0x8800000000000000, 0x3, 0x7ff, 0x7d135462, 0x1, 0x4, 0x5, 0x7, 0xfff, 0xd88, 0x21f2, 0x5eb, 0x7fffffff, 0x4, 0x5, 0x8000000000000000, 0x8, 0x7, 0x9, 0xd57, 0x7fffffffffffffff, 0x7, 0x5360, 0x0, 0xe83e, 0x2, 0x7576, 0xd3, 0x6, 0xb, 0x8, 0x9, 0xffffffffffffffff, 0x9, 0x7, 0x4, 0x7, 0x8]})
ioctl$KVM_HAS_DEVICE_ATTR(r11, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0x0, 0x0})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)

1h24m0.112143829s ago: executing program 33 (id=430):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@code={0xa, 0xe4, {"000008d5e0039fda60fc9dd20060b8f2610080d2020080d2830080d2e40080d2020000d4007008d5009a8dd200e0b8f2c10180d2420180d2830080d2040080d2020000d4e0cd95d200c0b8f2810080d2820180d2a30080d2e40180d2020000d4202f80d200c0b0f2810180d2020180d2e30080d2440180d2020000d4407d97d20000b8f2810180d2020180d2230180d2c40080d2020000d4209a87d200e0b8f2610080d2820180d2230180d2440080d2020000d4809d93d20040b0f2410180d2820080d2c30080d2040080d2020000d4"}}, @smc={0x1e, 0x40, {0x2, [0x8, 0x37e, 0x1ff, 0x9, 0x8]}}, @msr={0x14, 0x20, {0x603000000013debc, 0x2}}, @memwrite={0x6e, 0x30, @generic={0xeeee0000, 0x1c9, 0x101}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0xa, 0x1ff, 0x0, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x200, 0xd, 0x8}}, @code={0xa, 0x84, {"000008d5000028d5e0f298d200a0b8f2e10180d2220180d2230080d2240180d2020000d400000094007008d5000028d5808f9cd20000b8f2e10080d2420180d2030180d2a40080d2020000d440529dd20020b8f2810180d2020080d2030080d2a40180d2020000d400c8212e0000799e"}}, @code={0xa, 0x9c, {"c08399d20060b0f2a10180d2220180d2a30080d2c40180d2020000d4000008d50080ff0de0eb88d20060b8f2610080d2020080d2030080d2640180d2020000d400d8a07e00809f0c00c8a12e00000053201c8fd20020b8f2a10180d2a20180d2230080d2440180d2020000d4e0e986d20000b0f2a10080d2220180d2630080d2840180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013803f}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x2, 0xfffffff7, 0x4, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xc00, 0xfffffffffffff000}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x159}}, @uexit={0x0, 0x18, 0xc8e5}, @eret={0xe6, 0x18, 0x7}, @smc={0x1e, 0x40, {0x40000070, [0x10001, 0x2, 0x7, 0xfa29, 0xfffffffffffffff8]}}, @irq_setup={0x46, 0x18, {0x2, 0x386}}, @svc={0x122, 0x40, {0x84000011, [0x8000000000000001, 0x6, 0xd, 0x42, 0x7]}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x3d5}}], 0x474}, &(0x7f0000000040)=[@featur2={0x1, 0x4}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r2, 0x2000000, 0x621e1a14967554d3, r3, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef000000003a08000000000000010000000000000002c0f7000000000003000000000000000402000000000000140000000000000020000000000000008480130000003060a3"], 0x60}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0) (async)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

21m11.652868891s ago: executing program 3 (id=975):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async, rerun: 64)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (rerun: 64)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x0, &(0x7f0000000000)=0x10}) (async)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000200)={0x5, 0x4c}) (async)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000040)=0x3ff}) (async, rerun: 32)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) (rerun: 32)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)
r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000240)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x80003fff, [0x20000000000000, 0x200, 0x4, 0x5, 0xffffffffffffffff]}}, @irq_setup={0x46, 0x18, {0x0, 0x120}}, @eret={0xe6, 0x18}], 0x70}, &(0x7f0000000340)=[@featur1={0x1, 0x1}], 0x1)
close(r8) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async, rerun: 64)
close(0x4) (async, rerun: 64)
close(0x5)

21m7.810040242s ago: executing program 2 (id=976):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x4000000000000)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x2, 0x1, 0xf000, 0x1000, &(0x7f0000c02000/0x1000)=nil})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x3, 0xa2a4dea, 0x1e44200, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e289}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x1, 0xb, 0x4, 0x9, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x1, 0x6, 0x9, 0x7ff, 0x2}}, @code={0xa, 0x3c, {"000000fd000008d500c8212e008008d5000028d50080000f0080c0c8000008d5000000b50080001b"}}, @eret={0xe6, 0x18, 0x2}, @eret={0xe6, 0x18, 0x2}, @hvc={0x32, 0x40, {0x86000000, [0x9, 0x9, 0x3, 0x3]}}, @uexit={0x0, 0x18, 0xff}], 0x154}, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100016, &(0x7f0000000100)=0xc5c5})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000240)={0x3, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x0, 0x3000004, 0x8010, r8, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
r13 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r14 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0})
ioctl$KVM_CREATE_VM(r14, 0x401c5820, 0x20000006)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21m2.420317271s ago: executing program 3 (id=977):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x40000000, 0x80000)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001340)={0xffffffffffffff13, 0x0, 0x2, r2, 0x3})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={0xffffffffffffffff, 0x7fffffff, 0x1, r2})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x2, 0x1}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x62}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x3, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x24)
ioctl$KVM_IRQFD(r13, 0x4020ae76, 0xffffffffffffffff)
r14 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1000026)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r14, 0x4010ae68, &(0x7f0000000000)={0xeeee8000, 0x110000, 0x1})
r15 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r15, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r15, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r15, 0x4010ae68, &(0x7f0000000040)={0x80a0000, 0x0, 0x1})

20m52.8906954s ago: executing program 2 (id=978):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x37)
ioctl$KVM_PPC_ALLOCATE_HTAB(r0, 0xc004aea7, &(0x7f0000000000)=0x8000)
ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x7, 0x0, &(0x7f0000000040)=0x6})
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f00000000c0)=[@its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x0, 0x5, 0x9, 0x40, 0x4}}, @eret={0xe6, 0x18, 0x80000000}], 0x40}, &(0x7f0000000140)=[@featur2={0x1, 0x30}], 0x1)
r2 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece)
syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000bfd000/0x400000)=nil, &(0x7f0000000700)=[{0x0, &(0x7f0000000180)=[@mrs={0xbe, 0x18, {0x603000000013e10a}}, @code={0xa, 0x9c, {"40ea9ed20000b0f2810080d2420080d2a30180d2a40180d2020000d4c0b18dd20060b8f2210180d2620080d2e30180d2c40180d2020000d4007008d5008008d5605c83d20080b8f2e10080d2620080d2430080d2440080d2020000d4000008d5007008d5e0c786d20040b0f2a10080d2620080d2c30080d2240080d2020000d40040bf0d007008d5"}}, @eret={0xe6, 0x18, 0x8}, @eret={0xe6, 0x18, 0x5}, @svc={0x122, 0x40, {0x2, [0x8, 0x5d, 0xa, 0xc, 0x2]}}, @code={0xa, 0x9c, {"008008d5000008d5201885d20000b8f2610080d2220080d2230180d2640180d2020000d440f087d200c0b0f2210180d2220080d2030080d2c40180d2020000d40024c01a007008d50054200ec0f687d200c0b8f2c10180d2a20080d2830080d2640080d2020000d4008008d500cb9ad200a0b8f2810180d2220180d2c30180d2e40080d2020000d4"}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x140}}, @svc={0x122, 0x40, {0x80000002, [0x4, 0x3, 0x2, 0x1, 0x7]}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x98}}, @mrs={0xbe, 0x18, {0x603000000013e218}}, @eret={0xe6, 0x18}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x18}}, @eret={0xe6, 0x18, 0xc65}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x5, 0x8}}, @irq_setup={0x46, 0x18, {0x2, 0x155}}, @mrs={0xbe, 0x18, {0x6030000000138046}}, @code={0xa, 0xb4, {"008008d5008008d5201a9bd200a0b8f2610080d2e20180d2230080d2240180d2020000d420c597d200e0b8f2610080d2220180d2230180d2240180d2020000d4c0c48fd20060b0f2410180d2c20180d2230180d2040180d2020000d4e00b98d20020b8f2410180d2820080d2830080d2a40180d2020000d4008008d50040002fc0d682d200a0b8f2410080d2c20180d2230180d2840180d2020000d4008008d5"}}, @mrs={0xbe, 0x18, {0x603000000013e21a}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x3dc}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0x7, 0x9}}, @svc={0x122, 0x40, {0x2000000, [0x4b7, 0x78f29548, 0xf, 0x25, 0xfff]}}, @eret={0xe6, 0x18, 0x8}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x144}}, @smc={0x1e, 0x40, {0x200, [0xfffffffffffffff4, 0x1, 0xffff, 0x5ed, 0x1ff]}}, @hvc={0x32, 0x40, {0xc4000001, [0x5, 0x5, 0xe1c2, 0x8b97, 0x5]}}], 0x544}], 0x1, 0x0, &(0x7f0000000740)=[@featur2={0x1, 0x80}], 0x1)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1)
ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f00000007c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000780)={0x9, 0x6ed709fd}})
ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000000800)=0x7)
r4 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
ioctl$KVM_GET_REGS(r4, 0x8360ae81, &(0x7f0000000840))
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r4, 0x4068aea3, &(0x7f0000000900))
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000f75000/0x3000)=nil, r5, 0x3000000, 0x4000010, r1, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r4, 0xc018aec0, &(0x7f0000000d80)={0x4, 0x0, 0x200, &(0x7f0000000980)=[0x0, 0x10, 0x3, 0x32ad, 0x7fffffffffffffff, 0x6, 0xffffffff, 0x8, 0x8, 0xffffffffffffffff, 0x9, 0xc4f, 0x6, 0x80, 0xffffffffffffffbf, 0x2, 0x6, 0x7fffffffffffffff, 0x7, 0x4, 0x6, 0x2c3, 0x0, 0x3, 0xfffffffffffffff8, 0x7ff, 0x2000000000000000, 0xffffffffffffff45, 0x7, 0x2, 0x7fffffff, 0x4, 0x9, 0x4, 0x40, 0x1, 0xf, 0x3, 0x1, 0xf6, 0x4d, 0x1, 0x8, 0x9, 0x8000000000000001, 0x4, 0x1, 0x5, 0x5, 0xffffffff, 0x5, 0x83d, 0x200, 0xa, 0x6, 0x2d3, 0xc, 0x4, 0xdb, 0x0, 0x8c, 0xc3, 0x1, 0xffff, 0x7, 0x80, 0x7, 0xb2, 0x1000, 0xd, 0xf2, 0x7, 0xa, 0xb, 0xfffffffffffffffc, 0x1d8, 0x8001, 0x10, 0x5, 0x3, 0x9, 0x4, 0x1, 0x6, 0x0, 0x2, 0x8, 0xc, 0x545, 0x9, 0x5000000, 0x19, 0x8001, 0x7fffffff, 0x9, 0x6, 0x0, 0x2, 0x3, 0x0, 0x6, 0x8, 0x5, 0x2, 0x0, 0x3, 0xc, 0x2, 0x8, 0x5, 0x3, 0x9, 0x3, 0x8, 0x4, 0x7, 0x0, 0x40, 0x80000000, 0x8, 0xffffffffffffffff, 0x2, 0x7, 0x1, 0xea4e, 0x1, 0x100000001, 0x1]})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000dc0)={0xe4, 0x0, 0x2})
ioctl$KVM_CAP_ARM_USER_IRQ(r3, 0x4068aea3, &(0x7f0000000e40))
close(r0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f0000000ec0)={0x9, 0x7})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f0000000f00)={0xe4, 0x0, 0x1})
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x3)
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000d09000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000fc0)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000001400)={0x4, 0x400, 0x3c0, &(0x7f0000001000)=[0x50000000000, 0xbada, 0x7, 0x8, 0x39, 0x5, 0x933c, 0x1, 0x6, 0x9, 0xd57, 0x1000, 0x7fffffff, 0xe, 0x1, 0x10, 0x4, 0x9, 0x8, 0x4, 0x1, 0x7, 0x6, 0xb40d, 0x1, 0x100000000, 0x200, 0x8000000000000001, 0xdb73, 0xe8d0, 0xe, 0xd, 0x3, 0x4c, 0xc47, 0x80, 0x1000, 0xffffffffffff8001, 0x8, 0x5, 0x1, 0x2, 0x2, 0xcd2, 0x2, 0x0, 0xffff, 0x7, 0x6, 0x0, 0x6, 0x8, 0x8, 0x598987fb, 0x3, 0x9, 0x5, 0x4, 0x7f, 0x100, 0x5, 0x5, 0x1, 0x3, 0x4, 0x0, 0x8, 0x9, 0xfffffffffffffffb, 0x64, 0x39, 0x7ff, 0x7, 0xdb78, 0x5, 0x2, 0x5, 0x7fff, 0xe6cf, 0x1, 0x3fe0, 0x3, 0x2, 0x4, 0x8, 0xffffffffffff7fff, 0xfffffffffffffffa, 0x6, 0x8001, 0xe7, 0x9, 0x81, 0x2, 0x4, 0x840, 0x6, 0x2, 0x1, 0x800, 0x4c, 0x7fff, 0x80000001, 0xdc6, 0xc, 0x2, 0x100, 0x9, 0x6, 0x2, 0x0, 0xe7d1, 0x401, 0x6, 0x8, 0xa, 0x2, 0x5f, 0x6, 0xfffffffffe0b538f, 0x3, 0x2, 0xffffffffffffff48, 0x10000, 0x3, 0x2, 0x6, 0x7, 0xf4e7]})
ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000001480)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000001440)=0x5})
ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000001500)=@attr_other={0x0, 0x1, 0x6, &(0x7f00000014c0)=0x6})
ioctl$KVM_CAP_ARM_USER_IRQ(r3, 0x4068aea3, &(0x7f0000001540))
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000015c0)={0x1, 0x6})
ioctl$KVM_ARM_VCPU_FINALIZE(0xffffffffffffffff, 0x4004aec2, &(0x7f0000001600))

20m46.720221668s ago: executing program 3 (id=979):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r1, 0x4020aeae, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x40000007)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r4, 0x400454d4, 0x110c230008)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(r6, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYRES16=r3, @ANYRESDEC=r2], 0x318}], 0x1, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0x1}], 0x1)
r9 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f000020f000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013c006, &(0x7f0000000000)=0x3})
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x0, 0x100000f, 0x8010, 0xffffffffffffffff, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x2a040, 0x0)
ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xd8)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000180)={0x8})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000100), 0x368402a971b17d08, 0x0)
ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)

20m44.778568426s ago: executing program 2 (id=980):
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000001c0)={0x1, 0x0, [{0x101, 0x1, 0x1, 0x0, @msi={0x3, 0xfffffeff, 0x28a, 0x3}}]})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f00000001c0)=0x7ffffff, 0xfdef)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25)
ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f0000000240)={0xb6, 0x0, 0x800000000000001})

20m37.081515529s ago: executing program 3 (id=981):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xb702, 0x0)
openat$kvm(0x0, 0x0, 0x141001, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, 0x0, 0x0, 0x0) (async)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x2, 0x100) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x1000, 0x1000, &(0x7f0000c87000/0x1000)=nil})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) (async)
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000002, [0x99b, 0x100000001, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000040)={0x0, &(0x7f0000000100)=[@svc={0x122, 0x40, {0xffff, [0x21c1, 0x6, 0x4, 0x5, 0x5]}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x3a7}}, @smc={0x1e, 0x40, {0xc400000e, [0x1, 0x705, 0x4, 0x80]}}, @eret={0xe6, 0x18, 0xc}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x3, 0x3, 0x2, 0x6, 0x3}}], 0xe8}, &(0x7f0000000200)=[@featur1={0x1, 0x9}], 0x1)

20m36.354540683s ago: executing program 2 (id=982):
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x810, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x9, 0x1, &(0x7f0000000040)=0xab})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x200440, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r6, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000100)=[{0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0a000000000000008400000000000000801498d200a0b0f2810080d2220080d2e30080d2e40080d2020000d4007008d5e0b29cd20020b8f2c10080d2620180d2230180d2840180d2020000d40014202e00c8b02e20ed84d20040b0f2610080d2220180d2630180d2440180d2020000d40014005f007008d5007008d5000008d5c0035fd632000000000000004000fffffffd0000140000840000000001000000000000000a000000000000000000000000000000060000000000000000000000000000804600000000000000180000000000000002000000280000001400000000000000200000000000000028e51300000030608100000000000000be00000000000000180000000000000067c61300000030600000000000000000180000000000000004000000000000001400000000000000200000000000000080e013000000306006000008000000008200000000000000280000000000000000000000000000000200000000000000f6000000000000000000000000000000180000000000000009000000000000006e00000000000000300000000000000000000a0800000000000400000000000004000000000000000c00000000000000be00000000000000180000000000000069df130000003060be0000000000000018000000000000008c801300000030600a000000000000009c000000000000001820201e00b4202e0094006f00c8b07e006e9ad200c0b0f2e10180d2e20080d2c30080d2e40180d2020000d4007008d5a0008dd200e0b0f2210180d2e20080d2c30180d2440080d2020000d440be96d20000b0f2610180d2c20180d2c30180d2a40180d2020000d4201e9ed200e0b8f2a10080d2a20080d2c30080d2440080d2020000d4007008d5c0035fd6000000000000000018000000000000000400000000000000be00000000000000180000000000000091c0130000003060"], 0x2b8}], 0x1, 0x0, &(0x7f0000000140)=[@featur1={0x1, 0x20}], 0x1)
ioctl$KVM_CREATE_VM(r5, 0x401c5820, 0x20000000)

20m28.803698931s ago: executing program 2 (id=983):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xdddd1000, 0x2000, &(0x7f0000fa4000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010000a, &(0x7f00000000c0)=0x80003fe}) (async, rerun: 32)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (rerun: 32)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xa)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x5d)

20m27.936236579s ago: executing program 3 (id=984):
openat$kvm(0x0, &(0x7f0000000000), 0x72483, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x26ec, 0x2, 0xeeee8000, 0x1000, &(0x7f0000cce000/0x1000)=nil})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

20m21.793861644s ago: executing program 3 (id=985):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x24, 0x80a0000, 0x4})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0x8, 0x80800)
r5 = eventfd2(0x8, 0x80800)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x7ffffffffffffffe, 0xeeee0000, 0x8, r5})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000240)={0x7, 0x0, 0x4})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r4, 0x3})
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1c)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
r9 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r9, 0x4018aee2, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x33)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000bff000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r12, 0x1, 0x100)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r15, 0xae03, 0xf)

20m20.26102464s ago: executing program 2 (id=986):
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2a040, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd8)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x0, &(0x7f00000000c0)=0x10001})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x20)
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x12)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000100)={0x4, <r15=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r15, 0x4018aee3, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r15, 0x4018aee3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
close(r11)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0)
r16 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r16, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_ONE_REG(r16, 0x4010aeab, &(0x7f0000000000)=@arm64_fp={0x60400000001000ac, 0x0})
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)

19m35.450696677s ago: executing program 34 (id=985):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x24, 0x80a0000, 0x4})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0x8, 0x80800)
r5 = eventfd2(0x8, 0x80800)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x7ffffffffffffffe, 0xeeee0000, 0x8, r5})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000240)={0x7, 0x0, 0x4})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r4, 0x3})
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1c)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
r9 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r9, 0x4018aee2, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x33)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000bff000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r12, 0x1, 0x100)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r15, 0xae03, 0xf)

19m32.0794613s ago: executing program 35 (id=986):
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2a040, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd8)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x0, &(0x7f00000000c0)=0x10001})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x20)
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x12)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000100)={0x4, <r15=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r15, 0x4018aee3, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r15, 0x4018aee3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
close(r11)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0)
r16 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r16, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_ONE_REG(r16, 0x4010aeab, &(0x7f0000000000)=@arm64_fp={0x60400000001000ac, 0x0})
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)

13m27.667925564s ago: executing program 4 (id=987):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000000)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_ARM_VCPU_FINALIZE(r6, 0x4004aec2, &(0x7f0000000180)=0x4)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_sve_vls={0x606000000015ffff, &(0x7f00000000c0)=0x80000001})
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000bde000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x3, 0x3, 0x5, 0x91d, 0x1}}, @eret={0xe6, 0x18, 0x100}, @code={0xa, 0x84, {"0008c078000028d5000028d580f98fd200c0b0f2410080d2020080d2030080d2040180d2020000d400b8217e800c8bd20040b0f2610180d2a20180d2630180d2640180d2020000d4008008d520f992d20040b8f2e10080d2220180d2630080d2840180d2020000d4007008d500849f0d"}}, @mrs={0xbe, 0x18, {0x603000000013807f}}, @msr={0x14, 0x20, {0xd8c7e2af69a858c9, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x0, 0x9, 0x200, 0x1, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x2a4}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x0, 0x1, 0x9, 0x8, 0x4}}], 0x174}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
r12 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r11, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0)
r13 = eventfd2(0x0, 0x0)
close(r13)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r14 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)

13m19.137868366s ago: executing program 5 (id=988):
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
eventfd2(0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x3, 0xfffffffd}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

13m3.540929553s ago: executing program 4 (id=989):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffffffe)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)

13m2.572825147s ago: executing program 5 (id=990):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f00000001c0), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
close(0xffffffffffffffff)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x21)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r12, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r12, 0x0)
r13 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r14, 0x8, 0x13, r12, 0x0)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r9, 0x0)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r15, 0x3, 0x11, r13, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0xf3)
close(r1)
close(0x3)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)

12m52.778200571s ago: executing program 4 (id=991):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100010, &(0x7f0000000100)})

12m42.560669482s ago: executing program 5 (id=992):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

12m38.983179298s ago: executing program 4 (id=993):
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce4, &(0x7f0000000040)=0x2}) (async, rerun: 32)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000040)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000000)=0x8}) (async, rerun: 32)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)

12m28.919538868s ago: executing program 5 (id=994):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3c34bacf58cdc054, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f00000001c0), 0xf001)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
write$eventfd(r6, &(0x7f00000000c0)=0x8, 0x8)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000100), 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r12, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10})
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
r16 = eventfd2(0x4, 0x80801)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r16, 0x6, 0x2, r10})
r17 = syz_kvm_vgic_v3_setup(r7, 0x2, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r17, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f00000000c0)=0x4})
r18 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r18, 0xae01, 0x0)

12m27.442235839s ago: executing program 4 (id=995):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async, rerun: 64)
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (rerun: 64)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) (async, rerun: 32)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x4010aeb5, 0x0) (async)
r10 = eventfd2(0x0, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r10}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x8}) (async)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE(r12, 0x5452, &(0x7f0000000100)={0x1000020, 0x1}) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) (async, rerun: 32)
ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000100)={0x4, 0x1})
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x6000})

11m41.56326954s ago: executing program 36 (id=994):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3c34bacf58cdc054, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f00000001c0), 0xf001)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
write$eventfd(r6, &(0x7f00000000c0)=0x8, 0x8)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000100), 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r12, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10})
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
r16 = eventfd2(0x4, 0x80801)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r16, 0x6, 0x2, r10})
r17 = syz_kvm_vgic_v3_setup(r7, 0x2, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r17, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f00000000c0)=0x4})
r18 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r18, 0xae01, 0x0)

11m34.381156405s ago: executing program 37 (id=995):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async, rerun: 64)
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (rerun: 64)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) (async, rerun: 32)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x4010aeb5, 0x0) (async)
r10 = eventfd2(0x0, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r10}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x8}) (async)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE(r12, 0x5452, &(0x7f0000000100)={0x1000020, 0x1}) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) (async, rerun: 32)
ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000100)={0x4, 0x1})
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x6000})

2m34.78415594s ago: executing program 7 (id=1007):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100010, &(0x7f0000000100)})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x280080, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000040)={0x0, 0x0}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0, 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010004a, &(0x7f0000000000)=0x7f1})
r12 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x100000c, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x12)

2m21.441075936s ago: executing program 6 (id=1008):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x39)
r4 = eventfd2(0x8, 0x9504abfa9fefda90)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000001c0)={0x1, 0xeeef0000, 0x0, r4, 0x1})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1})
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r2, &(0x7f0000a9b000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000140)=[@svc={0x122, 0x40, {0x84000009, [0xa25, 0x100000000, 0x7ffffffffffffffc, 0x8, 0x8]}}, @smc={0x1e, 0x40, {0x8400000a, [0xfffffffffffffff0, 0x6, 0x1, 0x8000, 0x8]}}], 0x80}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000ae2000/0x400000)=nil)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m16.367943921s ago: executing program 7 (id=1009):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x2, 0xeeee0000, 0x0, r4, 0x2})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000040)={0x4, 0xd000, 0x8, r4, 0xa})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r4, 0x7ffffffe})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
close(r6)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8})
ioctl$KVM_GET_DEVICE_ATTR_vm(r6, 0x4018aee2, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, 0x0})

2m3.698462803s ago: executing program 6 (id=1010):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000b80)={0x0, &(0x7f0000000100)}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000b80)={0x0, &(0x7f0000000100)}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x6})
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000006c0)=[@hvc={0x32, 0x40, {0xc5000021, [0xfffffffffffffde5, 0x3ff, 0x1, 0x7, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1m56.428213064s ago: executing program 7 (id=1011):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1a)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000000)={0xffff1000, 0x110000, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x6)

1m45.36956701s ago: executing program 6 (id=1012):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2c)
ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000000400)={0x1fd, 0x380, 0x340, &(0x7f0000000000)=[0xb, 0x2, 0xb, 0x762c, 0x9, 0x3, 0x4, 0x8, 0x7, 0xfffffffffffffffc, 0x401, 0x4864, 0x7, 0x8, 0xc88, 0x0, 0x1000, 0xfff, 0x9, 0x3, 0x81, 0xfff, 0x0, 0x6, 0x3, 0xb645, 0x2, 0x4, 0x9, 0x4f, 0x3, 0x2, 0x9, 0x3a2, 0x200, 0xc839, 0xf2, 0x6, 0xd, 0x0, 0x3ff, 0xe3fa, 0x0, 0x8000000000000001, 0x1, 0x4, 0x7, 0x6, 0x2, 0x200, 0x7c3ea490, 0x8000000000000000, 0x8000, 0x2, 0x7, 0x3, 0xee, 0x1, 0x2f, 0x5, 0x6, 0x3, 0x2, 0x7, 0x7, 0x7fff, 0x9, 0x7, 0xf, 0x5, 0x8, 0xf, 0x7fff, 0x102000000000, 0x3, 0x64c, 0x1, 0x6, 0x40, 0x7, 0x5, 0x4, 0x9, 0x6, 0x400, 0xe, 0x11, 0x400, 0x1, 0x2, 0x10000, 0x0, 0x101, 0x48b, 0x2, 0x10000, 0x4, 0x6, 0xf56, 0x4, 0x96c, 0x6, 0x100, 0x3, 0xaff, 0x1, 0x8, 0x8, 0xe4, 0x0, 0x3ff, 0x9, 0x800, 0x5, 0xfffffffffffffffd, 0x97d, 0x7, 0x7, 0x80000001, 0x10, 0x2, 0x2, 0x3, 0x3, 0x9, 0x400, 0x0, 0x8000]})
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000440)={0x2, 0x800}) (async)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r2, 0x4018aee3, &(0x7f00000004c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000480)={0x4, 0x8, 0x2}}) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000500)={0xc0, 0x0, 0x4000}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000580)={0x10000, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
r3 = eventfd2(0xc, 0x1)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f00000005c0)={0xf, 0x10000, 0x0, r3, 0x2}) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000600)={0xa8, 0x0, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000680)={0x1fe, 0x2, 0xdddd0000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000700)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000006c0)={0x9c3, 0x7}}) (async)
r4 = eventfd2(0x5, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000740)={r2, 0x3, 0x3, r4}) (async)
r5 = eventfd2(0x0, 0x80000)
write$eventfd(r5, &(0x7f0000000780)=0x59ea00000, 0x8) (async)
eventfd2(0x1, 0x80000)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r0, 0x4068aea3, &(0x7f00000007c0))
syz_kvm_vgic_v3_setup(r0, 0x3, 0x200) (async)
r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000880)={0x0, &(0x7f0000000840)=[@irq_setup={0x46, 0x18, {0x0, 0x2bf}}, @mrs={0xbe, 0x18, {0x603000000013c113}}], 0x30}, &(0x7f00000008c0)=[@featur1={0x1, 0x17}], 0x1)
syz_kvm_setup_cpu$arm64(r0, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000980)=[{0x0, &(0x7f0000000900)=[@mrs={0xbe, 0x18, {0x6030000000138047}}, @svc={0x122, 0x40, {0x80000000, [0x7, 0xfffffffffffffffb, 0xfffffffffffff06b, 0x244, 0xb]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x5, 0x8, 0x4}}], 0x80}], 0x1, 0x0, &(0x7f00000009c0)=[@featur1={0x1, 0x56}], 0x1)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a00), 0x8001, 0x0)
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f0000000a80)=@arm64_fp={0x60400000001000bf, &(0x7f0000000a40)=0x1}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x900, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) (async)
ioctl$KVM_CAP_ARM_USER_IRQ(r1, 0x4068aea3, &(0x7f0000000b00)) (async)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000b80)={0x1, 0x0, [{0xf4, 0x5, 0x1, 0x0, @msi={0x4c1, 0x8, 0x0, 0xe51e}}]}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000bc0)={0x1, 0x4, 0xeeef0000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_RESET_DIRTY_RINGS(r0, 0xaec7)

1m43.444735257s ago: executing program 7 (id=1013):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, 0x0)
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x80087601, 0x1)
r10 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
ioctl$KVM_SET_SREGS(r8, 0x4000ae84, &(0x7f0000000100)={{0x8000000, 0xeeef0000, 0x9, 0x7, 0xf8, 0xbc, 0x7, 0x8, 0x9, 0x2, 0x7, 0xff}, {0x6000, 0x80bf004, 0x4, 0x7f, 0x10, 0x8, 0x2, 0xee, 0x3, 0x9, 0x6, 0x2}, {0x7f770000, 0x6000, 0xb, 0x8c, 0x10, 0x8, 0x89, 0xc, 0xa, 0x8, 0x6}, {0x2, 0x0, 0x3, 0x0, 0x2, 0x10, 0x1, 0x1, 0xc, 0x2, 0x63, 0x8}, {0xffff1000, 0x4000, 0xb, 0x5, 0x0, 0x2, 0xba, 0x7, 0x0, 0x0, 0x1, 0x1}, {0x3000, 0x10000, 0xc, 0xc, 0xa, 0x79, 0x7c, 0x2, 0x5, 0x2, 0x2, 0x8}, {0x3000, 0xeeee8000, 0x12, 0x9, 0x9, 0x8, 0x0, 0x4f, 0x80, 0x40, 0x8, 0x7}, {0x2, 0x8000000, 0xc, 0x3, 0x1, 0x2c, 0x5, 0x9, 0x6, 0x2, 0x4, 0xb}, {0x8000000, 0x7}, {0x2000, 0x3}, 0x20, 0x0, 0x10000, 0x2, 0x0, 0x18001, 0x2, [0x0, 0x7, 0x8]})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x302, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013df19, 0x9}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0xb)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)

1m31.685828718s ago: executing program 6 (id=1014):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2c)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x21)
r8 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r11, 0xc008aeb0, &(0x7f0000000000))
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r7, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x800})
r12 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013df19, 0x8003}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x0, 0x9, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, 0xffffffffffffffff, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r14, 0x80086601, 0x20000000)

1m18.770110142s ago: executing program 7 (id=1015):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_GET_REGS(r3, 0x8360ae81, &(0x7f0000000040))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r6, 0x400454cc, 0xffffffffffffffff)

1m7.040423518s ago: executing program 6 (id=1016):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000001c0)=[@its_setup={0x82, 0x28, {0x3, 0x3, 0x181}}, @code={0xa, 0x84, {"0080c0880078202e407888d200a0b8f2c10080d2220080d2a30180d2c40080d2020000d4400181d200a0b0f2210080d2020080d2030180d2440180d2020000d4008008d560e992d200c0b0f2010180d2620180d2e30180d2840180d2020000d4000008d50000403c0000311e0048210e"}}, @svc={0x122, 0x40, {0xc4000012, [0x2, 0x100, 0x7f, 0xc113, 0x8000000000000001]}}, @hvc={0x32, 0x40, {0x1, [0x6, 0x4, 0x4, 0x6, 0x5b9]}}, @hvc={0x32, 0x40, {0x80000001, [0x1, 0x8, 0x9, 0x7, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013c640}}, @hvc={0x32, 0x40, {0x200, [0x66cb, 0x4c5, 0x0, 0xae, 0x81f7]}}, @code={0xa, 0xe4, {"0010201ea0749ed200c0b0f2210080d2e20080d2630080d2240180d2020000d4001b99d20060b0f2c10180d2420180d2830180d2e40080d2020000d4801481d200e0b0f2410180d2420080d2030180d2840080d2020000d420289cd20000b0f2810180d2a20180d2630080d2c40080d2020000d4204e8ed20080b0f2810080d2a20180d2030080d2840180d2020000d4e0cb93d200c0b8f2610080d2420080d2830080d2640080d2020000d4007008d540f18dd20020b0f2410180d2220180d2a30080d2840180d2020000d4000440fc"}}, @code={0xa, 0xb4, {"201e8fd200c0b0f2410180d2620180d2630080d2040180d2020000d4007008d5e03d9ed200e0b8f2610180d2620080d2230180d2840080d2020000d4e0b09cd20000b0f2e10180d2620080d2630180d2840180d2020000d4e0db83d20060b0f2810080d2220180d2830080d2c40180d2020000d4007008d50000002d40699cd20000b8f2610080d2620180d2230180d2640080d2020000d4007008d5007008d5"}}, @msr={0x14, 0x20, {0x603000000013c112, 0xfffffffffffffff0}}, @eret={0xe6, 0x18, 0x5c2}], 0x394}], 0x1, 0x0, &(0x7f0000000040)=[@featur1={0x1, 0x16f}], 0x1) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f00000000c0)={0xffff1000, 0x6000, 0x1})
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async)
r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xc5000020, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1m1.739719845s ago: executing program 7 (id=1017):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f0000000000))
ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f0000000200)={0x2, [0xcf, 0xf97]})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, 0x0, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, 0x0)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_USER_IRQ(r8, 0x4068aea3, &(0x7f0000000140))
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x34)
ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x0, 0x2}})
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r14})
r15 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x29)
r17 = ioctl$KVM_CREATE_VCPU(r16, 0xae41, 0x1)
r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r15, 0xae04)
r19 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r18, 0x2, 0x12, r17, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r19, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48)
munmap(&(0x7f000000e000/0x1000)=nil, 0x1000)
close(r13)

50.123320008s ago: executing program 6 (id=1018):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x9)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x3, 0x7ffffffd}})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x5d)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x77)
r8 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r10, 0xc018aec0, &(0x7f0000000000)={0x0, 0x100, 0x1c0, 0x0})
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c021, &(0x7f0000000140)=0x9})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000100)={0x4, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x1, 0x2, 0x0})

14.221260883s ago: executing program 38 (id=1017):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f0000000000))
ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f0000000200)={0x2, [0xcf, 0xf97]})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, 0x0, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, 0x0)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_USER_IRQ(r8, 0x4068aea3, &(0x7f0000000140))
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x34)
ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x0, 0x2}})
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r14})
r15 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x29)
r17 = ioctl$KVM_CREATE_VCPU(r16, 0xae41, 0x1)
r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r15, 0xae04)
r19 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r18, 0x2, 0x12, r17, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r19, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48)
munmap(&(0x7f000000e000/0x1000)=nil, 0x1000)
close(r13)

0s ago: executing program 39 (id=1018):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x9)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x3, 0x7ffffffd}})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x5d)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x77)
r8 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r10, 0xc018aec0, &(0x7f0000000000)={0x0, 0x100, 0x1c0, 0x0})
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c021, &(0x7f0000000140)=0x9})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000100)={0x4, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x1, 0x2, 0x0})

kernel console output (not intermixed with test programs):

[  383.403535][ T3156] 8021q: adding VLAN 0 to HW filter on device bond0
[  431.422847][ T3156] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:62210' (ED25519) to the list of known hosts.
[  591.138257][   T25] audit: type=1400 audit(590.380:61): avc:  denied  { name_bind } for  pid=3314 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  592.075038][   T25] audit: type=1400 audit(591.320:62): avc:  denied  { execute } for  pid=3315 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  592.098722][   T25] audit: type=1400 audit(591.330:63): avc:  denied  { execute_no_trans } for  pid=3315 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  611.711794][   T25] audit: type=1400 audit(610.950:64): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  611.746209][   T25] audit: type=1400 audit(610.990:65): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  611.827614][ T3315] cgroup: Unknown subsys name 'net'
[  611.877984][   T25] audit: type=1400 audit(611.120:66): avc:  denied  { unmount } for  pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  612.284677][ T3315] cgroup: Unknown subsys name 'cpuset'
[  612.387084][ T3315] cgroup: Unknown subsys name 'rlimit'
[  613.304456][   T25] audit: type=1400 audit(612.550:67): avc:  denied  { setattr } for  pid=3315 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  613.327545][   T25] audit: type=1400 audit(612.560:68): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  613.362634][   T25] audit: type=1400 audit(612.580:69): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  614.934697][ T3318] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  614.954943][   T25] audit: type=1400 audit(614.190:70): avc:  denied  { relabelto } for  pid=3318 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  614.979321][   T25] audit: type=1400 audit(614.210:71): avc:  denied  { write } for  pid=3318 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  615.158135][   T25] audit: type=1400 audit(614.400:72): avc:  denied  { read } for  pid=3315 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  615.175677][   T25] audit: type=1400 audit(614.410:73): avc:  denied  { open } for  pid=3315 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  615.223495][ T3315] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  665.404596][   T25] audit: type=1400 audit(664.650:74): avc:  denied  { execmem } for  pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  670.127384][   T25] audit: type=1400 audit(669.370:75): avc:  denied  { read } for  pid=3321 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  670.156184][   T25] audit: type=1400 audit(669.390:77): avc:  denied  { open } for  pid=3321 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  670.163865][   T25] audit: type=1400 audit(669.390:76): avc:  denied  { read } for  pid=3322 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  670.182934][   T25] audit: type=1400 audit(669.420:78): avc:  denied  { open } for  pid=3322 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  670.242050][   T25] audit: type=1400 audit(669.480:79): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  670.485487][   T25] audit: type=1400 audit(669.730:80): avc:  denied  { module_request } for  pid=3322 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  670.513094][   T25] audit: type=1400 audit(669.750:81): avc:  denied  { module_request } for  pid=3321 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  671.615330][   T25] audit: type=1400 audit(670.850:82): avc:  denied  { sys_module } for  pid=3321 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  695.307862][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  695.466712][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  696.975911][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  697.196946][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  712.947546][ T3321] hsr_slave_0: entered promiscuous mode
[  712.976481][ T3321] hsr_slave_1: entered promiscuous mode
[  714.314426][ T3322] hsr_slave_0: entered promiscuous mode
[  714.344699][ T3322] hsr_slave_1: entered promiscuous mode
[  714.375641][ T3322] debugfs: 'hsr0' already exists in 'hsr'
[  714.382140][ T3322] Cannot create hsr debugfs directory
[  719.348076][   T25] audit: type=1400 audit(718.590:83): avc:  denied  { create } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  719.383900][   T25] audit: type=1400 audit(718.620:84): avc:  denied  { write } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  719.448937][   T25] audit: type=1400 audit(718.690:85): avc:  denied  { read } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  719.595038][ T3321] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  720.066695][ T3321] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  720.296516][ T3321] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  720.586349][ T3321] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  722.079613][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  722.254720][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  722.398631][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  722.565017][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  735.033566][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0
[  737.586294][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0
[  792.206565][ T3321] veth0_vlan: entered promiscuous mode
[  792.667711][ T3321] veth1_vlan: entered promiscuous mode
[  794.495854][ T3321] veth0_macvtap: entered promiscuous mode
[  794.825269][ T3321] veth1_macvtap: entered promiscuous mode
[  795.083713][ T3322] veth0_vlan: entered promiscuous mode
[  795.943411][ T3322] veth1_vlan: entered promiscuous mode
[  797.332884][ T3444] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  797.491660][ T3373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  797.508390][ T3373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  797.542965][ T3373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  799.123387][ T3322] veth0_macvtap: entered promiscuous mode
[  799.764659][ T3322] veth1_macvtap: entered promiscuous mode
[  799.843451][   T25] audit: type=1400 audit(799.080:86): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  800.004659][   T25] audit: type=1400 audit(799.230:87): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/syzkaller.LrOII2/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  800.145382][   T25] audit: type=1400 audit(799.340:88): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  800.378188][   T25] audit: type=1400 audit(799.620:89): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/syzkaller.LrOII2/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  800.565266][   T25] audit: type=1400 audit(799.800:90): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/syzkaller.LrOII2/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3771 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  801.377595][   T25] audit: type=1400 audit(800.620:91): avc:  denied  { unmount } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  801.593536][   T25] audit: type=1400 audit(800.830:92): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  801.673578][ T3373] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  801.679773][ T3373] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  801.714971][ T3373] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  801.737876][   T25] audit: type=1400 audit(800.910:93): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="gadgetfs" ino=3780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  801.749814][ T3444] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  801.993052][   T25] audit: type=1400 audit(801.220:94): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  802.097061][   T25] audit: type=1400 audit(801.340:95): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  803.635018][ T3321] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  804.902107][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  804.902889][   T25] audit: type=1400 audit(804.120:97): avc:  denied  { read write } for  pid=3321 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  804.903754][   T25] audit: type=1400 audit(804.140:98): avc:  denied  { open } for  pid=3321 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  804.992162][   T25] audit: type=1400 audit(804.140:99): avc:  denied  { ioctl } for  pid=3321 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  813.602741][   T25] audit: type=1400 audit(812.820:100): avc:  denied  { read write } for  pid=3475 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  813.646844][   T25] audit: type=1400 audit(812.890:101): avc:  denied  { open } for  pid=3475 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  814.014727][   T25] audit: type=1400 audit(813.260:102): avc:  denied  { ioctl } for  pid=3475 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  851.223781][   T25] audit: type=1400 audit(850.450:103): avc:  denied  { append } for  pid=3499 comm="syz.0.9" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  852.636146][   T25] audit: type=1400 audit(851.830:104): avc:  denied  { execute } for  pid=3499 comm="syz.0.9" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4259 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  962.305912][ T3565] kvm [3565]: Failed to find VMA for hva 0x20c01000
[  967.388060][   T25] audit: type=1400 audit(966.600:105): avc:  denied  { ioctl } for  pid=3567 comm="syz.1.27" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1421.431455][   T25] audit: type=1400 audit(1420.670:106): avc:  denied  { map } for  pid=3847 comm="syz.0.118" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1421.641555][   T25] audit: type=1400 audit(1420.740:107): avc:  denied  { execute } for  pid=3847 comm="syz.0.118" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1481.128073][ T3883] kvm [3881]: Unsupported guest access at: eeef0000
[ 1481.128073][ T3883]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 1663.236980][   T25] audit: type=1400 audit(1662.440:108): avc:  denied  { setattr } for  pid=3995 comm="syz.0.163" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1725.718160][ T4028] kvm [4028]: Failed to find VMA for hva 0x20dd3000
[ 1982.165377][ T4183] kvm [4183]: Failed to find VMA for hva 0x20c01000
[ 2175.606116][ T4297] kvm [4297]: Failed to find VMA for hva 0x20de5000
[ 2323.862612][ T4382] kvm [4382]: Failed to find VMA for hva 0x20df0000
[ 2382.039912][ T4420] kvm [4420]: Failed to find VMA for hva 0x20c01000
[ 2461.385455][ T4476] kvm [4476]: Failed to find VMA for hva 0x20c01000
[ 2619.488908][ T4582] kvm [4582]: Failed to find VMA for hva 0x21016000
[ 2719.934532][   T25] audit: type=1400 audit(2719.170:109): avc:  denied  { map } for  pid=4643 comm="syz.1.371" path="pipe:[2798]" dev="pipefs" ino=2798 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 3099.975018][ T3444] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3102.056671][ T3444] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3102.944519][ T3444] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3103.788143][ T3444] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3118.013040][ T3444] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3118.204768][ T3444] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3118.294128][ T3444] bond0 (unregistering): Released all slaves
[ 3120.859347][ T3444] hsr_slave_0: left promiscuous mode
[ 3120.926760][ T3444] hsr_slave_1: left promiscuous mode
[ 3121.773235][ T3444] veth1_macvtap: left promiscuous mode
[ 3121.814058][ T3444] veth0_macvtap: left promiscuous mode
[ 3121.843598][ T3444] veth1_vlan: left promiscuous mode
[ 3121.876016][ T3444] veth0_vlan: left promiscuous mode
[ 3140.916760][ T3444] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3142.096985][ T3444] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3143.076345][ T3444] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3144.064184][ T3444] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3156.876556][ T3444] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3157.007579][ T3444] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3157.114337][ T3444] bond0 (unregistering): Released all slaves
[ 3158.433368][ T3444] hsr_slave_0: left promiscuous mode
[ 3158.593209][ T3444] hsr_slave_1: left promiscuous mode
[ 3158.821862][ T3444] veth1_macvtap: left promiscuous mode
[ 3158.823107][ T3444] veth0_macvtap: left promiscuous mode
[ 3158.837648][ T3444] veth1_vlan: left promiscuous mode
[ 3158.843128][ T3444] veth0_vlan: left promiscuous mode
[ 3197.627386][ T4852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3197.862603][ T4852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3199.779664][ T4856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3200.015585][ T4856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3219.217964][ T4852] hsr_slave_0: entered promiscuous mode
[ 3219.269203][ T4852] hsr_slave_1: entered promiscuous mode
[ 3221.244859][ T4856] hsr_slave_0: entered promiscuous mode
[ 3221.298163][ T4856] hsr_slave_1: entered promiscuous mode
[ 3221.364989][ T4856] debugfs: 'hsr0' already exists in 'hsr'
[ 3221.374287][ T4856] Cannot create hsr debugfs directory
[ 3231.475622][ T4852] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 3231.929364][ T4852] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 3232.269098][ T4852] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 3232.746534][ T4852] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 3237.088643][ T4856] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 3237.496803][ T4856] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 3237.919375][ T4856] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 3238.335814][ T4856] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 3262.938625][ T4852] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3266.675463][ T4856] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3356.704225][ T4852] veth0_vlan: entered promiscuous mode
[ 3357.613800][ T4852] veth1_vlan: entered promiscuous mode
[ 3361.943039][ T4856] veth0_vlan: entered promiscuous mode
[ 3362.525924][ T4852] veth0_macvtap: entered promiscuous mode
[ 3363.534751][ T4852] veth1_macvtap: entered promiscuous mode
[ 3364.242624][ T4856] veth1_vlan: entered promiscuous mode
[ 3368.435010][ T4858] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3368.438688][ T4858] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3368.439793][ T4858] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3368.442156][ T4858] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3369.985026][ T4856] veth0_macvtap: entered promiscuous mode
[ 3371.133405][ T4856] veth1_macvtap: entered promiscuous mode
[ 3373.141509][   T25] audit: type=1400 audit(3372.380:110): avc:  denied  { mounton } for  pid=4852 comm="syz-executor" path="/syzkaller.lc2H13/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 3376.282030][ T3367] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3376.286425][ T3367] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3376.306329][ T3367] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3376.392800][ T3367] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3765.814679][ T5325] kvm [5324]: Unsupported guest access at: eeef0000
[ 3765.814679][ T5325]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_read },
[ 3878.927587][ T5398] kvm [5398]: Failed to find VMA for hva 0x20c01000
[ 3879.024630][ T5401] kvm [5401]: Failed to find VMA for hva 0x20c01000
[ 5394.853106][ T6199] kvm [6199]: Failed to find VMA for hva 0x20d8d000
[ 5508.486921][ T6260] kvm [6260]: Failed to find VMA for hva 0x20c01000
[ 5609.269045][   T25] audit: type=1400 audit(5608.430:111): avc:  denied  { execute } for  pid=6323 comm="syz.3.770" path="/172/T" dev="tmpfs" ino=880 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 5629.943741][ T6335] kvm [6335]: Failed to find VMA for hva 0x20dd0000
[ 5815.194217][ T6452] kvm [6452]: Failed to find VMA for hva 0x21016000
[ 6519.857736][ T6835] kvm [6835]: Failed to find VMA for hva 0x21016000
[ 6754.515461][ T6964] FAULT_INJECTION: forcing a failure.
[ 6754.515461][ T6964] name failslab, interval 1, probability 0, space 0, times 1
[ 6754.593199][ T6964] CPU: 0 UID: 0 PID: 6964 Comm: syz.2.958 Not tainted syzkaller #0 PREEMPT 
[ 6754.593909][ T6964] Hardware name: linux,dummy-virt (DT)
[ 6754.594399][ T6964] Call trace:
[ 6754.594850][ T6964]  show_stack+0x2c/0x3c (C)
[ 6754.596783][ T6964]  __dump_stack+0x30/0x40
[ 6754.597125][ T6964]  dump_stack_lvl+0xd8/0x12c
[ 6754.597431][ T6964]  dump_stack+0x1c/0x28
[ 6754.597651][ T6964]  should_fail_ex+0x570/0x6e0
[ 6754.597902][ T6964]  should_failslab+0xb8/0xec
[ 6754.598152][ T6964]  __kmalloc_noprof+0xdc/0x4b8
[ 6754.598413][ T6964]  tomoyo_realpath_from_path+0xdc/0x628
[ 6754.598658][ T6964]  tomoyo_path_number_perm+0x13c/0x33c
[ 6754.598960][ T6964]  tomoyo_file_ioctl+0x2c/0x3c
[ 6754.599202][ T6964]  security_file_ioctl+0xe8/0x2f0
[ 6754.599463][ T6964]  __arm64_sys_ioctl+0xd0/0x244
[ 6754.599728][ T6964]  invoke_syscall+0x90/0x2b4
[ 6754.600018][ T6964]  el0_svc_common+0x180/0x2f4
[ 6754.600329][ T6964]  do_el0_svc+0x58/0x74
[ 6754.600615][ T6964]  el0_svc+0x58/0x164
[ 6754.600903][ T6964]  el0t_64_sync_handler+0x84/0x12c
[ 6754.601164][ T6964]  el0t_64_sync+0x198/0x19c
[ 6754.931393][ T6964] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 6778.957429][ T6976] FAULT_INJECTION: forcing a failure.
[ 6778.957429][ T6976] name failslab, interval 1, probability 0, space 0, times 0
[ 6778.972141][ T6976] CPU: 0 UID: 0 PID: 6976 Comm: syz.2.963 Not tainted syzkaller #0 PREEMPT 
[ 6778.972558][ T6976] Hardware name: linux,dummy-virt (DT)
[ 6778.972666][ T6976] Call trace:
[ 6778.972743][ T6976]  show_stack+0x2c/0x3c (C)
[ 6778.973138][ T6976]  __dump_stack+0x30/0x40
[ 6778.973365][ T6976]  dump_stack_lvl+0xd8/0x12c
[ 6778.973584][ T6976]  dump_stack+0x1c/0x28
[ 6778.973774][ T6976]  should_fail_ex+0x570/0x6e0
[ 6778.974003][ T6976]  should_failslab+0xb8/0xec
[ 6778.974268][ T6976]  __kmalloc_noprof+0xdc/0x4b8
[ 6778.974500][ T6976]  tomoyo_encode+0x27c/0x4ec
[ 6778.974725][ T6976]  tomoyo_realpath_from_path+0x5bc/0x628
[ 6778.974954][ T6976]  tomoyo_path_number_perm+0x13c/0x33c
[ 6778.975264][ T6976]  tomoyo_file_ioctl+0x2c/0x3c
[ 6778.975504][ T6976]  security_file_ioctl+0xe8/0x2f0
[ 6778.975745][ T6976]  __arm64_sys_ioctl+0xd0/0x244
[ 6778.975997][ T6976]  invoke_syscall+0x90/0x2b4
[ 6778.976290][ T6976]  el0_svc_common+0x180/0x2f4
[ 6778.976587][ T6976]  do_el0_svc+0x58/0x74
[ 6778.976893][ T6976]  el0_svc+0x58/0x164
[ 6778.977140][ T6976]  el0t_64_sync_handler+0x84/0x12c
[ 6778.977392][ T6976]  el0t_64_sync+0x198/0x19c
[ 6779.053799][ T6976] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 7008.044858][ T5648] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7008.706668][ T5648] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7009.835960][ T5648] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7010.906229][ T5648] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7024.667538][ T5648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 7024.767736][ T5648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 7024.879215][ T5648] bond0 (unregistering): Released all slaves
[ 7026.217348][ T5648] hsr_slave_0: left promiscuous mode
[ 7026.253867][ T5648] hsr_slave_1: left promiscuous mode
[ 7026.884442][ T5648] veth1_macvtap: left promiscuous mode
[ 7026.887752][ T5648] veth0_macvtap: left promiscuous mode
[ 7026.903601][ T5648] veth1_vlan: left promiscuous mode
[ 7026.923559][ T5648] veth0_vlan: left promiscuous mode
[ 7051.308623][ T5648] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7052.528064][ T5648] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7054.376954][ T5648] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7055.555450][ T5648] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7073.146045][ T5648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 7073.215287][ T5648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 7073.293848][ T5648] bond0 (unregistering): Released all slaves
[ 7075.252638][ T5648] hsr_slave_0: left promiscuous mode
[ 7075.455650][ T5648] hsr_slave_1: left promiscuous mode
[ 7075.911885][ T5648] veth1_macvtap: left promiscuous mode
[ 7075.916905][ T5648] veth0_macvtap: left promiscuous mode
[ 7075.925197][ T5648] veth1_vlan: left promiscuous mode
[ 7075.945029][ T5648] veth0_vlan: left promiscuous mode
[ 7091.806396][ T7058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7092.116143][ T7058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7104.924136][ T7061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7105.222971][ T7061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7121.747524][ T7058] hsr_slave_0: entered promiscuous mode
[ 7121.864914][ T7058] hsr_slave_1: entered promiscuous mode
[ 7131.639021][ T7061] hsr_slave_0: entered promiscuous mode
[ 7131.659826][ T7061] hsr_slave_1: entered promiscuous mode
[ 7131.705233][ T7061] debugfs: 'hsr0' already exists in 'hsr'
[ 7131.708103][ T7061] Cannot create hsr debugfs directory
[ 7136.381968][ T7058] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 7137.512460][ T7058] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 7138.293095][ T7058] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 7138.577032][ T7058] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 7146.774847][ T7061] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 7147.183978][ T7061] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 7147.517079][ T7061] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 7147.823599][ T7061] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 7168.728766][ T7058] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7177.439134][ T7061] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7300.133346][ T7058] veth0_vlan: entered promiscuous mode
[ 7301.185117][ T7058] veth1_vlan: entered promiscuous mode
[ 7304.834362][ T7058] veth0_macvtap: entered promiscuous mode
[ 7305.493427][ T7058] veth1_macvtap: entered promiscuous mode
[ 7310.428806][ T7061] veth0_vlan: entered promiscuous mode
[ 7310.554340][ T7191] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7310.572176][ T7191] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7310.587991][ T7191] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7310.594830][ T7191] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7312.398374][ T7061] veth1_vlan: entered promiscuous mode
[ 7317.328323][ T7061] veth0_macvtap: entered promiscuous mode
[ 7318.155944][ T7061] veth1_macvtap: entered promiscuous mode
[ 7321.614711][ T5469] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7321.626426][ T5469] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7321.715336][ T7184] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7321.735357][ T7184] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7455.598755][ T6569] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7457.527722][ T6569] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7459.529944][ T6569] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7461.337690][ T6569] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7484.472443][ T6569] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 7484.962047][ T6569] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 7485.275112][ T6569] bond0 (unregistering): Released all slaves
[ 7487.785888][ T6569] hsr_slave_0: left promiscuous mode
[ 7487.892502][ T6569] hsr_slave_1: left promiscuous mode
[ 7488.681366][ T6569] veth1_macvtap: left promiscuous mode
[ 7488.682656][ T6569] veth0_macvtap: left promiscuous mode
[ 7488.686004][ T6569] veth1_vlan: left promiscuous mode
[ 7488.687424][ T6569] veth0_vlan: left promiscuous mode
[ 7517.389188][ T6569] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7519.427041][ T6569] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7520.997794][ T6569] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7522.657366][ T6569] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7544.807123][ T6569] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 7545.137973][ T6569] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 7545.316801][ T6569] bond0 (unregistering): Released all slaves
[ 7548.053606][ T6569] hsr_slave_0: left promiscuous mode
[ 7548.327829][ T6569] hsr_slave_1: left promiscuous mode
[ 7548.901641][ T6569] veth1_macvtap: left promiscuous mode
[ 7548.914078][ T6569] veth0_macvtap: left promiscuous mode
[ 7548.918570][ T6569] veth1_vlan: left promiscuous mode
[ 7548.935911][ T6569] veth0_vlan: left promiscuous mode
[ 7607.077050][ T7361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7607.955512][ T7361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7608.116654][ T7358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7608.984212][ T7358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7635.916696][ T7361] hsr_slave_0: entered promiscuous mode
[ 7635.959832][ T7361] hsr_slave_1: entered promiscuous mode
[ 7639.658676][ T7358] hsr_slave_0: entered promiscuous mode
[ 7639.755260][ T7358] hsr_slave_1: entered promiscuous mode
[ 7639.853004][ T7358] debugfs: 'hsr0' already exists in 'hsr'
[ 7639.856203][ T7358] Cannot create hsr debugfs directory
[ 7660.503590][ T7361] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 7661.401291][ T7361] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 7661.738990][ T7361] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 7662.439369][ T7361] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 7667.938647][ T7358] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 7668.507341][ T7358] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 7668.988445][ T7358] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 7669.585966][ T7358] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 7694.785937][ T7361] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7701.512153][ T7358] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7846.484202][ T7361] veth0_vlan: entered promiscuous mode
[ 7847.793528][ T7361] veth1_vlan: entered promiscuous mode
[ 7853.186842][ T7361] veth0_macvtap: entered promiscuous mode
[ 7853.474360][ T7358] veth0_vlan: entered promiscuous mode
[ 7854.586694][ T7361] veth1_macvtap: entered promiscuous mode
[ 7855.864293][ T7358] veth1_vlan: entered promiscuous mode
[ 7860.774488][ T4189] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7860.778267][ T4189] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7860.977599][ T4189] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7860.983509][ T4189] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7862.387922][ T7358] veth0_macvtap: entered promiscuous mode
[ 7863.606756][ T7358] veth1_macvtap: entered promiscuous mode
[ 7868.703312][ T7288] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7868.874498][ T7191] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7868.879019][ T7191] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7869.021704][ T7191] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 8263.565465][ T7735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 8264.068727][ T7735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 8281.976367][ T7743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 8282.514430][ T7743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 8317.274636][ T7735] hsr_slave_0: entered promiscuous mode
[ 8317.416209][ T7735] hsr_slave_1: entered promiscuous mode
[ 8317.459795][ T7735] debugfs: 'hsr0' already exists in 'hsr'
[ 8317.592378][ T7735] Cannot create hsr debugfs directory
[ 8339.804523][ T7743] hsr_slave_0: entered promiscuous mode
[ 8339.898348][ T7743] hsr_slave_1: entered promiscuous mode
[ 8340.073194][ T7743] debugfs: 'hsr0' already exists in 'hsr'
[ 8340.076944][ T7743] Cannot create hsr debugfs directory
[ 8353.992854][ T7735] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 8354.729701][ T7735] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 8356.001872][ T7735] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 8357.139790][ T7735] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 8379.867764][ T7743] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 8380.838831][ T7743] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 8381.573857][ T7743] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 8382.575539][ T7743] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 8417.949653][ T7735] 8021q: adding VLAN 0 to HW filter on device bond0
[ 8436.377964][ T7743] 8021q: adding VLAN 0 to HW filter on device bond0
[ 8536.919498][   T27] INFO: task syz.6.1018:7718 blocked for more than 430 seconds.
[ 8536.921857][   T27]       Not tainted syzkaller #0
[ 8536.922640][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 8536.923125][   T27] task:syz.6.1018      state:D stack:0     pid:7718  tgid:7718  ppid:7358   task_flags:0x400040 flags:0x00000019
[ 8536.924235][   T27] Call trace:
[ 8536.924634][   T27]  __switch_to+0x584/0xb20 (T)
[ 8536.925207][   T27]  __schedule+0x1eec/0x33a4
[ 8536.925707][   T27]  schedule+0xac/0x27c
[ 8536.926156][   T27]  schedule_timeout+0x5c/0x1e4
[ 8536.926588][   T27]  do_wait_for_common+0x28c/0x444
[ 8536.926962][   T27]  wait_for_completion+0x44/0x5c
[ 8536.927449][   T27]  __synchronize_srcu+0x2a4/0x320
[ 8536.927888][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 8536.928331][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 8536.928770][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 8536.929197][   T27]  kvm_vm_release+0x58/0x78
[ 8536.929668][   T27]  __fput+0x4ac/0x980
[ 8537.086745][   T27]  ____fput+0x20/0x58
[ 8537.087352][   T27]  task_work_run+0x1bc/0x254
[ 8537.087795][   T27]  do_notify_resume+0x1bc/0x270
[ 8537.088226][   T27]  el0_svc+0xb8/0x164
[ 8537.088682][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 8537.089139][   T27]  el0t_64_sync+0x198/0x19c
[ 8537.212606][   T27] 
[ 8537.212606][   T27] Showing all locks held in the system:
[ 8537.241774][   T27] 1 lock held by khungtaskd/27:
[ 8537.242512][   T27]  #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 8537.245046][   T27] 2 locks held by getty/3184:
[ 8537.245453][   T27]  #0: e5f0000011c4a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 8537.247032][   T27]  #1: ecff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 8537.248652][   T27] 1 lock held by sshd-session/3314:
[ 8537.248997][   T27] 2 locks held by syz-executor/3315:
[ 8537.249330][   T27] 3 locks held by kworker/u4:3/4189:
[ 8537.249638][   T27] 3 locks held by kworker/u4:9/4872:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 8537.462083][   T27] 2 locks held by kworker/u4:0/5648:
[ 8537.462862][   T27] 3 locks held by kworker/u4:6/7063:
[ 8537.463219][   T27] 3 locks held by kworker/u4:10/7184:
[ 8537.463554][   T27] 2 locks held by kworker/u4:11/7191:
[ 8537.463835][   T27]  #0: c7f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 8537.465530][   T27]  #1: ffff80008e8c7c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 8537.467158][   T27] 2 locks held by syz.7.1017/7712:
[ 8537.467513][   T27] 3 locks held by kworker/u4:8/7742:
[ 8537.467851][   T27] 3 locks held by kworker/u4:14/7865:
[ 8537.468138][   T27] 2 locks held by kworker/u4:15/7882:
[ 8537.468445][   T27]  #0: c7f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 8537.602422][   T27]  #1: ffff80008fce7c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 8537.604281][   T27] 1 lock held by modprobe/7919:
[ 8537.604617][   T27] 1 lock held by modprobe/7920:
[ 8537.671733][   T27] 
[ 8537.672307][   T27] =============================================
[ 8537.672307][   T27] 
[ 8558.035808][   T27] INFO: task syz.6.1018:7718 blocked for more than 451 seconds.
[ 8558.053506][   T27]       Not tainted syzkaller #0
[ 8558.059809][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 8558.082846][   T27] task:syz.6.1018      state:D stack:0     pid:7718  tgid:7718  ppid:7358   task_flags:0x400040 flags:0x00000019
[ 8558.083725][   T27] Call trace:
[ 8558.083983][   T27]  __switch_to+0x584/0xb20 (T)
[ 8558.084560][   T27]  __schedule+0x1eec/0x33a4
[ 8558.085074][   T27]  schedule+0xac/0x27c
[ 8558.085576][   T27]  schedule_timeout+0x5c/0x1e4
[ 8558.085989][   T27]  do_wait_for_common+0x28c/0x444
[ 8558.086390][   T27]  wait_for_completion+0x44/0x5c
[ 8558.086866][   T27]  __synchronize_srcu+0x2a4/0x320
[ 8558.087331][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 8558.087783][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 8558.088225][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 8558.088646][   T27]  kvm_vm_release+0x58/0x78
[ 8558.089109][   T27]  __fput+0x4ac/0x980
[ 8558.089527][   T27]  ____fput+0x20/0x58
[ 8558.211764][   T27]  task_work_run+0x1bc/0x254
[ 8558.216000][   T27]  do_notify_resume+0x1bc/0x270
[ 8558.216697][   T27]  el0_svc+0xb8/0x164
[ 8558.217193][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 8558.217669][   T27]  el0t_64_sync+0x198/0x19c
[ 8558.218339][   T27] 
[ 8558.218339][   T27] Showing all locks held in the system:
[ 8558.218648][   T27] 1 lock held by khungtaskd/27:
[ 8558.218951][   T27]  #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 8558.332643][   T27] 1 lock held by dhcpcd/3155:
[ 8558.333052][   T27] 2 locks held by getty/3184:
[ 8558.333386][   T27]  #0: e5f0000011c4a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 8558.334972][   T27]  #1: ecff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 8558.336619][   T27] 3 locks held by kworker/u4:3/4189:
[ 8558.336973][   T27] 3 locks held by kworker/u4:9/4872:
[ 8558.337339][   T27] 3 locks held by kworker/u4:0/5648:
[ 8558.337682][   T27] 3 locks held by kworker/u4:6/7063:
[ 8558.337976][   T27] 3 locks held by kworker/u4:10/7184:
[ 8558.338334][   T27] 3 locks held by kworker/u4:4/7509:
[ 8558.338676][   T27] 2 locks held by syz.7.1017/7712:
[ 8558.338984][   T27] 1 lock held by syz-executor/7735:
[ 8558.339288][   T27] 3 locks held by kworker/u4:8/7742:
[ 8558.339647][   T27] 3 locks held by kworker/u4:14/7865:
[ 8558.466986][   T27]  #0: c7f000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 8558.493589][   T27]  #1: ffff80008fc37c78 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 8558.495210][   T27]  #2: 6df000001e09da50 (&devlink->lock_key#2){+.+.}-{4:4}, at: devl_trylock+0x24/0x34
[ 8558.497323][   T27] 2 locks held by kworker/u4:15/7882:
[ 8558.497742][   T27] 
[ 8558.497965][   T27] =============================================
[ 8558.497965][   T27] 

VM DIAGNOSIS:
12:57:44  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008534f094 X00=0000000000000000 X01=0000000000000000
X02=0000000000000006 X03=00000000ffffffff X04=0000000000000000
X05=0000000000000000 X06=0000000000000000 X07=ffff800082f4d04c
X08=07f000000d9b9d80 X09=0000000000000101 X10=0fff000000d9b9d8
X11=ffff800087725d98 X12=00000000000000fd X13=0000000000000001
X14=0000000000002000 X15=00000000000000a9 X16=ffff800080000000
X17=fff07fffeb67d000 X18=00000000000000ff X19=07f000000d9b9d80
X20=07f000000d9ba838 X21=ffff80008534d3c0 X22=fff0000072d77120
X23=ffff800087751560 X24=ffff8000876fa120 X25=fff0000072d77120
X26=07f000000d9b9d88 X27=00000000000000ff X28=0000000000000000
X29=ffff800080007950 X30=ffff80008534f2b8  SP=ffff800080007950
PSTATE=60402009 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=65642f000a732520:7325207334362e25
Z02=742065726f6d2072:6f662064656b636f Z03=000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:000f00f00f00000f Z05=656b636f6c622038:3137373a38313031
Z06=203a29315f657661:6c735f646e6f6220 Z07=206e612073612067:6e6976616c736e45
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000fffffe9a01a0:0000fffffe9a01a0 Z17=ffffff80ffffffd0:0000fffffe9a0170
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000