last executing test programs:

1h23m22.309622301s ago: executing program 0 (id=208):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f00000001c0)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8004000000000000}) (async)
ioctl$KVM_CAP_PTP_KVM(r1, 0x4068aea3, &(0x7f0000000400))
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f00000003c0)=@riscv64_smstateen_csr={0x8030000003020000, &(0x7f00000002c0)=0x1})
r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f00000000c0)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000180)=0x2}) (async, rerun: 32)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (rerun: 32)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000200)={0x3, 0xd0e}})

1h23m13.700948869s ago: executing program 1 (id=209):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x7)
syz_kvm_vgic_v3_setup(r1, 0x2, 0x40)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x9, 0x5})
r2 = eventfd2(0x10001, 0x800)
write$eventfd(r2, &(0x7f0000000040)=0x5, 0x8)

1h23m13.180392701s ago: executing program 0 (id=210):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async, rerun: 64)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000000)=@x86={0x79, 0x2, 0xed, 0x0, 0x8, 0x3c, 0x6, 0x1, 0x2, 0x8, 0xfc, 0x40, 0x0, 0x0, 0x0, 0x1, 0x6, 0x6, 0x35, '\x00', 0x7, 0xde3e}) (async)
mmap$KVM_VCPU(&(0x7f0000001000/0x1000)=nil, r3, 0x1, 0x20010, r7, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x12, r2, 0x200001fe0000)

1h23m8.462106071s ago: executing program 1 (id=211):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0xe}}], 0x28}, 0x0, 0xfffffffffffffd20)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013802d, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r4, 0x3, 0x110, r3, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0) (async, rerun: 32)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (rerun: 32)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)

1h23m5.822747233s ago: executing program 0 (id=212):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) (async, rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0x8000000000000000}) (async, rerun: 64)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r3, 0x0, 0x13, r1, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})

1h23m2.61287419s ago: executing program 1 (id=213):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0xb, 0x11, r2, 0x0)
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x29)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000011000/0x11000)=nil, r10, 0x3, 0x11, r9, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x48)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000240)={0x1fe, 0x3, 0xffff1000, 0x1000, &(0x7f00004bf000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f00000000c0)={0x2, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x0, 0xeeee0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)

1h22m59.223342758s ago: executing program 0 (id=214):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000180)=[@code={0xa, 0x6c, {"0028212e000028d50000407a008008d5a0dd93d20020b8f2a10180d2c20080d2230080d2640080d2020000d4007008d5e0619fd20080b0f2810180d2220180d2c30180d2840080d2020000d400000033000c407800fc202e"}}, @mrs={0xbe, 0x18, {0x603000000013dead}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x20c}}, @code={0xa, 0xb4, {"a08a8bd200e0b0f2010180d2020080d2630080d2c40180d2020000d4006c202e000028d500000035002a89d20040b0f2c10080d2e20080d2c30080d2c40080d2020000d4a02889d20040b8f2810180d2220080d2a30180d2c40180d2020000d40014005f00a99fd200a0b0f2210180d2220180d2e30080d2040180d2020000d4c0598dd200e0b0f2a10080d2620180d2430080d2840180d2020000d40060e00d"}}, @msr={0x14, 0x20, {0x603000000013dcea, 0x28c00}}, @code={0xa, 0x9c, {"e07b9cd20020b8f2e10080d2620180d2830080d2840080d2020000d4e01d8ed20060b8f2010180d2420180d2230080d2c40180d2020000d4000028d540d696d20080b8f2810080d2820080d2430080d2c40180d2020000d4007008d5a07d9ad200e0b0f2c10080d2e20180d2630080d2240180d2020000d4000008d50064002f0054207e0000802c"}}, @eret={0xe6, 0x18, 0x7}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x3}}, @irq_setup={0x46, 0x18, {0x4, 0x353}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0x5, 0x0, 0x7, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013c645}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0x4, 0x2, 0x7}}, @uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x4, 0x0, 0x2, 0x9, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x0, 0xc, 0x4fa, 0xe, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0xc, 0x8, 0x8, 0x4}}, @svc={0x122, 0x40, {0xc4000007, [0x101, 0xfffffffffffff141, 0x0, 0xfffffffffffffffd]}}, @uexit={0x0, 0x18, 0xca}, @msr={0x14, 0x20, {0x603000000013c00c, 0x7}}, @msr={0x14, 0x20, {0x603000000013c213, 0x4}}, @eret={0xe6, 0x18, 0x8001}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x2e3}}, @mrs={0xbe, 0x18, {0x603000000013800d}}], 0x464}, &(0x7f00000000c0)=[@featur2={0x1, 0x80}], 0x1)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f0000000600)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000100)})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r3})
close(r3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0x4b47, 0xfffffffffffffffe)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000000)=@arm64_fp={0x60400000001000ac, 0x0})
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r10=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r10, 0x801054db, 0x110d230008)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

1h22m46.92141443s ago: executing program 1 (id=215):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f00000001c0), 0x1, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f00009ab000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_fw={0x6030000000140002, &(0x7f00000000c0)=0x1}) (async)
r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138010, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1h22m46.822287837s ago: executing program 0 (id=216):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r8, 0x3, 0x40b2811, r7, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x0, 0x3c2a1c3178cda732, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r8, 0x3, 0x40b2811, r7, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x0, 0x3c2a1c3178cda732, 0xffffffffffffffff, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)

1h22m39.004607305s ago: executing program 1 (id=217):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x4)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000080)=@arm64_sys={0x603000000013c4f1, &(0x7f00000001c0)=0x3})
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100040, &(0x7f0000000000)=0x1})

1h22m32.790240459s ago: executing program 0 (id=218):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) (async)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000080)=0xfffffffffffffffb})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000000)=0x6})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000340)=0xfffffffffffffffc}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0})

1h22m26.359583588s ago: executing program 1 (id=219):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@mrs={0xbe, 0x18, {0x603000000013dce0}}], 0x18}, &(0x7f0000000000)=[@featur1={0x1, 0x8}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_MTE(r5, 0x4068aea3, &(0x7f0000000140)={0xb1})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1h21m46.090839109s ago: executing program 32 (id=218):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) (async)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000080)=0xfffffffffffffffb})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000000)=0x6})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000340)=0xfffffffffffffffc}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0})

1h21m38.913468727s ago: executing program 33 (id=219):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@mrs={0xbe, 0x18, {0x603000000013dce0}}], 0x18}, &(0x7f0000000000)=[@featur1={0x1, 0x8}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_MTE(r5, 0x4068aea3, &(0x7f0000000140)={0xb1})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

36m48.491063735s ago: executing program 3 (id=532):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x228001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
write$eventfd(r1, &(0x7f0000000000), 0xfffffdef)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x11)
r3 = eventfd2(0x6, 0x400)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0xfff, 0xdddd0000, 0x2, r3, 0x6})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x5452, 0x2000fdfd)

36m41.97845581s ago: executing program 3 (id=533):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async)
r0 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x801c581f, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x42042, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, r5, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000bc2000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

36m40.701942575s ago: executing program 2 (id=534):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r0, 0x1, 0x180)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
r6 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000d8c000/0x2000)=nil, 0x2000)
ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000240)={0x2e, "5827bd578fbaff8810e070993685ae962f84c8092da21c22c0cfdae7d031e48ac75d54bb28539a37583c62cc8169"})

36m30.00029277s ago: executing program 2 (id=535):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0) (async)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r1, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r4, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000000)={0x0, 0x41}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)

36m29.121310509s ago: executing program 3 (id=536):
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
openat$kvm(0x0, 0x0, 0x80001, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0xf0780000002e2172, 0x0})
ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000001)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r9 = eventfd2(0x0, 0x0)
close(r9)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r9, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
write$eventfd(r9, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

36m18.419949023s ago: executing program 2 (id=537):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ff6000/0x8000)=nil, 0x930, 0x0, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f73000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x206201, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x400000000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
write$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r2 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2c)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x20)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)

36m11.849932861s ago: executing program 3 (id=538):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x80)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x4, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x1, 0x2, 0x0})
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000040)=@arm64_bitmap={0x6030000000160000, &(0x7f00000001c0)=0x9})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x4200, 0x0)
ioctl$KVM_CREATE_VM(r10, 0x400454e2, 0x19)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110005, &(0x7f0000000180)=0xfffffffffffffffa})

36m6.148122881s ago: executing program 2 (id=539):
r0 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x180)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
r7 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000d8c000/0x2000)=nil, 0x2000)
ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, &(0x7f0000000240)={0x2e, "5827bd578fbaff8810e070993685ae962f84c8092da21c22c0cfdae7d031e48ac75d54bb28539a37583c62cc8169"})

36m0.560010213s ago: executing program 3 (id=540):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x77)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
r6 = ioctl$KVM_CREATE_VM(r5, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0x40305828, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c00b}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

35m56.744810067s ago: executing program 2 (id=541):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000080)=@arm64_sys={0x603000000013f081, &(0x7f0000000000)=0x58})
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r3, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000180)="b9d3244112fa5034f0b9c6212d09dfe50e1d0b1549c54c9d17c983bc9546e5d50fc71eb909a418d363948b9740d35c9579a0366df22ea6007859fae2dcbc0974a8a6b30ecab93dab", 0x0, 0x48)

35m50.026968155s ago: executing program 3 (id=542):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0xc8})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x0, 0x1})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x183643, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x86000001, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r7, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x100000c, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r11, 0x401054d6, 0x1)
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r14, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r15, 0x1})
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x0, 0x3c2a1c3178cda732, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(r14, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r15, 0x3})
ioctl$KVM_IOEVENTFD(r14, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x1, r15, 0xb})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4106931, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r12, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})

35m48.353696306s ago: executing program 2 (id=543):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f000067c000/0x1000)=nil, r5, 0x100000f, 0x80010, r4, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r4, 0x4018aee3, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r1, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@riscv64_v={0x803000000900001e, &(0x7f0000000000)=0x2})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x8840, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_RUN(r11, 0x8000ae8c, 0x0)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f0000000040)=@arm64_extra={0x603000000013c036, &(0x7f0000000100)=0x78b})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x1010, 0xffffffffffffffff, 0x1000000)

35m2.431214758s ago: executing program 34 (id=542):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0xc8})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000180)={0x0, 0x1})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x183643, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x86000001, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r7, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x100000c, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r11, 0x401054d6, 0x1)
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r14, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r15, 0x1})
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x0, 0x3c2a1c3178cda732, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(r14, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r15, 0x3})
ioctl$KVM_IOEVENTFD(r14, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x1, r15, 0xb})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4106931, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r12, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})

34m58.058226249s ago: executing program 35 (id=543):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f000067c000/0x1000)=nil, r5, 0x100000f, 0x80010, r4, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r4, 0x4018aee3, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r1, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@riscv64_v={0x803000000900001e, &(0x7f0000000000)=0x2})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x8840, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_RUN(r11, 0x8000ae8c, 0x0)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f0000000040)=@arm64_extra={0x603000000013c036, &(0x7f0000000100)=0x78b})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x1010, 0xffffffffffffffff, 0x1000000)

19m32.432136794s ago: executing program 4 (id=597):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, 0xffffffffffffffff) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil) (async)
write$eventfd(r7, &(0x7f00000001c0), 0xfdef) (async)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r9 = eventfd2(0x9, 0x0)
write$eventfd(r9, &(0x7f0000000100)=0x8, 0x8) (async)
r10 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f00000000c0)})

19m16.163524768s ago: executing program 4 (id=598):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x1000, 0x40000000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x21)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r9, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r9, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) (async)
r10 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000100)={0x0, &(0x7f0000000680)=[@its_setup={0x82, 0x28, {0x3, 0x0, 0x16f}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x8, 0x8, 0x100}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x4, 0x220) (async)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r11, 0xae80, 0x0)

18m59.671358035s ago: executing program 4 (id=600):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x309443, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000140)=0xffff}) (async)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f00000003c0)=[@featur2={0x1, 0x17}], 0x1) (async, rerun: 32)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) (rerun: 32)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x28)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x7f) (async)
syz_kvm_setup_cpu$arm64(r8, r10, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async, rerun: 32)
ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4040aea0, &(0x7f0000000000)=@arm64={0x80, 0x4, 0x8, '\x00', 0x7fffffff})
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x11})
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000080)=@arm64={0xe6, 0x7, 0x8, '\x00', 0xff})

18m47.031197533s ago: executing program 4 (id=602):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x7d7b465c1d30afba, 0xffffffffffffffff, 0x0)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, 0xffffffffffffffff)

18m35.921412292s ago: executing program 4 (id=604):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x62)
ioctl$KVM_CREATE_VM(r2, 0x80811501, 0x20000000)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x12)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x169880, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0x5450, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r7 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000a5a000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000012, [0xffffffff, 0x100080001, 0x5, 0x101, 0x13]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
r12 = ioctl$KVM_CREATE_VM(r11, 0x894c, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(0xffffffffffffffff, 0x4068aea3, &(0x7f00000004c0)={0xdf, 0x0, 0x8000})
r13 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f00000001c0)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_GET_DEVICE_ATTR(r15, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x8, &(0x7f0000000080)=0x2e09})
ioctl$KVM_GET_DIRTY_LOG(r12, 0x4010ae42, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r16 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r16, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)

18m12.521058647s ago: executing program 4 (id=607):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2f)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000001c0)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000200)={0xdf, 0x0, 0x4000})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
r9 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xf, 0x2}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c520, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r15, 0xc018aec0, &(0x7f00000000c0)={0x5, 0x340, 0x1, 0x0})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

17m37.318454644s ago: executing program 5 (id=608):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000a, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000380)="f30149ddae810b65d0ecc1d3a6abf4e7454e37c4b85007000000b7fbc51869be2e0000000f000000000000000001000000000000000000000000000e00", 0x0, 0x48)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x651, 0x400, &(0x7f00000000c0)=0xffffffffffffffff})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x753481, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000004000/0x3000)=nil, r5, 0x2000008, 0x40010, r2, 0x0)

17m24.160822855s ago: executing program 36 (id=607):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2f)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000001c0)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000200)={0xdf, 0x0, 0x4000})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
r9 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xf, 0x2}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c520, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r15, 0xc018aec0, &(0x7f00000000c0)={0x5, 0x340, 0x1, 0x0})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

17m21.91564968s ago: executing program 5 (id=610):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_GET_MP_STATE(0xffffffffffffffff, 0x8004ae98, &(0x7f0000000240))
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x4, 0x5, &(0x7f0000000000)=0xb83})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x35)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0x8933, 0x110e227ffe)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7, <r5=>0xffffffffffffffff, 0x1})
r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x3c0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000200)=0x2})
ioctl$KVM_GET_API_VERSION(r2, 0xae00, 0x0)
r7 = openat$kvm(0x0, &(0x7f00000002c0), 0x3a3103, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000001, 0x1000, 0x2}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x111202, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x400800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0x8933, 0x110e227ffe)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x10000, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r6, 0xaece)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x20)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})

17m1.793765462s ago: executing program 5 (id=611):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80000001, [0xfffffffffffffde5, 0x3ff, 0x1, 0x4, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x4)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f00000001c0)={0x2, 0x0, [{0x6, 0x2, 0x1, 0x0, @sint={0x5, 0x3}}, {0x6, 0x2, 0x0, 0x0, @msi={0x100, 0x8000, 0x5a}}]})
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r7, 0x3, 0x11, r8, 0x0)

16m42.823889128s ago: executing program 5 (id=612):
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bc5000/0x400000)=nil)
r1 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013dce6}}], 0x18}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r2 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000000c0)={0x2, 0x4, 0x1}})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r7, 0x4010aeab, &(0x7f0000000000)={0x80000000, 0x58000})
r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0)
r11 = eventfd2(0x0, 0x0)
close(r11)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r11, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000100)={0x0, &(0x7f0000000680)=[@its_setup={0x82, 0x28, {0x3, 0x0, 0x16f}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x8, 0x8, 0x100}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x4, 0x220)

16m25.096134674s ago: executing program 5 (id=613):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20000000000)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000900)=@attr_other={0x0, 0x0, 0x8000, 0x0})

16m14.009962071s ago: executing program 5 (id=614):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x7e)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x6)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
syz_kvm_setup_cpu$arm64(r4, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@riscv64_d={0x803000000600000d, &(0x7f00000000c0)=0xfffffffffffffff7})

15m22.551686757s ago: executing program 37 (id=614):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x7e)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x6)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
syz_kvm_setup_cpu$arm64(r4, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@riscv64_d={0x803000000600000d, &(0x7f00000000c0)=0xfffffffffffffff7})

3m17.219678893s ago: executing program 7 (id=637):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x80001, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r6 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0xf0780000002e2172, 0x0})
ioctl$KVM_CREATE_VM(r6, 0x401c5820, 0x20000001)

3m0.47812324s ago: executing program 6 (id=638):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r8, 0x8, 0x13, r7, 0x0) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000002, [0x99b, 0x100000001, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x84000004, [0x99a, 0x3, 0xa, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)

2m53.170606928s ago: executing program 7 (id=639):
r0 = openat$kvm(0x0, &(0x7f0000000280), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000000)={0x0, 0x40})
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xea)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000000)={0x0, 0x2})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842567fec4d8dbb02aa8b7d52f1a16a2c00000000000000000000000000000000008f64000200", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
write$eventfd(r9, &(0x7f00000001c0)=0xffffff7f, 0xff25)
openat$kvm(0xffffffffffffff9c, 0x0, 0x82880, 0x0)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x17)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, 0x0)
openat$kvm(0x0, 0x0, 0x8600, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4000010, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)

2m39.168670108s ago: executing program 6 (id=640):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xb2)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x200000a, 0x4002013, r5, 0x40000)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, r6, 0x2000000, 0x810, r5, 0x0)

2m21.480940674s ago: executing program 7 (id=641):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c65d, 0xfffdffffc1af0ec0}}], 0x20}, 0x0, 0xffffffffffffff92)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r8, 0x8040ae9f, &(0x7f0000000000)=@arm64)
syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_DIRTY_LOG(r11, 0x4010ae42, &(0x7f00000001c0)={0x10200, 0x0, &(0x7f0000ffb000/0x2000)=nil})
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x1000, 0x40000000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
r14 = syz_kvm_vgic_v3_setup(r11, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8})
r15 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000080)={0x0, &(0x7f0000000200)}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000000)=0x8000000000000001})
ioctl$KVM_RUN(r13, 0xae80, 0x0)

2m7.063802481s ago: executing program 6 (id=642):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
r3 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000036000/0x2000)=nil, r4, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, 0x0, 0x22200, 0x0) (async)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r6 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r5, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xe2a00, 0x0)
ioctl$KVM_CREATE_VM(r7, 0x5452, 0x2000fdfd)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
r10 = syz_kvm_vgic_v3_setup(r9, 0x2, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f00000000c0)=0x4}) (async)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000180)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000080)})

1m55.530084671s ago: executing program 7 (id=643):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x80001, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r6 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0xf0780000002e2172, 0x0})
ioctl$KVM_CREATE_VM(r6, 0x401c5820, 0x20000001)

1m41.631209526s ago: executing program 6 (id=644):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
r5 = syz_kvm_vgic_v3_setup(r3, 0x2, 0x80)
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x6, 0x3, 0x0})
r6 = ioctl$KVM_CREATE_VM(r1, 0x80111500, 0x20000000)
syz_kvm_setup_cpu$arm64(r6, 0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=[@smc={0x1e, 0x40, {0xc4000014, [0xc2b2, 0x100000001, 0xf8cb, 0x54a9e570, 0x9]}}, @uexit={0x0, 0x18, 0x101}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x5, 0x9}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x4, 0x10, 0x7, 0xe3f2}}, @eret={0xe6, 0x18}, @code={0xa, 0xb4, {"80cd8fd20040b0f2810080d2020180d2c30180d2640180d2020000d4408588d200a0b8f2210180d2420080d2830080d2640080d2020000d4008008d5604a88d200c0b0f2a10180d2820180d2a30180d2c40080d2020000d400000010002cc01a60308dd20020b8f2e10080d2c20080d2230080d2a40180d2020000d4000008d5007008d540f883d20060b0f2010080d2420080d2c30180d2040080d2020000d4"}}, @svc={0x122, 0x40, {0x84000001, [0x2, 0xa2, 0xee77, 0x4, 0x6]}}, @svc={0x122, 0x40, {0xffff, [0x6, 0x200, 0x7, 0xfba, 0xffffffff]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x3, 0x3, 0x1, 0x3ff, 0x4}}, @hvc={0x32, 0x40, {0xc4000004, [0x3, 0x8, 0x1, 0x9, 0xfffffffffffffffb]}}, @svc={0x122, 0x40, {0x800, [0x7, 0xbec, 0x9, 0x7, 0xaf]}}, @code={0xa, 0x9c, {"000000aa008008d50094004fe003007ac0ee97d200c0b8f2810180d2e20080d2030080d2c40080d2020000d480849fd200a0b0f2810080d2420080d2630180d2e40180d2020000d4007008d5a0a49ad200c0b0f2210180d2c20180d2a30080d2040080d2020000d4007008d5203096d200c0b8f2010180d2820180d2e30080d2a40080d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013deb8}}, @uexit={0x0, 0x18, 0x80000000}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x35c}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x0, 0x0, 0x5, 0x6a, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x200, 0x1, 0xa}}, @irq_setup={0x46, 0x18, {0x3, 0x1fd}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x1e8}}, @msr={0x14, 0x20, {0x603000000013c032, 0x2}}, @smc={0x1e, 0x40, {0x84000002, [0x5, 0xe1, 0x9, 0xfffffffffffffffd, 0x3]}}, @smc={0x1e, 0x40, {0xc4000011, [0x7fffffff, 0xd4c, 0x89, 0x0, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013a038}}, @svc={0x122, 0x40, {0x84000002, [0x3, 0x0, 0x1555, 0xf251]}}, @irq_setup={0x46, 0x18, {0x4, 0xdb}}, @msr={0x14, 0x20, {0x6030000000138056, 0x5a}}, @smc={0x1e, 0x40, {0x84000051, [0x4, 0x4, 0xe, 0x1, 0x101]}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20, 0x3, 0x1}}, @svc={0x122, 0x40, {0x800, [0x7327, 0xfffffffffffff116, 0x3, 0x8, 0x5]}}], 0x628}], 0x1, 0x0, &(0x7f00000001c0)=[@featur2={0x1, 0x90}], 0x1)
write$eventfd(r6, &(0x7f0000000040), 0x8)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r10, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100000, &(0x7f00000000c0)=0x80003fe})

1m30.731671478s ago: executing program 7 (id=645):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x6)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef00000000fcffffffffffff1bf3a3b292e50d9600020000000100000003000000000000000400000000000000320000000000000040000000000000005200008400"], 0x80}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1m16.561857151s ago: executing program 6 (id=646):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x180) (async)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, 0x0) (rerun: 64)
r7 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff}) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x27)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100) (async, rerun: 64)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff}) (rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x8, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r14 = openat$kvm(0xffffffffffffff9c, 0x0, 0x40, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r14, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000d8c000/0x2000)=nil, 0x2000) (async)
ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, 0x0)
r15 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)

1m7.900929285s ago: executing program 7 (id=647):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
r1 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000040)={0x5, 0x12})
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xea)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x17)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xf41b)
openat$kvm(0x0, 0x0, 0x8600, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r6, 0x1000000, 0x10, r3, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000000)={0x3})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
write$eventfd(r9, &(0x7f00000001c0)=0xffffff7f, 0xff25)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)

51.109844042s ago: executing program 6 (id=648):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100024, &(0x7f0000000000)=0x4ab})
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x12, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) (async)
openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) (async)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100024, &(0x7f0000000000)=0x4ab}) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x12, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)

19.228180411s ago: executing program 38 (id=647):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
r1 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000040)={0x5, 0x12})
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xea)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x17)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xf41b)
openat$kvm(0x0, 0x0, 0x8600, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r6, 0x1000000, 0x10, r3, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000000)={0x3})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
write$eventfd(r9, &(0x7f00000001c0)=0xffffff7f, 0xff25)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)

0s ago: executing program 39 (id=648):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100024, &(0x7f0000000000)=0x4ab})
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x12, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) (async)
openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) (async)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100024, &(0x7f0000000000)=0x4ab}) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x12, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)

kernel console output (not intermixed with test programs):

[  463.210738][ T3171] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:63473' (ED25519) to the list of known hosts.
[  639.604548][   T25] audit: type=1400 audit(638.770:61): avc:  denied  { name_bind } for  pid=3332 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  641.449604][   T25] audit: type=1400 audit(640.640:62): avc:  denied  { execute } for  pid=3333 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  641.487223][   T25] audit: type=1400 audit(640.680:63): avc:  denied  { execute_no_trans } for  pid=3333 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  668.488756][   T25] audit: type=1400 audit(667.680:64): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  668.544941][   T25] audit: type=1400 audit(667.730:65): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  668.634181][ T3333] cgroup: Unknown subsys name 'net'
[  668.710789][   T25] audit: type=1400 audit(667.900:66): avc:  denied  { unmount } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  669.194437][ T3333] cgroup: Unknown subsys name 'cpuset'
[  669.339452][ T3333] cgroup: Unknown subsys name 'rlimit'
[  670.296145][   T25] audit: type=1400 audit(669.490:67): avc:  denied  { setattr } for  pid=3333 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  670.315172][   T25] audit: type=1400 audit(669.500:68): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  670.340799][   T25] audit: type=1400 audit(669.530:69): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  671.420617][ T3337] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  671.448769][   T25] audit: type=1400 audit(670.630:70): avc:  denied  { relabelto } for  pid=3337 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  671.469027][   T25] audit: type=1400 audit(670.660:71): avc:  denied  { write } for  pid=3337 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  671.667290][   T25] audit: type=1400 audit(670.850:72): avc:  denied  { read } for  pid=3333 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  671.684975][   T25] audit: type=1400 audit(670.870:73): avc:  denied  { open } for  pid=3333 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  671.735520][ T3333] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  729.958758][   T25] audit: type=1400 audit(729.150:74): avc:  denied  { execmem } for  pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  733.854928][   T25] audit: type=1400 audit(733.030:75): avc:  denied  { read } for  pid=3340 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  733.860998][   T25] audit: type=1400 audit(733.040:76): avc:  denied  { open } for  pid=3340 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  733.935766][   T25] audit: type=1400 audit(733.110:77): avc:  denied  { mounton } for  pid=3341 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  734.191198][   T25] audit: type=1400 audit(733.380:78): avc:  denied  { module_request } for  pid=3340 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  734.226180][   T25] audit: type=1400 audit(733.420:79): avc:  denied  { module_request } for  pid=3341 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  735.259548][   T25] audit: type=1400 audit(734.430:80): avc:  denied  { sys_module } for  pid=3340 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  758.730955][ T3341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  758.821625][ T3340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  758.926336][ T3341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  759.038952][ T3340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  776.655583][ T3341] hsr_slave_0: entered promiscuous mode
[  776.685844][ T3341] hsr_slave_1: entered promiscuous mode
[  777.670002][ T3340] hsr_slave_0: entered promiscuous mode
[  777.716593][ T3340] hsr_slave_1: entered promiscuous mode
[  777.765951][ T3340] debugfs: 'hsr0' already exists in 'hsr'
[  777.771286][ T3340] Cannot create hsr debugfs directory
[  783.800764][   T25] audit: type=1400 audit(782.990:81): avc:  denied  { create } for  pid=3341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  783.866534][   T25] audit: type=1400 audit(783.050:82): avc:  denied  { write } for  pid=3341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  783.903508][   T25] audit: type=1400 audit(783.090:83): avc:  denied  { read } for  pid=3341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  784.148002][ T3341] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  784.639069][ T3341] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  784.879025][ T3341] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  785.185507][ T3341] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  786.898326][ T3340] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  787.216950][ T3340] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  787.421297][ T3340] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  787.621549][ T3340] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  800.125725][ T3341] 8021q: adding VLAN 0 to HW filter on device bond0
[  803.059569][ T3340] 8021q: adding VLAN 0 to HW filter on device bond0
[  859.856107][ T3341] veth0_vlan: entered promiscuous mode
[  860.367126][ T3341] veth1_vlan: entered promiscuous mode
[  862.715516][ T3340] veth0_vlan: entered promiscuous mode
[  863.071008][ T3341] veth0_macvtap: entered promiscuous mode
[  863.396740][ T3341] veth1_macvtap: entered promiscuous mode
[  863.689772][ T3340] veth1_vlan: entered promiscuous mode
[  865.921586][ T2156] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  865.996751][ T2156] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  866.095196][ T2156] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  866.125825][ T2156] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  866.869659][ T3340] veth0_macvtap: entered promiscuous mode
[  867.418641][ T3340] veth1_macvtap: entered promiscuous mode
[  868.995118][   T25] audit: type=1400 audit(868.140:84): avc:  denied  { mount } for  pid=3341 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  869.114837][   T25] audit: type=1400 audit(868.300:85): avc:  denied  { mounton } for  pid=3341 comm="syz-executor" path="/syzkaller.i8EmeH/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  869.309100][   T25] audit: type=1400 audit(868.500:86): avc:  denied  { mount } for  pid=3341 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  869.744678][   T25] audit: type=1400 audit(868.930:87): avc:  denied  { mounton } for  pid=3341 comm="syz-executor" path="/syzkaller.i8EmeH/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  870.033324][   T25] audit: type=1400 audit(869.210:88): avc:  denied  { mounton } for  pid=3341 comm="syz-executor" path="/syzkaller.i8EmeH/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3777 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  870.396543][ T3379] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  870.439640][ T3379] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  870.448146][ T3379] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  870.524617][ T3379] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  870.763694][   T25] audit: type=1400 audit(869.950:89): avc:  denied  { unmount } for  pid=3341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  871.179582][   T25] audit: type=1400 audit(870.200:90): avc:  denied  { mounton } for  pid=3341 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  871.318193][   T25] audit: type=1400 audit(870.510:91): avc:  denied  { mount } for  pid=3341 comm="syz-executor" name="/" dev="gadgetfs" ino=3787 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  871.770336][   T25] audit: type=1400 audit(870.960:92): avc:  denied  { mount } for  pid=3341 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  871.870535][   T25] audit: type=1400 audit(871.060:93): avc:  denied  { mounton } for  pid=3341 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  873.431129][ T3341] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  874.604723][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  874.610383][   T25] audit: type=1400 audit(873.740:95): avc:  denied  { read write } for  pid=3341 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  874.611459][   T25] audit: type=1400 audit(873.790:96): avc:  denied  { open } for  pid=3341 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  874.709055][   T25] audit: type=1400 audit(873.790:97): avc:  denied  { ioctl } for  pid=3341 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  884.398320][   T25] audit: type=1400 audit(883.590:98): avc:  denied  { read } for  pid=3493 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  884.439763][   T25] audit: type=1400 audit(883.630:99): avc:  denied  { open } for  pid=3493 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  885.163261][   T25] audit: type=1400 audit(884.350:100): avc:  denied  { ioctl } for  pid=3493 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  889.713790][   T25] audit: type=1400 audit(888.900:101): avc:  denied  { append } for  pid=3495 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  899.084811][   T25] audit: type=1400 audit(898.240:102): avc:  denied  { write } for  pid=3503 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  912.399626][   T25] audit: type=1400 audit(911.590:103): avc:  denied  { ioctl } for  pid=3510 comm="syz.0.5" path="net:[4026532625]" dev="nsfs" ino=4026532625 ioctlcmd=0xb70d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  929.364640][   T25] audit: type=1400 audit(928.550:104): avc:  denied  { setattr } for  pid=3520 comm="syz.0.8" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  942.980364][   T25] audit: type=1400 audit(942.140:105): avc:  denied  { execute } for  pid=3528 comm="syz.0.11" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4425 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1106.540251][   T25] audit: type=1400 audit(1105.730:106): avc:  denied  { create } for  pid=3614 comm="syz.1.34" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1128.168381][ T3627] kvm [3627]: Failed to find VMA for hva 0x21016000
[ 1128.568810][ T3627] kvm [3627]: Failed to find VMA for hva 0x21016000
[ 1128.618493][ T3627] kvm [3627]: Failed to find VMA for hva 0x21016000
[ 1259.853615][   T25] audit: type=1400 audit(1259.010:107): avc:  denied  { map } for  pid=3707 comm="syz.0.61" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7417 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1259.945994][   T25] audit: type=1400 audit(1259.040:108): avc:  denied  { read } for  pid=3707 comm="syz.0.61" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7417 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1357.691313][ T3778] kvm [3778]: Failed to find VMA for hva 0x21016000
[ 1359.368298][ T3778] kvm [3778]: Failed to find VMA for hva 0x21016000
[ 1519.130120][   T25] audit: type=1400 audit(1518.320:109): avc:  denied  { write } for  pid=3880 comm="syz.1.111" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=9698 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1542.260134][   T25] audit: type=1400 audit(1541.450:110): avc:  denied  { map } for  pid=3897 comm="syz.1.115" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1542.374049][   T25] audit: type=1400 audit(1541.500:111): avc:  denied  { execute } for  pid=3897 comm="syz.1.115" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1683.217643][ T3980] kvm [3979]: Unsupported guest access at: eeef0000
[ 1683.217643][ T3980]  { Op0( 2), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2190.580626][   T25] audit: type=1400 audit(2189.750:112): avc:  denied  { module_request } for  pid=4251 comm="syz-executor" kmod="netdev-rose3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 2191.038747][ T3451] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2191.884646][ T3451] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2192.889432][ T3451] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2193.909169][ T3451] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2205.535348][ T3451] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2205.650582][ T3451] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2205.739170][ T3451] bond0 (unregistering): Released all slaves
[ 2207.464599][ T3451] hsr_slave_0: left promiscuous mode
[ 2207.654697][ T3451] hsr_slave_1: left promiscuous mode
[ 2208.304318][ T3451] veth1_macvtap: left promiscuous mode
[ 2208.326033][ T3451] veth0_macvtap: left promiscuous mode
[ 2208.357064][ T3451] veth1_vlan: left promiscuous mode
[ 2208.367659][ T3451] veth0_vlan: left promiscuous mode
[ 2232.309958][ T3451] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2233.616131][ T3451] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2235.219516][ T3451] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2236.550656][ T3451] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2250.756312][ T3451] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2250.861459][ T3451] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2250.956009][ T3451] bond0 (unregistering): Released all slaves
[ 2252.358363][ T3451] hsr_slave_0: left promiscuous mode
[ 2252.425709][ T3451] hsr_slave_1: left promiscuous mode
[ 2252.965707][ T3451] veth1_macvtap: left promiscuous mode
[ 2252.978372][ T3451] veth0_macvtap: left promiscuous mode
[ 2252.984555][ T3451] veth1_vlan: left promiscuous mode
[ 2253.006451][ T3451] veth0_vlan: left promiscuous mode
[ 2282.269103][ T4251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2283.330835][ T4251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2283.514041][ T4247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2284.341458][ T4247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2306.090765][ T4251] hsr_slave_0: entered promiscuous mode
[ 2306.169606][ T4251] hsr_slave_1: entered promiscuous mode
[ 2308.406045][ T4247] hsr_slave_0: entered promiscuous mode
[ 2308.467360][ T4247] hsr_slave_1: entered promiscuous mode
[ 2308.525394][ T4247] debugfs: 'hsr0' already exists in 'hsr'
[ 2308.528501][ T4247] Cannot create hsr debugfs directory
[ 2319.001312][ T4251] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2319.739023][ T4251] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2320.101335][ T4251] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2321.346175][ T4251] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2324.726649][ T4247] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 2325.020285][ T4247] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 2325.295750][ T4247] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 2325.586557][ T4247] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 2349.488465][ T4251] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2354.610133][ T4247] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2448.359743][ T4251] veth0_vlan: entered promiscuous mode
[ 2449.174768][ T4251] veth1_vlan: entered promiscuous mode
[ 2453.304585][ T4247] veth0_vlan: entered promiscuous mode
[ 2454.140109][ T4251] veth0_macvtap: entered promiscuous mode
[ 2455.176092][ T4251] veth1_macvtap: entered promiscuous mode
[ 2455.540100][ T4247] veth1_vlan: entered promiscuous mode
[ 2460.666322][ T3379] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2460.689081][ T3379] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2460.917236][ T2156] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2461.184388][ T4374] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2462.205950][ T4247] veth0_macvtap: entered promiscuous mode
[ 2463.534866][ T4247] veth1_macvtap: entered promiscuous mode
[ 2469.473403][ T2156] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2469.627012][ T2156] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2469.714606][   T32] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2469.999246][ T2156] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2482.404700][   T25] audit: type=1400 audit(2481.590:113): avc:  denied  { map } for  pid=4478 comm="syz.3.221" path="pipe:[15299]" dev="pipefs" ino=15299 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 2482.523699][   T25] audit: type=1400 audit(2481.700:114): avc:  denied  { execute } for  pid=4478 comm="syz.3.221" path="pipe:[15299]" dev="pipefs" ino=15299 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 3705.508348][   T25] audit: type=1400 audit(3704.690:115): avc:  denied  { ioctl } for  pid=5138 comm="syz.2.385" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=25574 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 4975.251149][ T5681] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4976.656122][ T5681] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4978.430622][ T5681] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4979.588062][ T5681] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4998.979223][ T5681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4999.558412][ T5681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4999.955210][ T5681] bond0 (unregistering): Released all slaves
[ 5002.343007][ T5681] hsr_slave_0: left promiscuous mode
[ 5002.494440][ T5681] hsr_slave_1: left promiscuous mode
[ 5003.503383][ T5681] veth1_macvtap: left promiscuous mode
[ 5003.506864][ T5681] veth0_macvtap: left promiscuous mode
[ 5003.528214][ T5681] veth1_vlan: left promiscuous mode
[ 5003.544593][ T5681] veth0_vlan: left promiscuous mode
[ 5027.994767][ T5681] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5029.585975][ T5681] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5030.859328][ T5681] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5032.054553][ T5681] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5051.054958][ T5681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5051.280481][ T5681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5051.495860][ T5681] bond0 (unregistering): Released all slaves
[ 5054.066346][ T5681] hsr_slave_0: left promiscuous mode
[ 5054.194797][ T5681] hsr_slave_1: left promiscuous mode
[ 5054.833559][ T5681] veth1_macvtap: left promiscuous mode
[ 5054.835911][ T5681] veth0_macvtap: left promiscuous mode
[ 5054.865220][ T5681] veth1_vlan: left promiscuous mode
[ 5054.885331][ T5681] veth0_vlan: left promiscuous mode
[ 5109.878541][ T5705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5110.658697][ T5705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5110.864093][ T5708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5111.655618][ T5708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5138.558064][ T5705] hsr_slave_0: entered promiscuous mode
[ 5138.581866][ T5705] hsr_slave_1: entered promiscuous mode
[ 5140.700438][ T5708] hsr_slave_0: entered promiscuous mode
[ 5140.826718][ T5708] hsr_slave_1: entered promiscuous mode
[ 5140.875589][ T5708] debugfs: 'hsr0' already exists in 'hsr'
[ 5140.887958][ T5708] Cannot create hsr debugfs directory
[ 5156.410384][ T5705] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 5157.020150][ T5705] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 5157.431524][ T5705] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 5158.230832][ T5705] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 5164.320152][ T5708] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 5164.780639][ T5708] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 5165.481272][ T5708] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 5166.040567][ T5708] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 5194.110358][ T5705] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5201.117704][ T5708] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5339.350975][ T5705] veth0_vlan: entered promiscuous mode
[ 5340.527113][ T5705] veth1_vlan: entered promiscuous mode
[ 5345.599860][ T5705] veth0_macvtap: entered promiscuous mode
[ 5347.169762][ T5705] veth1_macvtap: entered promiscuous mode
[ 5348.001732][ T5708] veth0_vlan: entered promiscuous mode
[ 5350.437917][ T5708] veth1_vlan: entered promiscuous mode
[ 5354.204441][ T3451] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5354.277320][ T3451] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5354.605359][ T3451] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5354.613509][ T3451] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5358.297242][ T5708] veth0_macvtap: entered promiscuous mode
[ 5360.215922][ T5708] veth1_macvtap: entered promiscuous mode
[ 5366.353479][ T5265] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5366.397162][ T5011] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5366.436982][ T5011] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5366.437836][ T5011] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6045.719027][ T6265] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6047.808760][ T6265] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6049.849376][ T6265] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6051.709824][ T6265] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6082.779163][ T6265] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6083.410499][ T6265] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6083.706977][ T6265] bond0 (unregistering): Released all slaves
[ 6086.205748][ T6265] hsr_slave_0: left promiscuous mode
[ 6086.376675][ T6265] hsr_slave_1: left promiscuous mode
[ 6087.693942][ T6265] veth1_macvtap: left promiscuous mode
[ 6087.697982][ T6265] veth0_macvtap: left promiscuous mode
[ 6087.725321][ T6265] veth1_vlan: left promiscuous mode
[ 6087.754265][ T6265] veth0_vlan: left promiscuous mode
[ 6166.667274][ T4152] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6168.408785][ T4152] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6170.040217][ T4152] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6171.827470][ T4152] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6191.590471][ T4152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6191.830402][ T4152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6192.080553][ T4152] bond0 (unregistering): Released all slaves
[ 6196.503789][ T4152] hsr_slave_0: left promiscuous mode
[ 6196.614508][ T4152] hsr_slave_1: left promiscuous mode
[ 6197.494542][ T4152] veth1_macvtap: left promiscuous mode
[ 6197.514067][ T4152] veth0_macvtap: left promiscuous mode
[ 6197.524553][ T4152] veth1_vlan: left promiscuous mode
[ 6197.531461][ T4152] veth0_vlan: left promiscuous mode
[ 6239.805063][ T6277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6240.130388][ T6277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6276.339884][ T6277] hsr_slave_0: entered promiscuous mode
[ 6276.419045][ T6277] hsr_slave_1: entered promiscuous mode
[ 6279.251222][ T6314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6279.697881][ T6314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6298.038592][ T6277] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 6298.567100][ T6277] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 6299.107502][ T6277] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 6299.607283][ T6277] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 6319.116711][ T6314] hsr_slave_0: entered promiscuous mode
[ 6319.218156][ T6314] hsr_slave_1: entered promiscuous mode
[ 6319.335634][ T6314] debugfs: 'hsr0' already exists in 'hsr'
[ 6319.344243][ T6314] Cannot create hsr debugfs directory
[ 6346.759198][ T6277] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6346.819190][ T6314] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 6347.575178][ T6314] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 6348.037245][ T6314] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 6348.704172][ T6314] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 6391.511043][ T6314] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6526.957809][ T6277] veth0_vlan: entered promiscuous mode
[ 6528.577334][ T6277] veth1_vlan: entered promiscuous mode
[ 6533.196323][ T6277] veth0_macvtap: entered promiscuous mode
[ 6533.849447][ T6277] veth1_macvtap: entered promiscuous mode
[ 6539.695515][ T5711] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6539.697331][ T5711] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6539.793649][ T5711] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6539.956218][ T6514] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6578.245124][ T6314] veth0_vlan: entered promiscuous mode
[ 6580.255655][ T6314] veth1_vlan: entered promiscuous mode
[ 6586.118496][ T6314] veth0_macvtap: entered promiscuous mode
[ 6587.211618][ T6314] veth1_macvtap: entered promiscuous mode
[ 6593.341797][ T5681] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6593.637089][ T6405] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6593.743171][ T4152] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6593.865373][ T6265] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7202.617883][ T6745] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7203.099956][ T6745] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7218.498427][ T6755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7219.069694][ T6755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7256.041450][ T6745] hsr_slave_0: entered promiscuous mode
[ 7256.170911][ T6745] hsr_slave_1: entered promiscuous mode
[ 7256.306269][ T6745] debugfs: 'hsr0' already exists in 'hsr'
[ 7256.345409][ T6745] Cannot create hsr debugfs directory
[ 7274.180494][ T6755] hsr_slave_0: entered promiscuous mode
[ 7274.280885][ T6755] hsr_slave_1: entered promiscuous mode
[ 7274.477619][ T6755] debugfs: 'hsr0' already exists in 'hsr'
[ 7274.493028][ T6755] Cannot create hsr debugfs directory
[ 7300.704396][ T6745] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 7302.625338][ T6745] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 7304.054808][ T6745] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 7305.397497][ T6745] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 7318.520949][ T6755] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 7319.426702][ T6755] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 7320.231250][ T6755] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 7321.375349][ T6755] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 7364.895770][ T6745] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7377.969500][ T6755] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7467.579011][   T27] INFO: task syz.6.648:6732 blocked for more than 430 seconds.
[ 7467.594978][   T27]       Not tainted syzkaller #0
[ 7467.656032][   T27]       Blocked by coredump.
[ 7467.658984][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 7467.684881][   T27] task:syz.6.648       state:D stack:0     pid:6732  tgid:6731  ppid:6277   task_flags:0x40044c flags:0x00000010
[ 7467.696546][   T27] Call trace:
[ 7467.697093][   T27]  __switch_to+0x584/0xb00 (T)
[ 7467.699279][   T27]  __schedule+0x200c/0x3428
[ 7467.699844][   T27]  schedule+0xac/0x27c
[ 7467.700353][   T27]  schedule_timeout+0x68/0x1ec
[ 7467.700841][   T27]  do_wait_for_common+0x28c/0x440
[ 7467.701327][   T27]  wait_for_completion+0x44/0x5c
[ 7467.701776][   T27]  __synchronize_srcu+0x2a4/0x320
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 7467.884186][   T27]  synchronize_srcu+0x3d0/0x4f8
[ 7467.889554][   T27]  __mmu_notifier_release+0x424/0x614
[ 7467.928103][   T27]  exit_mmap+0xbc/0xb8c
[ 7467.955497][   T27]  __mmput+0x10c/0x528
[ 7467.956268][   T27]  mmput+0x70/0xa8
[ 7467.957311][   T27]  exit_mm+0x158/0x248
[ 7467.957819][   T27]  do_exit+0x790/0x2378
[ 7467.958352][   T27]  do_group_exit+0x1d4/0x2ac
[ 7467.958838][   T27]  get_signal+0x1440/0x154c
[ 7467.959361][   T27]  arch_do_signal_or_restart+0x23c/0x4bac
[ 7467.959855][   T27]  exit_to_user_mode_loop+0x88/0x188
[ 7467.960335][   T27]  el0_svc+0x17c/0x238
[ 7467.960817][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 7467.961327][   T27]  el0t_64_sync+0x198/0x19c
[ 7468.114649][   T27] 
[ 7468.114649][   T27] Showing all locks held in the system:
[ 7468.153692][   T27] 1 lock held by khungtaskd/27:
[ 7468.165244][   T27]  #0: ffff800087a86d08 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44
[ 7468.168284][   T27] 2 locks held by getty/3200:
[ 7468.168729][   T27]  #0: 97f000001231e8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 7468.170615][   T27]  #1: eeff80008c80b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234
[ 7468.321086][   T27] 2 locks held by syz-executor/3333:
[ 7468.333200][   T27] 3 locks held by kworker/u4:1/5265:
[ 7468.333719][   T27] 3 locks held by kworker/u4:2/5681:
[ 7468.334061][   T27] 3 locks held by kworker/u4:4/5711:
[ 7468.334432][   T27] 3 locks held by kworker/u4:11/5720:
[ 7468.334767][   T27] 3 locks held by kworker/u4:13/5949:
[ 7468.335123][   T27] 4 locks held by kworker/0:3/6280:
[ 7468.335480][   T27] 2 locks held by kworker/u4:6/6405:
[ 7468.335782][   T27]  #0: 44f000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10
[ 7468.337939][   T27]  #1: ffff80008eb27c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10
[ 7468.339738][   T27] 2 locks held by kworker/u4:15/6514:
[ 7468.340583][   T27]  #0: 44f000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10
[ 7468.527052][   T27]  #1: ffff80008c7e7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10
[ 7468.555179][   T27] 2 locks held by kworker/0:0/6515:
[ 7468.555582][   T27] 3 locks held by kworker/u4:0/6692:
[ 7468.555920][   T27] 2 locks held by syz.7.647/6726:
[ 7468.556260][   T27] 3 locks held by kworker/u4:8/6750:
[ 7468.556995][   T27] 2 locks held by kworker/u4:10/6775:
[ 7468.557416][   T27] 3 locks held by kworker/u4:16/6844:
[ 7468.557749][   T27] 4 locks held by modprobe/6874:
[ 7468.558090][   T27] 1 lock held by modprobe/6875:
[ 7468.558622][   T27] 
[ 7468.558914][   T27] =============================================
[ 7468.558914][   T27] 
[ 7468.559854][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 7468.568689][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 7468.569843][   T27] Hardware name: linux,dummy-virt (DT)
[ 7468.570615][   T27] Call trace:
[ 7468.571357][   T27]  show_stack+0x2c/0x3c (C)
[ 7468.572191][   T27]  __dump_stack+0x30/0x40
[ 7468.572976][   T27]  dump_stack_lvl+0x30/0x12c
[ 7468.573767][   T27]  dump_stack+0x1c/0x28
[ 7468.574554][   T27]  vpanic+0x1d4/0x4e4
[ 7468.575233][   T27]  vpanic+0x0/0x4e4
[ 7468.575895][   T27]  hung_task_panic+0x0/0x2c
[ 7468.576710][   T27]  kthread+0x794/0x99c
[ 7468.577490][   T27]  ret_from_fork+0x10/0x20
[ 7468.579236][   T27] Kernel Offset: disabled
[ 7468.579829][   T27] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f
[ 7468.580724][   T27] Memory Limit: none
[ 7468.582872][   T27] Rebooting in 86400 seconds..