last executing test programs:

18m56.952050267s ago: executing program 0 (id=565):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
openat$kvm(0x0, 0x0, 0x101282, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x401]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
write$eventfd(r7, &(0x7f0000000040)=0x3, 0x8) (async)
openat$kvm(0x0, &(0x7f0000000000), 0x503080, 0x0) (async)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur2], 0x1) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}], 0xe0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
r13 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x21)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r14, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r14, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) (async)
r15 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)

18m49.133088583s ago: executing program 1 (id=566):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c021}}], 0x18}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0)
syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000001800000000000000000400000000000082000000000000002800001b00000000010000000000000001000000000000006c010000000000004600000000000000180000000000000002000000dd0200006e0000000000000030000000000000000100000000000000c202000000000000000000000000000001000000000d00006e0000000000000030000000000000000000060000000000010c00000000000000000000000000800600000000000000220100000000000040000000000000001000008400000000ff0700000000000006000000000000000200000000000000010e0000000000000900000000000000be000000000000001800000000000000dee6130000003060e6000000000000001800000000000000d200000000000000000000000000000018000000000000000104000000005fbd90437f0000aa0000000000000028000000000000000e0001000000080000000500000082080000040000000000be000000000000001800000000000000f1de13000000306014000000000000002000000000000000d3c41300000030600f0000"], 0x1a0}], 0x1, 0x0, &(0x7f0000000040)=[@featur1={0x1, 0xa1}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000080)={0xe8b4022312348772, 0x4000})

18m45.375863391s ago: executing program 0 (id=567):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454d8, 0x110e22ffff) (async)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0x801c581f, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000d90000/0x3000)=nil, r5, 0x3000007, 0x40010, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64)
r8 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bc2000/0x400000)=nil) (rerun: 64)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) (async, rerun: 64)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) (rerun: 64)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

18m40.193480093s ago: executing program 1 (id=568):
ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x493, 0x4, &(0x7f0000000000)=0x3})
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = eventfd2(0xffff10c0, 0x801)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8080000, 0x0, r3})
r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r3, 0x2d, 0x2, r3})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x6)
syz_kvm_setup_cpu$arm64(r6, 0xffffffffffffffff, &(0x7f00004ad000/0x400000)=nil, &(0x7f00000003c0)=[{0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000180000000000000001000000000000001e00000000000000400000000000000000080000000000000300000000000000020000000000000001000000000000000000000000000500000000000000320000000000000040000000000000000800008400000000060000000000000000040000000000000600000000000000070000000000000009000000000000001e0000000000000040000000000000000b000084000000008b6a0b5e000000000900000000000000000100000000000005000000000000000300000000000000aa0000000000000028000000000000000d00020000000d00000014000000040000000100000000000a000000000000005400000000000000007008d5008008d5007008d500a4000f00b8315e000008d5007008d5000008d5000028d5206a85d20020b8f2c10080d2620080d2c30080d2640080d2020000d4c0035fd6220100000000000040000000000000000e00008400000000060000000000000000000000000000000500000000000000090000000000000001000000000000000a000000000000009c00000000000000000028d5007008d500a09f0c000008d5a0028ed20080b0f2c10180d2420080d263018052240080d2020000d4008080c8000028d520e48ad200e0b8f2e10080d2a20080d2e30080d2640180d2020000d4c0d991d200e0b0f2010180d2620080d2230080d2e40180d2020000d480ac8bd20000b0f2c10180d2c20180d2430080d2840080d2020000d4c0035fd6aa000000000000002800000000000000030001000000080000000180000000000000040000000000aa00000000000000280000000000000003000200000006000000feffffff01000100040000000000000000000000000018000000000000000409000000000000320000000000000040000000000000000000008000000000040000000000000000000080000000001a0000000000000009000000000000000800000000000000be00000000000000180000000000000000000000000000001e0000000000000040000000000000000000003200000000000000000000000002000000000000006501000000000000fcffffffffffffff0600000000000000"], 0x330}], 0x1, 0x0, &(0x7f0000000400)=[@featur2={0x1, 0x4}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x0, 0x6000007, 0x13, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)

18m32.430239005s ago: executing program 0 (id=569):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
r7 = syz_kvm_vgic_v3_setup(r4, 0x1, 0x240)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x3, 0x0})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1})
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3f)
ioctl$KVM_CLEAR_DIRTY_LOG(r9, 0xc018aec0, &(0x7f0000000000)={0x1ff, 0x40, 0x0, &(0x7f0000000140)=[0x5, 0x8000, 0x8, 0x9, 0x80000000, 0xe813, 0x7, 0x7fffffff, 0x7fff, 0xfffffffffffffe00, 0x101, 0xf1, 0xffffffff, 0x5, 0x7, 0x6, 0x6, 0x4b53, 0x40, 0x200, 0x7fff, 0x8, 0x1, 0x9, 0x0, 0x9, 0x0, 0x1, 0x6, 0x7000, 0x4, 0x5, 0x9, 0x7fff, 0x100000001, 0xb627, 0xffffffffffffffff, 0x80000000, 0x8000000000000000, 0xa, 0x1, 0x5, 0xb1cf, 0x2de8a9a3, 0x5, 0x0, 0x100000001, 0x8000000000000, 0x3, 0x200, 0x80000001, 0x7, 0x4, 0x4, 0x1, 0x5, 0x4, 0x100, 0x3, 0x101, 0x6, 0x9, 0x2, 0x1, 0x8, 0x7, 0xfc0a, 0x0, 0x6, 0x7fffffffffffffff, 0x9, 0x2, 0xb516, 0x3, 0x8001, 0x4, 0x1, 0x9, 0x7ff, 0x3, 0xdf, 0x7, 0x3, 0x7fffffffffffffff, 0x6, 0x8, 0x8000, 0x8, 0xb, 0x37, 0x3, 0x8000, 0xac81, 0x3, 0x700, 0xe0e2, 0xffffffffffff8d82, 0x6, 0xfffffffffffffffb, 0x0, 0x6, 0x6, 0x200, 0x0, 0xfffffffffffffff5, 0xd, 0xfffffffffffffeff, 0x9cec, 0x6, 0xc, 0x7, 0x2, 0x5, 0x4, 0x8, 0xda29000000000, 0x6, 0x9, 0x8000000000000000, 0x8, 0x5, 0x2ca, 0x8, 0xfffffffffffff63b, 0x81, 0xffffffffffffffff, 0xcd5, 0x4000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

18m29.92787957s ago: executing program 1 (id=570):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000000)=[@irq_setup={0x46, 0x18, {0x1, 0xfa}}], 0x18}, &(0x7f0000000080)=[@featur2], 0x1)
ioctl$KVM_ARM_VCPU_FINALIZE(r0, 0x4004aec2, &(0x7f00000000c0)=0x1)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3f)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)={0x1, 0x0, [{0x1, 0x4, 0x1, 0x0, @adapter={0x5, 0x0, 0xa6d8, 0x6, 0x5}}]})
syz_kvm_setup_cpu$arm64(r1, r0, &(0x7f0000bfd000/0x400000)=nil, &(0x7f0000000440)=[{0x0, &(0x7f0000000140)=[@smc={0x1e, 0x40, {0x84000000, [0x80000001, 0xf726, 0x380, 0x6, 0x2]}}, @eret={0xe6, 0x18}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x1d1}}, @svc={0x122, 0x40, {0x2000001, [0x0, 0xffff, 0x5, 0xa, 0x4]}}, @irq_setup={0x46, 0x18, {0x0, 0x13d}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x800, 0x0, 0x1}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x3ba}}, @hvc={0x32, 0x40, {0x2000, [0x9, 0x8, 0xffffffffffffffff, 0x48000000000000, 0x4]}}, @uexit={0x0, 0x18, 0x90ac}, @hvc={0x32, 0x40, {0x80000000, [0x3, 0x400, 0x1, 0x9, 0x7]}}, @msr={0x14, 0x20, {0x603000000013c10b, 0x101}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x365}}, @svc={0x122, 0x40, {0x5000000, [0x1000, 0x3, 0x5, 0x7b6, 0x7]}}, @svc={0x122, 0x40, {0x84000009, [0xdb4, 0x8, 0x8, 0xe, 0x4]}}, @eret={0xe6, 0x18}, @smc={0x1e, 0x40, {0xc5000021, [0x7, 0x3, 0x0, 0x4, 0x4]}}], 0x2e8}], 0x1, 0x0, &(0x7f0000000480)=[@featur2={0x1, 0x8}], 0x1)
ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f00000008c0)={0x1, 0x2c0, 0x0, &(0x7f00000004c0)=[0x100, 0x1, 0x5, 0x7, 0x7, 0x3, 0x9, 0x2, 0x5, 0x80, 0x7, 0x2, 0x2, 0x8, 0x3, 0x7fff, 0x8, 0x1, 0x6, 0x8, 0x8, 0x3a46, 0x7ff, 0x6, 0x7, 0x1, 0x3, 0x800000000000, 0x7, 0x1, 0x7, 0x60f, 0xbd, 0x7f, 0x7, 0x4, 0x3, 0x0, 0xe4d, 0x1, 0x3517, 0xfffffffffffffffb, 0x4, 0x7, 0x0, 0x101, 0x52d, 0x8, 0x2, 0x7, 0x6, 0x4, 0x2, 0xfff, 0x101, 0x3, 0x3, 0x101, 0x120, 0x8, 0x8, 0x6, 0x8, 0xc2, 0x7, 0x9, 0x7, 0x7, 0xede9, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1, 0x2, 0xf317, 0x7, 0xc, 0x10000, 0x6, 0x83a, 0x6, 0x2, 0x40000000000, 0x1, 0x7, 0x100, 0x8, 0x6, 0x2, 0xe, 0x400, 0x5, 0xfffffffffffffffc, 0x2000000000000, 0x8, 0x3, 0x1, 0x5, 0x4, 0x647, 0x8, 0x80, 0x7f, 0x6, 0x400, 0x9, 0x0, 0x9, 0x4, 0x56, 0xffffffff, 0x800, 0x100000000, 0x0, 0xbc, 0x9, 0x8000, 0xe, 0x4000000, 0xfffffffffffffff7, 0x80, 0xa, 0x9, 0x323c80, 0x4, 0x9, 0x7, 0x3]})
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000900)={0x10002, 0x0, &(0x7f0000f48000/0x3000)=nil})
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000940)={0xb6, 0x0, 0x6})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000a00)=@attr_other={0x0, 0x4, 0x5, &(0x7f00000009c0)=0x4e})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000a80)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000a40)={0xe, 0x7fff}})
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000ac0)=@arm64)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000ec0)={0x0, &(0x7f0000000b00)=[@svc={0x122, 0x40, {0x84004208, [0x4, 0x9, 0x8, 0x985a, 0x8]}}, @eret={0xe6, 0x18, 0x2ee8000000000000}, @uexit={0x0, 0x18, 0x4}, @irq_setup={0x46, 0x18, {0x2, 0x337}}, @irq_setup={0x46, 0x18, {0x4, 0xbc}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x2, 0x3, 0xa, 0x8, 0x2}}, @msr={0x14, 0x20, {0x603000000013dee5, 0x80000000}}, @svc={0x122, 0x40, {0x40000000, [0x9, 0xb76f, 0xfff, 0x8, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x3, 0x1}}, @smc={0x1e, 0x40, {0x5000000, [0x1, 0x6, 0x6, 0x8d, 0x9]}}, @msr={0x14, 0x20, {0x603000000013c014, 0x2330}}, @uexit={0x0, 0x18, 0x8}, @uexit={0x0, 0x18, 0x5}, @hvc={0x32, 0x40, {0x6000000, [0x1, 0xa, 0x8001, 0x7fff, 0x6b09]}}, @code={0xa, 0xb4, {"0028214e60c596d20080b8f2410080d2020180d2030080d2640180d2020000d4000008d5a07c9fd20020b0f2810180d2a20180d2e30080d2240180d2020000d4808c8bd200c0b0f2210180d2a20180d2030180d2640080d2020000d4000028d50050800f205a99d200a0b8f2c10180d2620180d2230080d2e40180d2020000d40024c09a00698ad20020b0f2010080d2620180d2230180d2040180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x300, 0x3, 0xc}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x6, 0x6c4b, 0x0, 0x3}}, @uexit={0x0, 0x18, 0x3}, @smc={0x1e, 0x40, {0x84000009, [0x4, 0xad82, 0x100000000, 0x7, 0xfff]}}, @eret={0xe6, 0x18, 0x10}, @mrs={0xbe, 0x18, {0x603000000013c101}}], 0x3bc}, &(0x7f0000000f00)=[@featur2={0x1, 0x40}], 0x1)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r3, 0x4018aee3, &(0x7f0000000f80)=@attr_other={0x0, 0xa9c, 0x3, &(0x7f0000000f40)=0x3})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000fc0)={0x9, <r4=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000001040)=@attr_other={0x0, 0xffffff2c, 0x80000000000000, &(0x7f0000001000)=0xc})
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000001480)={0x10001, 0x100, 0x180, &(0x7f0000001080)=[0x781f, 0x0, 0x8000000000000001, 0x8a, 0x100000000, 0x1, 0x6, 0x0, 0x6, 0x4b, 0x6, 0x7ff, 0xfffffffffffffffe, 0x0, 0x5, 0x1, 0x0, 0x2, 0x5, 0x5, 0x4, 0xffffffff, 0x7fffffffffffffff, 0x4769, 0x6, 0x100, 0x3, 0x49, 0xfe42, 0x100000000, 0x1, 0xc134, 0x8, 0x7fffffff, 0x400, 0x27baf211, 0x4602, 0x8000, 0x6, 0x1, 0x70b, 0x8000000000000001, 0x6, 0x5, 0x5, 0x10, 0x3, 0x1, 0x0, 0x7, 0x0, 0x3, 0x8, 0x7, 0x0, 0xcf5, 0x9, 0xffffffffffffffff, 0x3, 0x5d1, 0x8000, 0x4, 0x2, 0x3ff, 0x9, 0x1, 0x7b, 0xb, 0x2c14d4b6, 0x15, 0x7f, 0x32, 0xff, 0xfffffffffffffff9, 0x1, 0x2, 0x1, 0x7fffffff, 0x2, 0x43c, 0x7fff, 0x401, 0x0, 0x5019, 0x9, 0x9, 0x0, 0x9, 0x6, 0x3, 0xd2, 0x7, 0x80000000, 0x0, 0xffffffffffffff94, 0x100000001, 0x5, 0x100000000, 0x7c9, 0x8, 0x401, 0x0, 0x3, 0xa, 0x3, 0x2311, 0x4, 0x7, 0x401, 0x3, 0xfffffffffffff001, 0x1, 0xb084, 0xd6e, 0x2, 0x100000001, 0x401, 0x9, 0x7, 0x4, 0xfffffffffffffffd, 0x3, 0x9, 0x9, 0xb7, 0x3e, 0xfffffffffffffff9, 0x7]})
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001700)={0x0, &(0x7f00000014c0)=[@irq_setup={0x46, 0x18, {0x3, 0xda}}, @smc={0x1e, 0x40, {0x800, [0x0, 0x6, 0x2, 0x6f, 0x7]}}, @uexit={0x0, 0x18, 0x7}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x78, 0x9, 0xe}}, @msr={0x14, 0x20, {0x603000000013df4f, 0x2}}, @code={0xa, 0x6c, {"204a96d200e0b8f2010180d2820080d2430180d2640080d2020000d4007008d5000008d5000028d5008008d5000008d5007008d5007008d5007008d520be8fd20040b0f2c10180d2620180d2a30180d2440180d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x1, 0xb, 0x7, 0x8c}}, @smc={0x1e, 0x40, {0x80003fff, [0x8, 0x2, 0x7, 0x5750, 0x59]}}, @mrs={0xbe, 0x18, {0x603000000013e6d4}}, @mrs={0xbe, 0x18, {0x603000000013dce4}}, @svc={0x122, 0x40, {0x84000052, [0x9, 0x4, 0x8, 0x1000, 0x5]}}, @eret={0xe6, 0x18, 0x100000000}], 0x234}, &(0x7f0000001740)=[@featur2], 0x1)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r5, 0x4018aee2, &(0x7f00000017c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000001780)=0x2})
mmap$KVM_VCPU(&(0x7f0000e56000/0x1000)=nil, 0x0, 0x2000001, 0x100010, r0, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r2, 0x4010aeb5, &(0x7f0000001800)={0xffffffffffffffff, 0x400})
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000001840)={0xb6, 0x0, 0x9})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f00000018c0)={0x6, [0x8, 0x80000000, 0x4, 0x8, 0x5, 0x461b]})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000001900)={0x101ff, 0x0, &(0x7f0000ff9000/0x4000)=nil})
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000001980)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000001940)={0x6, 0x7fff, 0x1}})
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001ec0)={0x0, &(0x7f00000019c0)=[@eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x234, [0x9, 0x80000001, 0x8, 0x2, 0x10001]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0x9, 0x9, 0x8001, 0x4}}, @code={0xa, 0xb4, {"000028d5007008d5609391d20080b8f2010080d2020180d2a30080d2440180d2020000d4000187d200e0b8f2210080d2220080d2430180d2640180d2020000d4008008d5809b9fd200a0b0f2a10180d2220180d2430180d2640080d2020000d4003391d200e0b0f2010180d2420180d2230080d2840180d2020000d4008008d580cc92d20040b8f2a10180d2220080d2c30080d2640180d2020000d4007008d5"}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x221}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x16e}}, @irq_setup={0x46, 0x18, {0x2, 0x44}}, @mrs={0xbe, 0x18, {0x603000000013803d}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0x10, 0xffffff80, 0x1000, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x3, 0x9, 0x1ff, 0x1, 0x1}}, @hvc={0x32, 0x40, {0x32000000, [0x14f, 0x5, 0x7, 0x37ec, 0x3]}}, @svc={0x122, 0x40, {0x80, [0x1, 0x4, 0x800000000000, 0x2, 0x4]}}, @msr={0x14, 0x20, {0x603000000013c681, 0x5}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0xb, 0x8}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x3fd}}, @hvc={0x32, 0x40, {0x1, [0x5, 0x7, 0x2, 0x7fffffff, 0x7]}}, @code={0xa, 0xb4, {"001581d200c0b0f2810180d2820180d2830180d2c40080d2020000d4007008d5000008d5802a97d20000b0f2810180d2820180d2a30080d2c40180d2020000d4007008d50034200e605989d20080b0f2c10080d2e20080d2c30180d2240180d2020000d4a08584d20040b0f2410180d2620080d2030080d2c40180d2020000d4000800b8207496d20060b0f2e10180d2620180d2830080d2840180d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013e100, 0x5}}, @eret={0xe6, 0x18}, @eret={0xe6, 0x18, 0x100000001}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x3, 0xf, 0x6, 0x2ea4, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013e6d3}}, @hvc={0x32, 0x40, {0x0, [0x7, 0x1, 0x7, 0x7, 0xffffffffffffffff]}}, @svc={0x122, 0x40, {0xc4000014, [0x4a68b756, 0x7, 0x6, 0xcdff, 0x8]}}], 0x500}, &(0x7f0000001f00)=[@featur2={0x1, 0x60}], 0x1)
eventfd2(0x3, 0x80800)
close(r0)

18m22.79439852s ago: executing program 1 (id=571):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000640)={0x0, &(0x7f0000000180)=[@uexit={0x0, 0x18, 0xffff}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x79}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x2, 0x8, 0x0, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x1, 0xd, 0x1, 0x7, 0x4}}, @hvc={0x32, 0x40, {0x86000001, [0x9, 0x8, 0x5, 0x3, 0xff]}}, @hvc={0x32, 0x40, {0x84000012, [0x3, 0xb, 0xffff, 0xa, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x7fff, 0x2, 0x0, 0x4018, 0x2}}, @code={0xa, 0x9c, {"007008d5000c40fca0da94d200e0b0f2410080d2220080d2230180d2a40180d2020000d4007008d5008008d50068284e20799bd200c0b0f2010080d2820080d2c30180d2840080d2020000d4002cc01ae04d89d200a0b0f2e10180d2e20080d2830180d2240080d2020000d4a01486d20040b8f2a10080d2020080d2030080d2040180d2020000d4"}}, @eret={0xe6, 0x18, 0x7fffffffffffffff}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x1, 0x9, 0x4, 0xb, 0x1}}, @code={0xa, 0x54, {"007008d500004093008000c8007008d50000409300008013007008d50038601e0020600da0808cd20080b8f2610080d2220080d2830080d2e40180d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x3, 0x4, 0xb, 0x5, 0x2}}, @code={0xa, 0x9c, {"20d991d200c0b0f2c10180d2620180d2430080d2440180d2020000d40000201f604b84d200e0b8f2610180d2220080d2430080d2040080d2020000d4009887d200c0b8f2a10180d2820180d2230180d2c40080d2020000d41f0020ab000028d50020c09a40ad9cd200a0b0f2410180d2e20080d2430080d2840180d2020000d4000040bc000008d5"}}, @code={0xa, 0x9c, {"803189d20080b8f2410080d2220080d2430080d2040080d2020000d4406691d20080b8f2610080d2020080d2430180d2e40080d2020000d4007008d5200683d20000b0f2610080d2620080d2230080d2040180d2020000d40000039e007008d5007008d51f2003d5004cc09a206384d200e0b8f2a10180d2820080d2030080d2e40180d2020000d4"}}, @hvc={0x32, 0x40, {0x84000050, [0x100, 0x800, 0x5, 0x4]}}, @eret={0xe6, 0x18, 0x1825}, @smc={0x1e, 0x40, {0x84000003, [0x8, 0x8, 0x2, 0x80, 0x7fff]}}, @hvc={0x32, 0x40, {0x4000, [0xffffffffffffffff, 0xffffffffffff907a, 0x1f, 0x7, 0xfff]}}], 0x4a0}, &(0x7f0000000680)=[@featur2={0x1, 0x84}], 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f00000006c0))
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x35, 0xb000, 0x4, 0xffffffffffffffff, 0x5})
mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0xc, 0x5c1fd1b656cf3f1, 0xffffffffffffffff, 0x20000000)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x38)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013c600, 0xfefefee0}}], 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c600, &(0x7f0000000140)})
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r3, 0x4068aea3, &(0x7f0000000000))

18m18.894301937s ago: executing program 0 (id=572):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x400600, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x2, 0x100)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) (async)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
close(r2) (async)
close(r2)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x2, 0x100)

18m13.402509818s ago: executing program 1 (id=573):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000240)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c00a}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x84000010, [0x40000000008, 0x939, 0x12, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000000)={0x7})
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000})
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000000c0)={0x8})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, <r12=>0xffffffffffffffff, 0x1})
write$eventfd(r12, &(0x7f0000000040)=0x3, 0x8)
openat$kvm(0x0, &(0x7f0000000000), 0x503080, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur2], 0x1)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
ioctl$KVM_SIGNAL_MSI(r9, 0x4020aea5, &(0x7f0000000000)={0x6000, 0x0, 0x0, 0x1})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

18m12.029464349s ago: executing program 0 (id=574):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x4, 0x7, 0x0})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f00000002c0)={0x4, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, 0xffffffffffffffff)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)={0xa8, 0x0, 0x3})
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
close(0x4)
close(0x5)
mmap$KVM_VCPU(&(0x7f0000ec2000/0x3000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000380)=[@eret={0xe6, 0x18, 0x8}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x199}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x399}}, @irq_setup={0x46, 0x18, {0x2, 0x107}}, @eret={0xe6, 0x18, 0x10}, @uexit={0x0, 0x18, 0x2}, @uexit={0x0, 0x18, 0x34e}, @smc={0x1e, 0x40, {0x20, [0x3, 0x80, 0x400, 0x4, 0xc9a]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0xb, 0x6, 0x5}}, @irq_setup={0x46, 0x18, {0x4, 0xb6}}, @svc={0x122, 0x40, {0x8400000d, [0xe, 0x6, 0x7, 0x9, 0x6]}}, @hvc={0x32, 0x40, {0x8500202b, [0x2, 0x4, 0x5, 0x8, 0x2]}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x230}}, @code={0xa, 0xb4, {"000008d560ef92d20040b8f2810180d2820180d2e30080d2c40080d2020000d4e0069ed20080b8f2a10180d2e20180d2630180d2e40080d2020000d4000840fa406a9cd20040b0f2210180d2620180d2a30180d2640180d2020000d40060202e000028d5e0d18bd20080b8f2a10080d2620180d2a30180d2e40080d2020000d40014000fe01999d200e0b0f2c10080d2420080d2630180d2440080d2020000d4"}}, @svc={0x122, 0x40, {0x84000011, [0x4, 0x200, 0x3, 0x10000000000000e3, 0x6]}}, @uexit={0x0, 0x18, 0x8}, @irq_setup={0x46, 0x18, {0x3, 0x2f1}}, @eret={0xe6, 0x18, 0x4}], 0x32c}, &(0x7f0000000040)=[@featur1={0x1, 0x22}], 0x1)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r12, 0x4010aeab, &(0x7f0000000080)={0x5, 0x9000})
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x7f, &(0x7f0000000340)=0x6})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r11, 0xc018aec0, &(0x7f00000000c0)={0x1})
ioctl$KVM_GET_REG_LIST(r12, 0xc008aeb0, &(0x7f0000000100)={0x1, [0xfffffffffffff734]})
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

17m59.925061786s ago: executing program 1 (id=575):
r0 = eventfd2(0x7, 0x80001)
r1 = eventfd2(0x7, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x7, 0x0, r1})
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x39)
syz_kvm_vgic_v3_setup(r2, 0x4, 0x240)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f0000000080))
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x48080, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r7, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x2, 0x7, &(0x7f0000000140)=0x4})
r8 = ioctl$KVM_GET_STATS_FD_vm(r7, 0xaece)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f00000001c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x6})
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r8, 0x4068aea3, &(0x7f0000000200))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000280)={0x10000, 0x4, 0x58000, 0x2000, &(0x7f0000fdf000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r7, 0x4010ae42, &(0x7f00000002c0)={0x10201, 0x0, &(0x7f0000ffd000/0x1000)=nil})
r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2b)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r9, 0x4018aee3, &(0x7f0000000340)=@attr_other={0x0, 0x6, 0x39e, &(0x7f0000000300)=0x6})
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000380)={0x2, 0x2, 0x1, r8, 0x8})
close(r9)
syz_kvm_setup_cpu$arm64(r9, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000900)=[{0x0, &(0x7f00000003c0)=[@smc={0x1e, 0x40, {0x8400000d, [0x0, 0x3, 0x4, 0x7, 0x3]}}, @smc={0x1e, 0x40, {0x1, [0x1000000000000000, 0xa00, 0x3, 0x80000000, 0x4]}}, @uexit={0x0, 0x18, 0x2}, @smc={0x1e, 0x40, {0x32000000, [0x53c46485, 0x3, 0x3c, 0xc9ea, 0x100000000]}}, @irq_setup={0x46, 0x18, {0x3, 0xc0}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x2e5}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x2, 0x4, 0x6, 0x7, 0x1}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0xa2}}, @hvc={0x32, 0x40, {0x40a, [0x5, 0x6, 0xfff, 0x2, 0x7]}}, @svc={0x122, 0x40, {0x3f000000, [0x200, 0x3159, 0xcc, 0x2, 0x1]}}, @msr={0x14, 0x20, {0x603000000013d807, 0x8}}, @hvc={0x32, 0x40, {0xffff, [0x0, 0x80000001, 0x7fffffffffffffff, 0x2, 0x2]}}, @eret={0xe6, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013e6d8}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x2f5}}, @msr={0x14, 0x20, {0x603000000013802d, 0x6}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x5, 0x3, 0x1, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x158}}, @mrs={0xbe, 0x18, {0x603000000013f200}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0xaa, 0x14}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x229}}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0x69b, 0x6, 0x7}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x78, 0x9, 0x3}}, @svc={0x122, 0x40, {0xc4000804, [0x0, 0x1, 0x80000001, 0x9, 0xffffffffffffffff]}}, @irq_setup={0x46, 0x18, {0x1, 0x1bd}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0xb, 0x200, 0xffffffc0, 0x4}}, @hvc={0x32, 0x40, {0x84000002, [0x5, 0x3b69, 0x4, 0xfffffffffffffffe, 0x8]}}, @msr={0x14, 0x20, {0x603000000013deba, 0x2}}, @smc={0x1e, 0x40, {0x8400000d, [0x2, 0x7f, 0xb, 0x5, 0x6]}}, @irq_setup={0x46, 0x18, {0x4, 0x3d4}}], 0x518}], 0x1, 0x0, &(0x7f0000000940)=[@featur1={0x1, 0x1}], 0x1)
ioctl$KVM_GET_REG_LIST(r5, 0xc008aeb0, &(0x7f0000000980)={0x8, [0x7fffffffffffffff, 0x7, 0x2, 0x8, 0x401, 0x1, 0x7, 0x4]})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfe000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000a40)={0x0, &(0x7f0000000a00)=[@uexit={0x0, 0x18, 0x4}], 0x18}, &(0x7f0000000a80)=[@featur1={0x1, 0x40}], 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000000ac0)=@arm64)
ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f0000000b00)={0x2, 0x2})
munmap(&(0x7f0000ca1000/0x2000)=nil, 0x2000)

17m54.772910165s ago: executing program 0 (id=576):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_vgic_v3_setup(r2, 0x3, 0x340)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x1, &(0x7f0000000380)=0x40000000000495})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000680)={0x80a0000})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, &(0x7f0000000600)={0xdddd1000, 0x9000, 0x5, 0x1, 0xe})
syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f00000003c0)=[@hvc={0x32, 0x40, {0x8, [0x4, 0x0, 0x7, 0x7, 0x2]}}, @memwrite={0x6e, 0x30, @generic={0x58000, 0x480, 0x80}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x1, 0x0, 0x4, 0x3, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013f664}}, @irq_setup={0x46, 0x18, {0x4, 0x33a}}, @svc={0x122, 0x40, {0xc5000020, [0xf28e, 0x401, 0x6, 0x3, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013806d}}, @code={0xa, 0xb4, {"000020cb0094004f802f9bd200c0b0f2e10080d2c20080d2a30180d2c40180d2020000d420c592d200e0b8f2610180d2820080d2630180d2e40080d2020000d4008008d520eb93d20060b0f2210180d2a20180d2830180d2a40180d2020000d4800c82d20020b8f2c10080d2420180d2430080d2640180d2020000d4a02c91d20020b0f2010180d2a20080d2830180d2c40080d2020000d4000008d50004403c"}}, @irq_setup={0x46, 0x18, {0x3, 0x88}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x223}}, @irq_setup={0x46, 0x18, {0x0, 0x21}}], 0x22c}], 0x1, 0x0, &(0x7f0000000300)=[@featur1={0x1, 0x71}], 0x1)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r7, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0)
ioctl$KVM_GET_REGS(r7, 0x8360ae81, &(0x7f0000000240))
r8 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x101000, 0x0)
ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x7fffffff})
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x101800, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000700)={0x7, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
ioctl$KVM_GET_DEVICE_ATTR(r12, 0x4018aee2, &(0x7f0000000340)=@attr_other={0x0, 0x5, 0x8, &(0x7f0000000000)=0xcb1})
ioctl$KVM_IRQ_LINE_STATUS(r4, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})
ioctl$KVM_GET_DEVICE_ATTR_vm(r4, 0x4018aee2, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0xffffffff, 0x100}})

17m13.592504074s ago: executing program 32 (id=575):
r0 = eventfd2(0x7, 0x80001)
r1 = eventfd2(0x7, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x7, 0x0, r1})
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x39)
syz_kvm_vgic_v3_setup(r2, 0x4, 0x240)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f0000000080))
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x48080, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r7, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x2, 0x7, &(0x7f0000000140)=0x4})
r8 = ioctl$KVM_GET_STATS_FD_vm(r7, 0xaece)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f00000001c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x6})
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r8, 0x4068aea3, &(0x7f0000000200))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000280)={0x10000, 0x4, 0x58000, 0x2000, &(0x7f0000fdf000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r7, 0x4010ae42, &(0x7f00000002c0)={0x10201, 0x0, &(0x7f0000ffd000/0x1000)=nil})
r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2b)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r9, 0x4018aee3, &(0x7f0000000340)=@attr_other={0x0, 0x6, 0x39e, &(0x7f0000000300)=0x6})
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000380)={0x2, 0x2, 0x1, r8, 0x8})
close(r9)
syz_kvm_setup_cpu$arm64(r9, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000900)=[{0x0, &(0x7f00000003c0)=[@smc={0x1e, 0x40, {0x8400000d, [0x0, 0x3, 0x4, 0x7, 0x3]}}, @smc={0x1e, 0x40, {0x1, [0x1000000000000000, 0xa00, 0x3, 0x80000000, 0x4]}}, @uexit={0x0, 0x18, 0x2}, @smc={0x1e, 0x40, {0x32000000, [0x53c46485, 0x3, 0x3c, 0xc9ea, 0x100000000]}}, @irq_setup={0x46, 0x18, {0x3, 0xc0}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x2e5}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x2, 0x4, 0x6, 0x7, 0x1}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0xa2}}, @hvc={0x32, 0x40, {0x40a, [0x5, 0x6, 0xfff, 0x2, 0x7]}}, @svc={0x122, 0x40, {0x3f000000, [0x200, 0x3159, 0xcc, 0x2, 0x1]}}, @msr={0x14, 0x20, {0x603000000013d807, 0x8}}, @hvc={0x32, 0x40, {0xffff, [0x0, 0x80000001, 0x7fffffffffffffff, 0x2, 0x2]}}, @eret={0xe6, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013e6d8}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x2f5}}, @msr={0x14, 0x20, {0x603000000013802d, 0x6}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x5, 0x3, 0x1, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x158}}, @mrs={0xbe, 0x18, {0x603000000013f200}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0xaa, 0x14}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x229}}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0x69b, 0x6, 0x7}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x78, 0x9, 0x3}}, @svc={0x122, 0x40, {0xc4000804, [0x0, 0x1, 0x80000001, 0x9, 0xffffffffffffffff]}}, @irq_setup={0x46, 0x18, {0x1, 0x1bd}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0xb, 0x200, 0xffffffc0, 0x4}}, @hvc={0x32, 0x40, {0x84000002, [0x5, 0x3b69, 0x4, 0xfffffffffffffffe, 0x8]}}, @msr={0x14, 0x20, {0x603000000013deba, 0x2}}, @smc={0x1e, 0x40, {0x8400000d, [0x2, 0x7f, 0xb, 0x5, 0x6]}}, @irq_setup={0x46, 0x18, {0x4, 0x3d4}}], 0x518}], 0x1, 0x0, &(0x7f0000000940)=[@featur1={0x1, 0x1}], 0x1)
ioctl$KVM_GET_REG_LIST(r5, 0xc008aeb0, &(0x7f0000000980)={0x8, [0x7fffffffffffffff, 0x7, 0x2, 0x8, 0x401, 0x1, 0x7, 0x4]})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfe000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000a40)={0x0, &(0x7f0000000a00)=[@uexit={0x0, 0x18, 0x4}], 0x18}, &(0x7f0000000a80)=[@featur1={0x1, 0x40}], 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000000ac0)=@arm64)
ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f0000000b00)={0x2, 0x2})
munmap(&(0x7f0000ca1000/0x2000)=nil, 0x2000)

17m10.412047203s ago: executing program 33 (id=576):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_vgic_v3_setup(r2, 0x3, 0x340)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x1, &(0x7f0000000380)=0x40000000000495})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000680)={0x80a0000})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, &(0x7f0000000600)={0xdddd1000, 0x9000, 0x5, 0x1, 0xe})
syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f00000003c0)=[@hvc={0x32, 0x40, {0x8, [0x4, 0x0, 0x7, 0x7, 0x2]}}, @memwrite={0x6e, 0x30, @generic={0x58000, 0x480, 0x80}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x1, 0x0, 0x4, 0x3, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013f664}}, @irq_setup={0x46, 0x18, {0x4, 0x33a}}, @svc={0x122, 0x40, {0xc5000020, [0xf28e, 0x401, 0x6, 0x3, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013806d}}, @code={0xa, 0xb4, {"000020cb0094004f802f9bd200c0b0f2e10080d2c20080d2a30180d2c40180d2020000d420c592d200e0b8f2610180d2820080d2630180d2e40080d2020000d4008008d520eb93d20060b0f2210180d2a20180d2830180d2a40180d2020000d4800c82d20020b8f2c10080d2420180d2430080d2640180d2020000d4a02c91d20020b0f2010180d2a20080d2830180d2c40080d2020000d4000008d50004403c"}}, @irq_setup={0x46, 0x18, {0x3, 0x88}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x223}}, @irq_setup={0x46, 0x18, {0x0, 0x21}}], 0x22c}], 0x1, 0x0, &(0x7f0000000300)=[@featur1={0x1, 0x71}], 0x1)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r7, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0)
ioctl$KVM_GET_REGS(r7, 0x8360ae81, &(0x7f0000000240))
r8 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x101000, 0x0)
ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x7fffffff})
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x101800, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000700)={0x7, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
ioctl$KVM_GET_DEVICE_ATTR(r12, 0x4018aee2, &(0x7f0000000340)=@attr_other={0x0, 0x5, 0x8, &(0x7f0000000000)=0xcb1})
ioctl$KVM_IRQ_LINE_STATUS(r4, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})
ioctl$KVM_GET_DEVICE_ATTR_vm(r4, 0x4018aee2, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0xffffffff, 0x100}})

10m55.86322366s ago: executing program 2 (id=583):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100008, &(0x7f0000000240)=0x9})
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3)
syz_kvm_vgic_v3_setup(r9, 0x0, 0x0)
close(0x4)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18})
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000080)=0x2})
mmap$KVM_VCPU(&(0x7f0000fa6000/0x12000)=nil, r3, 0x0, 0x110, r12, 0x0)
close(0x5)
syz_kvm_setup_cpu$arm64(r1, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100016, &(0x7f0000000100)=0xc5c5})

10m34.221374509s ago: executing program 2 (id=585):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000040)={0x5})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r2, 0x4010aeb5, &(0x7f0000000000)={0xbf4})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0x5451, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfd000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x800454e0, 0x110c230000)
r7 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000b67000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000b80)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000003, [0xa00000000, 0x4, 0x4, 0x9, 0x4d]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x0, 0x380)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000000)=@attr_irq_timer={0x0, 0x1, 0xf19ab392b7228c10, &(0x7f0000000200)=0x1b})
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f00000000c0)={0x2, 0x300, 0x3c0, &(0x7f0000000c00)=[0x0, 0x9, 0x10, 0x3, 0xfffffffffffffbd7, 0x101, 0x1, 0xb37, 0x78, 0x5, 0x2a5f108d, 0x80000001, 0xfffffffffffffff8, 0x7, 0x2, 0x0, 0x2, 0x4, 0x101, 0x9, 0x6, 0x1, 0x2, 0xfffffffffffffff8, 0x695, 0x0, 0x7ff, 0x7, 0x7fffffff, 0x4, 0x7ee1, 0x0, 0x1, 0x7, 0xffffffffffffff01, 0x4, 0x9, 0xc, 0xffffffff, 0xfffffffffffff7bd, 0x81, 0x800, 0xffffffffffff78e2, 0x3, 0x3, 0xfff, 0x7, 0x5, 0x0, 0x2, 0x101, 0x5, 0x3, 0x7, 0xffffffffffffffff, 0x5, 0x2, 0x8, 0x40, 0x80000000, 0x7, 0x8, 0x5, 0xc, 0x6, 0x3, 0x5, 0x0, 0x7, 0xb, 0x7, 0x6, 0x8f64, 0xd, 0x1ff, 0x6, 0x2, 0x2000000000000400, 0x7ec, 0x20000008, 0x6, 0x9, 0x4, 0x3, 0x1, 0x3ff, 0x1, 0xbb5, 0x5, 0x2, 0x4, 0x1000, 0x0, 0x4, 0x9, 0x49, 0x8, 0x6, 0x1, 0x1, 0x3, 0x1, 0xfffffffffffffff8, 0x6, 0x7, 0x0, 0x4, 0x8, 0x0, 0x8000, 0x1, 0x1, 0x100, 0x52b8f15e, 0x4, 0x3, 0x10001, 0x5, 0x2, 0x47d5000000, 0x0, 0x6, 0x4, 0x8, 0x1, 0x4, 0x100000001, 0x1]})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000280)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
r15 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x4, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r15, 0xae80, 0x0)

10m20.817303662s ago: executing program 3 (id=586):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000240)={0xb6, 0x0, 0x800000000000001})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000140)={0xc, 0xfff9, 0x1}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xf)
r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000000)=[@code={0xa, 0x84, {"e0989ed200a0b8f2610180d2a20080d2830080d2640180d2020000d460e79fd20020b8f2a10180d2e20080d2230180d2840180d2020000d40020ff0d0040241e000000b90080000d007008d50008203c0000431e004295d20080b0f2610080d2620080d2a30180d2c40080d2020000d4"}}, @eret={0xe6, 0x18, 0x81}, @eret={0xe6, 0x18, 0x2}, @eret={0xe6, 0x18, 0x10}, @mrs={0xbe, 0x18, {0x603000000013c011}}, @uexit={0x0, 0x18, 0x9}, @hvc={0x32, 0x40, {0x84000053, [0x0, 0x0, 0x50, 0xbba5]}}, @eret={0xe6, 0x18}, @msr={0x14, 0x20, {0x603000000013df70, 0x5}}], 0x174}, &(0x7f0000000200)=[@featur2={0x1, 0xaf}], 0x1)
ioctl$KVM_GET_SREGS(r6, 0x8000ae83, &(0x7f0000000300))
ioctl$KVM_GET_API_VERSION(r5, 0xae00, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) (async)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000240)={0xb6, 0x0, 0x800000000000001}) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3) (async)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000140)={0xc, 0xfff9, 0x1}}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xf) (async)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000000)=[@code={0xa, 0x84, {"e0989ed200a0b8f2610180d2a20080d2830080d2640180d2020000d460e79fd20020b8f2a10180d2e20080d2230180d2840180d2020000d40020ff0d0040241e000000b90080000d007008d50008203c0000431e004295d20080b0f2610080d2620080d2a30180d2c40080d2020000d4"}}, @eret={0xe6, 0x18, 0x81}, @eret={0xe6, 0x18, 0x2}, @eret={0xe6, 0x18, 0x10}, @mrs={0xbe, 0x18, {0x603000000013c011}}, @uexit={0x0, 0x18, 0x9}, @hvc={0x32, 0x40, {0x84000053, [0x0, 0x0, 0x50, 0xbba5]}}, @eret={0xe6, 0x18}, @msr={0x14, 0x20, {0x603000000013df70, 0x5}}], 0x174}, &(0x7f0000000200)=[@featur2={0x1, 0xaf}], 0x1) (async)
ioctl$KVM_GET_SREGS(r6, 0x8000ae83, &(0x7f0000000300)) (async)
ioctl$KVM_GET_API_VERSION(r5, 0xae00, 0x0) (async)

10m4.792296426s ago: executing program 2 (id=587):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead)
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f0000000040)=@riscv64_aia_csr={0x8030000003010003, &(0x7f0000000000)=0x8})
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8900, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f00000000c0)=@arm64={0xc, 0x6, 0x10, '\x00', 0x6})
ioctl$KVM_SET_SREGS(r2, 0x4000ae84, &(0x7f0000000100)={{0x40000, 0x0, 0x8, 0x21, 0xf, 0x8, 0x4, 0x10, 0x72, 0x3, 0x7, 0x7}, {0xc000, 0x3000, 0xd, 0x97, 0x6, 0x4, 0x8, 0x4b, 0x63, 0x64, 0x79, 0x3}, {0xffff1000, 0xeeee8000, 0x9, 0x3, 0x2, 0xf7, 0x7, 0x3c, 0x10, 0x6, 0x50, 0xd}, {0x41000, 0x7000, 0xd, 0x9a, 0x82, 0x6, 0x8, 0x0, 0x4, 0x9, 0x93, 0x40}, {0x41000, 0x100000, 0x9, 0xd7, 0x7, 0x2, 0xb, 0x2e, 0x6, 0x10, 0x6}, {0x6000, 0xdddd0000, 0x0, 0xfe, 0x8, 0x7, 0x6, 0x3, 0x7, 0x5, 0x5, 0x40}, {0xb000, 0x30000, 0xe, 0x1, 0x6, 0x0, 0x10, 0x88, 0x2, 0x0, 0x1, 0x9}, {0xd000, 0x7000, 0x8, 0x5, 0xc, 0x0, 0x2, 0x7, 0x6, 0x7, 0x4}, {0x200000, 0x7c7}, {0xffffffff, 0x592b}, 0x40000000, 0x0, 0xeeee8000, 0x300, 0x1, 0x800, 0x10000, [0xd9, 0x81, 0x10001, 0x2]})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f0000000280)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000240)=0x9})
ioctl$KVM_SET_USER_MEMORY_REGION2(0xffffffffffffffff, 0x40a0ae49, &(0x7f00000002c0)={0x5, 0x2, 0x1a000, 0x2000, &(0x7f0000003000/0x2000)=nil, 0x9})
ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f00000003c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000380)={0x3, 0x2, 0x2}})
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000400))
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000440)={0x1, [0x7fffffffffffffff]})
ioctl$KVM_SET_GUEST_DEBUG_arm64(r0, 0x4208ae9b, &(0x7f0000000480)={0x3, 0x0, {[0x5, 0x80000001, 0x2, 0xb05, 0x10, 0x3, 0x5, 0xf, 0x4, 0x10000, 0x3f4a, 0xf, 0x6, 0xb, 0x21d365be, 0x7], [0x3f0, 0x6, 0x10000, 0x1200000000, 0x0, 0xe66, 0xfffffffffffffffc, 0xd, 0x6, 0x6, 0x0, 0x52, 0x1, 0xea, 0x5, 0x132], [0x3, 0x9, 0x1000, 0x80, 0x2000000, 0x2, 0x7fff, 0x8, 0x6f, 0x9, 0x80000000, 0x8, 0x617a, 0xfffffffffffffffb, 0xffffffff80000000, 0xeb], [0x8, 0x7, 0x748b3828, 0x3, 0x1200000000, 0x100, 0x3, 0x2, 0xb2f, 0x5, 0x3, 0x49, 0xcd, 0x8, 0x6, 0x100000001]}})
ioctl$KVM_GET_API_VERSION(r2, 0xae00, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f00000006c0)=@x86={0x7c, 0xb, 0x9, 0x0, 0x9, 0x8, 0xc, 0x25, 0x9, 0xd, 0xf1, 0xce, 0x0, 0x8, 0x8, 0x8, 0xa, 0x9, 0x7, '\x00', 0x6, 0x9})
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x3)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000000700)={0x401, 0x26000})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2d)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000740)={0x4, 0x10000, 0x4, 0xffffffffffffffff, 0xc})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000000780)={0xfffffffffffffff3, 0x50000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r5, 0x4010aeab, &(0x7f00000007c0)={0x4, 0x58000})
ioctl$KVM_SET_GUEST_DEBUG_arm64(r0, 0x4208ae9b, &(0x7f0000000800)={0x20000, 0x0, {[0xffff, 0x9, 0x6, 0x7, 0x8013, 0x7f, 0x2, 0x5, 0x4, 0xffff, 0x9, 0x0, 0x10000, 0xdc3, 0x1ec], [0x7, 0x5, 0x1, 0x100000001, 0x0, 0x6, 0x2, 0x8, 0x8, 0x2, 0x2, 0x1, 0x4db, 0x0, 0x4, 0x2], [0x40, 0x165be773, 0x9, 0x236f, 0x1, 0x8000, 0x7fffffff, 0x6, 0x1, 0x2db2, 0x800, 0x8000000000000000, 0x8, 0x42e4, 0x71b97b4500000, 0x4], [0x2, 0x66d6, 0x7, 0x100000000, 0x3, 0x400, 0x28000000000000, 0x5, 0xfffffffffffff500, 0x1, 0xffffffffffffffff, 0x3, 0x3, 0xfffffffffffff829, 0x7, 0x4]}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x400200, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000a80)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x3ff})
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000ac0)={0x4, 0x46})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000b00)={0x6, 0xffffffffffffffff, 0x1})

10m3.323477321s ago: executing program 3 (id=588):
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r2}) (async)
close(r2) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xe5)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

9m49.371847669s ago: executing program 3 (id=589):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x4, 0x220)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x28}, 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r11, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0)
mmap$KVM_VCPU(&(0x7f0000c10000/0x2000)=nil, r8, 0x3000002, 0x10, r11, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000100)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_GET_DEVICE_ATTR(r14, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0})
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
r15 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@irq_setup={0x46, 0x18, {0x3, 0x1e9}}, @irq_setup={0x46, 0x18, {0x4, 0x387}}, @irq_setup={0x46, 0x18, {0x4, 0x380}}, @irq_setup={0x46, 0x18, {0x2, 0x103}}, @hvc={0x32, 0x40, {0xc400000e, [0x5, 0x1013, 0x4, 0xd0, 0x1]}}, @svc={0x122, 0x40, {0x84000053, [0x100, 0x1, 0x40000000400, 0x6, 0x9]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x0, 0x0, 0x8}}, @msr={0x14, 0x20, {0x603000000013df6f, 0x80}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x8, 0x0, 0x5, 0x4}}, @svc={0x122, 0x40, {0x80000001, [0x3, 0x6, 0x967d, 0x81, 0x2]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0x5, 0x101, 0x5, 0x4}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x2b}}, @irq_setup={0x46, 0x18, {0x3, 0x203}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x3bc}}, @mrs={0xbe, 0x18, {0x603000000013800c}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xffd0, 0x101, 0xe}}, @smc={0x1e, 0x40, {0x84000053, [0x6, 0x2, 0x2, 0x1, 0x7]}}, @uexit={0x0, 0x18, 0x3f}, @eret={0xe6, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013df18}}, @memwrite={0x6e, 0x30, @generic={0x1, 0xce5, 0x287b, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x4, 0x4, 0x0, 0x5, 0x2}}, @code={0xa, 0xb4, {"007008d560889ed200e0b8f2e10080d2220180d2630180d2440180d2020000d4a03798d20060b8f2610080d2620180d2630080d2640180d2020000d4007008d5003c89d200a0b0f2a10080d2620180d2630180d2e40080d2020000d4000a90d20000b0f2410080d2620180d2430180d2a40080d2020000d4605d8ad20020b8f2e10180d2420180d2430180d2a40180d2020000d4007008d50008c05a00a0004f"}}, @smc={0x1e, 0x40, {0xc400000d, [0xd, 0x8e7, 0x3, 0xf, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x4, 0x7}}, @smc={0x1e, 0x40, {0xc4000014, [0x8, 0x8, 0x7, 0x5, 0x5]}}, @hvc={0x32, 0x40, {0xc4000001, [0x7, 0x2, 0x6, 0x0, 0xfffffffffffffffc]}}, @svc={0x122, 0x40, {0xc400000c, [0x101, 0xff, 0x4, 0x35b]}}, @smc={0x1e, 0x40, {0x8600ff01, [0x7, 0x200, 0xfffffffffffffff8, 0x6, 0x3]}}, @mrs={0xbe, 0x18, {0xa050000000347b4e}}], 0x58c}, &(0x7f0000000140)=[@featur2={0x1, 0x2a}], 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r15, 0x8040ae9f, &(0x7f0000000800)=@arm64)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, <r16=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r17=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r17, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

9m48.651882636s ago: executing program 2 (id=590):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000a80)=[@code={0xa, 0xcc, {"000008d5808291d200a0b0f2810180d2820080d2830080d2840180d2020000d4e08098d200e0b0f2410180d2820180d2e30080d2040180d2020000d4007008d5406984d20000b0f2610080d2a20180d2030080d2004787d200a0b8f2610080d2020180d2230180d2840080d2020000d4020000d4007008d5001793d200c0b8f2610180d2c20080d2a30080d2040180d2020000d4007008d5007008d5e0aa88d20080b8f2c10180d2c20080d2030080d2040080d2020000d4"}}, @eret={0xe6, 0x18, 0x6}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x73aa, 0x4}}, @eret={0xe6, 0x18, 0x13a5}, @irq_setup={0x46, 0x18, {0x0, 0x3bb}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xc0, 0x216f00000000000, 0xc}}, @mrs={0xbe, 0x18, {0x603000000013de91}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x280, 0x5, 0x9}}, @uexit={0x0, 0x18, 0x7}, @code={0xa, 0x84, {"0078205e000008d5007008d5e0a19ed200a0b8f2410180d2a20080d2230080d2640080d2020000d40000809a40ff8cd20080b0f2a10080d2a20180d2c30180d2a40080d2020000d40000000d007008d5e01a92d20080b0f2210080d2820080d2230080d2040180d2020000d4008008d5"}}, @msr={0x14, 0x20, {0x603000000013e721, 0x2d65ffd9}}, @irq_setup={0x46, 0x18, {0x4, 0x1d8}}, @svc={0x122, 0x40, {0xc4000010, [0x9, 0x6, 0x3f2, 0x8000000000000000, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013df41}}, @svc={0x122, 0x40, {0xc4000011, [0x1, 0xf7fffffffffff366, 0x6, 0x5, 0x2]}}], 0x328}, &(0x7f0000000080)=[@featur1={0x1, 0x4}], 0x1)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4, <r4=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x5, &(0x7f00000001c0)=0x7ffd})
mmap$KVM_VCPU(&(0x7f000000b000/0x3000)=nil, 0x930, 0x3, 0x4102932, r1, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000200)={0x0, &(0x7f0000000dc0)=[@its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x4, 0xa, 0x48, 0x3, 0x4}}, @uexit={0x0, 0x18}, @msr={0x14, 0x20, {0x603000000013806e, 0x423}}, @mrs={0xbe, 0x18, {0x603000000013e668}}, @hvc={0x32, 0x40, {0x104b, [0xef5, 0xf12c, 0x7, 0x7, 0xad]}}, @mrs={0xbe, 0x18, {0x603000000013f9d1}}, @msr={0x14, 0x20, {0x603000000013e005}}, @svc={0x122, 0x40, {0x32000000, [0x80, 0x2, 0x401, 0x8, 0x2]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x2, 0x7, 0x260, 0x1}}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x3, 0xf, 0x4, 0xfffffff7, 0x3}}, @msr={0x14, 0x20, {0x603000000013c091, 0x9}}, @irq_setup={0x46, 0x18, {0x4, 0x203}}, @hvc={0x32, 0x40, {0xc5000020, [0x9, 0x9, 0x0, 0x1, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x0, 0xa, 0x3, 0x8, 0x2}}, @hvc={0x32, 0x40, {0x84000006, [0x5, 0xfffffffffffffffd, 0xfffffffffffffff9, 0x1000, 0x3]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x2, 0x5, 0x1, 0x9, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013df6f}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x127}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x1ea}}, @memwrite={0x6e, 0x30, @generic={0x54000, 0xbb1, 0x4, 0x8}}, @eret={0xe6, 0x18, 0x80000001}, @smc={0x1e, 0x40, {0x31000000, [0x4, 0x7, 0x3, 0x4, 0x7fff]}}, @uexit={0x0, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x4, 0x5, 0x1, 0x8, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x0, 0x7, 0x3df, 0x7f, 0x1}}], 0x3f8}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r10 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r9, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418def4207004d7da6ab8031d10700000000000001ffffffff9610fbff77521ce10d8f6b69d22608e700", 0x0, 0x48)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r11})
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000000)={0x25000, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000180)={0x5000})
ioctl$KVM_SET_SREGS(r4, 0x4000ae84, &(0x7f0000000600)={{0x6000, 0x10000, 0x3, 0x4, 0x3, 0x3, 0x1, 0xc, 0x9a, 0xd2, 0x1, 0x5}, {0x40000, 0x1, 0x9, 0x0, 0x4, 0x10, 0x38, 0xb, 0x6, 0x6, 0x7, 0xc}, {0xfec00000, 0x1, 0xc, 0x1, 0x0, 0x3, 0xf9, 0x80, 0xc0, 0xd9, 0x4}, {0x0, 0x9000, 0xf, 0x3, 0x90, 0xa, 0x3, 0x5, 0xfc, 0x9, 0x0, 0x8}, {0x80a0000, 0x100000, 0xe, 0x7, 0x4, 0x80, 0x5, 0x0, 0x5, 0xf, 0x2, 0x52}, {0x5000, 0xa000, 0x8, 0xfa, 0x7, 0x9f, 0xc4, 0x4, 0x0, 0x8, 0x4, 0xc}, {0x100000, 0x70000, 0x9, 0x2, 0x6, 0x4, 0xeb, 0xc, 0xa, 0xff, 0x7, 0x7}, {0xd000, 0xeeee0000, 0x9, 0x36, 0x3, 0x5, 0xd, 0x10, 0x0, 0xc0, 0x9, 0xac}, {0x58000, 0x5}, {0xffff1000, 0x3}, 0xc0000000, 0x0, 0x10000, 0x300, 0x9, 0x5000, 0x0, [0x80, 0x1, 0x0, 0x81]})
r12 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x33)
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)

9m27.256794908s ago: executing program 2 (id=591):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
close(0x3)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r4})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce2, 0x7ffe}}, @smc={0x1e, 0x40, {0xc4000007, [0x8, 0x9, 0x5, 0x7fff, 0x5]}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vm(r10, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x7f, 0x1, 0x1}})
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x333a, 0x5, 0x1}})

9m25.8522322s ago: executing program 3 (id=592):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1e)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) (async, rerun: 32)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b0a000/0x400000)=nil) (rerun: 32)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000000)) (async)
syz_kvm_vgic_v3_setup(r1, 0x5, 0x1c0)

9m15.077537101s ago: executing program 3 (id=593):
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c65f, 0x8000}}], 0x20}, 0x0, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_ARM_VCPU_FINALIZE(r5, 0x4004aec2, &(0x7f0000000100)=0x4) (async)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

9m9.511654303s ago: executing program 2 (id=594):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x204001, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x14)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x5, 0x2d4}}], 0x28}, &(0x7f0000000100), 0x1)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xc0189436, 0x172)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000080)=@attr_pmu_init)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r8, 0xc018aec0, &(0x7f00000000c0)={0x5, 0x340, 0x1, 0x0})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000002c0)=@riscv64_csr={0x8030000000300005, &(0x7f00000001c0)=0x4})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r9 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a5a000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000012, [0xffffffff, 0x100080001, 0x5, 0x101, 0x13]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
r11 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x7)
ioctl$KVM_IRQ_LINE(r11, 0x4008ae61, &(0x7f0000000300)={0x96, 0xb})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000000)={0x5, 0x6})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000240)=@arm64_sys={0x603000000013dce0, &(0x7f0000000200)=0x6})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

9m2.730237664s ago: executing program 3 (id=595):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r5, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE(r7, 0x4008ae61, &(0x7f0000000240)={0x200002f})
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)

8m21.743010129s ago: executing program 34 (id=594):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x204001, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x14)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x5, 0x2d4}}], 0x28}, &(0x7f0000000100), 0x1)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xc0189436, 0x172)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000080)=@attr_pmu_init)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r8, 0xc018aec0, &(0x7f00000000c0)={0x5, 0x340, 0x1, 0x0})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000002c0)=@riscv64_csr={0x8030000000300005, &(0x7f00000001c0)=0x4})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r9 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a5a000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000012, [0xffffffff, 0x100080001, 0x5, 0x101, 0x13]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
r11 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x7)
ioctl$KVM_IRQ_LINE(r11, 0x4008ae61, &(0x7f0000000300)={0x96, 0xb})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000000)={0x5, 0x6})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000240)=@arm64_sys={0x603000000013dce0, &(0x7f0000000200)=0x6})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

8m11.463389357s ago: executing program 35 (id=595):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r5, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE(r7, 0x4008ae61, &(0x7f0000000240)={0x200002f})
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)

1m8.683004629s ago: executing program 4 (id=596):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfd000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x2d0})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r7, 0x40000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xc0189436, 0x20004000)

1m2.522100949s ago: executing program 5 (id=597):
ioctl$KVM_GET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000040)=@attr_other={0x0, 0xff, 0x2, &(0x7f0000000000)=0x8})
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1e)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000080)={0xdddd0000})
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x10001, 0x1, 0xeeee8000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000100)={0x8, 0x1})
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r0, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x1000, 0x2, &(0x7f00000001c0)=0x4})
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000240)={0xeeee8000, 0x109000, 0x1})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000280)={0xe4, 0x0, 0x7ff})
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000680)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x48, 0x2, 0x3}}, @smc={0x1e, 0x40, {0x800, [0x0, 0x1ff, 0x80000001, 0xffffffffffffffff, 0x3]}}, @irq_setup={0x46, 0x18, {0x2, 0x2d}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0xb, 0x9, 0xffffff4c}}, @uexit={0x0, 0x18, 0x8}, @mrs={0xbe, 0x18, {0x603000000013e218}}, @hvc={0x32, 0x40, {0x0, [0xfffffffffffffffc, 0x6, 0x7, 0x2, 0x68d]}}, @svc={0x122, 0x40, {0xc4000004, [0xb5d6, 0x9, 0x9, 0x9, 0x3]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x22f}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x1, 0xc, 0xbe, 0x6}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x2f9}}, @smc={0x1e, 0x40, {0xc4000001, [0x1, 0x7fff, 0x5, 0x3ff, 0x9]}}, @msr={0x14, 0x20, {0x603000000013e706, 0x7}}, @msr={0x14, 0x20, {0x603000000013e682, 0x5}}, @memwrite={0x6e, 0x30, @generic={0x40000, 0x3e8, 0x7}}, @uexit={0x0, 0x18, 0x6}, @msr={0x14, 0x20, {0x603000000013e081, 0x81}}, @smc={0x1e, 0x40, {0x5000000, [0x54, 0x4, 0x1000, 0x9, 0x9]}}, @msr={0x14, 0x20, {0x603000000013800c, 0x7fff}}, @irq_setup={0x46, 0x18, {0x2, 0x313}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x8, 0x9, 0x6}}], 0x370}, &(0x7f00000006c0)=[@featur1={0x1, 0x45}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r1, 0xa, 0x100010, r2, 0x0)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000700)={0x4, 0x9})
ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f0000000740)={0xb6, 0x0, 0x81})
syz_kvm_vgic_v3_setup(r0, 0x0, 0x380)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000007c0)={0x1, 0xffffffffffffffff, 0x1})
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000800)={0x5, 0x38})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x189200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000880))
ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f00000008c0)={0x8, 0x0, [{0x1, 0x3, 0x0, 0x0, @adapter={0x8, 0x2, 0x67, 0x1, 0x8}}, {0x4, 0x2, 0x0, 0x0, @sint={0x10001, 0x4}}, {0x7, 0x1, 0x0, 0x0, @msi={0x52c6, 0xffff, 0x4, 0x7fff}}, {0x100, 0x5, 0x0, 0x0, @msi={0x0, 0x8, 0x9, 0x9}}, {0xab3, 0x1, 0x2, 0x0, @irqchip={0xffffff7a, 0xff}}, {0x9, 0x5, 0x1, 0x0, @sint={0x1, 0x66}}, {0x10001, 0x5, 0x0, 0x0, @adapter={0x9, 0x3b3, 0x9, 0x7f, 0x3}}, {0x7d84, 0x2, 0x1, 0x0, @msi={0x85c2, 0x1, 0x6a}}]})
r6 = eventfd2(0xffffffff, 0x80800)
r7 = eventfd2(0x9, 0x0)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000a80)={r6, 0x7, 0x2, r7})
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000ac0)={0x74f, 0x7, 0x5})
ioctl$KVM_SET_USER_MEMORY_REGION2(r5, 0x40a0ae49, &(0x7f0000000b00)={0x10003, 0x1, 0xdddd1000, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x7, r3})
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r1, 0x2000001, 0x1010, r2, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_ARM_PREFERRED_TARGET(r8, 0x8020aeaf, &(0x7f0000000bc0))

49.424574232s ago: executing program 4 (id=598):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000000180)=0x4)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) (async)
syz_kvm_vgic_v3_setup(r3, 0x3, 0x180)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async, rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)

14.792846055s ago: executing program 36 (id=597):
ioctl$KVM_GET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000040)=@attr_other={0x0, 0xff, 0x2, &(0x7f0000000000)=0x8})
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1e)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000080)={0xdddd0000})
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x10001, 0x1, 0xeeee8000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000100)={0x8, 0x1})
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r0, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x1000, 0x2, &(0x7f00000001c0)=0x4})
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000240)={0xeeee8000, 0x109000, 0x1})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000280)={0xe4, 0x0, 0x7ff})
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000680)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x48, 0x2, 0x3}}, @smc={0x1e, 0x40, {0x800, [0x0, 0x1ff, 0x80000001, 0xffffffffffffffff, 0x3]}}, @irq_setup={0x46, 0x18, {0x2, 0x2d}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0xb, 0x9, 0xffffff4c}}, @uexit={0x0, 0x18, 0x8}, @mrs={0xbe, 0x18, {0x603000000013e218}}, @hvc={0x32, 0x40, {0x0, [0xfffffffffffffffc, 0x6, 0x7, 0x2, 0x68d]}}, @svc={0x122, 0x40, {0xc4000004, [0xb5d6, 0x9, 0x9, 0x9, 0x3]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x22f}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x1, 0xc, 0xbe, 0x6}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x2f9}}, @smc={0x1e, 0x40, {0xc4000001, [0x1, 0x7fff, 0x5, 0x3ff, 0x9]}}, @msr={0x14, 0x20, {0x603000000013e706, 0x7}}, @msr={0x14, 0x20, {0x603000000013e682, 0x5}}, @memwrite={0x6e, 0x30, @generic={0x40000, 0x3e8, 0x7}}, @uexit={0x0, 0x18, 0x6}, @msr={0x14, 0x20, {0x603000000013e081, 0x81}}, @smc={0x1e, 0x40, {0x5000000, [0x54, 0x4, 0x1000, 0x9, 0x9]}}, @msr={0x14, 0x20, {0x603000000013800c, 0x7fff}}, @irq_setup={0x46, 0x18, {0x2, 0x313}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x8, 0x9, 0x6}}], 0x370}, &(0x7f00000006c0)=[@featur1={0x1, 0x45}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r1, 0xa, 0x100010, r2, 0x0)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000700)={0x4, 0x9})
ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f0000000740)={0xb6, 0x0, 0x81})
syz_kvm_vgic_v3_setup(r0, 0x0, 0x380)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000007c0)={0x1, 0xffffffffffffffff, 0x1})
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000800)={0x5, 0x38})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x189200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000880))
ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f00000008c0)={0x8, 0x0, [{0x1, 0x3, 0x0, 0x0, @adapter={0x8, 0x2, 0x67, 0x1, 0x8}}, {0x4, 0x2, 0x0, 0x0, @sint={0x10001, 0x4}}, {0x7, 0x1, 0x0, 0x0, @msi={0x52c6, 0xffff, 0x4, 0x7fff}}, {0x100, 0x5, 0x0, 0x0, @msi={0x0, 0x8, 0x9, 0x9}}, {0xab3, 0x1, 0x2, 0x0, @irqchip={0xffffff7a, 0xff}}, {0x9, 0x5, 0x1, 0x0, @sint={0x1, 0x66}}, {0x10001, 0x5, 0x0, 0x0, @adapter={0x9, 0x3b3, 0x9, 0x7f, 0x3}}, {0x7d84, 0x2, 0x1, 0x0, @msi={0x85c2, 0x1, 0x6a}}]})
r6 = eventfd2(0xffffffff, 0x80800)
r7 = eventfd2(0x9, 0x0)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000a80)={r6, 0x7, 0x2, r7})
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000ac0)={0x74f, 0x7, 0x5})
ioctl$KVM_SET_USER_MEMORY_REGION2(r5, 0x40a0ae49, &(0x7f0000000b00)={0x10003, 0x1, 0xdddd1000, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x7, r3})
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r1, 0x2000001, 0x1010, r2, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_ARM_PREFERRED_TARGET(r8, 0x8020aeaf, &(0x7f0000000bc0))

0s ago: executing program 37 (id=598):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000000180)=0x4)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) (async)
syz_kvm_vgic_v3_setup(r3, 0x3, 0x180)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async, rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)

kernel console output (not intermixed with test programs):

[  393.863335][   T25] audit: type=1400 audit(393.070:60): avc:  denied  { read } for  pid=3172 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  413.062456][ T3172] 8021q: adding VLAN 0 to HW filter on device bond0
[  462.415817][ T3172] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:44534' (ED25519) to the list of known hosts.
[  632.912643][   T25] audit: type=1400 audit(632.120:61): avc:  denied  { name_bind } for  pid=3330 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  633.842306][   T25] audit: type=1400 audit(633.060:62): avc:  denied  { execute } for  pid=3331 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  633.867697][   T25] audit: type=1400 audit(633.080:63): avc:  denied  { execute_no_trans } for  pid=3331 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  665.366037][   T25] audit: type=1400 audit(664.580:64): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  665.420671][   T25] audit: type=1400 audit(664.630:65): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  665.514495][ T3331] cgroup: Unknown subsys name 'net'
[  665.572688][   T25] audit: type=1400 audit(664.790:66): avc:  denied  { unmount } for  pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  666.079852][ T3331] cgroup: Unknown subsys name 'cpuset'
[  666.221750][ T3331] cgroup: Unknown subsys name 'rlimit'
[  667.206323][   T25] audit: type=1400 audit(666.420:67): avc:  denied  { setattr } for  pid=3331 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  667.226578][   T25] audit: type=1400 audit(666.440:68): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  667.253921][   T25] audit: type=1400 audit(666.470:69): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  668.326782][ T3334] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  668.347681][   T25] audit: type=1400 audit(667.560:70): avc:  denied  { relabelto } for  pid=3334 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  668.376891][   T25] audit: type=1400 audit(667.590:71): avc:  denied  { write } for  pid=3334 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  668.573065][   T25] audit: type=1400 audit(667.780:72): avc:  denied  { read } for  pid=3331 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  668.597038][   T25] audit: type=1400 audit(667.800:73): avc:  denied  { open } for  pid=3331 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  668.642288][ T3331] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  726.573140][   T25] audit: type=1400 audit(725.790:74): avc:  denied  { execmem } for  pid=3335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  730.513126][   T25] audit: type=1400 audit(729.730:75): avc:  denied  { read } for  pid=3337 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  730.529485][   T25] audit: type=1400 audit(729.740:76): avc:  denied  { open } for  pid=3337 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  730.629677][   T25] audit: type=1400 audit(729.840:77): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  730.924378][   T25] audit: type=1400 audit(730.140:78): avc:  denied  { module_request } for  pid=3337 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  730.946086][   T25] audit: type=1400 audit(730.160:79): avc:  denied  { module_request } for  pid=3338 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  731.961256][   T25] audit: type=1400 audit(731.170:80): avc:  denied  { sys_module } for  pid=3338 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  755.155087][ T3337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  755.490057][ T3337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  756.001687][ T3338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  756.321769][ T3338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  771.629625][ T3337] hsr_slave_0: entered promiscuous mode
[  771.695652][ T3337] hsr_slave_1: entered promiscuous mode
[  773.465561][ T3338] hsr_slave_0: entered promiscuous mode
[  773.522777][ T3338] hsr_slave_1: entered promiscuous mode
[  773.562982][ T3338] debugfs: 'hsr0' already exists in 'hsr'
[  773.579775][ T3338] Cannot create hsr debugfs directory
[  780.459767][   T25] audit: type=1400 audit(779.660:81): avc:  denied  { create } for  pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  780.490019][   T25] audit: type=1400 audit(779.700:82): avc:  denied  { write } for  pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  780.632403][   T25] audit: type=1400 audit(779.770:83): avc:  denied  { read } for  pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  780.840986][ T3337] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  781.221039][ T3337] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  781.486847][ T3337] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  781.780977][ T3337] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  783.377260][ T3338] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  783.673625][ T3338] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  783.997824][ T3338] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  784.196925][ T3338] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  796.742415][ T3337] 8021q: adding VLAN 0 to HW filter on device bond0
[  799.402019][ T3338] 8021q: adding VLAN 0 to HW filter on device bond0
[  855.491045][ T3337] veth0_vlan: entered promiscuous mode
[  856.101905][ T3337] veth1_vlan: entered promiscuous mode
[  858.057472][ T3337] veth0_macvtap: entered promiscuous mode
[  858.515551][ T3337] veth1_macvtap: entered promiscuous mode
[  859.084447][ T3338] veth0_vlan: entered promiscuous mode
[  860.002914][ T3338] veth1_vlan: entered promiscuous mode
[  861.264310][   T21] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  861.293021][ T3380] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  861.360895][ T3380] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  861.365209][ T3380] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  863.356872][ T3338] veth0_macvtap: entered promiscuous mode
[  863.947888][ T3338] veth1_macvtap: entered promiscuous mode
[  864.202772][   T25] audit: type=1400 audit(863.420:84): avc:  denied  { mount } for  pid=3337 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  864.549310][   T25] audit: type=1400 audit(863.670:85): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/syzkaller.iFsPks/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  864.764760][   T25] audit: type=1400 audit(863.940:86): avc:  denied  { mount } for  pid=3337 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  864.980066][   T25] audit: type=1400 audit(864.190:87): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/syzkaller.iFsPks/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  865.121968][   T25] audit: type=1400 audit(864.320:88): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/syzkaller.iFsPks/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3756 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  865.670729][   T25] audit: type=1400 audit(864.880:89): avc:  denied  { unmount } for  pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  865.983629][   T25] audit: type=1400 audit(865.140:90): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  866.144240][   T25] audit: type=1400 audit(865.360:91): avc:  denied  { mount } for  pid=3337 comm="syz-executor" name="/" dev="gadgetfs" ino=3765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  866.427671][   T32] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  866.443923][   T32] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  866.519877][   T32] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  866.526661][   T32] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  866.664093][   T25] audit: type=1400 audit(865.830:92): avc:  denied  { mount } for  pid=3337 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  866.774618][   T25] audit: type=1400 audit(865.960:93): avc:  denied  { mounton } for  pid=3337 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  868.452642][ T3337] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  869.517107][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  869.530462][   T25] audit: type=1400 audit(868.720:95): avc:  denied  { read write } for  pid=3337 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  869.592180][   T25] audit: type=1400 audit(868.780:96): avc:  denied  { open } for  pid=3337 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  869.610548][   T25] audit: type=1400 audit(868.820:97): avc:  denied  { ioctl } for  pid=3337 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  879.625007][   T25] audit: type=1400 audit(878.840:98): avc:  denied  { read } for  pid=3489 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  879.651100][   T25] audit: type=1400 audit(878.860:99): avc:  denied  { open } for  pid=3489 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  879.823670][   T25] audit: type=1400 audit(879.030:100): avc:  denied  { ioctl } for  pid=3489 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  884.955630][   T25] audit: type=1400 audit(884.170:101): avc:  denied  { write } for  pid=3491 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  926.987815][   T25] audit: type=1400 audit(926.080:102): avc:  denied  { execute } for  pid=3522 comm="syz.0.9" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4289 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  951.890600][   T25] audit: type=1400 audit(951.100:103): avc:  denied  { execute } for  pid=3534 comm="syz.1.13" path="/5/T" dev="tmpfs" ino=43 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  962.016021][   T25] audit: type=1400 audit(961.200:104): avc:  denied  { create } for  pid=3538 comm="syz.0.14" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  985.550482][   T25] audit: type=1400 audit(984.760:105): avc:  denied  { append } for  pid=3547 comm="syz.1.17" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1002.846337][   T25] audit: type=1400 audit(1002.060:106): avc:  denied  { setattr } for  pid=3556 comm="syz.0.20" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1223.293022][   T25] audit: type=1400 audit(1222.460:107): avc:  denied  { map } for  pid=3679 comm="syz.0.56" path="pipe:[2771]" dev="pipefs" ino=2771 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1672.130237][   T25] audit: type=1400 audit(1671.240:108): avc:  denied  { ioctl } for  pid=3951 comm="syz.0.142" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1844.540909][   T25] audit: type=1400 audit(1843.710:109): avc:  denied  { ioctl } for  pid=4038 comm="syz.1.169" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=12202 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2006.080314][   T25] audit: type=1400 audit(2005.290:110): avc:  denied  { map } for  pid=4115 comm="syz.0.193" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=13711 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2006.193161][   T25] audit: type=1400 audit(2005.330:111): avc:  denied  { read } for  pid=4115 comm="syz.0.193" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=13711 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2056.147925][ T4142] kvm [4141]: Unsupported guest access at: eeef0000
[ 2056.147925][ T4142]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 2057.292856][ T4142] kvm [4142]: Failed to find VMA for hva 0x20d8d000
[ 2576.577193][   T25] audit: type=1400 audit(2575.740:112): avc:  denied  { map } for  pid=4413 comm="syz.0.279" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2576.710322][   T25] audit: type=1400 audit(2575.920:113): avc:  denied  { execute } for  pid=4413 comm="syz.0.279" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2850.596771][ T4574] debugfs: 'vgic-its-state@8080000' already exists in '4572-8'
[ 3484.272049][ T4914] kvm [4913]: Unsupported guest access at: eeef0000
[ 3484.272049][ T4914]  { Op0( 2), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 3523.943436][ T4943] kvm [4943]: Failed to find VMA for hva 0x20c01000
[ 3773.672199][ T5081] kvm [5081]: Failed to find VMA for hva 0x21016000
[ 4250.854677][ T5353] kvm [5353]: Failed to find VMA for hva 0x21016000
[ 4397.513410][ T3441] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4398.817248][ T3441] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4399.786442][ T3441] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4400.836215][ T3441] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4417.915090][ T3441] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4418.444689][ T3441] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4418.612539][ T3441] bond0 (unregistering): Released all slaves
[ 4420.551903][ T3441] hsr_slave_0: left promiscuous mode
[ 4420.631538][ T3441] hsr_slave_1: left promiscuous mode
[ 4421.209626][ T3441] veth1_macvtap: left promiscuous mode
[ 4421.213716][ T3441] veth0_macvtap: left promiscuous mode
[ 4421.261627][ T3441] veth1_vlan: left promiscuous mode
[ 4421.275794][ T3441] veth0_vlan: left promiscuous mode
[ 4438.497673][ T3441] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4439.577056][ T3441] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4440.696865][ T3441] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4442.065624][ T3441] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4464.387183][ T3441] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4464.474147][ T3441] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4464.530422][ T3441] bond0 (unregistering): Released all slaves
[ 4466.480436][ T3441] hsr_slave_0: left promiscuous mode
[ 4466.529182][ T3441] hsr_slave_1: left promiscuous mode
[ 4467.092908][ T3441] veth1_macvtap: left promiscuous mode
[ 4467.096343][ T3441] veth0_macvtap: left promiscuous mode
[ 4467.122875][ T3441] veth1_vlan: left promiscuous mode
[ 4467.160494][ T3441] veth0_vlan: left promiscuous mode
[ 4482.006640][ T5393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4482.454444][ T5393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4486.023666][ T5396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4486.341941][ T5396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4503.863602][ T5393] hsr_slave_0: entered promiscuous mode
[ 4503.977495][ T5393] hsr_slave_1: entered promiscuous mode
[ 4508.883275][ T5396] hsr_slave_0: entered promiscuous mode
[ 4508.933944][ T5396] hsr_slave_1: entered promiscuous mode
[ 4508.981553][ T5396] debugfs: 'hsr0' already exists in 'hsr'
[ 4508.984695][ T5396] Cannot create hsr debugfs directory
[ 4524.350476][ T5393] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 4524.913276][ T5393] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 4525.546273][ T5393] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 4526.633612][ T5393] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 4529.844374][ T5396] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 4530.141358][ T5396] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 4530.452130][ T5396] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 4530.841821][ T5396] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 4551.963215][ T5393] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4555.467741][ T5396] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4653.982413][ T5393] veth0_vlan: entered promiscuous mode
[ 4655.274608][ T5393] veth1_vlan: entered promiscuous mode
[ 4658.562671][ T5396] veth0_vlan: entered promiscuous mode
[ 4660.362293][ T5393] veth0_macvtap: entered promiscuous mode
[ 4660.593063][ T5396] veth1_vlan: entered promiscuous mode
[ 4661.354946][ T5393] veth1_macvtap: entered promiscuous mode
[ 4665.492940][ T5396] veth0_macvtap: entered promiscuous mode
[ 4666.040972][ T4245] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4666.045287][ T4245] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4666.063505][ T4245] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4666.080527][ T4245] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4666.632844][ T5396] veth1_macvtap: entered promiscuous mode
[ 4672.037808][ T4245] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4672.090490][ T4245] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4672.215403][ T4245] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4672.225651][ T4245] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4910.373722][ T4794] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4912.342003][ T4794] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4915.337640][ T4794] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4916.963578][ T4794] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4938.213997][ T4794] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4938.534896][ T4794] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4938.942557][ T4794] bond0 (unregistering): Released all slaves
[ 4941.833342][ T4794] hsr_slave_0: left promiscuous mode
[ 4942.019419][ T4794] hsr_slave_1: left promiscuous mode
[ 4942.939726][ T4794] veth1_macvtap: left promiscuous mode
[ 4942.943057][ T4794] veth0_macvtap: left promiscuous mode
[ 4942.981969][ T4794] veth1_vlan: left promiscuous mode
[ 4943.013068][ T4794] veth0_vlan: left promiscuous mode
[ 4969.133645][ T4794] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4970.667328][ T4794] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4971.926443][ T4794] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4972.962989][ T4794] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4992.941970][ T4794] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4993.226748][ T4794] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4993.452378][ T4794] bond0 (unregistering): Released all slaves
[ 4996.349052][ T4794] hsr_slave_0: left promiscuous mode
[ 4996.509871][ T4794] hsr_slave_1: left promiscuous mode
[ 4997.362332][ T4794] veth1_macvtap: left promiscuous mode
[ 4997.383892][ T4794] veth0_macvtap: left promiscuous mode
[ 4997.398620][ T4794] veth1_vlan: left promiscuous mode
[ 4997.441182][ T4794] veth0_vlan: left promiscuous mode
[ 5050.147172][ T5740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5050.542936][ T5740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5054.803707][ T5744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5055.150325][ T5744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5081.097962][ T5740] hsr_slave_0: entered promiscuous mode
[ 5081.174391][ T5740] hsr_slave_1: entered promiscuous mode
[ 5084.840302][ T5744] hsr_slave_0: entered promiscuous mode
[ 5084.913827][ T5744] hsr_slave_1: entered promiscuous mode
[ 5084.992283][ T5744] debugfs: 'hsr0' already exists in 'hsr'
[ 5084.993203][ T5744] Cannot create hsr debugfs directory
[ 5100.164548][ T5740] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 5100.853886][ T5740] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 5101.424715][ T5740] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 5102.076024][ T5740] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 5109.106174][ T5744] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 5109.624221][ T5744] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 5110.186958][ T5744] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 5110.874036][ T5744] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 5140.943872][ T5740] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5146.273884][ T5744] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5286.279237][ T5740] veth0_vlan: entered promiscuous mode
[ 5287.554458][ T5740] veth1_vlan: entered promiscuous mode
[ 5293.432916][ T5740] veth0_macvtap: entered promiscuous mode
[ 5293.933102][ T5744] veth0_vlan: entered promiscuous mode
[ 5295.052542][ T5740] veth1_macvtap: entered promiscuous mode
[ 5296.721567][ T5744] veth1_vlan: entered promiscuous mode
[ 5301.866142][   T50] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5301.873197][   T50] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5302.089734][   T50] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5302.267335][   T50] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5304.167979][ T5744] veth0_macvtap: entered promiscuous mode
[ 5305.701169][ T5744] veth1_macvtap: entered promiscuous mode
[ 5312.757490][ T5989] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5312.792092][ T5989] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5312.942563][ T4794] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5312.954486][ T4794] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5512.199916][ T6024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5512.733132][ T6024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5525.505416][ T6030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5526.035377][ T6030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5566.007689][ T6024] hsr_slave_0: entered promiscuous mode
[ 5566.223450][ T6024] hsr_slave_1: entered promiscuous mode
[ 5566.364361][ T6024] debugfs: 'hsr0' already exists in 'hsr'
[ 5566.419710][ T6024] Cannot create hsr debugfs directory
[ 5584.885530][ T6030] hsr_slave_0: entered promiscuous mode
[ 5585.014800][ T6030] hsr_slave_1: entered promiscuous mode
[ 5585.157910][ T6030] debugfs: 'hsr0' already exists in 'hsr'
[ 5585.175671][ T6030] Cannot create hsr debugfs directory
[ 5608.330630][ T6024] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 5610.309804][ T6024] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 5611.822111][ T6024] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 5614.771293][ T6024] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 5633.562380][ T6030] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 5634.433169][ T6030] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 5635.247810][ T6030] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 5636.370937][ T6030] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 5673.304727][ T6024] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5690.386786][ T6030] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5784.970798][   T27] INFO: task syz.4.598:6007 blocked for more than 430 seconds.
[ 5784.996346][   T27]       Not tainted syzkaller #0
[ 5785.039757][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 5785.054459][   T27] task:syz.4.598       state:D stack:0     pid:6007  tgid:6007  ppid:5740   task_flags:0x400040 flags:0x00000011
[ 5785.056146][   T27] Call trace:
[ 5785.056665][   T27]  __switch_to+0x584/0xb00 (T)
[ 5785.160827][   T27]  __schedule+0x200c/0x3428
[ 5785.202655][   T27]  schedule+0xac/0x27c
[ 5785.203376][   T27]  schedule_timeout+0x68/0x1ec
[ 5785.203928][   T27]  do_wait_for_common+0x28c/0x440
[ 5785.204386][   T27]  wait_for_completion+0x44/0x5c
[ 5785.204869][   T27]  __synchronize_srcu+0x2a4/0x320
[ 5785.205367][   T27]  synchronize_srcu+0x3d0/0x4f8
[ 5785.205870][   T27]  mmu_notifier_unregister+0x320/0x428
[ 5785.206362][   T27]  kvm_put_kvm+0x698/0xbe0
[ 5785.206806][   T27]  kvm_vm_release+0x58/0x78
[ 5785.207264][   T27]  __fput+0x4ac/0x978
[ 5785.207720][   T27]  ____fput+0x20/0x58
[ 5785.331245][   T27]  task_work_run+0x1b8/0x250
[ 5785.377440][   T27]  exit_to_user_mode_loop+0x110/0x188
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5785.410060][   T27]  el0_svc+0x17c/0x238
[ 5785.439609][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 5785.440306][   T27]  el0t_64_sync+0x198/0x19c
[ 5785.490884][   T27] 
[ 5785.490884][   T27] Showing all locks held in the system:
[ 5785.529730][   T27] 1 lock held by khungtaskd/27:
[ 5785.530749][   T27]  #0: ffff800087a86d08 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44
[ 5785.533420][   T27] 2 locks held by kworker/u4:2/32:
[ 5785.533828][   T27]  #0: 5cf000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10
[ 5785.535876][   T27]  #1: ffff80008cbf7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10
[ 5785.537557][   T27] 2 locks held by kworker/0:2/785:
[ 5785.659681][   T27] 2 locks held by getty/3201:
[ 5785.662423][   T27]  #0: 2cf00000123228a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 5785.690965][   T27]  #1: 32ff80008c80b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234
[ 5785.692873][   T27] 2 locks held by syz-executor/3331:
[ 5785.693286][   T27] 3 locks held by kworker/u4:10/5759:
[ 5785.693639][   T27] 2 locks held by kworker/u4:12/5762:
[ 5785.694017][   T27] 2 locks held by kworker/u4:5/5966:
[ 5785.694331][   T27]  #0: 5cf000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10
[ 5785.696364][   T27]  #1: ffff80008ef27c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10
[ 5785.891104][   T27] 3 locks held by kworker/u4:13/5989:
[ 5785.891487][   T27] 2 locks held by syz.5.597/6000:
[ 5785.891902][   T27] 3 locks held by kworker/u4:1/6140:
[ 5785.892244][   T27] 3 locks held by kworker/u4:14/6162:
[ 5785.892577][   T27] 1 lock held by dhcpcd-run-hook/6203:
[ 5785.893073][   T27] 
[ 5785.893361][   T27] =============================================
[ 5785.893361][   T27] 
[ 5785.894312][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 5785.903233][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 5785.904607][   T27] Hardware name: linux,dummy-virt (DT)
[ 5785.905474][   T27] Call trace:
[ 5785.906298][   T27]  show_stack+0x2c/0x3c (C)
[ 5785.907264][   T27]  __dump_stack+0x30/0x40
[ 5785.908162][   T27]  dump_stack_lvl+0x30/0x12c
[ 5785.909100][   T27]  dump_stack+0x1c/0x28
[ 5785.909995][   T27]  vpanic+0x1d4/0x4e4
[ 5785.910709][   T27]  vpanic+0x0/0x4e4
[ 5785.911490][   T27]  hung_task_panic+0x0/0x2c
[ 5785.912391][   T27]  kthread+0x794/0x99c
[ 5785.913279][   T27]  ret_from_fork+0x10/0x20
[ 5785.915110][   T27] Kernel Offset: disabled
[ 5785.915837][   T27] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f
[ 5785.916839][   T27] Memory Limit: none
[ 5785.919059][   T27] Rebooting in 86400 seconds..