last executing test programs:

1h12m5.272555729s ago: executing program 0 (id=149):
openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x8000}}, @msr={0x14, 0x20, {0x603000000013807e, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @eret={0xe6, 0x18, 0x3}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x138}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x11, r4, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r6, 0xffffffffffffffff)
syz_kvm_assert_reg(r4, 0x603000000013c4f1, 0x8000)
syz_kvm_assert_reg(r4, 0x603000000013c4f2, 0x8000)
syz_kvm_assert_reg(r4, 0x603000000013dce0, 0x8000)
syz_kvm_assert_reg(r4, 0x603000000013dce1, 0x8000)
syz_kvm_assert_reg(r4, 0x603000000013dce2, 0x8000)
syz_kvm_assert_reg(r4, 0x603000000013dce3, 0x8000)
syz_kvm_assert_reg(r4, 0x603000000013dce4, 0x8000)
syz_kvm_assert_reg(r4, 0x603000000013dce5, 0x8000)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
syz_kvm_assert_reg(r4, 0x603000000013dce8, 0x8000)
syz_kvm_assert_reg(r4, 0x603000000013dce9, 0x8000)
r9 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
r10 = syz_kvm_vgic_v3_setup(r0, 0x4, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x6, 0x3, &(0x7f0000000000)=0x4})
ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

1h11m57.711572833s ago: executing program 1 (id=150):
ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) (async)
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000000)={0x1, 0x8}) (async)
ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000000)={0x1, 0x8})
ioctl$KVM_PPC_ALLOCATE_HTAB(r0, 0xc004aea7, &(0x7f0000000040)=0x4)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x3)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000340)={0x0, &(0x7f0000000080)=[@smc={0x1e, 0x40, {0x32000000, [0xfe, 0x24, 0x1, 0xd0, 0xb4]}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x189}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x70, 0x7, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e664}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @mrs={0xbe, 0x18, {0x603000000013e6cb}}, @mrs={0xbe, 0x18, {0x603000000013806f}}, @code={0xa, 0x84, {"00979dd20080b8f2c10080d2220180d2e30180d2c40180d2020000d4007008d540c298d200e0b0f2810180d2a20180d2a30180d2440080d2020000d4000008d50048200e00000048000008d50030000f006c202ee05c93d20080b0f2e10180d2e20080d2830080d2440180d2020000d4"}}, @hvc={0x32, 0x40, {0x20, [0x2, 0x66, 0x5, 0x8, 0x7f]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x262}}, @eret={0xe6, 0x18, 0x8000000000000000}, @uexit={0x0, 0x18, 0x9}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x5f91bbd71e9fca64, 0x10000}}, @svc={0x122, 0x40, {0x80, [0xd7, 0x860, 0xa, 0xa, 0x8]}}, @msr={0x14, 0x20, {0x6030000000139828, 0x3}}], 0x2a4}, &(0x7f0000000380)=[@featur1={0x1, 0x4}], 0x1) (async)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000340)={0x0, &(0x7f0000000080)=[@smc={0x1e, 0x40, {0x32000000, [0xfe, 0x24, 0x1, 0xd0, 0xb4]}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x189}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x70, 0x7, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e664}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @mrs={0xbe, 0x18, {0x603000000013e6cb}}, @mrs={0xbe, 0x18, {0x603000000013806f}}, @code={0xa, 0x84, {"00979dd20080b8f2c10080d2220180d2e30180d2c40180d2020000d4007008d540c298d200e0b0f2810180d2a20180d2a30180d2440080d2020000d4000008d50048200e00000048000008d50030000f006c202ee05c93d20080b0f2e10180d2e20080d2830080d2440180d2020000d4"}}, @hvc={0x32, 0x40, {0x20, [0x2, 0x66, 0x5, 0x8, 0x7f]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x262}}, @eret={0xe6, 0x18, 0x8000000000000000}, @uexit={0x0, 0x18, 0x9}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x5f91bbd71e9fca64, 0x10000}}, @svc={0x122, 0x40, {0x80, [0xd7, 0x860, 0xa, 0xa, 0x8]}}, @msr={0x14, 0x20, {0x6030000000139828, 0x3}}], 0x2a4}, &(0x7f0000000380)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r1, 0x4018aee2, &(0x7f00000003c0)=@attr_pmu_init)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r2, 0x1000000, 0x110, r0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r2, 0x1000000, 0x110, r0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000440)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000400)={0x7, 0xd}})
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000840)={0x0, &(0x7f0000000480)=[@hvc={0x32, 0x40, {0x84000011, [0x8000, 0x3, 0x3, 0x39e0, 0x9]}}, @uexit={0x0, 0x18}, @hvc={0x32, 0x40, {0xc400000c, [0x10, 0x2, 0x7fff, 0x10000, 0x5]}}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0xcfb, 0xcdb, 0x2}}, @eret={0xe6, 0x18, 0x800}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x1f6}}, @msr={0x14, 0x20, {0x603000000013e102, 0x9}}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0x645, 0x0, 0xb}}, @msr={0x14, 0x20, {0x603000000013c008, 0x7}}, @irq_setup={0x46, 0x18, {0x0, 0x3d2}}, @msr={0x14, 0x20, {0x603000000013e208, 0x3ff}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x339}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x1d9}}, @hvc={0x32, 0x40, {0x20, [0x7, 0x6, 0xfff, 0x7, 0x6]}}, @code={0xa, 0x84, {"00a29cd20040b0f2a10180d2020080d2230180d2c40080d2020000d460b984d20000b0f2610180d2620080d2230080d2c40080d2020000d4007008d500c0601e007008d5000080290000291e207890d200e0b0f2410080d2c20180d2630080d2e40080d2020000d4000008d50014200e"}}, @eret={0xe6, 0x18, 0x8000000000000001}, @uexit={0x0, 0x18, 0xd60}, @svc={0x122, 0x40, {0xc4000007, [0x2, 0x800, 0x632, 0x7fff, 0x89d]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x8000000000000000, 0xc}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0x10, 0x399e, 0x0, 0x3}}], 0x38c}, &(0x7f0000000880), 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f00000008c0))
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000900)={0xe4, 0x0, 0xb4})
close(0xffffffffffffffff)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000dc0)=[{0x0, &(0x7f0000000980)=[@its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x4, 0x1, 0x9, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013df70}}, @uexit={0x0, 0x18, 0x100}, @msr={0x14, 0x20, {0x603000000013c010, 0x3}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x65}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xb0, 0x7fffffffffffffff, 0xd}}, @eret={0xe6, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013e6cb}}, @mrs={0xbe, 0x18, {0x603000000013c091}}, @smc={0x1e, 0x40, {0x31000000, [0x1, 0x4, 0xffffffffffffffff, 0x1e7716e8, 0xfffffffffffffffa]}}, @hvc={0x32, 0x40, {0x8400000c, [0x0, 0x2, 0xc04b, 0x1ff, 0x7]}}, @msr={0x14, 0x20, {0x603000000013c00d, 0x4}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x1fe}}, @uexit={0x0, 0x18, 0xe2}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0xb4, 0x4, 0x4}}, @svc={0x122, 0x40, {0x84000006, [0xfffffffffffffffa, 0x4, 0xc, 0x0, 0x100000001]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffe8, 0x6, 0x8}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x252}}, @irq_setup={0x46, 0x18, {0x3, 0x113}}, @uexit={0x0, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x2, 0x16a}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0xd, 0x6, 0x6}}, @hvc={0x32, 0x40, {0x80000002, [0x5, 0x7e93, 0x1, 0x1, 0x80000000000000]}}, @code={0xa, 0x54, {"000028d5e03991d20060b0f2a10180d2620180d2630180d2c40180d2020000d400b4200e008008d5007008d5000028d5000008d50000009b008000480004c05a"}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x2a3}}], 0x404}], 0x1, 0x0, &(0x7f0000000e00)=[@featur2], 0x1) (async)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000dc0)=[{0x0, &(0x7f0000000980)=[@its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x4, 0x1, 0x9, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013df70}}, @uexit={0x0, 0x18, 0x100}, @msr={0x14, 0x20, {0x603000000013c010, 0x3}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x65}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xb0, 0x7fffffffffffffff, 0xd}}, @eret={0xe6, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013e6cb}}, @mrs={0xbe, 0x18, {0x603000000013c091}}, @smc={0x1e, 0x40, {0x31000000, [0x1, 0x4, 0xffffffffffffffff, 0x1e7716e8, 0xfffffffffffffffa]}}, @hvc={0x32, 0x40, {0x8400000c, [0x0, 0x2, 0xc04b, 0x1ff, 0x7]}}, @msr={0x14, 0x20, {0x603000000013c00d, 0x4}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x1fe}}, @uexit={0x0, 0x18, 0xe2}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0xb4, 0x4, 0x4}}, @svc={0x122, 0x40, {0x84000006, [0xfffffffffffffffa, 0x4, 0xc, 0x0, 0x100000001]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffe8, 0x6, 0x8}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x252}}, @irq_setup={0x46, 0x18, {0x3, 0x113}}, @uexit={0x0, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x2, 0x16a}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0xd, 0x6, 0x6}}, @hvc={0x32, 0x40, {0x80000002, [0x5, 0x7e93, 0x1, 0x1, 0x80000000000000]}}, @code={0xa, 0x54, {"000028d5e03991d20060b0f2a10180d2620180d2630180d2c40180d2020000d400b4200e008008d5007008d5000028d5000008d50000009b008000480004c05a"}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x2a3}}], 0x404}], 0x1, 0x0, &(0x7f0000000e00)=[@featur2], 0x1)
close(r0)
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f000094a000/0x400000)=nil) (async)
r4 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f000094a000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000f00)={0x0, &(0x7f0000000e40)=[@uexit={0x0, 0x18}, @code={0xa, 0x84, {"008008d5008008d560829bd200e0b8f2210180d2e20180d2830180d2440180d2020000d400c0671e007008d5e0fc85d20020b8f2a10180d2e20080d2030180d2240080d2020000d4007008d5e0218dd200c0b0f2410080d2220080d2430180d2840180d2020000d4e003006b002c000e"}}], 0x9c}, &(0x7f0000000f40)=[@featur2={0x1, 0x80}], 0x1)
r6 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4000ae84, &(0x7f0000000f80)={{0x2, 0x80a0000, 0xa, 0x1d, 0x5, 0x7, 0x3, 0xa0, 0x9, 0x1, 0xf, 0x6}, {0x2, 0x100000, 0xb, 0x9, 0x6, 0x4, 0x5, 0x0, 0x5, 0x9, 0xe, 0x4}, {0x1000, 0x6000, 0x10, 0x10, 0xb, 0x2, 0x8, 0x9, 0x4, 0xdb, 0x4, 0x7f}, {0xdddd1000, 0x3000, 0x0, 0xf7, 0x2, 0x4, 0x1, 0x13, 0x0, 0x0, 0xb, 0x40}, {0x0, 0xeeee0000, 0x10, 0x9, 0x7f, 0x9, 0x3, 0x2, 0x7, 0x7f, 0x4}, {0x100000, 0x8000000, 0xb, 0x97, 0x2, 0x9, 0x5, 0x7, 0x7f, 0x7, 0xc1, 0x4}, {0x10000, 0xeeef0000, 0xb, 0x6, 0x54, 0x40, 0x7, 0x49, 0x4d, 0x3, 0x5, 0x80}, {0x0, 0xd000, 0x0, 0xc, 0x9, 0x5, 0x7, 0x0, 0x5, 0xf4, 0x1, 0x71}, {0xdddd1000, 0xdd}, {0x6000, 0xfffc}, 0x8000000a, 0x0, 0x4, 0x1, 0xb, 0x8500, 0xe39b7865c4c15d8c, [0xdc, 0x6af, 0x40]})
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r1, 0x4018aee3, &(0x7f00000010c0)=@attr_pmu_init)
close(r5)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000001100)={0x9})
close(r1) (async)
close(r1)
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000af1000/0x400000)=nil)
ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000001540)={0x0, 0x240, 0x3c0, &(0x7f0000001140)=[0x7, 0x100000001, 0x1, 0x5, 0x3ff, 0x4, 0x5, 0x7fffffff, 0x1000, 0x2, 0x1, 0xad1, 0x8fc8, 0x7f, 0x7, 0x1, 0x3, 0x7fffffff, 0x7963, 0x5, 0x2, 0x8000, 0x8000000000000000, 0x3c, 0x5, 0x4, 0x8, 0x8, 0x0, 0x4, 0xcff, 0x3, 0x81, 0x13, 0x1, 0x2, 0xbc3, 0x1, 0x2, 0x3, 0x0, 0x0, 0x9f08, 0x5, 0x72, 0x1, 0xfffffffffffffff7, 0x2, 0x40, 0x8, 0x1ce2, 0x7, 0x5, 0x5860e369, 0x1, 0xffffffffffff783e, 0xfff, 0x100, 0xa, 0xf59d, 0x7, 0xffffffffffffffff, 0x4, 0x4, 0x3000000000, 0x81, 0x1928, 0x0, 0x8, 0x1, 0x400, 0xea, 0x4, 0x100000001, 0x5, 0x5, 0x4, 0x1ff, 0xf, 0x10000, 0x7, 0x5, 0x1, 0x0, 0x1, 0x0, 0x9, 0x7, 0x7, 0xfffffffffffffffa, 0x4, 0x2, 0x448, 0x1, 0x5, 0x44d4cf92, 0x4, 0x0, 0xff, 0x3959, 0x3, 0x3, 0x4, 0xd, 0x5, 0x4, 0x77d48683, 0x1, 0x1, 0x59e, 0x5ef, 0x4, 0x800, 0x6, 0x40, 0xab82, 0x9380, 0x9, 0x400, 0x53, 0x7, 0x0, 0xfffffffffffffffa, 0x10001, 0x1, 0x7, 0x4, 0x800]}) (async)
ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000001540)={0x0, 0x240, 0x3c0, &(0x7f0000001140)=[0x7, 0x100000001, 0x1, 0x5, 0x3ff, 0x4, 0x5, 0x7fffffff, 0x1000, 0x2, 0x1, 0xad1, 0x8fc8, 0x7f, 0x7, 0x1, 0x3, 0x7fffffff, 0x7963, 0x5, 0x2, 0x8000, 0x8000000000000000, 0x3c, 0x5, 0x4, 0x8, 0x8, 0x0, 0x4, 0xcff, 0x3, 0x81, 0x13, 0x1, 0x2, 0xbc3, 0x1, 0x2, 0x3, 0x0, 0x0, 0x9f08, 0x5, 0x72, 0x1, 0xfffffffffffffff7, 0x2, 0x40, 0x8, 0x1ce2, 0x7, 0x5, 0x5860e369, 0x1, 0xffffffffffff783e, 0xfff, 0x100, 0xa, 0xf59d, 0x7, 0xffffffffffffffff, 0x4, 0x4, 0x3000000000, 0x81, 0x1928, 0x0, 0x8, 0x1, 0x400, 0xea, 0x4, 0x100000001, 0x5, 0x5, 0x4, 0x1ff, 0xf, 0x10000, 0x7, 0x5, 0x1, 0x0, 0x1, 0x0, 0x9, 0x7, 0x7, 0xfffffffffffffffa, 0x4, 0x2, 0x448, 0x1, 0x5, 0x44d4cf92, 0x4, 0x0, 0xff, 0x3959, 0x3, 0x3, 0x4, 0xd, 0x5, 0x4, 0x77d48683, 0x1, 0x1, 0x59e, 0x5ef, 0x4, 0x800, 0x6, 0x40, 0xab82, 0x9380, 0x9, 0x400, 0x53, 0x7, 0x0, 0xfffffffffffffffa, 0x10001, 0x1, 0x7, 0x4, 0x800]})
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000001580)={0xfffffffffffff000, 0x0, 0x4, r0}) (async)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000001580)={0xfffffffffffff000, 0x0, 0x4, r0})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f00000015c0)={0xdddd1000, 0x10a000}) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f00000015c0)={0xdddd1000, 0x10a000})

1h11m53.672541765s ago: executing program 0 (id=151):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0xeffffffd, 0x801) (async, rerun: 32)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 32)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x8}) (async, rerun: 64)
ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1}) (rerun: 64)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r2, 0x1}) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r2, 0x3}) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r2, 0xf}) (async)
r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0x6, 0xa}}, @eret={0xe6, 0x18, 0x100000001}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x3, 0x1}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x62}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0xe, 0x4, 0x8000, 0x4}}, @code={0xa, 0x84, {"007008d5000008d5000028d5007008d5000820bc603f94d200c0b8f2810080d2620080d2830180d2840080d2020000d4e0ab92d20080b0f2210080d2220080d2230080d2e40080d2020000d4000000d1008008d5c01995d20000b8f2410180d2c20080d2a30080d2e40080d2020000d4"}}, @code={0xa, 0x6c, {"0058284e008008d500084078000000b50000799e007008d500000037600488d20080b0f2c10180d2c20180d2030180d2240080d2020000d4007008d5401f94d200c0b8f2e10180d2e20180d2a30180d2c40180d2020000d4"}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x16e}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x100, 0x1202, 0x5}}, @svc={0x122, 0x40, {0x2000, [0xdd5, 0x7, 0x7, 0x4, 0x5f]}}, @irq_setup={0x46, 0x18, {0x0, 0x264}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x353}}, @irq_setup={0x46, 0x18, {0x0, 0x339}}, @irq_setup={0x46, 0x18, {0x1, 0x1f4}}, @hvc={0x32, 0x40, {0xc400000c, [0x303, 0x4, 0x1, 0xffff, 0xfffffffffffffffa]}}, @msr={0x14, 0x20, {0x603000000013df61, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xe00, 0x0, 0x6}}, @mrs={0xbe, 0x18, {0x603000000013e6c6}}, @eret={0xe6, 0x18, 0x1}, @code={0xa, 0x6c, {"007008d5008008d5007008d5c0c78ad20040b8f2010080d2020080d2030180d2640080d2020000d400d8a05e00a4bf0d001c602e0020800c000008d500cf84d20080b0f2410180d2a20080d2430080d2c40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x180, 0x4, 0x1}}, @irq_setup={0x46, 0x18, {0x2, 0x380}}, @smc={0x1e, 0x40, {0xc4000010, [0x3, 0xb, 0x80000000, 0x1, 0x8]}}, @hvc={0x32, 0x40, {0x1, [0x6000000000000, 0x3, 0x0, 0x100000000, 0x5]}}, @msr={0x14, 0x20, {0x603000000013de99, 0x5}}, @msr={0x14, 0x20, {0x603000000013dee9, 0x4}}], 0x4f4}, &(0x7f0000000580)=[@featur1={0x1, 0x51}], 0x1)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r6, 0x4208ae9b, &(0x7f00000005c0)={0x20000, 0x0, {[0x2faa3e4, 0x3ff, 0x8, 0x9, 0x1, 0x236, 0x5, 0x80000001, 0x7, 0x7, 0x71, 0x8, 0x10000, 0x0, 0x0, 0xc03], [0x0, 0x4, 0xb9, 0x2, 0x6, 0x1, 0x10000, 0xb, 0x6, 0xff, 0x7, 0x6, 0x9, 0x3, 0x3, 0x3], [0x401, 0xfffffffffffff9cd, 0x7, 0x6, 0x4, 0x13, 0x0, 0x200, 0x6, 0x0, 0x1, 0xffffffffffffffff, 0x9, 0x6, 0xcdc1, 0x8], [0xc7, 0x206, 0x1, 0x0, 0x9138, 0xe, 0x64, 0x2, 0x4000000000000000, 0x81, 0x200000000000000, 0x0, 0x6, 0x5, 0x1b1, 0x4]}})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r8, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xc020660b, 0xe1) (async, rerun: 64)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0)

1h11m50.042655469s ago: executing program 1 (id=152):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xc0189436, 0x20004000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x800})
r6 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5})
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x3, 0xa0)
r8 = eventfd2(0x6, 0x800)
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000280)={r8, 0x9})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r11, 0x400454cc, 0xffffffffffffffff)
ioctl$KVM_IRQFD(r7, 0x4020ae76, 0x0)
close(r7)

1h11m43.312282079s ago: executing program 0 (id=153):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x36)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80000001, [0xfffffffffffffde5, 0x3ff, 0x1, 0x4, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4000ae84, &(0x7f00000001c0)={{0x10000, 0x0, 0xe, 0x7, 0xc3, 0x6, 0x56, 0xcc, 0xa, 0xb1, 0x40, 0xb}, {0xe000, 0x0, 0x3, 0x2, 0x5, 0x9, 0x3, 0x4, 0x80, 0x80, 0x4, 0x5}, {0xeeee8000, 0x80a0000, 0xf, 0xa5, 0x7, 0x1, 0x31, 0xfe, 0x0, 0xe1, 0x6, 0xf2}, {0xeeee0000, 0x0, 0x4, 0x1, 0x8, 0xd2, 0xc4, 0x6, 0x7, 0x85, 0x2, 0x1}, {0x10000, 0xdddd1000, 0x8, 0xa, 0x81, 0x6, 0x8, 0x5, 0x82, 0xb1, 0xda, 0x9}, {0x2, 0x2000, 0x8, 0x40, 0x4, 0x1, 0x9, 0x60, 0x3, 0x0, 0x8, 0x40}, {0x3000, 0x8006000, 0x3, 0xb0, 0x0, 0xe, 0xd2, 0x1, 0x8, 0x8, 0x1, 0x6}, {0x80a0000, 0x10000, 0x9, 0x6, 0x6, 0x0, 0x7, 0x4, 0x9, 0x4, 0x4, 0x4}, {0xd000, 0x60}, {0x100000, 0x6}, 0x0, 0x0, 0x1000, 0x100000, 0xd, 0x400, 0xf7f72000, [0x4, 0x7, 0x8000000000000001]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xf0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x36) (async)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80000001, [0xfffffffffffffde5, 0x3ff, 0x1, 0x4, 0x9]}}], 0x40}, 0x0, 0x0) (async)
ioctl$KVM_SET_SREGS(r5, 0x4000ae84, &(0x7f00000001c0)={{0x10000, 0x0, 0xe, 0x7, 0xc3, 0x6, 0x56, 0xcc, 0xa, 0xb1, 0x40, 0xb}, {0xe000, 0x0, 0x3, 0x2, 0x5, 0x9, 0x3, 0x4, 0x80, 0x80, 0x4, 0x5}, {0xeeee8000, 0x80a0000, 0xf, 0xa5, 0x7, 0x1, 0x31, 0xfe, 0x0, 0xe1, 0x6, 0xf2}, {0xeeee0000, 0x0, 0x4, 0x1, 0x8, 0xd2, 0xc4, 0x6, 0x7, 0x85, 0x2, 0x1}, {0x10000, 0xdddd1000, 0x8, 0xa, 0x81, 0x6, 0x8, 0x5, 0x82, 0xb1, 0xda, 0x9}, {0x2, 0x2000, 0x8, 0x40, 0x4, 0x1, 0x9, 0x60, 0x3, 0x0, 0x8, 0x40}, {0x3000, 0x8006000, 0x3, 0xb0, 0x0, 0xe, 0xd2, 0x1, 0x8, 0x8, 0x1, 0x6}, {0x80a0000, 0x10000, 0x9, 0x6, 0x6, 0x0, 0x7, 0x4, 0x9, 0x4, 0x4, 0x4}, {0xd000, 0x60}, {0x100000, 0x6}, 0x0, 0x0, 0x1000, 0x100000, 0xd, 0x400, 0xf7f72000, [0x4, 0x7, 0x8000000000000001]}) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xf0) (async)

1h11m38.475462353s ago: executing program 1 (id=154):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1c00, 0x4, 0xa}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0x40086602, 0x20000000)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2e)
ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000000280)={0x8080000, 0x100000, 0x2, 0x1, 0x7})
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3f)
ioctl$KVM_CAP_PTP_KVM(r8, 0x4068aea3, &(0x7f0000000180))
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r8, 0x4068aea3, &(0x7f0000000200)={0xdf, 0x0, 0x5000})
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r9, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3})

1h11m33.836780974s ago: executing program 0 (id=155):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x8, 0x4, &(0x7f0000000040)=0xe0a7}) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0xd8)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0xfffffffffffffffe)

1h11m25.644026698s ago: executing program 1 (id=156):
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2e)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000180)=@arm64_sys={0x603000000013c024, &(0x7f0000000100)=0xbec})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(r1, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0xb, 0x30d2a4fbfbfad6b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000002c0)=@arm64_fp={0x60400000001000ac, &(0x7f00000000c0)=0x2})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0x40086602, 0x1)
ioctl$KVM_SET_SREGS(r5, 0x4000ae84, &(0x7f0000000100)={{0x2000, 0xeeeeb000, 0x0, 0x8, 0x3, 0x3, 0x9, 0x2, 0xb, 0x29, 0x8, 0xf9}, {0xffff1000, 0x0, 0xb, 0x10, 0x1, 0x8e, 0x58, 0x3, 0x10, 0x7e, 0x3, 0x4}, {0x1000, 0x1, 0x8, 0x8, 0xb7, 0x0, 0xb, 0x7f, 0x9, 0x2a, 0x5, 0x1}, {0x10000, 0x8000000, 0xc, 0x4, 0xda, 0x6, 0xe, 0x3, 0xc, 0xf2, 0x3d, 0xfe}, {0xdddd0000, 0x1000, 0xc, 0x5, 0xf, 0x9, 0x6e, 0x7, 0x7f, 0xf, 0x6, 0x5}, {0x4000, 0x4000, 0x3, 0x2, 0x9, 0x3, 0x1, 0x8, 0x10, 0x9, 0x3, 0x5}, {0x1, 0x80a0000, 0x8, 0x3, 0x8, 0x8, 0x8, 0x47, 0x3, 0x4, 0x7}, {0x1, 0x10000, 0xa, 0x4, 0x0, 0x7, 0xff, 0x3, 0x3, 0x2, 0x7f, 0x3b}, {0x100000, 0x3}, {0xffff1000, 0x80}, 0x40010000, 0x0, 0x0, 0x400000, 0x7, 0x5500, 0x3000, [0x6, 0x9, 0x9, 0x7fffffffffffffff]})
r7 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000300)={0x4, 0x6, 0x100000, 0x2000, &(0x7f0000e92000/0x2000)=nil, 0x101, r7})

1h11m25.524803987s ago: executing program 0 (id=157):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0xcb3993e4c7433bb8, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7, <r2=>0xffffffffffffffff})
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xfffdffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x4, 0x220)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@msr={0x14, 0x20, {0x603000000013c65f, 0x8001}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
r11 = syz_kvm_vgic_v3_setup(r10, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0x10003, 0x0})
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x1, 0x100)
r15 = eventfd2(0x4, 0x80801)
ioctl$KVM_IRQFD(r13, 0x4020ae76, &(0x7f0000000000)={r15, 0x6, 0x2, r14})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x0, 0x20010, r14, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, 0x0)

1h11m14.45239177s ago: executing program 1 (id=158):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013e7fc, 0x8000}}], 0x20}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f00000000c0)})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1h11m12.886521327s ago: executing program 0 (id=159):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
openat$kvm(0x0, &(0x7f0000000140), 0x488083, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f00000000c0)})
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x97de958e3a274290, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x1, 0x1001, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x8000, 0x0)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2d)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)

1h11m4.426326321s ago: executing program 1 (id=160):
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x0, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000e76000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x8000, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0x5451, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3)
r3 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
close(r3)
ioctl$KVM_SET_USER_MEMORY_REGION2(0xffffffffffffffff, 0x40a0ae49, &(0x7f0000000040)={0x101ff, 0x1, 0xdddd1000, 0x1000, &(0x7f000078f000/0x1000)=nil, 0x5, r3})
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x0, 0x0, 0x11, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000180)={r0, 0x0, 0x3, r0})
ioctl$KVM_CREATE_VM(r1, 0x400454d0, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x33)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x9, 0xffffffffffffffff, 0x1})
mmap$KVM_VCPU(&(0x7f0000f9d000/0x3000)=nil, 0x930, 0x0, 0xa0034d41e46194d3, r0, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)

1h10m27.062182203s ago: executing program 32 (id=159):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
openat$kvm(0x0, &(0x7f0000000140), 0x488083, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f00000000c0)})
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x97de958e3a274290, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x1, 0x1001, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x8000, 0x0)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2d)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)

1h10m18.152419971s ago: executing program 33 (id=160):
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x0, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000e76000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x8000, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0x5451, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3)
r3 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
close(r3)
ioctl$KVM_SET_USER_MEMORY_REGION2(0xffffffffffffffff, 0x40a0ae49, &(0x7f0000000040)={0x101ff, 0x1, 0xdddd1000, 0x1000, &(0x7f000078f000/0x1000)=nil, 0x5, r3})
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x0, 0x0, 0x11, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000180)={r0, 0x0, 0x3, r0})
ioctl$KVM_CREATE_VM(r1, 0x400454d0, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x33)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x9, 0xffffffffffffffff, 0x1})
mmap$KVM_VCPU(&(0x7f0000f9d000/0x3000)=nil, 0x930, 0x0, 0xa0034d41e46194d3, r0, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)

1h1m3.395325982s ago: executing program 2 (id=203):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_fw={0x6030000000140003, &(0x7f0000000000)=0x100}) (async)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_fw={0x6030000000140003, &(0x7f0000000000)=0x100})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)

1h0m53.942342066s ago: executing program 3 (id=204):
r0 = eventfd2(0x80000000, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0xc8, 0x1, r0})
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x7, 0x3}})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x58)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x5)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r13, 0x4008ae6a, &(0x7f00000002c0)={0x0, 0x100000})
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)

1h0m50.162505579s ago: executing program 2 (id=205):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@irq_setup={0x46, 0x18, {0x4, 0x161}}, @smc={0x1e, 0x40, {0x84000009, [0x2, 0x2d, 0x0, 0x6, 0x1]}}, @svc={0x122, 0x40, {0xc400000d, [0x13b1, 0x57, 0x9, 0x2, 0xfff]}}, @irq_setup={0x46, 0x18, {0x1, 0x353}}, @eret={0xe6, 0x18, 0x4307}, @eret={0xe6, 0x18, 0x7fff}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x200, 0x6}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x16c}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x261}}, @msr={0x14, 0x20, {0x603000000013df19, 0xc7}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xffe8, 0xfff, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x1, 0x1, 0xffffff76, 0xd, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e08d}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x7}}, @code={0xa, 0x84, {"007008d50000000e00040078000008d5401295d200a0b8f2210180d2c20080d2030180d2a40080d2020000d4007008d5007008d5007008d560399dd20020b8f2210180d2220080d2430080d2a40180d2020000d4a0a988d200e0b0f2a10080d2620180d2030180d2640180d2020000d4"}}, @irq_setup={0x46, 0x18, {0x3, 0xcf}}, @eret={0xe6, 0x18, 0xfffffffffffffffc}, @memwrite={0x6e, 0x30, @generic={0x100000, 0x81, 0x7, 0x3}}, @svc={0x122, 0x40, {0x2000, [0xbf6, 0x1, 0x322c, 0x8000000000000000, 0x9]}}, @eret={0xe6, 0x18, 0x6}, @hvc={0x32, 0x40, {0x3000000, [0x4, 0xfffffffffffffff8, 0x1, 0x3, 0x8]}}], 0x394}, &(0x7f0000000440)=[@featur1={0x1, 0xf4}], 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, 0x0)

1h0m38.174406423s ago: executing program 2 (id=206):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) (async)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x21)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r10, 0x0) (async)
r11 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r12, 0x8, 0x13, r10, 0x0) (async)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r13, 0x3, 0x11, r7, 0x0) (async)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r13, 0x3, 0x11, r11, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) (async)
r14 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@mrs={0xbe, 0x18, {0x603000000013c520}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)

1h0m34.995503321s ago: executing program 3 (id=207):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x80c8, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xd88b9cc0b966aae6, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0x8004b706, 0x8000000005)

1h0m26.662480543s ago: executing program 3 (id=208):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x4, <r5=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, 0x0)
r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x1, 0x0, 0x0, 0x79, 0x1}}], 0xffffffffffffffcb}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r8 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[@eret={0xe6, 0x18, 0x800}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x1, 0xf, 0x7fff, 0x80000001}}, @eret={0xe6, 0x18, 0x3}, @uexit={0x0, 0x18}, @msr={0x14, 0x20, {0x603000000013def7, 0x7}}, @hvc={0x32, 0x40, {0xc4000001, [0x6, 0x3, 0x1, 0x3ff, 0x4]}}, @eret={0xe6, 0x18, 0x91ba}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x204}}, @code={0xa, 0xb4, {"c0da98d200e0b0f2410180d2020080d2830180d2040180d2020000d400648ad200c0b0f2210180d2620180d2c30080d2c40180d2020000d4007008d5c0b782d200a0b8f2810180d2420180d2830080d2840180d2020000d4c0448cd20060b0f2a10180d2220080d2830180d2440180d2020000d4008008d50050800f000000b5608189d200a0b8f2010180d2a20180d2630080d2240180d2020000d400008013"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x2, 0x1}}], 0x1f4}, &(0x7f0000000100)=[@featur2={0x1, 0x40}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1h0m24.614885936s ago: executing program 2 (id=209):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r3, 0x4018aee2, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0})
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4106931, 0xffffffffffffffff, 0x0)

1h0m16.092138458s ago: executing program 2 (id=210):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x800})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000000)={0x4000, 0x0, 0x1}) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1h0m14.236966632s ago: executing program 3 (id=211):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1000000000002d)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r3, 0x2, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)

1h0m6.83045817s ago: executing program 3 (id=212):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0xa340c3, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0xc)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000001c0)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x8, &(0x7f0000000080)=0x2e09})
r7 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x7e)
r8 = mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x0, 0x4000000, 0x18010, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="ef6373be3efd06d14b554ec5f4baa585352a0eb15ab9d6f90a8efe3fda86dcb68550ab77adf3602ff43e25ba5aafa75119b68b0ebe4b47f8f42c54e1b2b7030cd6b806a5da5630ed", 0x0, 0x48)

1h0m6.414942329s ago: executing program 2 (id=213):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x0, 0xf, &(0x7f0000000180)=0x8000})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x200)
ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, 0xfffffffffffffffe)
r6 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000100), 0x612600, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0xad, 0x40, 0xcd, '\x00', 0x100})
r10 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000240)={0x0, 0x0}, 0x0, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000000)=@arm64_fw={0x6030000000140002, 0xfffffffffffffffe})
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000140)=@arm64_sve={0x608000000015052a, &(0x7f00000001c0)=0x2})
ioctl$KVM_SET_SREGS(r2, 0x4000ae84, 0xfffffffffffffffe)
r14 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
ioctl$KVM_GET_STATS_FD_cpu(r10, 0xaece)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)

59m53.167009139s ago: executing program 3 (id=214):
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x8, 0x1}) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

59m19.655209152s ago: executing program 34 (id=213):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x0, 0xf, &(0x7f0000000180)=0x8000})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x200)
ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, 0xfffffffffffffffe)
r6 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f0000000100), 0x612600, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0xad, 0x40, 0xcd, '\x00', 0x100})
r10 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000240)={0x0, 0x0}, 0x0, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000000)=@arm64_fw={0x6030000000140002, 0xfffffffffffffffe})
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000140)=@arm64_sve={0x608000000015052a, &(0x7f00000001c0)=0x2})
ioctl$KVM_SET_SREGS(r2, 0x4000ae84, 0xfffffffffffffffe)
r14 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
ioctl$KVM_GET_STATS_FD_cpu(r10, 0xaece)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)

59m6.243529906s ago: executing program 35 (id=214):
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x8, 0x1}) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

46m54.64658645s ago: executing program 4 (id=257):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x113080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000280)=[@featur2={0x1, 0xf}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x0, 0x4, 0x0}) (async, rerun: 32)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (rerun: 32)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f00000000c0)="fdfe86289687309b38fefa4d1182f4f882faf7ba755c3605", 0x0, 0x18)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x39d}}], 0x28}, 0x0, 0x0) (async, rerun: 32)
syz_kvm_vgic_v3_setup(r7, 0xffffffffffbffffc, 0x120) (async, rerun: 32)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r14, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 64)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (rerun: 64)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x8, 0x4, 0x0})
r15 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r17, 0x4068aea3, 0xfffffffffffffffe)
syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x1f)

46m49.983450836s ago: executing program 5 (id=258):
r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f00000001c0)=@arm64_core={0x6030000000100046, &(0x7f0000000100)=0x2})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)

46m36.223212213s ago: executing program 4 (id=259):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x46281, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x7, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a00ed})

46m33.390164896s ago: executing program 5 (id=260):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000640)=[@its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x2, 0x5, 0x9, 0x1, 0x3}}, @irq_setup={0x46, 0x18, {0x3, 0x55}}, @mrs={0xbe, 0x18, {0x603000000013804c}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x1, 0x2, 0xb8, 0x6, 0x3}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x153}}, @code={0xa, 0x84, {"008008d50000df0c606080d200c0b0f2c10180d2c20180d2230180d2240080d2020000d4008008d50084800d0020c09a0004403c007008d520ee80d20040b8f2a10080d2820080d2630180d2440080d2020000d4606c8bd20060b8f2210180d2c20080d2e30080d2040080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x4, 0x32}}, @smc={0x1e, 0x40, {0x200, [0x5, 0xff, 0x7fff, 0x8, 0x8000]}}, @irq_setup={0x46, 0x18, {0x2, 0x24c}}, @hvc={0x32, 0x40, {0x0, [0x9, 0xd12, 0x40, 0x9, 0xe0]}}], 0x1dc}], 0x1, 0x0, &(0x7f0000000240)=[@featur2={0x1, 0x20}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ce7000/0x1000)=nil, r6, 0x0, 0x80010, r2, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x4, 0x8, 0x0})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x400000000000012)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x8})
ioctl$KVM_SIGNAL_MSI(r10, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1})
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = eventfd2(0x3, 0x800)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000080)={0x1ff, 0x1000, 0x2, r14, 0x1})

46m24.513830425s ago: executing program 4 (id=261):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0x1fe, 0xa}})
r5 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f00000004c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xffffffffffffffff}}], 0x20}, &(0x7f00000000c0)=[@featur1={0x1, 0x8}], 0x1)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000280)=@arm64_sys={0x603000000013808c, &(0x7f00000001c0)})
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x8})
ioctl$KVM_SIGNAL_MSI(r11, 0x4020aea5, &(0x7f0000000200)={0xdddd1000, 0x0, 0xfffffffc, 0x1, 0x7})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

46m11.546710843s ago: executing program 5 (id=262):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x402800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x35)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x3, 0x5, &(0x7f0000000000)=0x80})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2e)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x17})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x5, <r6=>0xffffffffffffffff})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0x6ef73efd, 0x3, &(0x7f00000001c0)=0x8000000000000000})
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x4, <r9=>0xffffffffffffffff})
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x400001, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r13, 0x603000000013df12, 0x8000)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f0000000000)=0x3})
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000140)={0x7, <r16=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_GET_DEVICE_ATTR(r16, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0})
close(r1)
close(r6)

46m8.58714202s ago: executing program 4 (id=263):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013d000}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x0, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r8, 0x3, 0x40b2811, r7, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

45m45.605286985s ago: executing program 5 (id=264):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0xc5c8}) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0xc5c8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f00000002c0), 0x503480, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x200000000000001}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000000) (async)
ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f00000003c0)=@attr_other={0x0, 0x1, 0x5, &(0x7f0000000380)=0x7})
r10 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000300)={0x0, &(0x7f0000000300), 0x1d}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x0) (async)
r11 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000340)={0x2, <r12=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)=0x8080000})
ioctl$KVM_HAS_DEVICE_ATTR(r11, 0x4018aee3, &(0x7f0000000280)=@attr_other={0x0, 0x8, 0x9, &(0x7f0000000240)=0x4})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0xffffffffffffffff, 0x100) (async)
syz_kvm_vgic_v3_setup(r5, 0xffffffffffffffff, 0x100)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

45m45.040338311s ago: executing program 4 (id=265):
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r0, 0x2000000, 0x18010, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@irq_setup={0x5, 0x18}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x2, 0x100) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x6)
r8 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce4, &(0x7f0000000040)=0x2})
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200082, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3f)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x2a)

45m30.674260859s ago: executing program 5 (id=266):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x9)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x200)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000002, [0x99b, 0x100000001, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec2000/0x3000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x1, r1})

45m24.583658365s ago: executing program 4 (id=267):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYRESDEC=0x0, @ANYRES8=r3, @ANYRESHEX=r2, @ANYBLOB="fccbcdf7393f8cc6cbcce2356a4f4d482e8bb9c9a5bf96fe55b16bf26fd1518d4b59db3697a2c1609070b4888a809b3c049eb8349a4b28754f0684968ea76b73c43658863d0c0d25724cdc40058eff3fd1948661ef", @ANYRES8=r3, @ANYRES32=0x0, @ANYBLOB="bc6d698476e3e623cf401a8aaeafe88b450afb3114e8f797e12f1922440af6e07932e7e1c53d291f6e1d2e19b14b984bcc29b526d0507d86dc594b1ebb801396619c065c79530e28c16c9f041b59de55f941dc0882e4eaa197c997e70031be1b8b3f93daf7dc05e8014fbc7e677b3646c359f4153bf1994cc9469557ae8f6523a21ce6bbbd58f40d8dc873438ff085799002a38ac74080140bf10d4d6ad57ab15bdd35cb32e79bb21a036e6b9bd44fc393a30cd76cc9e26e7f375c4a4f7f3c32faa3006ac38f5119798c24c6d054a75693110443aaf8dbca424675fa77be47c900c1afa7b008cee1358e0096ce8dd7f5f896539d83a782a5722a922265b9fe3b59897bd3f1d6acf1973b021ae2bd778cdf0877f90656ef65cb74724733be5d318e9506ab54095b47f95a4292ab63010a7a4f6890ce6a146a5ef5a224ae33da9497c852a8a8d8e0595202b4c6c9358a28d0b499dd81b535b284b20f4a3f553f615eef761a79ed245752494555e9375ff89a3915c2ed28a07d3faeeafb6db547f1c9381f8c30d4a8fddf5e4dfec34b5607f5e3b65600e92418316eb7f47aea9c40c5c92d3088518a2c939c993fff8f1194a33451519deffda07a21bfa5d9a3f8624be63474454e8f711fe95171de46d2877218da37ab159c06e704ca805bec4d3f5e12068430360ca5dedc721f25021bdc5677ac8d5ed94d79ae5511a092d7980e4da390cb8d2f0ebf4bd48f105c1048f70025f72363e5b652f4797e1416cedbfc56082229f33ee252044c89ac9ddf4fdb8797aa5350997f3ee8b33df965ab9f73b1c8df336769250c80fbd63f72bf766176cb7d72a557864c86fbfc945fa548469639380fc167d904f29f3cbdfa27e1846c59218a03708505876b6b8a60e017d82b811bdbff17480e9a6ec79c470500131a7f5eefddae5b85562b7c087fd6e1b7a4fb402fa90e12e685d172d34d583f9682a1d1af1472f221f62a849a70beab9dd4370f482da3d3feef379f272110e9bcbc3ffb7065de9a58b8b540ff01436a75a458d4988f9f232acf50485a70e066dd41019dcec4b14b1897eb29ddf49fb376b98b42de74f98c677c1cc0ac74e19a2cb2597afd946d9e8ef6a81fde8f9843429a018fbbb3b5fe2fdf183f4f68be246f0e5b4ccc21ce0825987a46016ae5a94f9c373f5a5c1e7bb5cde9490b873da19809046562dbea0e9836121e3bf970facfeaf29f6f4852481e888815df52d732274f0d333e66b1cda47964e66f7c57596f1a730576935fb87e5fcafd16ed61ea92289312e9451481a6043d9375d0229998dc6d2807c7be07ad870bf1453e09ffb16c3dd8c1e5dec19698941cb2288dba9d86f8bc4b9d38ca456a3b806dd1d0b745d7eaf9fd71ce2013acda320ddd6802b3f4dbcc2c440edb7ab705b3034a574a5f585bafd481b3b85598874fc3440d202ba66e32251f4fdedfb4302b296d063457aa0bdddfc9729a06893cc29a4f6c44e512e7cebf4b24e0bd774719fd246120b55b74383ad04fbbe634a9999a3bb6fd838214df7d022e73e7010a9a6c0385c100c648c49d34a998290ade89dce2204cee3b9acff391e9a9596dc5227a4c4167fbf4e1150354fea43c98069d2cad2dd388307137267d4803d2f10310834fcb32e106c4c7550f139ea0329cc363c28dd59b5a07c70700000001a2db7c0535468310645ae0cd5f4e0b8ea9849f51eb864f95eba44c9a29bfe3b335d45216da0a1227f7a782c0bc223e51b0d6c5e04de9a9e2c7f2c5f914b9ddba8274777a12de7b1d3253cbaada9f9432a5330d33da2c0fef5a998b58e3939a3e260b5a9d1b83a3a3cd781e46971270d40939cb9be818a4088fb9530b839d718a3e2964e3ab392900250e57349ee67d9973b7471a408ed7c50e2f0cc7daf47a8a417c030a7ba2943f851fe2a32e4e460ad22ae88e0bb7fb7b8c08273997c0111546cb8bfdbd7d4dfe48b69764623077a0028ca4b1138f8402fc839cc8b8522e8355d85606ead29de2e37d3d58f5866d9b4c38047b69f81bcf18451f23748bc86b897ca74ba16326dea0c069a26360035714c01776752f156d0203c9281fa76d9316bf63f1281dae9ea21fe3b34bf7635c181b44cf6d34792c9bfc1d161f74a19d1baeedb342387bd176d9dc0b0d9660e1f816ea479cac77588a5a5a9368e24d1b3d97794c3cdade7b2c335a7037a52932d343bd832ad621299b8ac3bb7f6157db108aa69c6c9f5e7bf388b6c5d9a3b11d647036424cadec1ddcf23a9b427960349e27bb91718bee3020bd048e7b92491211913f47179cce3baeb74402f30c2dfa3bfd5455953f0fa68669e8f1ab31c79b520966db6a01635fe61675e38843eeeee81b8ac8133445df7734be6d187438622dee7391bce8551ff6c2fa4086686d6fa6e6a408012af8e118dde354cd0db4d34a13588a6bed5261786fb4fb8c0dba701d373b63b7dd2b0a4f18061e27c4e4069ab3ec111ffba6de10d94560fc4ec95560299f939aa01580f162522d29be15d43adf12af4118d3d6d83d532e762e5f36e5473b80f034bcdbb26b28b9e27370f7a0dde865d38c6fca1f79cd842f1a585e072559988d3cfe18d11e4b7fddbdb308b1d66bf4851582256eb881cb7eb65e3492dcea4920c8ca1e71a89c153bd7ab0667ac5a96be817a48c9ab15e82115d0701e6c2e5bcbbb3f9cb3ccfedc1463e1373306993c6e3a489e60da746b8e1cbb05c4b7ed11149302886e3d4b13c905dc61a62f36ca57ebf9530f84fc986193fe7adf30f9ee345028db3fd966298fcc7340998e75afbffda684ea3f167a14df22fb9fd6111608b8ec9a1810d3162b04aebcfdc1e94ef33bdf278debe1bf7156483adef0b9d6e4bdde895b4d323ae66aea158d64a4088bb56f2ec5118609b8f2299f50e22bb31367f6739742e0b68f7a86acc2d4eb914fa38dbfdf7c934761500787b604cf1083812b12e9022c197b9377717a4bf4c7cc07699915ee356bf47f5bceb79f8aae2d01e7f8ff4ac48f61de98574a7c2487f597205579cb3b05f788f2e99de1f897709cfca77b231c4c8d4b48a3b4dcf05932ede4da2677877d3d6c3ff1c2daa306dcccb53b27169f4d0f403a2076faf939be00b1de7ba9d98e8d2a3a7a8862c1a856451b19111412782aaba6100b1e78108a028bd69283dc5936bcc7af3deee40aefcfa32deed230c2acdc7a750405b17b176b18d2b18df35c5a19f296d8878afd82381b575c4c59fa33aab87529528276bf3adcd44c568eb9a353d991fc316ca6338497870ba96553d46dc674b2a96c96a165c96fe34b3e6cc44aeba3e3fe38a26f7aaddcd7e69abb0c4656a23ba216ef0c295f3beb2f63286845e8d79a1ade8f68e1875bfb681c5e29095395aec94fcbc600d7bf3652783abdf9e155cc659bb2a6b272d2c0a1851e79677f93c78646cb24df661c2149a84b67e6a94fc90e747d963006b6f972f6653bf074f0c72dcf291b5ef223f4a8e21e046e74ccfc61441902891f228718be14653930a127e3f87f29d18ee4c526fd338efb1cc47d3a7a44cbc9843ea3905ff1bd17f4fbb6d72a5245376d0308623ebfdf67e23e2cf217c50f1af4860ffca1bc62367b99c60f52e2e87c8c2bdb58e4bb8d322497a62240b6c6e7151baeb37f1d861793732071e12ca3da0881c721237a32f768654ac3c0754f8d00e17fb7626a707207e865cc4c2bdd4fa13bc8b9a579faaceab3bb891e694992525b763c3f236a45d7104d6c812fd45153a8a478d97d6232bd746f02160908b544a6a329b7f7ea553372514f54e9e76e81ee36979696c94d4ff14f1f4d6223dfde57249abed6408400c91ca42eddeae497bf2c9051dcfc2a0356f26db83844fd9cc5be4820e839b122de98eec21db59d5823cd831f7a681b26790a07e1738b7ed69fd1a06d93ac31b0a4c5b52b0e9d5dfc08b6d65add061ffa73941aa7b04e0019875839262bd5c6c0f96f30e98a2fe69cb103fb87b8a92803969d3fedd10f6733432fb61f33cbb952bea89f8a0cb5da4ec7d161047cd0fc4707f753f8e4cf56ad6c6d6afb3ed8e0675fb16f7214bc846309df70f0c9cf64f9a6fe8721b3d8b6cacaaa87156b393489bfff1118d80d9d6ce357a7a8e556eedc5e1bf6d2d5034217c75a4ee5701fc8fb2c58ba4083cd52a0e78aa1615a666403104a38e90ff52dc42329d8ad86a3f3ac8bdd7e8276ca69c7b6f23f794e3e220c5bc584c18d06f4382d6ef5df1da2fd01c38c44e6f3f63edef19124e4d28fec23f59e3a74e1971d1debea54c9eb9e4882429a53b02dda71282568df15eb29dc38679e37ac914a8ed2edd0e3a683f964121e683dfdc6b4bc75e684b97d3f2d5ee5e38087eefeef68163ed8e7f307e27ab6e75bc43d215f0b84f8c06a3164ff9557906238ff7bc9cdce4a7da88b57c108694b105992b8c33739eb995f81c14ef2d4ee6fae102e76f3fffccfefc2d2b14cf02481576cdc410ada6270ccc8cc32214aa46db291365e2430df04c989d58831f75d263d194c08faaa7c121e0e5abfacc8dcab101dabf3405a894d56ee8d38b5063fd803ddf52249affab71f52a8338da66715fce8cb091dc43ef23162e393153359c847b395df599cdca54873414f5f7271c5a34defa93ae4821b491cce28c35f7544f2235b4f180b538281eb9338ee3ad161e8b6d40cb9c94dc027b5567029a6540ccc149776e14efe7d22c0a3adfcbb048c217641c35181332fa5a2b7f0503c7ed243a5a49c478be4c1f8615c2208f3c0ef3d37c8a035aa55982dfdde96af3a1c468d479dd9c6d68420d8869277bc7cfe65b70ae0b8ddbe9225c08b57870eeb441e5938401512f90291cbdfa503f857a76bfbb4e28e646f287c43744d0a199000938684dff244f8bf4610aceb0240094559d1cf39eeb11e21e9a3b56718e70e5de63a260c7a4b1d24da2f574a39f93d20bef2315c04c7f9b7b5abed135981cd8a8bddbc4da6792dd4f56875011ce59b16b9d170744e4f9a1cb7d8f621f72a8ab892094b8bca2c06261b4249226e247da383332cd3a9ad2e021889133c352c30078e87e5791750e35e813dd46fbb8c3975f3797c856bd8cd5a1b8bae0fbdf45c3f62a0afbf484873156c7fa2431358137831a41446dbb946243cc1b93376388be400a4a44a8e149f6a123ac95b1334ad1927bace17d854f31e922babb3a668c75b80f789dae43c637dbf9c2dc3434ba300b9b66df26bcb0d5728a82b517eeaec5e89e6b19c3e52a1918787c76c0e744bf4ff29dd15422b43748914def769aacc6007623b1a494844d6e520dca1017869cfabd80f157c285c4c9acd2f541a29bb10d20ae355dd5c33d6f8c0865084264999bcad2761bb580a63321a995505e56f709feac9ce9a8c69e725b28373331539e5773fd22837db49b11a5c9cd26fc5120adb383a6babad8b242462380ef3547fd83b1c2d4d8e1438af689e021261edef1c0909acd54eb28c633975288bb405679d8fc2122085eb9662bea764245e5c75e2a0f4038a8acddca27355cd0db6f7231f1defde76ac76ca7376cb04161b3aea038951612223a4698a94747aa930c9286a087cb28e6705b3a441111e61f3e8ee5af10af3ecc4af71b1f470341013764c488192da728b7b8a6a31bd311d053c72298aaf63fa5bcf72e14d4fea631841315ed8c3de3a800152248ec2df6ec6c103c057bac45333d5619c61ad73324c72d0270c86ed71b94d84af196d0e91691526dd20418d1aa5b3185173df069b950e2bc8426f24b780b8ae538ada1a9b5b42731f209e4b4c7454b63fbefaa7da4edd4c8b11b2a408c9d348dcfff816cdc8ad38b9cff52b8792033ae6ffb2a60368f6c690d54bb14a3ac0a354b0dd7d05d7ccfaf0ff84164383379d8c088b0ab83cfad6da1b1f24e35431ba06601fff0550cea50bd3ad73ada3ab499e5b4ded26dc68862ae6", @ANYBLOB="232bc45bde0c37e1da1c05b5092506fd56cf45e928a16552d77046626f322b7e8a6d00c48f9373677c1b13c5121ef82fb3c775d0a09af110c5c1ff87beb7dbe062729b667b5c015661fab8d95a9cb8dd58242cd01f1b49b133a504676da293b84718878ed0f4f6bea4ca36ef2535397a0285b9963d2b0e40db38995be6da315139735ac3ddf45764958558b9bf3aced450f70aff3f3de9b35d9cad9271b9e729da257f875338f93fce383c052a974d1dd8c1e66d3cd9c68907b38d2fe9"], 0x1a0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)

45m14.730440025s ago: executing program 5 (id=268):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0xc400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000100), 0x200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x6, @vgic_gicr={0x80a0000, 0xa0, 0x3}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

44m36.603395548s ago: executing program 36 (id=267):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYRESDEC=0x0, @ANYRES8=r3, @ANYRESHEX=r2, @ANYBLOB="fccbcdf7393f8cc6cbcce2356a4f4d482e8bb9c9a5bf96fe55b16bf26fd1518d4b59db3697a2c1609070b4888a809b3c049eb8349a4b28754f0684968ea76b73c43658863d0c0d25724cdc40058eff3fd1948661ef", @ANYRES8=r3, @ANYRES32=0x0, @ANYBLOB="bc6d698476e3e623cf401a8aaeafe88b450afb3114e8f797e12f1922440af6e07932e7e1c53d291f6e1d2e19b14b984bcc29b526d0507d86dc594b1ebb801396619c065c79530e28c16c9f041b59de55f941dc0882e4eaa197c997e70031be1b8b3f93daf7dc05e8014fbc7e677b3646c359f4153bf1994cc9469557ae8f6523a21ce6bbbd58f40d8dc873438ff085799002a38ac74080140bf10d4d6ad57ab15bdd35cb32e79bb21a036e6b9bd44fc393a30cd76cc9e26e7f375c4a4f7f3c32faa3006ac38f5119798c24c6d054a75693110443aaf8dbca424675fa77be47c900c1afa7b008cee1358e0096ce8dd7f5f896539d83a782a5722a922265b9fe3b59897bd3f1d6acf1973b021ae2bd778cdf0877f90656ef65cb74724733be5d318e9506ab54095b47f95a4292ab63010a7a4f6890ce6a146a5ef5a224ae33da9497c852a8a8d8e0595202b4c6c9358a28d0b499dd81b535b284b20f4a3f553f615eef761a79ed245752494555e9375ff89a3915c2ed28a07d3faeeafb6db547f1c9381f8c30d4a8fddf5e4dfec34b5607f5e3b65600e92418316eb7f47aea9c40c5c92d3088518a2c939c993fff8f1194a33451519deffda07a21bfa5d9a3f8624be63474454e8f711fe95171de46d2877218da37ab159c06e704ca805bec4d3f5e12068430360ca5dedc721f25021bdc5677ac8d5ed94d79ae5511a092d7980e4da390cb8d2f0ebf4bd48f105c1048f70025f72363e5b652f4797e1416cedbfc56082229f33ee252044c89ac9ddf4fdb8797aa5350997f3ee8b33df965ab9f73b1c8df336769250c80fbd63f72bf766176cb7d72a557864c86fbfc945fa548469639380fc167d904f29f3cbdfa27e1846c59218a03708505876b6b8a60e017d82b811bdbff17480e9a6ec79c470500131a7f5eefddae5b85562b7c087fd6e1b7a4fb402fa90e12e685d172d34d583f9682a1d1af1472f221f62a849a70beab9dd4370f482da3d3feef379f272110e9bcbc3ffb7065de9a58b8b540ff01436a75a458d4988f9f232acf50485a70e066dd41019dcec4b14b1897eb29ddf49fb376b98b42de74f98c677c1cc0ac74e19a2cb2597afd946d9e8ef6a81fde8f9843429a018fbbb3b5fe2fdf183f4f68be246f0e5b4ccc21ce0825987a46016ae5a94f9c373f5a5c1e7bb5cde9490b873da19809046562dbea0e9836121e3bf970facfeaf29f6f4852481e888815df52d732274f0d333e66b1cda47964e66f7c57596f1a730576935fb87e5fcafd16ed61ea92289312e9451481a6043d9375d0229998dc6d2807c7be07ad870bf1453e09ffb16c3dd8c1e5dec19698941cb2288dba9d86f8bc4b9d38ca456a3b806dd1d0b745d7eaf9fd71ce2013acda320ddd6802b3f4dbcc2c440edb7ab705b3034a574a5f585bafd481b3b85598874fc3440d202ba66e32251f4fdedfb4302b296d063457aa0bdddfc9729a06893cc29a4f6c44e512e7cebf4b24e0bd774719fd246120b55b74383ad04fbbe634a9999a3bb6fd838214df7d022e73e7010a9a6c0385c100c648c49d34a998290ade89dce2204cee3b9acff391e9a9596dc5227a4c4167fbf4e1150354fea43c98069d2cad2dd388307137267d4803d2f10310834fcb32e106c4c7550f139ea0329cc363c28dd59b5a07c70700000001a2db7c0535468310645ae0cd5f4e0b8ea9849f51eb864f95eba44c9a29bfe3b335d45216da0a1227f7a782c0bc223e51b0d6c5e04de9a9e2c7f2c5f914b9ddba8274777a12de7b1d3253cbaada9f9432a5330d33da2c0fef5a998b58e3939a3e260b5a9d1b83a3a3cd781e46971270d40939cb9be818a4088fb9530b839d718a3e2964e3ab392900250e57349ee67d9973b7471a408ed7c50e2f0cc7daf47a8a417c030a7ba2943f851fe2a32e4e460ad22ae88e0bb7fb7b8c08273997c0111546cb8bfdbd7d4dfe48b69764623077a0028ca4b1138f8402fc839cc8b8522e8355d85606ead29de2e37d3d58f5866d9b4c38047b69f81bcf18451f23748bc86b897ca74ba16326dea0c069a26360035714c01776752f156d0203c9281fa76d9316bf63f1281dae9ea21fe3b34bf7635c181b44cf6d34792c9bfc1d161f74a19d1baeedb342387bd176d9dc0b0d9660e1f816ea479cac77588a5a5a9368e24d1b3d97794c3cdade7b2c335a7037a52932d343bd832ad621299b8ac3bb7f6157db108aa69c6c9f5e7bf388b6c5d9a3b11d647036424cadec1ddcf23a9b427960349e27bb91718bee3020bd048e7b92491211913f47179cce3baeb74402f30c2dfa3bfd5455953f0fa68669e8f1ab31c79b520966db6a01635fe61675e38843eeeee81b8ac8133445df7734be6d187438622dee7391bce8551ff6c2fa4086686d6fa6e6a408012af8e118dde354cd0db4d34a13588a6bed5261786fb4fb8c0dba701d373b63b7dd2b0a4f18061e27c4e4069ab3ec111ffba6de10d94560fc4ec95560299f939aa01580f162522d29be15d43adf12af4118d3d6d83d532e762e5f36e5473b80f034bcdbb26b28b9e27370f7a0dde865d38c6fca1f79cd842f1a585e072559988d3cfe18d11e4b7fddbdb308b1d66bf4851582256eb881cb7eb65e3492dcea4920c8ca1e71a89c153bd7ab0667ac5a96be817a48c9ab15e82115d0701e6c2e5bcbbb3f9cb3ccfedc1463e1373306993c6e3a489e60da746b8e1cbb05c4b7ed11149302886e3d4b13c905dc61a62f36ca57ebf9530f84fc986193fe7adf30f9ee345028db3fd966298fcc7340998e75afbffda684ea3f167a14df22fb9fd6111608b8ec9a1810d3162b04aebcfdc1e94ef33bdf278debe1bf7156483adef0b9d6e4bdde895b4d323ae66aea158d64a4088bb56f2ec5118609b8f2299f50e22bb31367f6739742e0b68f7a86acc2d4eb914fa38dbfdf7c934761500787b604cf1083812b12e9022c197b9377717a4bf4c7cc07699915ee356bf47f5bceb79f8aae2d01e7f8ff4ac48f61de98574a7c2487f597205579cb3b05f788f2e99de1f897709cfca77b231c4c8d4b48a3b4dcf05932ede4da2677877d3d6c3ff1c2daa306dcccb53b27169f4d0f403a2076faf939be00b1de7ba9d98e8d2a3a7a8862c1a856451b19111412782aaba6100b1e78108a028bd69283dc5936bcc7af3deee40aefcfa32deed230c2acdc7a750405b17b176b18d2b18df35c5a19f296d8878afd82381b575c4c59fa33aab87529528276bf3adcd44c568eb9a353d991fc316ca6338497870ba96553d46dc674b2a96c96a165c96fe34b3e6cc44aeba3e3fe38a26f7aaddcd7e69abb0c4656a23ba216ef0c295f3beb2f63286845e8d79a1ade8f68e1875bfb681c5e29095395aec94fcbc600d7bf3652783abdf9e155cc659bb2a6b272d2c0a1851e79677f93c78646cb24df661c2149a84b67e6a94fc90e747d963006b6f972f6653bf074f0c72dcf291b5ef223f4a8e21e046e74ccfc61441902891f228718be14653930a127e3f87f29d18ee4c526fd338efb1cc47d3a7a44cbc9843ea3905ff1bd17f4fbb6d72a5245376d0308623ebfdf67e23e2cf217c50f1af4860ffca1bc62367b99c60f52e2e87c8c2bdb58e4bb8d322497a62240b6c6e7151baeb37f1d861793732071e12ca3da0881c721237a32f768654ac3c0754f8d00e17fb7626a707207e865cc4c2bdd4fa13bc8b9a579faaceab3bb891e694992525b763c3f236a45d7104d6c812fd45153a8a478d97d6232bd746f02160908b544a6a329b7f7ea553372514f54e9e76e81ee36979696c94d4ff14f1f4d6223dfde57249abed6408400c91ca42eddeae497bf2c9051dcfc2a0356f26db83844fd9cc5be4820e839b122de98eec21db59d5823cd831f7a681b26790a07e1738b7ed69fd1a06d93ac31b0a4c5b52b0e9d5dfc08b6d65add061ffa73941aa7b04e0019875839262bd5c6c0f96f30e98a2fe69cb103fb87b8a92803969d3fedd10f6733432fb61f33cbb952bea89f8a0cb5da4ec7d161047cd0fc4707f753f8e4cf56ad6c6d6afb3ed8e0675fb16f7214bc846309df70f0c9cf64f9a6fe8721b3d8b6cacaaa87156b393489bfff1118d80d9d6ce357a7a8e556eedc5e1bf6d2d5034217c75a4ee5701fc8fb2c58ba4083cd52a0e78aa1615a666403104a38e90ff52dc42329d8ad86a3f3ac8bdd7e8276ca69c7b6f23f794e3e220c5bc584c18d06f4382d6ef5df1da2fd01c38c44e6f3f63edef19124e4d28fec23f59e3a74e1971d1debea54c9eb9e4882429a53b02dda71282568df15eb29dc38679e37ac914a8ed2edd0e3a683f964121e683dfdc6b4bc75e684b97d3f2d5ee5e38087eefeef68163ed8e7f307e27ab6e75bc43d215f0b84f8c06a3164ff9557906238ff7bc9cdce4a7da88b57c108694b105992b8c33739eb995f81c14ef2d4ee6fae102e76f3fffccfefc2d2b14cf02481576cdc410ada6270ccc8cc32214aa46db291365e2430df04c989d58831f75d263d194c08faaa7c121e0e5abfacc8dcab101dabf3405a894d56ee8d38b5063fd803ddf52249affab71f52a8338da66715fce8cb091dc43ef23162e393153359c847b395df599cdca54873414f5f7271c5a34defa93ae4821b491cce28c35f7544f2235b4f180b538281eb9338ee3ad161e8b6d40cb9c94dc027b5567029a6540ccc149776e14efe7d22c0a3adfcbb048c217641c35181332fa5a2b7f0503c7ed243a5a49c478be4c1f8615c2208f3c0ef3d37c8a035aa55982dfdde96af3a1c468d479dd9c6d68420d8869277bc7cfe65b70ae0b8ddbe9225c08b57870eeb441e5938401512f90291cbdfa503f857a76bfbb4e28e646f287c43744d0a199000938684dff244f8bf4610aceb0240094559d1cf39eeb11e21e9a3b56718e70e5de63a260c7a4b1d24da2f574a39f93d20bef2315c04c7f9b7b5abed135981cd8a8bddbc4da6792dd4f56875011ce59b16b9d170744e4f9a1cb7d8f621f72a8ab892094b8bca2c06261b4249226e247da383332cd3a9ad2e021889133c352c30078e87e5791750e35e813dd46fbb8c3975f3797c856bd8cd5a1b8bae0fbdf45c3f62a0afbf484873156c7fa2431358137831a41446dbb946243cc1b93376388be400a4a44a8e149f6a123ac95b1334ad1927bace17d854f31e922babb3a668c75b80f789dae43c637dbf9c2dc3434ba300b9b66df26bcb0d5728a82b517eeaec5e89e6b19c3e52a1918787c76c0e744bf4ff29dd15422b43748914def769aacc6007623b1a494844d6e520dca1017869cfabd80f157c285c4c9acd2f541a29bb10d20ae355dd5c33d6f8c0865084264999bcad2761bb580a63321a995505e56f709feac9ce9a8c69e725b28373331539e5773fd22837db49b11a5c9cd26fc5120adb383a6babad8b242462380ef3547fd83b1c2d4d8e1438af689e021261edef1c0909acd54eb28c633975288bb405679d8fc2122085eb9662bea764245e5c75e2a0f4038a8acddca27355cd0db6f7231f1defde76ac76ca7376cb04161b3aea038951612223a4698a94747aa930c9286a087cb28e6705b3a441111e61f3e8ee5af10af3ecc4af71b1f470341013764c488192da728b7b8a6a31bd311d053c72298aaf63fa5bcf72e14d4fea631841315ed8c3de3a800152248ec2df6ec6c103c057bac45333d5619c61ad73324c72d0270c86ed71b94d84af196d0e91691526dd20418d1aa5b3185173df069b950e2bc8426f24b780b8ae538ada1a9b5b42731f209e4b4c7454b63fbefaa7da4edd4c8b11b2a408c9d348dcfff816cdc8ad38b9cff52b8792033ae6ffb2a60368f6c690d54bb14a3ac0a354b0dd7d05d7ccfaf0ff84164383379d8c088b0ab83cfad6da1b1f24e35431ba06601fff0550cea50bd3ad73ada3ab499e5b4ded26dc68862ae6", @ANYBLOB="232bc45bde0c37e1da1c05b5092506fd56cf45e928a16552d77046626f322b7e8a6d00c48f9373677c1b13c5121ef82fb3c775d0a09af110c5c1ff87beb7dbe062729b667b5c015661fab8d95a9cb8dd58242cd01f1b49b133a504676da293b84718878ed0f4f6bea4ca36ef2535397a0285b9963d2b0e40db38995be6da315139735ac3ddf45764958558b9bf3aced450f70aff3f3de9b35d9cad9271b9e729da257f875338f93fce383c052a974d1dd8c1e66d3cd9c68907b38d2fe9"], 0x1a0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)

44m24.692059518s ago: executing program 37 (id=268):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0xc400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000100), 0x200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x6, @vgic_gicr={0x80a0000, 0xa0, 0x3}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22m28.406139568s ago: executing program 7 (id=362):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff, 0x1})
write$eventfd(r4, &(0x7f00000001c0)=0xffffff7f, 0xff25)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x13)
close(0x3)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
close(0x4)
close(0x5)

22m12.359641626s ago: executing program 7 (id=364):
r0 = eventfd2(0x1, 0x800)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={r0, 0xc8, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r3=>0xffffffffffffffff, 0x1})
r4 = ioctl$KVM_CREATE_VM(r3, 0x894c, 0x0)
close(r4) (async, rerun: 64)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, 0x0) (async, rerun: 64)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2)
r7 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000000000/0x400000)=nil) (async)
r9 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) (async, rerun: 64)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5) (async, rerun: 64)
r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_GET_API_VERSION(r5, 0xae00, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r10, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0x5460, 0x0)

21m56.567727379s ago: executing program 7 (id=366):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x22)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x101fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000ecd000/0x1000)=nil})
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000040)={0x5, 0x5})

21m40.473670243s ago: executing program 7 (id=368):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_fp={0x60400000001001a4, 0x0}) (async, rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async, rerun: 64)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2c)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000040)=@arm64_sve={0x6080000000150537, 0x0}) (async, rerun: 64)
syz_kvm_vgic_v3_setup(r1, 0x2, 0x0) (async, rerun: 64)
close(r1)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x302, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xeeef0000, 0x0, r11}) (async)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000000)={0x6, 0x0, 0x0, r11, 0x4}) (async)
write$eventfd(r11, &(0x7f0000000000)=0xffffffff, 0x8)

21m25.56317823s ago: executing program 7 (id=369):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f0000000240)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x200}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0xa, 0x4}})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x21)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r12, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r12, 0x0)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r13, 0x8, 0x13, r12, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r14, 0x3, 0x11, r9, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r17, 0xc00caee0, 0x0)

21m3.403064572s ago: executing program 7 (id=372):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110000, &(0x7f0000000000)=0x3})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110006, &(0x7f00000000c0)=0x2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0xb, 0x30d2a4fbfbfad6b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(0xffffffffffffffff, 0x4208ae9b, &(0x7f0000000300)={0x0, 0x0, {[0x4, 0x4, 0x3, 0x4, 0x3d, 0x15, 0x7, 0x8f2, 0xfffffffffffffff8, 0x1, 0x6, 0x8, 0x2, 0xfffffffffffff358, 0x7, 0x7], [0x405, 0x5, 0x10, 0x7fe, 0x9, 0x41d, 0x0, 0x101, 0x80, 0x8, 0x4, 0x0, 0x4, 0x8, 0x4, 0x6], [0x1, 0x1, 0xfffffffffffffff5, 0x100000000, 0x2, 0x200, 0x7, 0x4, 0x101, 0x10001, 0x4b4, 0xffff, 0x2, 0x4, 0x4, 0xaca7], [0x8, 0x9, 0x6, 0x5, 0x4, 0x4, 0x6, 0x489, 0x4, 0x8, 0x40, 0x8001, 0x1, 0x4, 0x6b08, 0xa]}})
r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r10, 0x40000)

20m16.462535797s ago: executing program 38 (id=372):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110000, &(0x7f0000000000)=0x3})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110006, &(0x7f00000000c0)=0x2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0xb, 0x30d2a4fbfbfad6b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(0xffffffffffffffff, 0x4208ae9b, &(0x7f0000000300)={0x0, 0x0, {[0x4, 0x4, 0x3, 0x4, 0x3d, 0x15, 0x7, 0x8f2, 0xfffffffffffffff8, 0x1, 0x6, 0x8, 0x2, 0xfffffffffffff358, 0x7, 0x7], [0x405, 0x5, 0x10, 0x7fe, 0x9, 0x41d, 0x0, 0x101, 0x80, 0x8, 0x4, 0x0, 0x4, 0x8, 0x4, 0x6], [0x1, 0x1, 0xfffffffffffffff5, 0x100000000, 0x2, 0x200, 0x7, 0x4, 0x101, 0x10001, 0x4b4, 0xffff, 0x2, 0x4, 0x4, 0xaca7], [0x8, 0x9, 0x6, 0x5, 0x4, 0x4, 0x6, 0x489, 0x4, 0x8, 0x40, 0x8001, 0x1, 0x4, 0x6b08, 0xa]}})
r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r10, 0x40000)

18m7.730626938s ago: executing program 6 (id=384):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r3, 0x4208ae9b, &(0x7f0000000400)={0x1, 0x0, {[0xfffffffffffffffb, 0x3ff, 0x1000, 0xe26f, 0x3, 0x6, 0x9, 0x0, 0x4, 0x5, 0x7, 0x81, 0x0, 0x7fffffffffffffff, 0x1, 0x2], [0x80000001, 0x8, 0x34f, 0x80000001, 0x8000000000000000, 0xfffffffffffffffb, 0x8, 0x5, 0x7ff, 0x6, 0xa87f, 0x1, 0x5, 0x7fffffffffffffff, 0x9, 0x7fffffff], [0x6, 0x2, 0x3, 0xfff, 0xe7, 0x1, 0x100000001, 0x0, 0x8, 0x3ff, 0x8, 0x401, 0x3, 0x3, 0x100000001], [0xe, 0xffffffffffff37a5, 0x80000000, 0x54435a02, 0x2, 0x2, 0x4, 0xff, 0xa4c, 0x2, 0x400, 0x1, 0xfffffffff14d8e2e, 0x44, 0x400, 0xfffffffffffff2f2]}})
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000040)=0x8)

17m56.563109841s ago: executing program 6 (id=385):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@eret={0xe6, 0x18, 0x9}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x289}}, @svc={0x122, 0x40, {0xc4000003, [0x1f8f, 0x0, 0x5, 0xc67a313, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013c685}}], 0x98}, &(0x7f0000000100)=[@featur2={0x1, 0x20}], 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x84000, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000180)={0xf7, 0x10, 0x1}})
r2 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000000240)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000200)={0x4, 0x0, 0x1}})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x18)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000280)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x22)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000002c0)={0x2})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000300)={0xa})
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000340)="473d2cda5f0bd8389fab8ce1b6b48ce86e39b250d502f836", 0x0, 0x18)
ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f0000000380))
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000400)={0x8})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x4200, 0x0)
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f00000004c0)=@arm64_sve={0x608000000015017e, &(0x7f0000000480)=0x1})
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000940)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x603000000013df19}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0xc400000d, [0xfa3, 0xf, 0x7, 0x8, 0x2]}}, @irq_setup={0x46, 0x18, {0x1, 0x130}}, @mrs={0xbe, 0x18, {0x603000000013df45}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x400, 0x6, 0x9}}, @svc={0x122, 0x40, {0x32000000, [0x7fffffff, 0x6, 0x2, 0x8, 0x6]}}, @smc={0x1e, 0x40, {0x84000013, [0x7, 0x7, 0xec4e, 0x80000000, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x1, 0x1, 0xd71a, 0x1, 0x3}}, @irq_setup={0x46, 0x18, {0x2, 0x2b1}}, @msr={0x14, 0x20, {0x603000000013c201, 0x7}}, @svc={0x122, 0x40, {0x84000003, [0x0, 0x4, 0x7fff, 0x0, 0x4]}}, @svc={0x122, 0x40, {0x80, [0xfffffffffffffffd, 0x6, 0x3, 0x676, 0x3]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x0, 0xe, 0x0, 0x3, 0x1}}, @eret={0xe6, 0x18, 0x8}, @uexit={0x0, 0x18, 0x1}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x4, 0xd, 0x5, 0x5, 0x1}}, @msr={0x14, 0x20, {0x603000000013dea7, 0x7d9d03a0}}, @eret={0xe6, 0x18, 0x7f}, @mrs={0xbe, 0x18, {0x6030000000138010}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x0, 0x3, 0x1, 0x1, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e21b}}, @smc={0x1e, 0x40, {0x84000006, [0x0, 0xbc, 0x1ff, 0x2b2, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x8, 0x7, 0x9}}, @irq_setup={0x46, 0x18, {0x2, 0x1d1}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0xd, 0x80, 0x6, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xffd0, 0x9}}], 0x438}, &(0x7f0000000980)=[@featur1={0x1, 0x1}], 0x1)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r5, 0x4018aee2, &(0x7f0000000a00)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f00000009c0)=0x1})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000a40)={0x4})
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x10)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000a80)={0x4, 0x1})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_ARM_PREFERRED_TARGET(r7, 0x8020aeaf, &(0x7f0000000ac0))
eventfd2(0x400, 0x80000)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000b00)={0xeeee0000, 0x4f763fd224de11be, 0x9, 0x0, 0x8})
syz_kvm_vgic_v3_setup(r3, 0x4, 0x280)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000b40)={0xffffffff, 0x7f})
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000b80)={0x2})
ioctl$KVM_RESET_DIRTY_RINGS(0xffffffffffffffff, 0xaec7)

17m43.860102136s ago: executing program 6 (id=386):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x0, 0xc, 0x80010, r3, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f00000000c0)="28e4c9e4da4723b62a4fe18203deb367db9fcebb0c7fd4c6", 0x0, 0x18)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100004, &(0x7f0000000000)=0x300000000000})
close(r0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x7, <r6=>0xffffffffffffffff})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2c)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000040)=@arm64_sve={0x6080000000150537, 0x0})
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x83, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x0, 0xc, 0x80010, r3, 0x0) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f00000000c0)="28e4c9e4da4723b62a4fe18203deb367db9fcebb0c7fd4c6", 0x0, 0x18) (async)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100004, &(0x7f0000000000)=0x300000000000}) (async)
close(r0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x7}) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2c) (async)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000040)=@arm64_sve={0x6080000000150537, 0x0}) (async)
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x83, 0x0}) (async)

17m25.19226082s ago: executing program 6 (id=387):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x8800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2f)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x6)
ioctl$KVM_CAP_PTP_KVM(r2, 0x4068aea3, &(0x7f0000000000))
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xb2)

16m59.743983735s ago: executing program 6 (id=388):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r1, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

16m45.968970576s ago: executing program 6 (id=389):
openat$kvm(0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bde000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000e17000/0x2000)=nil, 0x0, 0x0, 0x100010, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="4f6ca8f59a45aee40cb95f7b31b43f0faa8b42870c6e1656080e2505e35ccf9cec7df409a1cb168d654b509e15a7c175ba828fa00e19e804bd41271b73245f27793609f9cf93e717", 0x0, 0x48)
r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce1798f1f449a7a835673312b54ebb2aa76c869d22627e70000000000be912ddddb3cce8600", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
r9 = eventfd2(0x0, 0x0)
close(r9)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
write$eventfd(r9, &(0x7f0000000180)=0x5, 0xfffffde3)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

15m54.794598756s ago: executing program 39 (id=389):
openat$kvm(0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bde000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000e17000/0x2000)=nil, 0x0, 0x0, 0x100010, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="4f6ca8f59a45aee40cb95f7b31b43f0faa8b42870c6e1656080e2505e35ccf9cec7df409a1cb168d654b509e15a7c175ba828fa00e19e804bd41271b73245f27793609f9cf93e717", 0x0, 0x48)
r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce1798f1f449a7a835673312b54ebb2aa76c869d22627e70000000000be912ddddb3cce8600", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
r9 = eventfd2(0x0, 0x0)
close(r9)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
write$eventfd(r9, &(0x7f0000000180)=0x5, 0xfffffde3)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

3m27.11511401s ago: executing program 8 (id=420):
r0 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
eventfd2(0x10001, 0x80801) (async)
r1 = eventfd2(0x10001, 0x80801)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r1, 0x1, 0xea12157bff932e6})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0x48)

3m13.252793748s ago: executing program 8 (id=421):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x6)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x5, 0xfffffffffffffff7, 0x0})
r3 = eventfd2(0x5, 0x800)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000140)={0x5, 0x2000, 0x2, r3, 0x8})
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0x4, 0x5000, 0x4, r3, 0x2})
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x2, <r7=>0xffffffffffffffff, 0x1})
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bde000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000200)=[@code={0xa, 0xb4, {"0058000e0080009b000000a9007008d5a01e9fd200e0b8f2c10180d2620180d2e30180d2840180d2020000d400209f0c80df84d20020b0f2a10180d2220080d2030080d2e40080d2020000d480e395d20020b0f2c10080d2a20080d2c30180d2040180d2020000d4404182d200a0b8f2c10180d2820180d2c30180d2640080d2020000d4c0259cd20080b8f2210080d2420080d2e30180d2240180d2020000d4"}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x147}}, @irq_setup={0x46, 0x18, {0x2, 0x3b2}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x0, 0x6}}, @eret={0xe6, 0x18, 0x4}, @irq_setup={0x46, 0x18, {0x3, 0x2ad}}, @uexit={0x0, 0x18, 0x4c}, @code={0xa, 0xb4, {"000008d500c0251e40598ad20060b8f2010080d2420080d2830080d2240080d2020000d480af84d200e0b0f2c10080d2420180d2c30080d2e40080d2020000d4a03b96d200c0b8f2e10180d2a20080d2830180d2040080d2020000d4008008d5007008d5e0c39bd200c0b0f2410080d2e20080d2030080d2c40080d2020000d4809787d20020b0f2810080d2620180d2c30080d2e40080d2020000d4008008d5"}}, @eret={0xe6, 0x18, 0xf}, @msr={0x14, 0x20, {0x6030000000138032, 0x5}}, @svc={0x122, 0x40, {0x84000013, [0x1f, 0x2, 0x1, 0x1ff, 0x1]}}, @svc={0x122, 0x40, {0x80, [0x200, 0x1, 0x3, 0x5, 0xffffffff00000001]}}, @irq_setup={0x46, 0x18, {0x4, 0x208}}, @smc={0x1e, 0x40, {0x86000000, [0xb8b, 0x81, 0x7, 0x504, 0x101]}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x171}}, @irq_setup={0x46, 0x18, {0x4, 0x35c}}, @smc={0x1e, 0x40, {0x84000053, [0x5, 0x8, 0x939c, 0x5, 0x1]}}, @smc={0x1e, 0x40, {0xc5000021, [0x1, 0x7, 0x7, 0x9, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013df5b}}, @eret={0xe6, 0x18, 0xfffffffffffffffd}, @smc={0x1e, 0x40, {0x84000010, [0x7, 0x1, 0x3ddfac37, 0x6, 0x8]}}, @eret={0xe6, 0x18, 0x6}, @eret={0xe6, 0x18}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x1, 0xc, 0x1, 0x2}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x13b}}, @irq_setup={0x46, 0x18, {0x1, 0x28}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x4, 0xb, 0x2, 0x57c, 0x3}}, @irq_setup={0x46, 0x18, {0x4, 0x2a7}}], 0x538}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, 0x0)
r10 = openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r12, 0x0)

2m44.922812478s ago: executing program 8 (id=423):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_RUN(r0, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

2m38.252691421s ago: executing program 9 (id=424):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000300)=[@its_setup={0x82, 0x28, {0x4, 0x3, 0x2e}}, @mrs={0xbe, 0x18, {0x603000000013e092}}, @smc={0x1e, 0x40, {0x32000000, [0x0, 0x2, 0x1, 0x1, 0x1]}}, @irq_setup={0x46, 0x18, {0x2, 0x175}}, @irq_setup={0x46, 0x18, {0x3, 0x71}}, @hvc={0x32, 0x40, {0x86000001, [0x9, 0x2, 0x1, 0x7, 0xffffffffffffff01]}}, @uexit={0x0, 0x18}, @msr={0x14, 0x20, {0x603000000013c4c9, 0x3}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1d0}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0x6, 0x4, 0x7}}, @svc={0x122, 0x40, {0x80000002, [0x7, 0x100000000000, 0x6, 0x80000001, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013805c}}, @uexit={0x0, 0x18, 0x5}, @mrs={0xbe, 0x18, {0x603000000013e66e}}, @smc={0x1e, 0x40, {0x84000008, [0x7fffffffffffffff, 0xf09f, 0xfffffffffffffff9, 0xe7b, 0x3]}}, @hvc={0x32, 0x40, {0x1000, [0x0, 0x7, 0xfff, 0xd]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x100, 0x9, 0x9}}, @hvc={0x32, 0x40, {0x84000007, [0x8, 0x6b, 0x0, 0xc07, 0x6]}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0xee1, 0x5, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc00, 0x8000000000000000, 0xd}}, @svc={0x122, 0x40, {0x0, [0x400, 0x1, 0x8, 0x5, 0x8000]}}, @uexit={0x0, 0x18}], 0x3a8}, &(0x7f0000000040)=[@featur1={0x1, 0x83}], 0x1)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f00000000c0)=@arm64_ccsidr={0x6020000000110008, &(0x7f0000000080)=0x3ff})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
r6 = ioctl$KVM_CREATE_VM(r5, 0x894c, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f00004dc000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r9, 0x800454e1, 0x110c230004)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r10, 0x40000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) (async)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000300)=[@its_setup={0x82, 0x28, {0x4, 0x3, 0x2e}}, @mrs={0xbe, 0x18, {0x603000000013e092}}, @smc={0x1e, 0x40, {0x32000000, [0x0, 0x2, 0x1, 0x1, 0x1]}}, @irq_setup={0x46, 0x18, {0x2, 0x175}}, @irq_setup={0x46, 0x18, {0x3, 0x71}}, @hvc={0x32, 0x40, {0x86000001, [0x9, 0x2, 0x1, 0x7, 0xffffffffffffff01]}}, @uexit={0x0, 0x18}, @msr={0x14, 0x20, {0x603000000013c4c9, 0x3}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1d0}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0x6, 0x4, 0x7}}, @svc={0x122, 0x40, {0x80000002, [0x7, 0x100000000000, 0x6, 0x80000001, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013805c}}, @uexit={0x0, 0x18, 0x5}, @mrs={0xbe, 0x18, {0x603000000013e66e}}, @smc={0x1e, 0x40, {0x84000008, [0x7fffffffffffffff, 0xf09f, 0xfffffffffffffff9, 0xe7b, 0x3]}}, @hvc={0x32, 0x40, {0x1000, [0x0, 0x7, 0xfff, 0xd]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x100, 0x9, 0x9}}, @hvc={0x32, 0x40, {0x84000007, [0x8, 0x6b, 0x0, 0xc07, 0x6]}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0xee1, 0x5, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc00, 0x8000000000000000, 0xd}}, @svc={0x122, 0x40, {0x0, [0x400, 0x1, 0x8, 0x5, 0x8000]}}, @uexit={0x0, 0x18}], 0x3a8}, &(0x7f0000000040)=[@featur1={0x1, 0x83}], 0x1) (async)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f00000000c0)=@arm64_ccsidr={0x6020000000110008, &(0x7f0000000080)=0x3ff}) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_VM(r5, 0x894c, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f00004dc000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) (async)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_VM(r9, 0x800454e1, 0x110c230004) (async)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r10, 0x40000) (async)

2m29.062610608s ago: executing program 8 (id=425):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@uexit={0x0, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x4, 0x59}}, @irq_setup={0x46, 0x18, {0x1, 0x101}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @smc={0x1e, 0x40, {0xc4000003, [0xfd3, 0x5, 0x6, 0x40, 0xffffffffffffff34]}}, @msr={0x14, 0x20, {0x603000000013c01d}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x151}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x2, 0x6, 0x80000000, 0x17, 0x4}}, @uexit={0x0, 0x18, 0x4}, @irq_setup={0x46, 0x18, {0x0, 0x2a5}}, @irq_setup={0x46, 0x18, {0x3, 0x37e}}, @hvc={0x32, 0x40, {0x0, [0x3, 0x400, 0x3, 0x1ff, 0xe]}}, @its_send_cmd={0xaa, 0x28, {0x7cac18370722de77, 0x1, 0x2, 0x2, 0x1, 0x3, 0x4}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x3}, @hvc={0x32, 0x40, {0x84000008, [0x6361, 0x1, 0xc2f4, 0x836d, 0xfffffffffffffffc]}}, @code={0xa, 0x6c, {"a0018bd200c0b0f2410180d2420080d2030180d2840080d2020000d4007008d5000008d5007008d5007008d5007008d5a00891d20020b0f2410180d2420180d2830180d2c40080d2020000d4008008d5007008d5000028d5"}}, @eret={0xe6, 0x18, 0x8}, @svc={0x122, 0x40, {0x8400000d, [0x3, 0x4, 0xffffffffffffff81, 0x5, 0x4]}}, @svc={0x122, 0x40, {0xc4000007, [0x81, 0x2, 0x81, 0x4, 0x4]}}, @hvc={0x32, 0x40, {0x8400000a, [0xae3, 0x8, 0x2, 0xffffffffffffffff, 0x7fffffff]}}, @svc={0x122, 0x40, {0x4, [0x5, 0x2, 0x6, 0xd1, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013c015}}, @mrs={0xbe, 0x18, {0x603000000013e665}}, @eret={0xe6, 0x18, 0x2}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x20d}}, @msr={0x14, 0x20, {0x603000000013c529, 0x6}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x4, 0xc00, 0x200, 0xc}}, @mrs={0xbe, 0x18, {0x603000000013debe}}], 0x48c}, &(0x7f0000000540)=[@featur1={0x1, 0x12}], 0x1) (async)
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@uexit={0x0, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x4, 0x59}}, @irq_setup={0x46, 0x18, {0x1, 0x101}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @smc={0x1e, 0x40, {0xc4000003, [0xfd3, 0x5, 0x6, 0x40, 0xffffffffffffff34]}}, @msr={0x14, 0x20, {0x603000000013c01d}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x151}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x2, 0x6, 0x80000000, 0x17, 0x4}}, @uexit={0x0, 0x18, 0x4}, @irq_setup={0x46, 0x18, {0x0, 0x2a5}}, @irq_setup={0x46, 0x18, {0x3, 0x37e}}, @hvc={0x32, 0x40, {0x0, [0x3, 0x400, 0x3, 0x1ff, 0xe]}}, @its_send_cmd={0xaa, 0x28, {0x7cac18370722de77, 0x1, 0x2, 0x2, 0x1, 0x3, 0x4}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x3}, @hvc={0x32, 0x40, {0x84000008, [0x6361, 0x1, 0xc2f4, 0x836d, 0xfffffffffffffffc]}}, @code={0xa, 0x6c, {"a0018bd200c0b0f2410180d2420080d2030180d2840080d2020000d4007008d5000008d5007008d5007008d5007008d5a00891d20020b0f2410180d2420180d2830180d2c40080d2020000d4008008d5007008d5000028d5"}}, @eret={0xe6, 0x18, 0x8}, @svc={0x122, 0x40, {0x8400000d, [0x3, 0x4, 0xffffffffffffff81, 0x5, 0x4]}}, @svc={0x122, 0x40, {0xc4000007, [0x81, 0x2, 0x81, 0x4, 0x4]}}, @hvc={0x32, 0x40, {0x8400000a, [0xae3, 0x8, 0x2, 0xffffffffffffffff, 0x7fffffff]}}, @svc={0x122, 0x40, {0x4, [0x5, 0x2, 0x6, 0xd1, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013c015}}, @mrs={0xbe, 0x18, {0x603000000013e665}}, @eret={0xe6, 0x18, 0x2}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x20d}}, @msr={0x14, 0x20, {0x603000000013c529, 0x6}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x4, 0xc00, 0x200, 0xc}}, @mrs={0xbe, 0x18, {0x603000000013debe}}], 0x48c}, &(0x7f0000000540)=[@featur1={0x1, 0x12}], 0x1)
mmap$KVM_VCPU(&(0x7f0000fac000/0x4000)=nil, 0x0, 0x1000003, 0x10, r0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x4000010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)

2m11.026846766s ago: executing program 9 (id=426):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async)
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000799000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000400)={0x0, &(0x7f0000000000)=[@code={0xa, 0x6c, {"000008d5007008d5000008d500569dd20020b8f2a10080d2620180d2c30180d2e40180d2020000d400c0202e000028d5e05f82d20020b8f2810080d2020080d2a30180d2240080d2020000d41f0000f1007008d500e4000f"}}, @hvc={0x32, 0x40, {0x84000012, [0x8, 0x6, 0x400, 0x5, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013debd}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x3, 0xa, 0xa57a, 0x9d8}}, @eret={0xe6, 0x18, 0x2}, @hvc={0x32, 0x40, {0x86000000, [0x2, 0x3, 0x800, 0x48b, 0x3ff]}}, @eret={0xe6, 0x18, 0x4}, @msr={0x14, 0x20, {0x6030000000139828, 0x10001}}, @svc={0x122, 0x40, {0x84000009, [0x5, 0xad3, 0x5, 0x8001, 0x8001]}}, @svc={0x122, 0x40, {0x84000007, [0xa3, 0x0, 0x2, 0x8001, 0xaac3]}}, @uexit={0x0, 0x18, 0xfffffffffffffff7}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x1eb}}, @uexit={0x0, 0x18, 0x9073}, @smc={0x1e, 0x40, {0xc4000004, [0x1, 0x29, 0x7fffffff, 0x1, 0x8]}}, @msr={0x14, 0x20, {0x6030000000138014, 0x9}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x2d3}}, @mrs={0xbe, 0x18, {0x603000000013d920}}, @irq_setup={0x46, 0x18, {0x1, 0x18}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x0, 0x8f, 0x1b, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x10, 0xfffffffffffffffd, 0x3}}, @svc={0x122, 0x40, {0x8400000f, [0x4, 0x4, 0x1000, 0x4, 0xfffffffffffffffc]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0xa8}}], 0x3cc}, &(0x7f0000000440)=[@featur1={0x1, 0x12}], 0x1)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)

2m9.392224855s ago: executing program 8 (id=427):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000002c0)=ANY=[])
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x3})
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0xd0e9, 0x3, 0x0})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@irq_setup={0x5, 0x18}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x100) (async)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
r11 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110003, &(0x7f00000001c0)=0x7})
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)

1m55.362531009s ago: executing program 9 (id=428):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8)
ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f0000000040))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4020ae46, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000010000000000000008000000000000ff"])
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0x401c5820, 0x20000000)

1m40.756574628s ago: executing program 8 (id=429):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x3}}], 0x50}, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100030, &(0x7f0000000000)=0x3ff})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x60871, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140003, &(0x7f0000000000)=0x7})
syz_kvm_vgic_v3_setup(r1, 0x0, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

1m37.129003928s ago: executing program 9 (id=430):
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x7, 0x1, 0x0})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

1m12.907075189s ago: executing program 9 (id=431):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1fd, 0x0, 0xeeee8000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1, 0x1, 0xeeee8000, 0x1000, &(0x7f0000f95000/0x1000)=nil})
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000200)=[@hvc={0x32, 0x40, {0xc4000007, [0x4, 0x4, 0x7fff, 0x3, 0x6]}}, @code={0xa, 0x9c, {"60489ed20020b8f2210180d2420180d2c30180d2040080d2020000d4000028d5000008d5603881d20000b0f2010180d2020080d2e30180d2640080d2020000d4c0278fd20020b0f2810080d2e20080d2430080d2a40180d2020000d4000028d59f2003d500cb97d20080b0f2210180d2420180d2c30080d2640180d2020000d4007008d50014c0da"}}, @msr={0x14, 0x20, {0x603000000013df5e, 0x84cc}}, @mrs={0xbe, 0x18, {0x6030000000131a04}}, @msr={0x14, 0x20, {0x603000000013e665, 0x9}}, @eret={0xe6, 0x18, 0x800}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x4, 0x6, 0x40, 0xff, 0x4}}, @hvc={0x32, 0x40, {0x84000003, [0x800000000000, 0xff, 0x24000000, 0x1, 0x8000000000000001]}}, @mrs={0xbe, 0x18, {0x603000000013e518}}, @svc={0x122, 0x40, {0x0, [0x7, 0x27, 0x10001, 0x10001, 0x7]}}, @msr={0x14, 0x20, {0x603000000013c300, 0x1}}, @irq_setup={0x46, 0x18, {0x3, 0x176}}, @uexit={0x0, 0x18, 0x2}, @svc={0x122, 0x40, {0x8400000a, [0x7fffffffffffffff, 0x6, 0x5, 0x40, 0x100000000]}}, @irq_setup={0x46, 0x18, {0x2, 0x9c}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x1a89, 0x2}}, @msr={0x14, 0x20, {0x603000000013c01d, 0xa}}, @hvc={0x32, 0x40, {0x80008000, [0x5, 0x8921, 0xf, 0x4, 0x40]}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18, 0x6}, @msr={0x14, 0x20, {0x603000000013df7e, 0x40}}, @uexit={0x0, 0x18, 0xfffffffffffffffe}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0xe8c, 0x9, 0x8}}], 0x3dc}, &(0x7f0000000100)=[@featur2={0x1, 0xa}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000001, 0x12, r2, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x7, 0xd498})

51.723392609s ago: executing program 40 (id=429):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x3}}], 0x50}, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100030, &(0x7f0000000000)=0x3ff})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x60871, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140003, &(0x7f0000000000)=0x7})
syz_kvm_vgic_v3_setup(r1, 0x0, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

49.80023241s ago: executing program 9 (id=433):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x127503, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x10)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x7)
r4 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x3, 0x810, r3, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x4, <r7=>0xffffffffffffffff, 0x1})
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0xc018ae85, &(0x7f00000003c0)=@arm64_bitmap={0x6030000000160001, 0x0})
ioctl$KVM_CREATE_VM(r7, 0x400454e2, 0x110c230008)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0)
mmap$KVM_VCPU(&(0x7f0000eef000/0x3000)=nil, 0x0, 0x4, 0x4010, r11, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x200000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r11, 0x4020aeae, &(0x7f0000000040)={0x3, 0x80})
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r13, 0xae03, 0x9e)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="04198bd844c9e8a7b82d748f0f0244293d28bd9440bfc2ed44db9969759357abab8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b2e5c3ad3c9952305abf0", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000100), 0x82000, 0x0)

0s ago: executing program 41 (id=433):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x127503, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x10)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x7)
r4 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x3, 0x810, r3, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x4, <r7=>0xffffffffffffffff, 0x1})
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0xc018ae85, &(0x7f00000003c0)=@arm64_bitmap={0x6030000000160001, 0x0})
ioctl$KVM_CREATE_VM(r7, 0x400454e2, 0x110c230008)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0)
mmap$KVM_VCPU(&(0x7f0000eef000/0x3000)=nil, 0x0, 0x4, 0x4010, r11, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x200000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r11, 0x4020aeae, &(0x7f0000000040)={0x3, 0x80})
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r13, 0xae03, 0x9e)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="04198bd844c9e8a7b82d748f0f0244293d28bd9440bfc2ed44db9969759357abab8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b2e5c3ad3c9952305abf0", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000100), 0x82000, 0x0)

kernel console output (not intermixed with test programs):

[  374.292937][ T3155] 8021q: adding VLAN 0 to HW filter on device bond0
[  424.665939][ T3155] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:28458' (ED25519) to the list of known hosts.
[  585.069606][   T25] audit: type=1400 audit(584.270:61): avc:  denied  { name_bind } for  pid=3312 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  586.969185][   T25] audit: type=1400 audit(586.170:62): avc:  denied  { execute } for  pid=3313 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  587.004699][   T25] audit: type=1400 audit(586.190:63): avc:  denied  { execute_no_trans } for  pid=3313 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  608.066882][   T25] audit: type=1400 audit(607.270:64): avc:  denied  { mounton } for  pid=3313 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  608.103261][   T25] audit: type=1400 audit(607.300:65): avc:  denied  { mount } for  pid=3313 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  608.191230][ T3313] cgroup: Unknown subsys name 'net'
[  608.237255][   T25] audit: type=1400 audit(607.440:66): avc:  denied  { unmount } for  pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  608.649747][ T3313] cgroup: Unknown subsys name 'cpuset'
[  608.751775][ T3313] cgroup: Unknown subsys name 'rlimit'
[  609.671461][   T25] audit: type=1400 audit(608.870:67): avc:  denied  { setattr } for  pid=3313 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  609.696968][   T25] audit: type=1400 audit(608.890:68): avc:  denied  { mounton } for  pid=3313 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  609.714316][   T25] audit: type=1400 audit(608.920:69): avc:  denied  { mount } for  pid=3313 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  610.868446][ T3316] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  610.891359][   T25] audit: type=1400 audit(610.090:70): avc:  denied  { relabelto } for  pid=3316 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  610.917956][   T25] audit: type=1400 audit(610.120:71): avc:  denied  { write } for  pid=3316 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  611.097323][   T25] audit: type=1400 audit(610.300:72): avc:  denied  { read } for  pid=3313 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  611.116285][   T25] audit: type=1400 audit(610.320:73): avc:  denied  { open } for  pid=3313 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  611.165494][ T3313] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  661.210367][   T25] audit: type=1400 audit(660.380:74): avc:  denied  { execmem } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  665.476447][   T25] audit: type=1400 audit(664.680:75): avc:  denied  { read } for  pid=3319 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  665.510450][   T25] audit: type=1400 audit(664.690:76): avc:  denied  { open } for  pid=3319 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  665.580922][   T25] audit: type=1400 audit(664.780:77): avc:  denied  { mounton } for  pid=3319 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  665.833894][   T25] audit: type=1400 audit(665.030:78): avc:  denied  { module_request } for  pid=3319 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  665.847080][   T25] audit: type=1400 audit(665.050:79): avc:  denied  { module_request } for  pid=3320 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  666.957521][   T25] audit: type=1400 audit(666.160:80): avc:  denied  { sys_module } for  pid=3320 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  690.514218][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  690.744609][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  690.803138][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  691.167509][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  707.141481][ T3320] hsr_slave_0: entered promiscuous mode
[  707.196140][ T3320] hsr_slave_1: entered promiscuous mode
[  708.677199][ T3319] hsr_slave_0: entered promiscuous mode
[  708.743546][ T3319] hsr_slave_1: entered promiscuous mode
[  708.793884][ T3319] debugfs: 'hsr0' already exists in 'hsr'
[  708.813694][ T3319] Cannot create hsr debugfs directory
[  714.176157][   T25] audit: type=1400 audit(713.380:81): avc:  denied  { create } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  714.222879][   T25] audit: type=1400 audit(713.430:82): avc:  denied  { write } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  714.300871][   T25] audit: type=1400 audit(713.500:83): avc:  denied  { read } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  714.434709][ T3320] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  714.696909][ T3320] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  714.907859][ T3320] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  715.202652][ T3320] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  716.614413][ T3319] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  716.747907][ T3319] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  716.970938][ T3319] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  717.141814][ T3319] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  729.636275][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0
[  731.502265][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0
[  789.356217][ T3320] veth0_vlan: entered promiscuous mode
[  789.913486][ T3320] veth1_vlan: entered promiscuous mode
[  792.792720][ T3319] veth0_vlan: entered promiscuous mode
[  793.153729][ T3320] veth0_macvtap: entered promiscuous mode
[  793.642475][ T3320] veth1_macvtap: entered promiscuous mode
[  793.874345][ T3319] veth1_vlan: entered promiscuous mode
[  796.100774][ T3456] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  796.266828][ T3456] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  796.282858][ T3456] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  796.334067][ T3370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  796.476880][ T3319] veth0_macvtap: entered promiscuous mode
[  796.863951][ T3319] veth1_macvtap: entered promiscuous mode
[  798.605692][   T25] audit: type=1400 audit(797.790:84): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  798.704872][   T25] audit: type=1400 audit(797.910:85): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzkaller.MdI4el/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  798.912293][   T25] audit: type=1400 audit(798.110:86): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  799.234601][   T25] audit: type=1400 audit(798.440:87): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzkaller.MdI4el/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  799.433433][   T25] audit: type=1400 audit(798.640:88): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/syzkaller.MdI4el/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  799.661965][ T3456] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  799.665783][ T3456] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  799.692394][ T3456] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  799.703387][ T3456] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  800.132049][   T25] audit: type=1400 audit(799.290:89): avc:  denied  { unmount } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  800.407728][   T25] audit: type=1400 audit(799.610:90): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  800.536686][   T25] audit: type=1400 audit(799.740:91): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="gadgetfs" ino=3770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  800.845518][   T25] audit: type=1400 audit(800.020:92): avc:  denied  { mount } for  pid=3320 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  801.030923][   T25] audit: type=1400 audit(800.170:93): avc:  denied  { mounton } for  pid=3320 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  802.351777][ T3320] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  813.555303][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  813.564793][   T25] audit: type=1400 audit(812.760:98): avc:  denied  { read } for  pid=3478 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  813.601247][   T25] audit: type=1400 audit(812.800:99): avc:  denied  { open } for  pid=3478 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  813.836659][   T25] audit: type=1400 audit(813.040:100): avc:  denied  { ioctl } for  pid=3478 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  819.868211][ T3488] kvm [3488]: Failed to find VMA for hva 0x21016000
[  844.534872][ T3498] kvm [3498]: Failed to find VMA for hva 0x20c01000
[  857.176292][   T25] audit: type=1400 audit(856.340:101): avc:  denied  { execute } for  pid=3507 comm="syz.1.11" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4292 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  883.843539][   T25] audit: type=1400 audit(882.940:102): avc:  denied  { append } for  pid=3524 comm="syz.1.16" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  908.699755][   T25] audit: type=1400 audit(907.860:103): avc:  denied  { setattr } for  pid=3541 comm="syz.0.21" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  932.857333][ T3556] kvm [3556]: Failed to find VMA for hva 0x21016000
[  955.244634][   T25] audit: type=1400 audit(954.450:104): avc:  denied  { write } for  pid=3559 comm="syz.0.27" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  979.855490][ T3574] kvm [3574]: Failed to find VMA for hva 0x20dfb000
[ 1089.484679][ T3644] kvm [3644]: Failed to find VMA for hva 0x20c01000
[ 1144.253513][ T3679] debugfs: 'vgic-its-state@8080000' already exists in '3679-4'
[ 1222.077378][   T25] audit: type=1400 audit(1221.280:105): avc:  denied  { ioctl } for  pid=3727 comm="syz.1.80" path="net:[4026532625]" dev="nsfs" ino=4026532625 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1286.004454][ T3766] kvm [3766]: Failed to find VMA for hva 0x20da7000
[ 1595.103004][ T3987] kvm [3987]: Failed to find VMA for hva 0x20e8a000
[ 1699.142953][ T3456] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1699.966062][ T3456] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1700.567735][ T3456] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1701.457639][ T3456] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1713.847940][ T3456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1713.942020][ T3456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1714.004570][ T3456] bond0 (unregistering): Released all slaves
[ 1715.763484][ T3456] hsr_slave_0: left promiscuous mode
[ 1715.993348][ T3456] hsr_slave_1: left promiscuous mode
[ 1716.716618][ T3456] veth1_macvtap: left promiscuous mode
[ 1716.731781][ T3456] veth0_macvtap: left promiscuous mode
[ 1716.744584][ T3456] veth1_vlan: left promiscuous mode
[ 1716.782087][ T3456] veth0_vlan: left promiscuous mode
[ 1728.485815][ T3997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1728.816437][ T3997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1733.685396][ T3456] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1734.896210][ T3456] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1736.556021][ T3456] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1738.134998][ T3456] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1755.207574][ T3456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1755.286399][ T3456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1755.342723][ T3456] bond0 (unregistering): Released all slaves
[ 1756.391461][ T3456] hsr_slave_0: left promiscuous mode
[ 1756.442197][ T3456] hsr_slave_1: left promiscuous mode
[ 1756.851148][ T3456] veth1_macvtap: left promiscuous mode
[ 1756.855712][ T3456] veth0_macvtap: left promiscuous mode
[ 1756.872766][ T3456] veth1_vlan: left promiscuous mode
[ 1756.882741][ T3456] veth0_vlan: left promiscuous mode
[ 1770.482758][ T4005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1771.304310][ T4005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1771.581999][ T3997] hsr_slave_0: entered promiscuous mode
[ 1771.604025][ T3997] hsr_slave_1: entered promiscuous mode
[ 1783.764166][ T3997] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1784.062381][ T3997] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1784.266995][ T3997] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1784.544284][ T3997] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1793.432715][ T4005] hsr_slave_0: entered promiscuous mode
[ 1793.503633][ T4005] hsr_slave_1: entered promiscuous mode
[ 1793.561662][ T4005] debugfs: 'hsr0' already exists in 'hsr'
[ 1793.562617][ T4005] Cannot create hsr debugfs directory
[ 1810.850351][ T4005] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1811.692315][ T4005] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1812.065592][ T4005] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1812.362144][ T4005] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1812.686629][ T3997] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1836.406388][ T4005] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1901.815858][ T3997] veth0_vlan: entered promiscuous mode
[ 1902.649254][ T3997] veth1_vlan: entered promiscuous mode
[ 1905.254732][ T3997] veth0_macvtap: entered promiscuous mode
[ 1905.611534][ T3997] veth1_macvtap: entered promiscuous mode
[ 1909.052403][ T3960] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1909.058136][ T3960] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1909.080702][ T3960] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1909.081569][ T3960] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1934.992864][ T4005] veth0_vlan: entered promiscuous mode
[ 1936.182490][ T4005] veth1_vlan: entered promiscuous mode
[ 1939.713868][ T4005] veth0_macvtap: entered promiscuous mode
[ 1940.412076][ T4005] veth1_macvtap: entered promiscuous mode
[ 1944.142102][ T4151] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1944.151495][ T4151] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1944.280262][ T4151] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1944.281539][ T4151] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2388.651898][ T4481] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2388.964302][ T4481] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2415.761859][ T4491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2416.182594][ T4491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2422.637094][ T4481] hsr_slave_0: entered promiscuous mode
[ 2422.767233][ T4481] hsr_slave_1: entered promiscuous mode
[ 2422.821935][ T4481] debugfs: 'hsr0' already exists in 'hsr'
[ 2422.831284][ T4481] Cannot create hsr debugfs directory
[ 2438.430123][ T4481] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2438.818022][ T4481] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2439.105948][ T4481] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2439.474198][ T4481] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2446.233679][ T4491] hsr_slave_0: entered promiscuous mode
[ 2446.374007][ T4491] hsr_slave_1: entered promiscuous mode
[ 2446.431648][ T4491] debugfs: 'hsr0' already exists in 'hsr'
[ 2446.440585][ T4491] Cannot create hsr debugfs directory
[ 2467.071609][ T4491] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2467.676990][ T4491] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2468.373875][ T4491] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2468.880745][ T4491] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2474.485555][ T4481] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2501.357407][ T4491] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2567.084502][ T4569] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2568.144863][ T4569] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2569.474658][ T4569] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2570.656198][ T4569] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2592.350308][ T4569] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2592.532882][ T4569] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2592.676618][ T4569] bond0 (unregistering): Released all slaves
[ 2596.521433][ T4569] hsr_slave_0: left promiscuous mode
[ 2596.952597][ T4569] hsr_slave_1: left promiscuous mode
[ 2597.750152][ T4569] veth1_macvtap: left promiscuous mode
[ 2597.751433][ T4569] veth0_macvtap: left promiscuous mode
[ 2597.812387][ T4569] veth1_vlan: left promiscuous mode
[ 2597.841084][ T4569] veth0_vlan: left promiscuous mode
[ 2621.072281][   T42] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2622.653673][   T42] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2624.077955][   T42] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2625.398305][   T42] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2649.546030][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2650.074054][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2650.636691][   T42] bond0 (unregistering): Released all slaves
[ 2652.987901][   T42] hsr_slave_0: left promiscuous mode
[ 2653.142205][   T42] hsr_slave_1: left promiscuous mode
[ 2653.783443][   T42] veth1_macvtap: left promiscuous mode
[ 2653.802912][   T42] veth0_macvtap: left promiscuous mode
[ 2653.831779][   T42] veth1_vlan: left promiscuous mode
[ 2653.845086][   T42] veth0_vlan: left promiscuous mode
[ 2680.123899][ T4481] veth0_vlan: entered promiscuous mode
[ 2681.358125][ T4481] veth1_vlan: entered promiscuous mode
[ 2684.077940][ T4481] veth0_macvtap: entered promiscuous mode
[ 2684.493470][ T4481] veth1_macvtap: entered promiscuous mode
[ 2687.441246][ T3970] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2687.482058][ T4151] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2687.494658][ T4151] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2687.633242][ T3456] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2706.235679][ T4491] veth0_vlan: entered promiscuous mode
[ 2707.296429][ T4491] veth1_vlan: entered promiscuous mode
[ 2711.052469][ T4491] veth0_macvtap: entered promiscuous mode
[ 2711.801496][ T4491] veth1_macvtap: entered promiscuous mode
[ 2715.785551][ T3970] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2715.800761][ T3970] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2715.808150][ T3970] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2715.833726][ T3970] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3226.917401][ T4817] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3228.882800][ T4817] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3231.551249][ T4817] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3233.301299][ T4817] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3260.076991][ T4817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3260.490141][ T4817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3260.738268][ T4817] bond0 (unregistering): Released all slaves
[ 3263.285448][ T4817] hsr_slave_0: left promiscuous mode
[ 3263.419921][ T4817] hsr_slave_1: left promiscuous mode
[ 3264.280257][ T4817] veth1_macvtap: left promiscuous mode
[ 3264.284616][ T4817] veth0_macvtap: left promiscuous mode
[ 3264.306763][ T4817] veth1_vlan: left promiscuous mode
[ 3264.321296][ T4817] veth0_vlan: left promiscuous mode
[ 3288.041307][ T4817] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3289.398176][ T4817] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3290.783266][ T4817] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3292.103379][ T4817] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3315.704375][ T4817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3315.870936][ T4817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3316.001676][ T4817] bond0 (unregistering): Released all slaves
[ 3317.492710][ T4817] hsr_slave_0: left promiscuous mode
[ 3317.583080][ T4817] hsr_slave_1: left promiscuous mode
[ 3317.827485][ T4817] veth1_macvtap: left promiscuous mode
[ 3317.839981][ T4817] veth0_macvtap: left promiscuous mode
[ 3317.882627][ T4817] veth1_vlan: left promiscuous mode
[ 3317.900565][ T4817] veth0_vlan: left promiscuous mode
[ 3367.105330][ T4966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3367.504831][ T4966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3372.886055][ T4973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3373.231719][ T4973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3398.241600][ T4966] hsr_slave_0: entered promiscuous mode
[ 3398.296919][ T4966] hsr_slave_1: entered promiscuous mode
[ 3402.215470][ T4973] hsr_slave_0: entered promiscuous mode
[ 3402.274982][ T4973] hsr_slave_1: entered promiscuous mode
[ 3402.306862][ T4973] debugfs: 'hsr0' already exists in 'hsr'
[ 3402.349650][ T4973] Cannot create hsr debugfs directory
[ 3417.592487][ T4966] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 3418.444094][ T4966] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 3419.127692][ T4966] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 3419.874735][ T4966] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 3426.728292][ T4973] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 3427.265649][ T4973] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 3427.787940][ T4973] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 3428.298151][ T4973] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 3456.956322][ T4966] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3463.126778][ T4973] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3607.973491][ T4966] veth0_vlan: entered promiscuous mode
[ 3609.125750][ T4966] veth1_vlan: entered promiscuous mode
[ 3613.625912][ T4966] veth0_macvtap: entered promiscuous mode
[ 3614.545319][ T4966] veth1_macvtap: entered promiscuous mode
[ 3616.271447][ T4973] veth0_vlan: entered promiscuous mode
[ 3618.724443][ T4973] veth1_vlan: entered promiscuous mode
[ 3621.077711][   T42] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3621.121201][ T4817] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3621.131399][ T4817] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3621.132349][ T4817] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3626.302152][ T4973] veth0_macvtap: entered promiscuous mode
[ 3627.823906][ T4973] veth1_macvtap: entered promiscuous mode
[ 3632.861831][   T42] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3632.866091][   T42] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3632.895148][   T42] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3632.988082][ T4594] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4054.150551][   T25] audit: type=1400 audit(4053.330:106): avc:  denied  { map } for  pid=5419 comm="syz.6.309" path="pipe:[20485]" dev="pipefs" ino=20485 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 4159.301766][   T25] audit: type=1400 audit(4158.480:107): avc:  denied  { map } for  pid=5479 comm="syz.6.321" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 4691.713437][ T4151] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4694.448233][ T4151] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4696.596426][ T4151] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4699.114601][ T4151] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4730.470217][ T4151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4730.845527][ T4151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4731.187394][ T4151] bond0 (unregistering): Released all slaves
[ 4733.930474][ T4151] hsr_slave_0: left promiscuous mode
[ 4734.025298][ T4151] hsr_slave_1: left promiscuous mode
[ 4734.670693][ T4151] veth1_macvtap: left promiscuous mode
[ 4734.672668][ T4151] veth0_macvtap: left promiscuous mode
[ 4734.677032][ T4151] veth1_vlan: left promiscuous mode
[ 4734.742615][ T4151] veth0_vlan: left promiscuous mode
[ 4848.694486][ T5709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4849.149767][ T5709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4896.304227][ T5709] hsr_slave_0: entered promiscuous mode
[ 4896.434816][ T5709] hsr_slave_1: entered promiscuous mode
[ 4896.561585][ T5709] debugfs: 'hsr0' already exists in 'hsr'
[ 4896.564944][ T5709] Cannot create hsr debugfs directory
[ 4916.177305][ T5709] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 4917.422154][ T5709] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 4918.602639][ T5709] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 4919.800578][ T5709] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 4963.831847][ T4042] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4965.905013][ T4042] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4968.603276][ T4042] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4970.267822][ T4042] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4977.435017][ T5709] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5003.525352][ T4042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5004.123532][ T4042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5004.393089][ T4042] bond0 (unregistering): Released all slaves
[ 5007.650684][ T4042] hsr_slave_0: left promiscuous mode
[ 5007.780630][ T4042] hsr_slave_1: left promiscuous mode
[ 5008.633374][ T4042] veth1_macvtap: left promiscuous mode
[ 5008.635602][ T4042] veth0_macvtap: left promiscuous mode
[ 5008.641955][ T4042] veth1_vlan: left promiscuous mode
[ 5008.643469][ T4042] veth0_vlan: left promiscuous mode
[ 5100.415661][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5100.863137][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5145.207703][ T5836] hsr_slave_0: entered promiscuous mode
[ 5145.304709][ T5836] hsr_slave_1: entered promiscuous mode
[ 5169.425329][ T5836] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 5170.152612][ T5836] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 5170.835317][ T5836] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 5171.570872][ T5836] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 5183.006287][ T5709] veth0_vlan: entered promiscuous mode
[ 5184.463750][ T5709] veth1_vlan: entered promiscuous mode
[ 5188.945074][ T5709] veth0_macvtap: entered promiscuous mode
[ 5189.735006][ T5709] veth1_macvtap: entered promiscuous mode
[ 5194.591561][ T5853] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5194.611594][ T5853] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5194.731838][ T5853] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5194.733074][ T5853] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5218.937645][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5452.370646][ T5836] veth0_vlan: entered promiscuous mode
[ 5454.126949][ T5836] veth1_vlan: entered promiscuous mode
[ 5459.547558][ T5836] veth0_macvtap: entered promiscuous mode
[ 5460.507965][ T5836] veth1_macvtap: entered promiscuous mode
[ 5466.223757][ T4817] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 5466.242723][ T4817] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 5466.361811][ T4817] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 5466.374958][ T4817] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 5985.062943][ T6258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5985.653403][ T6258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6034.480731][ T6276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6035.320577][ T6276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6041.657583][ T6258] hsr_slave_0: entered promiscuous mode
[ 6041.843013][ T6258] hsr_slave_1: entered promiscuous mode
[ 6041.951613][ T6258] debugfs: 'hsr0' already exists in 'hsr'
[ 6041.992125][ T6258] Cannot create hsr debugfs directory
[ 6089.616327][ T6258] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 6091.811738][ T6258] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 6092.795600][ T6258] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 6093.713627][ T6258] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 6100.136485][ T6276] hsr_slave_0: entered promiscuous mode
[ 6100.283388][ T6276] hsr_slave_1: entered promiscuous mode
[ 6100.337973][ T6276] debugfs: 'hsr0' already exists in 'hsr'
[ 6100.450874][ T6276] Cannot create hsr debugfs directory
[ 6155.968181][ T6276] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 6157.397121][ T6276] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 6158.500303][ T6276] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 6159.520787][ T6276] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 6169.124531][ T6258] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6220.362287][ T6276] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6280.311075][   T27] INFO: task syz.9.433:6251 blocked for more than 430 seconds.
[ 6280.317734][   T27]       Not tainted syzkaller #0
[ 6280.352258][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 6280.353050][   T27] task:syz.9.433       state:D stack:0     pid:6251  tgid:6251  ppid:5836   task_flags:0x400040 flags:0x00000019
[ 6280.354556][   T27] Call trace:
[ 6280.355067][   T27]  __switch_to+0x584/0xb20 (T)
[ 6280.357180][   T27]  __schedule+0x1eec/0x33a4
[ 6280.357779][   T27]  schedule+0xac/0x27c
[ 6280.358323][   T27]  schedule_timeout+0x5c/0x1e4
[ 6280.487847][   T27]  do_wait_for_common+0x28c/0x444
[ 6280.529999][   T27]  wait_for_completion+0x44/0x5c
[ 6280.533758][   T27]  __synchronize_srcu+0x2a4/0x320
[ 6280.534483][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 6280.534974][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 6280.535513][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 6280.535967][   T27]  kvm_vm_release+0x58/0x78
[ 6280.536432][   T27]  __fput+0x4ac/0x980
[ 6280.536843][   T27]  ____fput+0x20/0x58
[ 6280.537241][   T27]  task_work_run+0x1bc/0x254
[ 6280.537639][   T27]  do_notify_resume+0x1bc/0x270
[ 6280.538110][   T27]  el0_svc+0xb8/0x164
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 6280.690687][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 6280.691347][   T27]  el0t_64_sync+0x198/0x19c
[ 6280.751280][   T27] 
[ 6280.751280][   T27] Showing all locks held in the system:
[ 6280.751980][   T27] 1 lock held by khungtaskd/27:
[ 6280.752464][   T27]  #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 6280.754885][   T27] 3 locks held by kworker/u4:3/42:
[ 6280.755425][   T27] 2 locks held by getty/3183:
[ 6280.755787][   T27]  #0: 86f0000011c4e8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 6280.757462][   T27]  #1: 41ff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 6280.913592][   T27] 2 locks held by syz-executor/3313:
[ 6280.913964][   T27] 2 locks held by kworker/u4:1/3960:
[ 6280.914295][   T27]  #0: 7cf000000cc20948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 6280.916007][   T27]  #1: ffff80008ee57c78 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 6280.917687][   T27] 3 locks held by kworker/u4:5/4042:
[ 6280.918086][   T27] 2 locks held by kworker/0:4/4993:
[ 6281.076460][   T27] 3 locks held by kworker/u4:6/5685:
[ 6281.090160][   T27] 3 locks held by kworker/u4:14/5724:
[ 6281.090709][   T27] 2 locks held by kworker/0:5/5869:
[ 6281.091098][   T27] 2 locks held by syz.8.429/6234:
[ 6281.091485][   T27] 2 locks held by modprobe/6408:
[ 6281.091806][   T27] 2 locks held by rm/6409:
[ 6281.092308][   T27] 
[ 6281.092573][   T27] =============================================
[ 6281.092573][   T27] 
[ 6301.506740][   T27] INFO: task syz.9.433:6251 blocked for more than 451 seconds.
[ 6301.520915][   T27]       Not tainted syzkaller #0
[ 6301.531513][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 6301.543840][   T27] task:syz.9.433       state:D stack:0     pid:6251  tgid:6251  ppid:5836   task_flags:0x400040 flags:0x00000019
[ 6301.544735][   T27] Call trace:
[ 6301.545027][   T27]  __switch_to+0x584/0xb20 (T)
[ 6301.545563][   T27]  __schedule+0x1eec/0x33a4
[ 6301.546056][   T27]  schedule+0xac/0x27c
[ 6301.546515][   T27]  schedule_timeout+0x5c/0x1e4
[ 6301.546939][   T27]  do_wait_for_common+0x28c/0x444
[ 6301.547317][   T27]  wait_for_completion+0x44/0x5c
[ 6301.547839][   T27]  __synchronize_srcu+0x2a4/0x320
[ 6301.548304][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 6301.649756][   T27]  mmu_notifier_unregister+0x320/0x42c
[ 6301.650420][   T27]  kvm_put_kvm+0x6a0/0xfa8
[ 6301.650819][   T27]  kvm_vm_release+0x58/0x78
[ 6301.651280][   T27]  __fput+0x4ac/0x980
[ 6301.651709][   T27]  ____fput+0x20/0x58
[ 6301.652141][   T27]  task_work_run+0x1bc/0x254
[ 6301.652544][   T27]  do_notify_resume+0x1bc/0x270
[ 6301.652998][   T27]  el0_svc+0xb8/0x164
[ 6301.653424][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 6301.653846][   T27]  el0t_64_sync+0x198/0x19c
[ 6301.654471][   T27] 
[ 6301.654471][   T27] Showing all locks held in the system:
[ 6301.654766][   T27] 1 lock held by khungtaskd/27:
[ 6301.655109][   T27]  #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 6301.656725][   T27] 3 locks held by kworker/u4:2/35:
[ 6301.657077][   T27] 3 locks held by kworker/u4:3/42:
[ 6301.657492][   T27] 1 lock held by dhcpcd/3154:
[ 6301.657788][   T27] 2 locks held by getty/3183:
[ 6301.658097][   T27]  #0: 86f0000011c4e8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 6301.832583][   T27]  #1: 41ff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 6301.834223][   T27] 3 locks held by kworker/u4:8/3456:
[ 6301.834543][   T27] 3 locks held by kworker/u4:1/3960:
[ 6301.834840][   T27] 3 locks held by kworker/u4:5/4042:
[ 6301.835157][   T27] 3 locks held by kworker/u4:9/4151:
[ 6301.835499][   T27] 3 locks held by kworker/u4:0/4817:
[ 6301.835882][   T27] 3 locks held by kworker/u4:4/5449:
[ 6301.836212][   T27] 2 locks held by kworker/u4:14/5724:
[ 6301.836557][   T27] 2 locks held by syz.8.429/6234:
[ 6301.836859][   T27] 3 locks held by kworker/u4:10/6266:
[ 6301.837264][   T27] 
[ 6301.837484][   T27] =============================================
[ 6301.837484][   T27] 

VM DIAGNOSIS:
00:02:31  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000865a4a20 X00=0000000000000001 X01=0000000000000000
X02=9cf000000d9b9d80 X03=0000000000000000 X04=0000000000000003
X05=0000000000000000 X06=0000000000000000 X07=ffff80008534d3c0
X08=9cf000000d9b9d80 X09=a92d2b3b35eba500 X10=000000000000005c
X11=000000001e3fd09d X12=000000007231ce5e X13=00000000dab70e75
X14=00000000ffff8000 X15=ffff800080007708 X16=ffff800080010e20
X17=000000000000005c X18=00000000000000ff X19=ffff800080007640
X20=ffff8000800e8e94 X21=9cf000000d9b9d80 X22=000000000000009c
X23=0000000000000000 X24=fff0000071e060c0 X25=0000000000000001
X26=ffff8000865c64d0 X27=00000000000000c0 X28=0000000000000000
X29=ffff8000800073f0 X30=ffff800081987830  SP=ffff800080007560
PSTATE=604020c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=6572207265767265:730073250a0d0a0d
Z02=742065726f6d2072:6f662064656b636f Z03=0000000000000000:00ff00ff00000000
Z04=0000000000000000:000000000f0f0000 Z05=726f6d20726f6620:64656b636f6c6220
Z06=203a29315f657661:6c735f646e6f6220 Z07=206e612073612067:6e6976616c736e45
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffdb7c3860:0000ffffdb7c3860 Z17=ffffff80ffffffd8:0000ffffdb7c3830
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000