last executing test programs:

32m13.375130377s ago: executing program 1 (id=16):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0xf, 0xbef2, 0x6, 0x3}}], 0x28}, &(0x7f00000001c0)=[@featur2], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r7, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000100)={0x0, &(0x7f0000000240)=[@mrs={0xbe, 0x18, {0x60300000001383f6}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0xaa)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)

32m7.121516348s ago: executing program 0 (id=17):
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000180)={0xdf, 0x0, 0x15000})
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xe7)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r2, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r2, 0x4, 0x20010, r3, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x7, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x3, 0x0})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x7e)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
openat$kvm(0x0, 0x0, 0x80001, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
r12 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0xf0780000002e2172, 0x0})
ioctl$KVM_CREATE_VM(r12, 0x401c5820, 0x20000001)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x410000, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)

32m0.977223272s ago: executing program 1 (id=18):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000200)={0x0, &(0x7f0000000000)=[@eret={0xe6, 0x18, 0x6}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013c681}}, @svc={0x122, 0x40, {0x1000000, [0x80, 0x8, 0x2, 0x4, 0x9]}}, @svc={0x122, 0x40, {0x0, [0x6, 0x2, 0x2, 0x4, 0x439]}}, @uexit={0x0, 0x18, 0x8}, @irq_setup={0x46, 0x18, {0x4, 0x66}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xf, 0x6, 0x6}}, @eret={0xe6, 0x18, 0x2}, @uexit={0x0, 0x18, 0x4}, @msr={0x14, 0x20, {0x4491, 0xcd}}, @its_send_cmd={0xaa, 0x28, {0x2, 0x1, 0x2, 0x0, 0x8, 0x7ff, 0x1}}, @uexit={0x0, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013e208, 0x8000000000000001}}], 0x1d0}, &(0x7f0000000240)=[@featur1={0x1, 0x8c}], 0x1)
r1 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r0, 0x4018aee2, &(0x7f00000002c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x5, 0x712, 0x1}}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000300)=0x10001})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
write$eventfd(r1, &(0x7f0000000380)=0x1, 0x8) (async, rerun: 32)
ioctl$KVM_GET_REGS(r2, 0x8360ae81, &(0x7f00000003c0)) (rerun: 32)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xe) (async)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x40) (async)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000900)={0x0, &(0x7f0000000480)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0xc0ee, 0x10}}, @hvc={0x32, 0x40, {0x4, [0x9, 0x5948, 0x8001, 0x8, 0x7]}}, @irq_setup={0x46, 0x18, {0x3, 0x23a}}, @uexit={0x0, 0x18, 0xf}, @msr={0x14, 0x20, {0x76e9ab598c93a6e9, 0xfffffffffffffe00}}, @irq_setup={0x46, 0x18, {0x4, 0x29e}}, @msr={0x14, 0x20, {0x603000000013e281, 0xe}}, @msr={0x14, 0x20, {0x603000000013c4ca, 0xffffffffffffffff}}, @uexit={0x0, 0x18, 0x200}, @smc={0x1e, 0x40, {0xc4000053, [0x80000001, 0x4, 0xffff, 0x0, 0x8000000000000001]}}, @msr={0x14, 0x20, {0x38ad, 0x4}}, @smc={0x1e, 0x40, {0xc4000007, [0x80000000, 0x8, 0x6, 0x1, 0xaf]}}, @code={0xa, 0xb4, {"809888d20080b8f2810180d2c20080d2c30080d2440180d2020000d4403a87d20060b8f2e10180d2620080d2e30180d2c40080d2020000d480cb8ad20080b0f2c10180d2820080d2a30180d2640180d2020000d400e4007f800995d200a0b0f2e10080d2220080d2030180d2a40080d2020000d4007008d5007008d520ff82d20020b8f2e10180d2a20080d2830080d2c40080d2020000d4e003007a0820201e"}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x278}}, @hvc={0x32, 0x40, {0xf4000001, [0x0, 0xc, 0x8000000000000000, 0x0, 0xfffffffffffffffe]}}, @mrs={0xbe, 0x18, {0x603000000013e208}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x1d6}}, @hvc={0x32, 0x40, {0x2, [0x4, 0x0, 0x2, 0x5, 0x6]}}, @hvc={0x32, 0x40, {0x5000000, [0x2, 0x60, 0x5, 0x6, 0x7ff]}}, @mrs={0xbe, 0x18, {0x6030000000138004}}, @svc={0x122, 0x40, {0x8000, [0x4, 0xfffffffffffffffb, 0xafcb, 0x3, 0x9]}}, @svc={0x122, 0x40, {0x84000005, [0x6, 0x1ec78d74, 0x9a0, 0x8000000000000000, 0x7]}}], 0x444}, &(0x7f0000000940)=[@featur2={0x1, 0x5}], 0x1)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x9) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, 0x10, r5, 0x0)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x14)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r6, 0x4068aea3, &(0x7f0000000980)={0xe4, 0x0, 0x7150}) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000d80)={0x0, &(0x7f0000000a00)=[@hvc={0x32, 0x40, {0xc400000d, [0x4, 0x285, 0x7, 0x2, 0x7]}}, @msr={0x14, 0x20, {0x603000000013c113, 0x5}}, @eret={0xe6, 0x18, 0x4}, @msr={0x14, 0x20, {0x603000000013df77, 0x7}}, @hvc={0x32, 0x40, {0x2000000, [0x4, 0xfd8, 0x100, 0x100000001, 0xd4]}}, @uexit={0x0, 0x18, 0x8}, @hvc={0x32, 0x40, {0x86000000, [0xadf, 0x3563, 0x7, 0x6, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013de91}}, @svc={0x122, 0x40, {0x0, [0x7, 0x12ea000, 0x2, 0x4, 0x9]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x207}}, @mrs={0xbe, 0x18, {0x603000000013de98}}, @smc={0x1e, 0x40, {0x100, [0x8, 0x7, 0x6, 0xffffffff, 0x5]}}, @svc={0x122, 0x40, {0x4000000, [0x2a, 0x8, 0x3ff, 0xbac8, 0xff]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x8, 0xf}}, @hvc={0x32, 0x40, {0xc4000014, [0x9, 0x3, 0x400, 0x0, 0x3]}}, @smc={0x1e, 0x40, {0xc1008012, [0x8, 0x8, 0x0, 0x6, 0x8]}}, @msr={0x14, 0x20, {0x603000000013e293, 0x3}}, @mrs={0xbe, 0x18, {0x60300000001383f6}}, @msr={0x14, 0x20, {0x603000000013de96, 0x1ff}}, @irq_setup={0x46, 0x18, {0x0, 0x94}}], 0x368}, &(0x7f0000000dc0)=[@featur1={0x1, 0xa2}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000e40)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000e00)=0x4}) (async, rerun: 32)
ioctl$KVM_KVMCLOCK_CTRL(r8, 0xaead) (rerun: 32)
ioctl$KVM_CAP_HALT_POLL(r5, 0x4068aea3, &(0x7f0000000e80)={0xb6, 0x0, 0x612c})
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000f40)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000f00)=0xfffffffffffffea7})
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7) (async)
ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000fc0)=@attr_other={0x0, 0x5, 0xdb9f, &(0x7f0000000f80)=0x1ffc000}) (async)
write$eventfd(r1, &(0x7f0000001000)=0x81, 0x8) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f0000001040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x40}) (async)
ioctl$KVM_GET_DEVICE_ATTR_vm(r5, 0x4018aee2, &(0x7f00000010c0)=@attr_other={0x0, 0x9, 0xac54, &(0x7f0000001080)})
openat$kvm(0xffffffffffffff9c, &(0x7f0000001100), 0x4000, 0x0) (async)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r6, 0x4068aea3, &(0x7f0000001140)) (async)
syz_kvm_setup_cpu$arm64(r1, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000015c0)=[{0x0, &(0x7f00000011c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0x3, 0x8}}, @irq_setup={0x46, 0x18, {0x1, 0x1c2}}, @svc={0x122, 0x40, {0x84000014, [0xffff, 0x0, 0x65c, 0x794, 0x3ff]}}, @irq_setup={0x46, 0x18, {0x2, 0x1f2}}, @uexit={0x0, 0x18, 0x5}, @memwrite={0x6e, 0x30, @generic={0xeeee0000, 0x4d4, 0x3, 0x8}}, @hvc={0x32, 0x40, {0x8400000f, [0x0, 0x100000000, 0x505, 0x7, 0x9]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x1a1}}, @msr={0x14, 0x20, {0x603000000013dea7}}, @code={0xa, 0x84, {"408e96d20020b8f2c10180d2420180d2e30080d2240180d2020000d4000028d50024c01a00c0206e80d69cd200c0b8f2e10180d2c20080d2030080d2c40180d2020000d400d8a12e007008d5007896d200c0b8f2e10080d2220080d2430080d2e40180d2020000d4007008d5007008d5"}}, @code={0xa, 0xb4, {"206584d20040b0f2610080d2020080d2230080d2240080d2020000d400000033e0ea93d20060b0f2c10080d2220180d2c30180d2240180d2020000d4007f81d20000b0f2c10080d2e20180d2e30180d2a40180d2020000d4000000940094202ea05285d20080b0f2810180d2220180d2e30080d2a40180d2020000d4000028d500709f0ce0c694d20040b0f2e10080d2c20080d2230080d2e40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x14, 0x3, 0x1}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x3af}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x74}}, @uexit={0x0, 0x18, 0x4}, @smc={0x1e, 0x40, {0x84000009, [0x7, 0x6, 0xb, 0x1, 0x1]}}, @svc={0x122, 0x40, {0x84000051, [0x5, 0x3, 0x3ff, 0x9, 0x5]}}, @hvc={0x32, 0x40, {0xc400000d, [0xc94, 0x100000000, 0x0, 0x7fffffff, 0x8]}}], 0x400}], 0x1, 0x0, &(0x7f0000001600)=[@featur2={0x1, 0x10}], 0x1)

31m55.008752468s ago: executing program 0 (id=19):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xc0189436, 0x172)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x2})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000240)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x3, 0x95d9, 0x197}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x8080000, 0x8, 0x48, 0xb, 0xe6, 0x40, 0x9, 0x0, 0x81, 0x80}, {0x5000, 0x3000, 0x3, 0x0, 0x42, 0x5, 0x7d, 0x6, 0x36, 0x0, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x7, 0xe}, {0xeeee0000, 0xb000, 0xf, 0x3, 0x16, 0x7, 0xaa, 0x8, 0x9, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x11, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x4, 0x3, 0x8]})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000000)={0x7})
r10 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000080)={0x0, 0x6000, 0x0, r10})
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000000c0)={0x8})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x27)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r12, 0x4010ae68, 0xfffffffffffffffe)
ioctl$KVM_SIGNAL_MSI(r9, 0x4020aea5, &(0x7f0000000000)={0x6000, 0x0, 0x0, 0x1, 0x20000000})
r13 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_ARM_VCPU_FINALIZE(r14, 0x4004aec2, &(0x7f0000000100)=0x4)

31m53.923046846s ago: executing program 1 (id=20):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000100)=@arm64={0x4e, 0x2, 0x0, '\x00', 0x4})
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000000)=@arm64)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x35)

31m47.540761504s ago: executing program 1 (id=21):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x22)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8086000})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x8080000, 0x8, 0x8, 0xc, 0xe6, 0x40, 0x9, 0x0, 0x81, 0x80}, {0x5000, 0x3000, 0x3, 0x0, 0x42, 0x5, 0x7d, 0x6, 0x36, 0x0, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0x7, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x3, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x16, 0x88, 0xab, 0x8, 0x9, 0x9, 0xf7, 0x97}, {0xdddd1000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0xc000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0x7000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0xfec00000, [0x6800000000000000, 0x4, 0x3, 0x8]}) (async, rerun: 64)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (rerun: 64)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f00000001c0)=0x4, 0x4d) (async)
close(0xffffffffffffffff) (async)
close(0x4)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x21)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r8, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0x8933, 0x110e227ffe) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)

31m43.372176445s ago: executing program 0 (id=22):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e1d000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100024, &(0x7f0000000000)=0x4ab})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000240)=@arm64_core={0x6030000000100008, &(0x7f0000000200)=0x4a3})

31m36.220956545s ago: executing program 1 (id=23):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r4, 0x400454d0, 0x0)
mmap$KVM_VCPU(&(0x7f0000036000/0x2000)=nil, r1, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, 0x0, 0x22200, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2040, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r6 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r5, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000036000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r9, 0x1})
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r9, 0x3})
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f00000000c0)={0x1000000000003, 0x0, 0x2, r9, 0xf})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xe2a00, 0x0)
ioctl$KVM_CREATE_VM(r10, 0x5452, 0x20000002000fdfd)

31m33.354695698s ago: executing program 0 (id=24):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x2) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000240)=@arm64_core={0x603000000010001c, &(0x7f0000000000)=0x10000}) (async)
r6 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0x78, 0x0})

31m24.600234283s ago: executing program 0 (id=25):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000240)={0x0, 0x1003, 0x1}})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)={0x8, 0x0, [{0x7, 0x2, 0x0, 0x0, @adapter={0x0, 0x9, 0x2, 0x0, 0x8}}, {0x0, 0x4, 0x1, 0x0, @adapter={0xfff, 0xffffffffffffffff, 0x3, 0x85, 0x7}}, {0x3, 0x3, 0x0, 0x0, @msi={0x8, 0x5}}, {0xfffffffe, 0x3, 0x0, 0x0, @irqchip={0x3, 0x1ec}}, {0x4ceb5ddd, 0x1, 0x1, 0x0, @irqchip={0x4, 0xfffffffa}}, {0x7fffffff, 0x2, 0x1, 0x0, @msi={0x2, 0x0, 0x400, 0x1c0}}, {0x4, 0x4, 0x1, 0x0, @irqchip={0x1, 0x4}}, {0x2, 0x2, 0x0, 0x0, @msi={0x6, 0x7, 0x80, 0x7}}]})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000300)=@arm64_sve_vls={0x606000000015ffff, &(0x7f00000002c0)=0xb6e})

31m21.716488557s ago: executing program 1 (id=26):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x2, 0x100)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000002c0)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000100)=0xfffffffffffffffa})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000680)=[@its_setup={0x82, 0x28, {0x2, 0x0, 0x16f}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x8, 0x2008, 0x100}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x480401, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x21)
r12 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r12, 0x0)
mmap$KVM_VCPU(&(0x7f0000003000/0x2000)=nil, 0x930, 0x100000a, 0x10011, r12, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x7)
close(r2)
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x1, 0x100)

31m16.051403779s ago: executing program 0 (id=27):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
close(r0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r3 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
r10 = eventfd2(0xd, 0x1)
close(r10)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
write$eventfd(r10, 0x0, 0x500)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100042, &(0x7f00000000c0)=0x1b})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x1)

30m35.290658161s ago: executing program 32 (id=26):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x2, 0x100)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000002c0)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000100)=0xfffffffffffffffa})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000680)=[@its_setup={0x82, 0x28, {0x2, 0x0, 0x16f}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x8, 0x2008, 0x100}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x480401, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x21)
r12 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r12, 0x0)
mmap$KVM_VCPU(&(0x7f0000003000/0x2000)=nil, 0x930, 0x100000a, 0x10011, r12, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x7)
close(r2)
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x1, 0x100)

30m29.309573083s ago: executing program 33 (id=27):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
close(r0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r3 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
r10 = eventfd2(0xd, 0x1)
close(r10)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
write$eventfd(r10, 0x0, 0x500)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100042, &(0x7f00000000c0)=0x1b})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x1)

24m16.811579078s ago: executing program 3 (id=36):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000040)={0x0, &(0x7f0000000040)}, &(0x7f0000000bc0)=[@featur1={0x1, 0x54}], 0x1)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x2})
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r10, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r11, 0x8, 0x13, r10, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r11, 0x1000001, 0x12, r10, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r12 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x80010, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000e04000/0x2000)=nil, 0x930, 0x1, 0x11, r12, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r13, 0x8, 0x13, r12, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r13, 0x1000001, 0x12, r12, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

24m6.147660277s ago: executing program 2 (id=37):
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x801c581f, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r6 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0x40305839, 0x19)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)

23m57.53750896s ago: executing program 3 (id=38):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, 0x0, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r6, 0x0, 0x13, r5, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x18)
ioctl$KVM_GET_DIRTY_LOG(r8, 0x4010ae42, &(0x7f0000000000)={0x10002, 0x0, &(0x7f0000ffc000/0x2000)=nil})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f00000000c0)={0x1, 0x8000001})

23m47.727626511s ago: executing program 2 (id=39):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_vgic_v3_setup(r2, 0x2, 0x280)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r6 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r5, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f00000002c0)=[@mrs={0xbe, 0x18}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x362}}, @eret={0xe6, 0x18, 0xa51e}, @smc={0x1e, 0x40, {0x2000, [0x5, 0x6, 0x4, 0xac7, 0x32]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffe8, 0x4, 0x2}}, @smc={0x1e, 0x40, {0x84000001, [0x3, 0x440, 0xb, 0x3ff, 0x9e45]}}, @eret={0xe6, 0x18, 0xfffffffffffffffc}, @irq_setup={0x46, 0x18, {0x2, 0x2f2}}, @uexit={0x0, 0x18, 0x3}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x8001, 0x2}}, @eret={0xe6, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x8, 0x5, 0x9}}, @eret={0xe6, 0x18, 0x2}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x0, 0x7, 0x2, 0x81}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x280, 0x2, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x1e6}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x206}}, @eret={0xe6, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0x5, 0x7, 0x400, 0x1}}, @code={0xa, 0xb4, {"20d589d20040b8f2e10180d2c20080d2230080d2c40180d2020000d4c09f86d20080b8f2010180d2e20180d2c30080d2040180d2020000d4007008d50020400c008008d5e05897d200e0b0f2a10180d2220080d2c30080d2240080d2020000d4c0c491d200a0b0f2410080d2420080d2e30080d2840080d2020000d40000206b603c87d200e0b8f2010080d2c20180d2430180d2240080d2020000d4007008d5"}}, @irq_setup={0x46, 0x18, {0x0, 0x80}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x4, 0x5, 0x7fff, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x9, 0x3}}, @svc={0x122, 0x40, {0xc5000021, [0x401, 0x401, 0x7, 0xd76, 0x7]}}, @msr={0x14, 0x20, {0x0, 0x9}}, @svc={0x122, 0x40, {0xc4000003, [0x73b4f2fc, 0x3f, 0x100, 0x5, 0x8001]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0x1, 0x9, 0xff, 0x4}}, @svc={0x122, 0x40, {0x84000051, [0xffff, 0x6e02, 0x1, 0x3, 0x2]}}], 0x4f4}, &(0x7f00000000c0)=[@featur1={0x1, 0x48}], 0x1)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000140)=@other={0x8e, &(0x7f0000000100)=0x800})
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r8, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

23m22.769323916s ago: executing program 2 (id=40):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x7fffffff})
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})

23m21.942977522s ago: executing program 3 (id=41):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x8000000000000000, 0x0, 0x2, r4, 0x3})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000040)={0x4, 0xd000, 0x8, r4, 0xa}) (async)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r4, 0x7ffffffe}) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f00000001c0)=0xc})

23m7.60068109s ago: executing program 3 (id=42):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xe7) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0xa})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x21)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
r11 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r10, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x60871, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0xc}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) (async)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r13, 0xae80, 0x0) (async)
ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x6, 0x1})
r14 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f00000001c0)=@arm64_core={0x603000000010001e, &(0x7f0000000000)=0xfdb})
openat$kvm(0x0, &(0x7f0000000140), 0x42881, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x25) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

23m5.090871112s ago: executing program 2 (id=43):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
syz_kvm_vgic_v3_setup(r2, 0x0, 0x60)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3}}], 0x68}, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x4, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0xb, 0x7, 0x0})
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x2, 0x4, &(0x7f0000000000)=0x80000001})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r10, 0x3, 0x11, r5, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r11, 0xfffffffffffffffe, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
syz_kvm_assert_syzos_uexit$arm64(r11, 0xffffffffffffffff, 0x0)

22m50.030229441s ago: executing program 3 (id=44):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@other={0x40000000000003, &(0x7f00000000c0)=0x2})

22m44.20109769s ago: executing program 2 (id=45):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000200)={0x4, 0xffda, 0x2}})
r4 = eventfd2(0x0, 0x0)
close(r4)
openat$kvm(0x0, &(0x7f0000000040), 0x103801, 0x0)
write$eventfd(r4, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101400, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000f72000/0x1000)=nil, r5, 0x0, 0x110, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f72000/0x2000)=nil, 0x2000)

22m30.22316012s ago: executing program 2 (id=46):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x1e)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r1, 0x1000009, 0x12, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r1, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0x2, 0x10000000000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r4, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)

22m29.68077211s ago: executing program 3 (id=47):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xc0189436, 0x172)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r2, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000440)=[@featur1={0x1, 0x2a}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000040)={0x5})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r4, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10002, 0x6, 0x1, 0x2000, &(0x7f0000000000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
r10 = syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

21m42.610080054s ago: executing program 34 (id=46):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x1e)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r1, 0x1000009, 0x12, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r1, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0x2, 0x10000000000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r4, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)

21m37.182052921s ago: executing program 35 (id=47):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xc0189436, 0x172)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r2, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000440)=[@featur1={0x1, 0x2a}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000040)={0x5})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r4, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10002, 0x6, 0x1, 0x2000, &(0x7f0000000000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0)
r10 = syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

12m51.02381188s ago: executing program 5 (id=59):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000380)=[@irq_setup={0x46, 0x18, {0x1, 0x1bb}}, @msr={0x14, 0x20, {0x6030000000138012, 0x10000}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x80, 0x713, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x2000, 0x8000000000000001}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x3, 0x100, 0xfffffffc, 0x1}}, @code={0xa, 0x84, {"808a8bd20040b0f2810080d2020180d2230180d2e40080d2020000d4e0079f1a005c205e000008d50020601e00e4006f0000271e80a488d200a0b8f2010180d2620080d2e30080d2640080d2020000d420e39dd20080b8f2410080d2620080d2030180d2e40180d2020000d4007008d5"}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x1, 0xc, 0xfffffffc, 0xf, 0x2}}, @svc={0x122, 0x40, {0x80003fff, [0x5, 0x100000000, 0x100, 0x101, 0x7]}}, @irq_setup={0x46, 0x18, {0x2, 0x3b4}}, @hvc={0x32, 0x40, {0x80003fff, [0x80, 0x1, 0x3, 0x8, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x4, 0x7, 0x5, 0x5, 0x4}}, @memwrite={0x6e, 0x30, @generic={0x0, 0x7cc, 0x6c6}}, @irq_setup={0x46, 0x18, {0x2, 0xb1}}, @smc={0x1e, 0x40, {0x20, [0x100000002000000, 0x4, 0x4, 0x4, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013df5a}}, @mrs={0xbe, 0x18, {0x603000000013df6e}}, @eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0x8400000d, [0x85d, 0xf7, 0x8d, 0x6, 0x7fffffffffffffff]}}, @msr={0x14, 0x20, {0x603000000013deb5, 0x9}}, @svc={0x122, 0x40, {0xc4000003, [0x1, 0xea2, 0x45, 0x1, 0xfff]}}, @hvc={0x32, 0x40, {0x84000010, [0x8, 0x6, 0x5, 0x81, 0x8]}}, @code={0xa, 0x6c, {"e003006b007008d5000008d50068212e000028d560588cd200e0b8f2410180d2820080d2830080d2240080d2020000d4007008d5007008d5804489d200e0b0f2a10080d2a20080d2630180d2a40180d2020000d40000e00d"}}, @smc={0x1e, 0x40, {0x0, [0x3, 0x2, 0x9, 0x3351, 0x4a92]}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x1a9}}, @code={0xa, 0x6c, {"007008d5008008d520498ad200a0b0f2810080d2620080d2030180d2a40180d2020000d4000008d50000007a00f8a02e00b8205e00c296d200a0b8f2a10080d2420180d2a30180d2240180d2020000d4008008d50068214e"}}, @code={0xa, 0x9c, {"0060202e606898d200a0b8f2410080d2c20180d2c30080d2c40180d2020000d4008c202e0040400c00c0c00d008008d560ec9ed200e0b8f2010180d2220180d2c30180d2440180d2020000d4008008d5804b92d200a0b8f2610080d2620180d2e30080d2840180d2020000d4a0209bd200c0b8f2c10080d2e20180d2e30080d2840180d2020000d4"}}], 0x5b8}, &(0x7f00000000c0)=[@featur2], 0x1) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000000)=0x1000000})

12m38.089877561s ago: executing program 4 (id=60):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bc2000/0x400000)=nil)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = mmap$KVM_VCPU(&(0x7f0000de6000/0x3000)=nil, 0x930, 0x280000b, 0x30, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x4000010, r4, 0x0)
r6 = eventfd2(0x0, 0x0)
close(r6)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r6, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
write$eventfd(r6, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x83}], 0x1)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
close(0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

12m36.0441967s ago: executing program 5 (id=61):
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000000)={0x7, 0x0, [{0x9, 0x3, 0x0, 0x0, @adapter={0x8, 0x3, 0x3, 0x2, 0x15d7}}, {0x446, 0x1, 0x1, 0x0, @msi={0x48e, 0x7, 0xffffffff, 0x9}}, {0x6, 0x2, 0x1, 0x0, @adapter={0x800, 0xb, 0x4a00000000000000, 0x0, 0x1}}, {0x8, 0x3, 0x1, 0x0, @adapter={0x1, 0x6, 0xd, 0x55df, 0x5}}, {0x8000, 0x5, 0x1, 0x0, @irqchip={0x1, 0x6}}, {0x5, 0x4, 0x1, 0x0, @sint={0x3, 0x100}}, {0x7fff00, 0x3, 0x0, 0x0, @adapter={0x4, 0xfffffffffffeffff, 0x8, 0x2, 0x4}}]})
r0 = eventfd2(0x0, 0x80800)
write$eventfd(r0, &(0x7f0000000180)=0xdb4b, 0x8)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000001c0)={0x1, 0x60000, 0x1, r0})
write$eventfd(r0, &(0x7f0000000200)=0x2, 0x8)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000240)={0x2, 0xffffffff, 0x2, r0, 0x9})
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x12)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000640)=[{0x0, &(0x7f0000000280)=[@msr={0x14, 0x20, {0x6030000000138064, 0x3}}, @hvc={0x32, 0x40, {0x84000003, [0x5d, 0xd230, 0x5, 0x10, 0x3]}}, @eret={0xe6, 0x18, 0x1da9}, @eret={0xe6, 0x18, 0x8}, @eret={0xe6, 0x18, 0xc55a}, @hvc={0x32, 0x40, {0x400, [0x47, 0x57, 0x4, 0x207, 0x7]}}, @irq_setup={0x46, 0x18, {0x1, 0x15f}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x277}}, @code={0xa, 0x9c, {"000008d5c07d9fd20060b8f2410080d2820180d2a30080d2040080d2020000d4c07c94d200c0b0f2610180d2020080d2430180d2240080d2020000d40050204e007008d5006380d20000b0f2c10080d2420080d2230080d2640080d2020000d4000028d5000080a9007008d5e0bb88d20080b0f2c10180d2a20180d2a30180d2440180d2020000d4"}}, @memwrite={0x6e, 0x30, @generic={0xc000, 0x37a, 0x9, 0x2}}, @eret={0xe6, 0x18, 0x2}, @uexit={0x0, 0x18, 0xdc22}, @smc={0x1e, 0x40, {0x6000400, [0x8001, 0x10000, 0x7fff, 0x100, 0x100]}}, @hvc={0x32, 0x40, {0x6000000, [0x1, 0x2, 0x40, 0x2, 0x1068]}}, @irq_setup={0x46, 0x18, {0x3, 0xb6}}, @code={0xa, 0x9c, {"000028d50040261ea05986d200e0b0f2a10180d2c20180d2030180d2640080d2020000d40008200e007008d5007008d5807289d20060b8f2a10080d2620080d2030080d2a40180d2020000d4e0a485d200c0b8f2e10180d2020080d2630080d2240180d2020000d4000040d340f090d200a0b8f2010180d2020180d2a30080d2840080d2020000d4"}}, @code={0xa, 0x3c, {"000028d5001ce02e0090204e000000b1000028d500a4006f0040202e00e0204e0000431e0000399e"}}], 0x394}], 0x1, 0x0, &(0x7f0000000680)=[@featur1={0x1, 0x30}], 0x1)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000917000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000740)={0x0, &(0x7f00000006c0)=[@mrs={0xbe, 0x18, {0x603000000013d000}}, @smc={0x1e, 0x40, {0xc4000005, [0x0, 0x3, 0xfffffffffffffff8, 0x0, 0x2]}}], 0x58}, &(0x7f0000000780)=[@featur2={0x1, 0x8}], 0x1)
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x6)
syz_kvm_vgic_v3_setup(r5, 0x0, 0x20)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f00000007c0)={0x1, 0x4})
ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000800))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x20000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2a)
r8 = mmap$KVM_VCPU(&(0x7f0000a43000/0x4000)=nil, 0x0, 0x2, 0x1010, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000008c0)="ae847faacb3afde86ba35a8dbc05caca607403843fd36f844613dc83c1a49618bf45951430ce4db11d7bd009f8d708112b0f233cad97945dd056c02de37153c84be53a27e0837808", 0x0, 0x48)
r9 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000e00)={0x0, &(0x7f0000000940)=[@eret={0xe6, 0x18, 0x6}, @uexit={0x0, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013c527}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x1, 0xe, 0x24b5b71, 0x9, 0x3}}, @msr={0x14, 0x20, {0x0, 0x8000000000000000}}, @svc={0x122, 0x40, {0x979b90b0f51a4485, [0xfffffffffffffe15, 0x3ff, 0x5, 0x4, 0x40]}}, @irq_setup={0x46, 0x18, {0x2, 0xbe}}, @mrs={0xbe, 0x18, {0x603000000013de91}}, @eret={0xe6, 0x18, 0x2}, @hvc={0x32, 0x40, {0x84000007, [0x0, 0x401, 0x7, 0x5, 0x100000001]}}, @mrs={0xbe, 0x18, {0x603000000013e65b}}, @mrs={0xbe, 0x18, {0x603000000013801f}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x1e}}, @code={0xa, 0x84, {"000008d5007008d500686038207780d20060b8f2010080d2c20080d2a30080d2240180d2020000d4000008d580129dd200c0b8f2410180d2620180d2830080d2840080d2020000d4007008d5007008d5c0fe86d20060b0f2c10080d2c20080d2430080d2a40180d2020000d400c0271e"}}, @irq_setup={0x46, 0x18, {0x2, 0xd6}}, @smc={0x1e, 0x40, {0x8000, [0x100000001, 0x8, 0x3, 0x6, 0x6f070a86]}}, @code={0xa, 0x9c, {"007008d5000028d5c0b786d200c0b0f2e10180d2820080d2e30080d2040180d2020000d4000000a800000028e0379dd20080b0f2210080d2620180d2630180d2e40180d2020000d4008008d5007008d5603994d20000b0f2010180d2020080d2a30080d2a40080d2020000d4406296d200a0b8f2610080d2220080d2230180d2440080d2020000d4"}}, @code={0xa, 0x6c, {"00fc005f0068000e0060000f00a0400ca0359dd200e0b0f2210080d2620180d2030080d2440180d2020000d400e0204e007008d50000007c00d8212ea0ee93d200a0b8f2010180d2220180d2030180d2840080d2020000d4"}}, @uexit={0x0, 0x18, 0x3}, @code={0xa, 0xcc, {"a0cf91d200a0b0f2a10080d2220080d2830180d2840080d2020000d40018285e000c00f8a01d91d200c0b0f2c10080d2620180d2a30080d2240180d2020000d4c08c9ed20040b8f2210180d2020080d2a30080d2240180d2020000d4006996d20020b8f2210180d2c20080d2630180d2a40180d2020000d420b784d20000b8f2410080d2a20080d2630080d2040180d2020000d4000008d500fc202e802b9dd20060b8f2a10080d2620080d2230180d2240180d2020000d4"}}, @svc={0x122, 0x40, {0x86000001, [0x7fffffffffffffff, 0x6, 0xfffffffeffffffff, 0x1, 0x10001]}}], 0x4b8}, &(0x7f0000000e40)=[@featur1={0x1, 0x50}], 0x1)
r10 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x3c)
ioctl$KVM_CAP_PTP_KVM(r7, 0x4068aea3, &(0x7f0000000e80))
ioctl$KVM_CAP_ARM_USER_IRQ(r10, 0x4068aea3, &(0x7f0000000f00))
ioctl$KVM_ARM_SET_DEVICE_ADDR(r3, 0x4010aeab, &(0x7f0000000f80)={0x6, 0x100000})
r11 = ioctl$KVM_GET_STATS_FD_vm(r7, 0xaece)
ioctl$KVM_CAP_PTP_KVM(r11, 0x4068aea3, &(0x7f0000000fc0))
r12 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x3d)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r12, 0x4008ae73, &(0x7f0000001040)={0x10, 0x9})
ioctl$KVM_CAP_ARM_MTE(r12, 0x4068aea3, &(0x7f0000001080))
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000001140)=@other={0xe1d1, &(0x7f0000001100)=0x6})

12m17.442547001s ago: executing program 5 (id=62):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000006c0)={0x4, 0x1000})
syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000440)=[@featur1={0x1, 0x2a}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r3 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000040)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x6030000000138002}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000600)={0x0, &(0x7f0000000180)=[@mrs={0xbe, 0x18}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0xd, 0x1, 0x8, 0x2}}, @code={0xa, 0xfc, {"008c205e0004002fc00284d200a0b0f2e10180d2e20180d2230180d2240180d2020000d4e0fe9dd20060b0f2010080d2e20180d2830080d2840080d2020000d4c0c59bd200e0b0f2610180d2220080d2e30180d2c40180d2020000d440df85d20000b0f2810180d2620080d2230080d2840180d2020000d480a69ad20040b0f2e10180d2620180d2230080d2e40080d2020000d4a01b82d20020b8f2610080d2220180d2430180d2840180d2020000d420f386d20040b8f2210080d2020180d2430180d2c40180d2020000d4608b8dd200c0b0f2c10080d2a20180d2830080d2440180d2020000d4"}}, @hvc={0x32, 0x40, {0x6000000, [0x10000, 0x180000000, 0x4f, 0x0, 0x1000]}}, @mrs={0xbe, 0x18, {0x6030000000138045}}, @msr={0x14, 0x20, {0x603000000013c00c, 0x1000}}, @eret={0xe6, 0x18, 0x4}, @mrs={0xbe, 0x18, {0x603000000013c520}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x300, 0x1, 0x3}}, @eret={0xe6, 0x18, 0x5}, @hvc={0x32, 0x40, {0x5000000, [0xe, 0x7, 0xfff, 0x6, 0x3440000000000]}}, @eret={0xe6, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x2, 0x7, 0x1, 0x8168}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0x3, 0xffff, 0x4a, 0x4}}, @smc={0x1e, 0x40, {0x84000001, [0x2, 0x695ec39, 0x8, 0x4e, 0x2]}}, @eret={0xe6, 0x18, 0xc5}, @smc={0x1e, 0x40, {0x84000014, [0x5, 0x2, 0x1, 0x8, 0x9]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x6, 0x2}}, @hvc={0x32, 0x40, {0x84000006, [0x8, 0x4, 0x2, 0x10, 0xfb50]}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @eret={0xe6, 0x18, 0x6}, @uexit={0x0, 0x18, 0xa2}, @irq_setup={0x46, 0x18, {0x2, 0x2e2}}, @irq_setup={0x46, 0x18, {0x1, 0x7a}}, @uexit={0x0, 0x18, 0x6d7}], 0x46c}, &(0x7f0000000640)=[@featur2={0x1, 0x95}], 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000680)=@x86={0x3, 0x7, 0x0, 0x0, 0x3cd7e884, 0xe, 0xa, 0x5, 0x2, 0x0, 0x80, 0x3, 0x0, 0x6, 0x10000, 0x80, 0x3, 0x1, 0x6, '\x00', 0x81})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000040)={0x7, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f00000001c0)=0xc})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r3})
syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)

12m17.442023601s ago: executing program 4 (id=63):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
mmap$KVM_VCPU(&(0x7f0000842000/0x1000)=nil, 0x930, 0x1000005, 0x5c1fd1b6164b3f1, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xd, 0x5, 0xb, 0x0, 0x2, 0x6, 0x6, 0x9, 0x8, 0x89, 0x6, 0x2, 0x0, 0x6, 0x6, 0xe2, 0x3, 0x29, 0x0, '\x00', 0x10, 0x6})
write$eventfd(r2, &(0x7f00000001c0)=0x8, 0x8)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x7})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)

12m2.019414884s ago: executing program 4 (id=64):
mmap$KVM_VCPU(&(0x7f0000d8a000/0x2000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f3e000/0x1000)=nil, 0x930, 0x6000007, 0x4f833, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x801c581f, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0x80111500, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r8, 0x541b, 0x2000001c)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r10, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010001a, &(0x7f00000001c0)=0x3ff})
ioctl$KVM_CAP_HALT_POLL(r8, 0x4068aea3, &(0x7f0000000240)={0xb6, 0x0, 0x8})
r11 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x28)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r13, 0x4040aea0, &(0x7f0000000000)=@x86={0x0, 0x80, 0x2, 0x0, 0x7, 0x9, 0xe8, 0x2, 0x9, 0x10, 0xfc, 0xe, 0x0, 0x0, 0x5000000, 0x2, 0x1, 0x5, 0x10, '\x00', 0x60, 0x3})
r14 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x3, 0x7c}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0xa, 0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x21)

11m52.309957619s ago: executing program 5 (id=65):
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x1})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

11m36.570595797s ago: executing program 5 (id=66):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000040)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x1, 0x10000, 0x0, 0x2, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @code={0xa, 0x6c, {"00fca05e80c58ed200a0b0f2610080d2c20180d2c30080d2440180d2020000d4007008d50000409b007008d580fd88d200c0b0f2610080d2a20180d2430080d2c40180d2020000d400a09f0c008008d50040211e0020800c"}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}], 0x12c}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_ARM_VCPU_FINALIZE(r13, 0x4004aec2, &(0x7f00000001c0)=0x4)
openat$kvm(0x0, 0x0, 0x0, 0x0)
close(0x4)
close(0x5)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0xc3033, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f00000001c0)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0x8000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})

11m35.253188766s ago: executing program 4 (id=67):
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000040))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_KVMCLOCK_CTRL(r1, 0xaead)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xe4)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000140)="38ce8347fc1e86008cfc72bb312c8659dcc9225b48cb5cb00c73b0b30800000073f7f1f493e89c859e17625ad1b19c73a7fd4ce992bfc316bd22ccc646cd69c72800", 0x0, 0x1f)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xfffffffffffffff8)

11m23.688995502s ago: executing program 4 (id=68):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001640), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xea)
r2 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4000000000000010)
r4 = eventfd2(0xfff, 0x80000)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000000c0)={r3, 0xfffffa17, 0x1, r4})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r5, 0x400454da, 0x2f)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
openat$kvm(0x0, 0x0, 0x80001, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
r10 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0xf0780000002e2172, 0x0})
ioctl$KVM_CREATE_VM(r10, 0x401c5820, 0x20000001)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f00000003c0)=[@smc={0x1e, 0x40, {0xef000000, [0x50, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0)
r11 = syz_kvm_vgic_v3_setup(r0, 0x3, 0x60)
ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x3, 0x6, &(0x7f0000000040)=0x100000000})

11m11.190934298s ago: executing program 5 (id=69):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r7, 0x8, 0x13, r6, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r7, 0x1000001, 0x12, r6, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)

11m6.289661426s ago: executing program 4 (id=70):
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000005c0)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x101, 0x3}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x63}}, @uexit={0x0, 0x18, 0x1000}, @msr={0x14, 0x20, {0x603000000013e108, 0x8}}, @eret={0xe6, 0x18, 0x1}, @svc={0x122, 0x40, {0x8400000f, [0x4, 0x8, 0x4, 0x7fffffffffffffff, 0x4]}}, @svc={0x122, 0x40, {0x8000, [0x1, 0x100000001, 0x9, 0xffffffffff7b56d5, 0x9]}}, @uexit={0x0, 0x18, 0xfffffffffffffffa}, @irq_setup={0x46, 0x18, {0x1, 0x3da}}, @smc={0x1e, 0x40, {0x84000013, [0x4, 0x8, 0xd4f9, 0x5, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x2cce, 0xc}}, @msr={0x14, 0x20, {0x603000000013e719, 0x4}}, @code={0xa, 0xcc, {"804e9ed20040b8f2010080d2420080d2630180d2640080d2020000d4805f8bd20080b0f2c10180d2620080d2c30080d2440180d2020000d400c0e00da08597d20040b8f2c10180d2020080d2830180d2640080d2020000d4000008d5006497d200a0b0f2410080d2020180d2e30180d2040180d2020000d420058ad200a0b8f2e10080d2420180d2030180d2e40180d2020000d4c0dc8fd20060b8f2c10080d2620180d2c30180d2440080d2020000d40004005e0014002f"}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x4, 0xa, 0x1, 0x8, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013c038}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0xc, 0x1, 0x614e91d2, 0x6}}, @msr={0x14, 0x20, {0x603000000013deba}}, @svc={0x122, 0x40, {0xc4000003, [0x9, 0xffffffffffffffff, 0x40, 0x7, 0x40]}}, @svc={0x122, 0x40, {0x30000000, [0xfffffffe00000000, 0x6, 0x5, 0x3, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013c687}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0xe, 0x8, 0x80000001, 0x2}}, @svc={0x122, 0x40, {0x1fe44be9d4f30aa9, [0x4, 0x4, 0x1c, 0x4, 0x5]}}], 0x43c}, &(0x7f00000000c0)=[@featur1={0x1, 0x49}], 0x1) (async)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000001c0)={0x0, &(0x7f0000000a00)=[@memwrite={0x6e, 0x30, @generic={0xeeee8000, 0x927, 0xffffffff, 0xa}}, @irq_setup={0x46, 0x18, {0x3, 0x284}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x4, 0x97, 0x181a000}}, @msr={0x14, 0x20, {0x603000000013dea5, 0x7fffffff}}, @svc={0x122, 0x40, {0x8400000d, [0x8, 0x6, 0xf, 0x1, 0x80]}}, @svc={0x122, 0x40, {0xc4000010, [0xffffffffffffffff, 0x2, 0x1, 0x100000001, 0x7]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0xff}}, @code={0xa, 0x84, {"0080601f000008d5007008d50020a00d007008d5008008d50094202e802c82d20020b0f2410180d2e20080d2430180d2840080d2020000d4000992d20080b0f2810180d2e20180d2e30180d2e40080d2020000d4004391d200e0b8f2010080d2820180d2e30080d2440180d2020000d4"}}, @hvc={0x32, 0x40, {0x30000000, [0x8, 0x17, 0x100, 0xf85, 0x5]}}, @hvc={0x32, 0x40, {0x32000000, [0x4, 0x800, 0x8, 0x8000, 0x7]}}, @memwrite={0x6e, 0x30, @generic={0x4, 0xce6, 0xcd0}}, @eret={0xe6, 0x18, 0x1c}, @eret={0xe6, 0x18, 0x2}, @code={0xa, 0x9c, {"0000a09b804982d20000b0f2410180d2220180d2230180d2240080d2020000d4008008d520f380d20080b8f2210080d2e20080d2a30180d2440180d2020000d4a0a283d20060b0f2010180d2c20180d2430080d2640180d2020000d4000028d5000800b80080df0d0020df0c20ac9dd200e0b8f2c10080d2e20180d2430080d2e40180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x180, 0xcf9, 0x3}}, @eret={0xe6, 0x18, 0x8000}, @mrs={0xbe, 0x18, {0x603000000013df64}}, @msr={0x14, 0x20, {0x5ea6, 0x6}}, @code={0xa, 0x9c, {"0040206ec0b285d20060b8f2810080d2c20180d2830080d2c40080d2020000d40028214e007008d5e08482d20060b8f2610180d2420180d2030180d2440080d2020000d4007008d5e0f490d20020b0f2c10080d2e20080d2c30080d2a40080d2020000d440f290d200c0b8f2210180d2420180d2030080d2c40180d2020000d4007008d50070df0c"}}, @uexit={0x0, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x80, 0x6}}, @msr={0x14, 0x20, {0x603000000013e180, 0x759}}, @code={0xa, 0x6c, {"000008d5007008d5000008d5008008d500a8a15e80fd81d20000b8f2a10180d2820080d2430180d2840180d2020000d400409f0de0ec97d200e0b0f2610180d2e20080d2e30180d2040080d2020000d4e00300b2000008d5"}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x3, 0x10, 0x8, 0x4, 0x1}}, @uexit={0x0, 0x18, 0x3}, @hvc={0x32, 0x40, {0x84000006, [0x6, 0x101, 0x2, 0xff, 0x7ff]}}, @smc={0x1e, 0x40, {0x8400000e, [0x4, 0xff69, 0xffffffffffffff7f, 0x6, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x2, 0x8, 0x6, 0x4, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x2, 0xa, 0xaa0000, 0x1, 0x2}}, @hvc={0x32, 0x40, {0x84000007, [0x463, 0x4, 0x7fffffff, 0xffffffff00000001, 0x1ff]}}], 0x6a8}, &(0x7f0000000200)=[@featur2={0x1, 0xa9}], 0x1)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000000)=@arm64_fw={0x6030000000140002, 0xfffffffffffffffe})
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f00000010c0)=[@smc={0x1e, 0x0, {0x8400020f, [0x4, 0xfffffffffffffffa, 0x7, 0x0, 0x1]}}, @code={0xa, 0x0, {"0020202e0028210e00a8205e20d28ed20000b8f2a10080d2420080d2630180d2e40180d2020000d4a0fe9cd20040b0f2410180d2820080d2a30180d2840080d2020000d400f4006f00b8210e60fd84d200a0b0f2810180d2020080d2830180d2640180d2020000d4e0fd82d20040b0f2810080d2a20180d2230080d2440080d2020000d4000008d5"}}, @uexit={0x0, 0x0, 0x7}, @hvc={0x32, 0x0, {0xc4000003, [0x7fffffffffffffff, 0x7f, 0x3, 0x5f4e, 0xe]}}, @memwrite={0x6e, 0x0, @vgic_gits={0x8080000, 0x4, 0x7}}, @its_setup={0x82, 0x0, {0x2, 0x4, 0xcd}}, @eret={0xe6, 0x0, 0x4}, @mrs={0xbe, 0x0, {0x603000000013df6c}}, @code={0xa, 0x0, {"20cc81d200c0b8f2410180d2820080d2830180d2440080d2020000d400c0251ea09992d20060b8f2c10080d2a20180d2630180d2440080d2020000d400b980d20080b0f2010080d2220080d2830080d2c40080d2020000d400a09f0c00082078009c005f007008d5000028d5008008d5"}}, @its_setup={0x82, 0x0, {0x1, 0x4, 0x120}}, @hvc={0x32, 0x0, {0x4000000, [0x6, 0x5994, 0x0, 0x4, 0x2]}}, @uexit={0x0, 0x0, 0x3}, @eret={0xe6, 0x0, 0xfffffffffffff21e}, @svc={0x122, 0x0, {0x84000013, [0x10001, 0x10001, 0x619, 0x7, 0x6]}}, @hvc={0x32, 0x0, {0x8400000e, [0x100000001, 0xf, 0x1, 0x8, 0xfcc0]}}, @hvc={0x32, 0x0, {0x5000000, [0x5, 0xffffffff, 0x1, 0x1, 0x3]}}, @memwrite={0x6e, 0x0, @generic={0x41000, 0x914, 0x4000, 0xc27c47508479c10a}}, @eret={0xe6, 0x0, 0x4}, @its_send_cmd={0xaa, 0x0, {0x1, 0x1, 0x3, 0x10, 0x1, 0x0, 0x2}}, @memwrite={0x6e, 0x0, @vgic_gits={0x8080000, 0xfff0, 0x3, 0xd}}, @uexit, @uexit={0x0, 0x0, 0xf}, @mrs={0xbe, 0x0, {0x603000000013e099}}, @memwrite={0x6e, 0x0, @vgic_gits={0x8080000, 0xfffc, 0x36f}}, @hvc={0x32, 0x0, {0xc4000005, [0xf, 0x3, 0x2, 0x8000000000000000, 0x8]}}, @mrs={0xbe, 0x0, {0x603000000013e64d}}, @mrs={0xbe, 0x0, {0x603000000013df4d}}, @memwrite={0x6e, 0x0, @vgic_gicr={0x80a0000, 0x78, 0x4, 0x5}}, @mrs={0xbe, 0x0, {0x603000000013c020}}, @its_setup={0x82, 0x0, {0x2, 0x1, 0x52}}], 0x18}, 0x0, 0x0) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0x5421, 0x6)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r12 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r14 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r16 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
r17 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r17, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r18, 0x1, 0x12, r16, 0x0) (async)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async)
r19 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r19, 0x1000001, 0x12, r16, 0x0) (async)
r20 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r20, 0x3, 0x11, r15, 0x0)

10m23.122032579s ago: executing program 36 (id=69):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r7, 0x8, 0x13, r6, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r7, 0x1000001, 0x12, r6, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)

10m16.992259345s ago: executing program 37 (id=70):
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000005c0)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x101, 0x3}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x63}}, @uexit={0x0, 0x18, 0x1000}, @msr={0x14, 0x20, {0x603000000013e108, 0x8}}, @eret={0xe6, 0x18, 0x1}, @svc={0x122, 0x40, {0x8400000f, [0x4, 0x8, 0x4, 0x7fffffffffffffff, 0x4]}}, @svc={0x122, 0x40, {0x8000, [0x1, 0x100000001, 0x9, 0xffffffffff7b56d5, 0x9]}}, @uexit={0x0, 0x18, 0xfffffffffffffffa}, @irq_setup={0x46, 0x18, {0x1, 0x3da}}, @smc={0x1e, 0x40, {0x84000013, [0x4, 0x8, 0xd4f9, 0x5, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x2cce, 0xc}}, @msr={0x14, 0x20, {0x603000000013e719, 0x4}}, @code={0xa, 0xcc, {"804e9ed20040b8f2010080d2420080d2630180d2640080d2020000d4805f8bd20080b0f2c10180d2620080d2c30080d2440180d2020000d400c0e00da08597d20040b8f2c10180d2020080d2830180d2640080d2020000d4000008d5006497d200a0b0f2410080d2020180d2e30180d2040180d2020000d420058ad200a0b8f2e10080d2420180d2030180d2e40180d2020000d4c0dc8fd20060b8f2c10080d2620180d2c30180d2440080d2020000d40004005e0014002f"}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x4, 0xa, 0x1, 0x8, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013c038}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0xc, 0x1, 0x614e91d2, 0x6}}, @msr={0x14, 0x20, {0x603000000013deba}}, @svc={0x122, 0x40, {0xc4000003, [0x9, 0xffffffffffffffff, 0x40, 0x7, 0x40]}}, @svc={0x122, 0x40, {0x30000000, [0xfffffffe00000000, 0x6, 0x5, 0x3, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013c687}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0xe, 0x8, 0x80000001, 0x2}}, @svc={0x122, 0x40, {0x1fe44be9d4f30aa9, [0x4, 0x4, 0x1c, 0x4, 0x5]}}], 0x43c}, &(0x7f00000000c0)=[@featur1={0x1, 0x49}], 0x1) (async)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000001c0)={0x0, &(0x7f0000000a00)=[@memwrite={0x6e, 0x30, @generic={0xeeee8000, 0x927, 0xffffffff, 0xa}}, @irq_setup={0x46, 0x18, {0x3, 0x284}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x4, 0x97, 0x181a000}}, @msr={0x14, 0x20, {0x603000000013dea5, 0x7fffffff}}, @svc={0x122, 0x40, {0x8400000d, [0x8, 0x6, 0xf, 0x1, 0x80]}}, @svc={0x122, 0x40, {0xc4000010, [0xffffffffffffffff, 0x2, 0x1, 0x100000001, 0x7]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0xff}}, @code={0xa, 0x84, {"0080601f000008d5007008d50020a00d007008d5008008d50094202e802c82d20020b0f2410180d2e20080d2430180d2840080d2020000d4000992d20080b0f2810180d2e20180d2e30180d2e40080d2020000d4004391d200e0b8f2010080d2820180d2e30080d2440180d2020000d4"}}, @hvc={0x32, 0x40, {0x30000000, [0x8, 0x17, 0x100, 0xf85, 0x5]}}, @hvc={0x32, 0x40, {0x32000000, [0x4, 0x800, 0x8, 0x8000, 0x7]}}, @memwrite={0x6e, 0x30, @generic={0x4, 0xce6, 0xcd0}}, @eret={0xe6, 0x18, 0x1c}, @eret={0xe6, 0x18, 0x2}, @code={0xa, 0x9c, {"0000a09b804982d20000b0f2410180d2220180d2230180d2240080d2020000d4008008d520f380d20080b8f2210080d2e20080d2a30180d2440180d2020000d4a0a283d20060b0f2010180d2c20180d2430080d2640180d2020000d4000028d5000800b80080df0d0020df0c20ac9dd200e0b8f2c10080d2e20180d2430080d2e40180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x180, 0xcf9, 0x3}}, @eret={0xe6, 0x18, 0x8000}, @mrs={0xbe, 0x18, {0x603000000013df64}}, @msr={0x14, 0x20, {0x5ea6, 0x6}}, @code={0xa, 0x9c, {"0040206ec0b285d20060b8f2810080d2c20180d2830080d2c40080d2020000d40028214e007008d5e08482d20060b8f2610180d2420180d2030180d2440080d2020000d4007008d5e0f490d20020b0f2c10080d2e20080d2c30080d2a40080d2020000d440f290d200c0b8f2210180d2420180d2030080d2c40180d2020000d4007008d50070df0c"}}, @uexit={0x0, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x80, 0x6}}, @msr={0x14, 0x20, {0x603000000013e180, 0x759}}, @code={0xa, 0x6c, {"000008d5007008d5000008d5008008d500a8a15e80fd81d20000b8f2a10180d2820080d2430180d2840180d2020000d400409f0de0ec97d200e0b0f2610180d2e20080d2e30180d2040080d2020000d4e00300b2000008d5"}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x3, 0x10, 0x8, 0x4, 0x1}}, @uexit={0x0, 0x18, 0x3}, @hvc={0x32, 0x40, {0x84000006, [0x6, 0x101, 0x2, 0xff, 0x7ff]}}, @smc={0x1e, 0x40, {0x8400000e, [0x4, 0xff69, 0xffffffffffffff7f, 0x6, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x2, 0x8, 0x6, 0x4, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x2, 0xa, 0xaa0000, 0x1, 0x2}}, @hvc={0x32, 0x40, {0x84000007, [0x463, 0x4, 0x7fffffff, 0xffffffff00000001, 0x1ff]}}], 0x6a8}, &(0x7f0000000200)=[@featur2={0x1, 0xa9}], 0x1)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000000)=@arm64_fw={0x6030000000140002, 0xfffffffffffffffe})
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f00000010c0)=[@smc={0x1e, 0x0, {0x8400020f, [0x4, 0xfffffffffffffffa, 0x7, 0x0, 0x1]}}, @code={0xa, 0x0, {"0020202e0028210e00a8205e20d28ed20000b8f2a10080d2420080d2630180d2e40180d2020000d4a0fe9cd20040b0f2410180d2820080d2a30180d2840080d2020000d400f4006f00b8210e60fd84d200a0b0f2810180d2020080d2830180d2640180d2020000d4e0fd82d20040b0f2810080d2a20180d2230080d2440080d2020000d4000008d5"}}, @uexit={0x0, 0x0, 0x7}, @hvc={0x32, 0x0, {0xc4000003, [0x7fffffffffffffff, 0x7f, 0x3, 0x5f4e, 0xe]}}, @memwrite={0x6e, 0x0, @vgic_gits={0x8080000, 0x4, 0x7}}, @its_setup={0x82, 0x0, {0x2, 0x4, 0xcd}}, @eret={0xe6, 0x0, 0x4}, @mrs={0xbe, 0x0, {0x603000000013df6c}}, @code={0xa, 0x0, {"20cc81d200c0b8f2410180d2820080d2830180d2440080d2020000d400c0251ea09992d20060b8f2c10080d2a20180d2630180d2440080d2020000d400b980d20080b0f2010080d2220080d2830080d2c40080d2020000d400a09f0c00082078009c005f007008d5000028d5008008d5"}}, @its_setup={0x82, 0x0, {0x1, 0x4, 0x120}}, @hvc={0x32, 0x0, {0x4000000, [0x6, 0x5994, 0x0, 0x4, 0x2]}}, @uexit={0x0, 0x0, 0x3}, @eret={0xe6, 0x0, 0xfffffffffffff21e}, @svc={0x122, 0x0, {0x84000013, [0x10001, 0x10001, 0x619, 0x7, 0x6]}}, @hvc={0x32, 0x0, {0x8400000e, [0x100000001, 0xf, 0x1, 0x8, 0xfcc0]}}, @hvc={0x32, 0x0, {0x5000000, [0x5, 0xffffffff, 0x1, 0x1, 0x3]}}, @memwrite={0x6e, 0x0, @generic={0x41000, 0x914, 0x4000, 0xc27c47508479c10a}}, @eret={0xe6, 0x0, 0x4}, @its_send_cmd={0xaa, 0x0, {0x1, 0x1, 0x3, 0x10, 0x1, 0x0, 0x2}}, @memwrite={0x6e, 0x0, @vgic_gits={0x8080000, 0xfff0, 0x3, 0xd}}, @uexit, @uexit={0x0, 0x0, 0xf}, @mrs={0xbe, 0x0, {0x603000000013e099}}, @memwrite={0x6e, 0x0, @vgic_gits={0x8080000, 0xfffc, 0x36f}}, @hvc={0x32, 0x0, {0xc4000005, [0xf, 0x3, 0x2, 0x8000000000000000, 0x8]}}, @mrs={0xbe, 0x0, {0x603000000013e64d}}, @mrs={0xbe, 0x0, {0x603000000013df4d}}, @memwrite={0x6e, 0x0, @vgic_gicr={0x80a0000, 0x78, 0x4, 0x5}}, @mrs={0xbe, 0x0, {0x603000000013c020}}, @its_setup={0x82, 0x0, {0x2, 0x1, 0x52}}], 0x18}, 0x0, 0x0) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0x5421, 0x6)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r12 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r14 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r16 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
r17 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r17, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r18, 0x1, 0x12, r16, 0x0) (async)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async)
r19 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r19, 0x1000001, 0x12, r16, 0x0) (async)
r20 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r20, 0x3, 0x11, r15, 0x0)

1m38.017773987s ago: executing program 7 (id=72):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000000c0)={0x6, 0x1000})
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000200)={0x10004, 0x3, 0xb000, 0x2000, &(0x7f0000ffb000/0x2000)=nil, 0x9, r3})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, &(0x7f0000000100)={0x10000, 0x0, &(0x7f0000d99000/0x4000)=nil})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r7, 0x4010ae42, &(0x7f0000000100)={0x10002, 0x0, &(0x7f0000623000/0x4000)=nil})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r7, 0x4068aea3, &(0x7f0000000180))
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000002c0)=@arm64_core={0x6030000000100038, &(0x7f0000000000)=0x401})

1m31.940716448s ago: executing program 6 (id=71):
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x2132, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x5460, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x2132, 0xffffffffffffffff, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0x5460, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async)

1m15.653783589s ago: executing program 6 (id=73):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m2.727160839s ago: executing program 7 (id=74):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000040)={0xb6, 0x0, 0x6})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xa)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c})
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000000)
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r10 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r10, 0x3})
r11 = eventfd2(0x5, 0x800)
write$eventfd(r11, &(0x7f0000000000)=0xffffffffffffffff, 0x8)
r12 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000000, [0x40000099a, 0x5cf, 0xaca, 0x6, 0x1]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x34)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r14, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f0000000280)=ANY=[@ANYRES64=r7], 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x6020000000110000, &(0x7f0000000100)=0x18})

51.118838645s ago: executing program 6 (id=75):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0x4020940d, 0x20000000)
syz_kvm_vgic_v3_setup(r1, 0xfffffffffffffffd, 0x1a0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x18)
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000000)={0x10002, 0x0, &(0x7f0000ffc000/0x2000)=nil})
r7 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
close(r4)

14.017171885s ago: executing program 38 (id=74):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000040)={0xb6, 0x0, 0x6})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xa)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c})
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000000)
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r10 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r10, 0x3})
r11 = eventfd2(0x5, 0x800)
write$eventfd(r11, &(0x7f0000000000)=0xffffffffffffffff, 0x8)
r12 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000000, [0x40000099a, 0x5cf, 0xaca, 0x6, 0x1]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x34)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r14, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f0000000280)=ANY=[@ANYRES64=r7], 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x6020000000110000, &(0x7f0000000100)=0x18})

0s ago: executing program 39 (id=75):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0x4020940d, 0x20000000)
syz_kvm_vgic_v3_setup(r1, 0xfffffffffffffffd, 0x1a0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x18)
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000000)={0x10002, 0x0, &(0x7f0000ffc000/0x2000)=nil})
r7 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
close(r4)

kernel console output (not intermixed with test programs):

[  420.476745][ T3170] 8021q: adding VLAN 0 to HW filter on device bond0
[  468.097975][ T3170] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:1908' (ED25519) to the list of known hosts.
[  641.510952][   T25] audit: type=1400 audit(640.710:61): avc:  denied  { name_bind } for  pid=3343 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  643.378599][   T25] audit: type=1400 audit(642.580:62): avc:  denied  { execute } for  pid=3344 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  643.421380][   T25] audit: type=1400 audit(642.620:63): avc:  denied  { execute_no_trans } for  pid=3344 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  670.054449][   T25] audit: type=1400 audit(669.250:64): avc:  denied  { mounton } for  pid=3344 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  670.112582][   T25] audit: type=1400 audit(669.310:65): avc:  denied  { mount } for  pid=3344 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  670.203365][ T3344] cgroup: Unknown subsys name 'net'
[  670.285267][   T25] audit: type=1400 audit(669.490:66): avc:  denied  { unmount } for  pid=3344 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  670.801074][ T3344] cgroup: Unknown subsys name 'cpuset'
[  670.953795][ T3344] cgroup: Unknown subsys name 'rlimit'
[  671.948899][   T25] audit: type=1400 audit(671.150:67): avc:  denied  { setattr } for  pid=3344 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  671.976708][   T25] audit: type=1400 audit(671.180:68): avc:  denied  { mounton } for  pid=3344 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  672.011531][   T25] audit: type=1400 audit(671.210:69): avc:  denied  { mount } for  pid=3344 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  673.105800][ T3348] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  673.127878][   T25] audit: type=1400 audit(672.330:70): avc:  denied  { relabelto } for  pid=3348 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  673.156502][   T25] audit: type=1400 audit(672.360:71): avc:  denied  { write } for  pid=3348 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  673.347875][   T25] audit: type=1400 audit(672.550:72): avc:  denied  { read } for  pid=3344 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  673.376517][   T25] audit: type=1400 audit(672.570:73): avc:  denied  { open } for  pid=3344 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  673.423880][ T3344] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  731.223074][   T25] audit: type=1400 audit(730.430:74): avc:  denied  { execmem } for  pid=3349 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  735.126491][   T25] audit: type=1400 audit(734.330:76): avc:  denied  { open } for  pid=3352 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  735.142278][   T25] audit: type=1400 audit(734.310:75): avc:  denied  { read } for  pid=3351 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  735.220990][   T25] audit: type=1400 audit(734.410:77): avc:  denied  { mounton } for  pid=3351 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  735.469010][   T25] audit: type=1400 audit(734.670:78): avc:  denied  { module_request } for  pid=3351 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  735.487603][   T25] audit: type=1400 audit(734.690:79): avc:  denied  { module_request } for  pid=3352 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  736.533980][   T25] audit: type=1400 audit(735.730:80): avc:  denied  { sys_module } for  pid=3352 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  759.697805][ T3352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  760.135458][ T3352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  760.198540][ T3351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  760.481503][ T3351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  778.130944][ T3352] hsr_slave_0: entered promiscuous mode
[  778.177416][ T3352] hsr_slave_1: entered promiscuous mode
[  779.295897][ T3351] hsr_slave_0: entered promiscuous mode
[  779.334014][ T3351] hsr_slave_1: entered promiscuous mode
[  779.376037][ T3351] debugfs: 'hsr0' already exists in 'hsr'
[  779.383130][ T3351] Cannot create hsr debugfs directory
[  785.308848][   T25] audit: type=1400 audit(784.510:81): avc:  denied  { create } for  pid=3352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  785.371494][   T25] audit: type=1400 audit(784.570:82): avc:  denied  { write } for  pid=3352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  785.462277][   T25] audit: type=1400 audit(784.650:83): avc:  denied  { read } for  pid=3352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  785.673968][ T3352] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  786.087172][ T3352] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  786.358321][ T3352] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  786.662811][ T3352] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  788.333022][ T3351] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  788.608177][ T3351] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  788.855229][ T3351] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  789.063408][ T3351] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  801.555663][ T3352] 8021q: adding VLAN 0 to HW filter on device bond0
[  804.217344][ T3351] 8021q: adding VLAN 0 to HW filter on device bond0
[  860.758243][ T3352] veth0_vlan: entered promiscuous mode
[  861.382866][ T3352] veth1_vlan: entered promiscuous mode
[  863.186327][ T3351] veth0_vlan: entered promiscuous mode
[  863.975150][ T3351] veth1_vlan: entered promiscuous mode
[  864.098999][ T3352] veth0_macvtap: entered promiscuous mode
[  864.593788][ T3352] veth1_macvtap: entered promiscuous mode
[  866.924809][ T3351] veth0_macvtap: entered promiscuous mode
[  867.251911][ T3399] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  867.264788][ T3399] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  867.272660][ T3399] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  867.341862][ T3399] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  867.545604][ T3351] veth1_macvtap: entered promiscuous mode
[  870.043513][   T25] audit: type=1400 audit(869.140:84): avc:  denied  { mount } for  pid=3352 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  870.325003][   T25] audit: type=1400 audit(869.430:85): avc:  denied  { mounton } for  pid=3352 comm="syz-executor" path="/syzkaller.VC9vXJ/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  870.591184][   T25] audit: type=1400 audit(869.790:86): avc:  denied  { mount } for  pid=3352 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  870.893625][   T25] audit: type=1400 audit(870.060:87): avc:  denied  { mounton } for  pid=3352 comm="syz-executor" path="/syzkaller.VC9vXJ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  870.978718][ T3399] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  871.001344][ T3399] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  871.006707][ T3399] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  871.028828][ T3399] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  871.147764][   T25] audit: type=1400 audit(870.350:88): avc:  denied  { mounton } for  pid=3352 comm="syz-executor" path="/syzkaller.VC9vXJ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3771 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  871.928715][   T25] audit: type=1400 audit(871.130:89): avc:  denied  { unmount } for  pid=3352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  872.211861][   T25] audit: type=1400 audit(871.410:90): avc:  denied  { mounton } for  pid=3352 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  872.374448][   T25] audit: type=1400 audit(871.570:91): avc:  denied  { mount } for  pid=3352 comm="syz-executor" name="/" dev="gadgetfs" ino=3783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  872.983332][   T25] audit: type=1400 audit(872.180:92): avc:  denied  { mount } for  pid=3352 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  873.061249][   T25] audit: type=1400 audit(872.260:93): avc:  denied  { mounton } for  pid=3352 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  874.363413][ T3352] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  875.664673][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  875.681727][   T25] audit: type=1400 audit(874.860:95): avc:  denied  { read write } for  pid=3352 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  875.731409][   T25] audit: type=1400 audit(874.930:96): avc:  denied  { open } for  pid=3352 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  875.788554][   T25] audit: type=1400 audit(874.970:97): avc:  denied  { ioctl } for  pid=3352 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  885.631938][   T25] audit: type=1400 audit(884.820:98): avc:  denied  { read } for  pid=3505 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  885.721754][   T25] audit: type=1400 audit(884.920:99): avc:  denied  { open } for  pid=3505 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  886.601016][   T25] audit: type=1400 audit(885.800:100): avc:  denied  { ioctl } for  pid=3505 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  889.501269][   T25] audit: type=1400 audit(888.690:101): avc:  denied  { write } for  pid=3505 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  912.553419][   T25] audit: type=1400 audit(911.750:102): avc:  denied  { append } for  pid=3523 comm="syz.1.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  944.902206][   T25] audit: type=1400 audit(944.010:103): avc:  denied  { execute } for  pid=3550 comm="syz.0.13" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4368 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1019.616122][ T3597] KVM: debugfs: duplicate directory 3597-5
[ 1114.006929][   T25] audit: type=1400 audit(1113.210:104): avc:  denied  { module_request } for  pid=3614 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 1115.443559][ T3368] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1116.851842][ T3368] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1118.196521][ T3368] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1119.182567][ T3368] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1138.617045][ T3368] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1138.808554][ T3368] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1138.927018][ T3368] bond0 (unregistering): Released all slaves
[ 1141.526688][ T3368] hsr_slave_0: left promiscuous mode
[ 1141.641858][ T3368] hsr_slave_1: left promiscuous mode
[ 1142.282136][ T3368] veth1_macvtap: left promiscuous mode
[ 1142.286269][ T3368] veth0_macvtap: left promiscuous mode
[ 1142.298813][ T3368] veth1_vlan: left promiscuous mode
[ 1142.314282][ T3368] veth0_vlan: left promiscuous mode
[ 1156.317711][ T3608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1156.998317][ T3608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1158.107246][ T3614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1159.008571][ T3614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1162.796111][ T3645] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1164.054074][ T3645] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1165.152751][ T3645] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1166.356366][ T3645] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.616295][ T3645] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1181.697409][ T3645] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1181.768325][ T3645] bond0 (unregistering): Released all slaves
[ 1182.904234][ T3645] hsr_slave_0: left promiscuous mode
[ 1182.994971][ T3645] hsr_slave_1: left promiscuous mode
[ 1183.516502][ T3645] veth1_macvtap: left promiscuous mode
[ 1183.518388][ T3645] veth0_macvtap: left promiscuous mode
[ 1183.557006][ T3645] veth1_vlan: left promiscuous mode
[ 1183.582815][ T3645] veth0_vlan: left promiscuous mode
[ 1206.646493][ T3608] hsr_slave_0: entered promiscuous mode
[ 1206.755371][ T3608] hsr_slave_1: entered promiscuous mode
[ 1210.826911][ T3614] hsr_slave_0: entered promiscuous mode
[ 1210.864791][ T3614] hsr_slave_1: entered promiscuous mode
[ 1210.901300][ T3614] debugfs: 'hsr0' already exists in 'hsr'
[ 1210.904366][ T3614] Cannot create hsr debugfs directory
[ 1220.938872][ T3608] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1221.567982][ T3608] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1222.081333][ T3608] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1222.977844][ T3608] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1226.040939][ T3614] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1226.544695][ T3614] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1226.978719][ T3614] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1227.353535][ T3614] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1248.244546][ T3608] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1252.465167][ T3614] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1348.161836][ T3608] veth0_vlan: entered promiscuous mode
[ 1349.074176][ T3608] veth1_vlan: entered promiscuous mode
[ 1351.925285][ T3614] veth0_vlan: entered promiscuous mode
[ 1353.872839][ T3614] veth1_vlan: entered promiscuous mode
[ 1354.052175][ T3608] veth0_macvtap: entered promiscuous mode
[ 1354.973108][ T3608] veth1_macvtap: entered promiscuous mode
[ 1358.435892][ T3614] veth0_macvtap: entered promiscuous mode
[ 1359.142304][ T3645] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1359.278694][   T50] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1359.283916][   T50] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1359.303932][   T50] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1359.503828][ T3614] veth1_macvtap: entered promiscuous mode
[ 1364.514950][   T21] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1364.524273][   T21] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1364.562677][   T21] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1364.661576][   T21] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1608.677308][ T3801] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1610.877424][ T3801] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1613.755905][ T3801] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1615.683710][ T3801] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1640.472416][ T3801] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1641.401543][ T3801] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1641.982908][ T3801] bond0 (unregistering): Released all slaves
[ 1644.661134][ T3801] hsr_slave_0: left promiscuous mode
[ 1644.843609][ T3801] hsr_slave_1: left promiscuous mode
[ 1645.495037][ T3801] veth1_macvtap: left promiscuous mode
[ 1645.498536][ T3801] veth0_macvtap: left promiscuous mode
[ 1645.542067][ T3801] veth1_vlan: left promiscuous mode
[ 1645.561538][ T3801] veth0_vlan: left promiscuous mode
[ 1668.816546][ T3801] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1670.568713][ T3801] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1671.945660][ T3801] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1673.493660][ T3801] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1693.812532][ T3801] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1694.133711][ T3801] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1694.332196][ T3801] bond0 (unregistering): Released all slaves
[ 1696.846119][ T3801] hsr_slave_0: left promiscuous mode
[ 1697.004845][ T3801] hsr_slave_1: left promiscuous mode
[ 1697.642558][ T3801] veth1_macvtap: left promiscuous mode
[ 1697.646082][ T3801] veth0_macvtap: left promiscuous mode
[ 1697.662725][ T3801] veth1_vlan: left promiscuous mode
[ 1697.673934][ T3801] veth0_vlan: left promiscuous mode
[ 1755.524212][ T3950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1755.828141][ T3950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1758.551249][ T3953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1758.810735][ T3953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1781.533474][ T3950] hsr_slave_0: entered promiscuous mode
[ 1781.610970][ T3950] hsr_slave_1: entered promiscuous mode
[ 1784.357138][ T3953] hsr_slave_0: entered promiscuous mode
[ 1784.486863][ T3953] hsr_slave_1: entered promiscuous mode
[ 1784.601105][ T3953] debugfs: 'hsr0' already exists in 'hsr'
[ 1784.606570][ T3953] Cannot create hsr debugfs directory
[ 1803.593014][ T3950] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1804.535183][ T3950] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1805.241641][ T3950] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1806.014737][ T3950] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1812.737460][ T3953] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1813.381865][ T3953] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1813.903378][ T3953] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1814.379163][ T3953] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1839.026099][ T3950] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1843.777468][ T3953] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1980.828641][ T3950] veth0_vlan: entered promiscuous mode
[ 1982.113040][ T3950] veth1_vlan: entered promiscuous mode
[ 1986.184320][ T3950] veth0_macvtap: entered promiscuous mode
[ 1987.685413][ T3950] veth1_macvtap: entered promiscuous mode
[ 1990.013828][ T3953] veth0_vlan: entered promiscuous mode
[ 1992.457920][ T3953] veth1_vlan: entered promiscuous mode
[ 1994.497883][ T3234] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1994.508220][ T3234] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1994.518792][ T3234] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1994.584927][ T3645] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2000.316871][ T3953] veth0_macvtap: entered promiscuous mode
[ 2001.943732][ T3953] veth1_macvtap: entered promiscuous mode
[ 2007.460412][   T21] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2007.551183][ T3394] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2007.593087][ T3801] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2007.746589][ T3455] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2307.027842][ T4090] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2309.693144][ T4090] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2311.965694][ T4090] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2314.376471][ T4090] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2337.744444][ T4090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2338.457420][ T4090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2338.944577][ T4090] bond0 (unregistering): Released all slaves
[ 2341.553191][ T4090] hsr_slave_0: left promiscuous mode
[ 2341.711762][ T4090] hsr_slave_1: left promiscuous mode
[ 2342.798481][ T4090] veth1_macvtap: left promiscuous mode
[ 2342.845386][ T4090] veth0_macvtap: left promiscuous mode
[ 2342.889019][ T4090] veth1_vlan: left promiscuous mode
[ 2342.933952][ T4090] veth0_vlan: left promiscuous mode
[ 2382.423384][ T4090] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2384.196393][ T4090] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2385.794061][ T4090] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2387.118897][ T4090] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2414.852648][ T4090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2415.091399][ T4090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2415.325184][ T4090] bond0 (unregistering): Released all slaves
[ 2416.804307][ T4090] hsr_slave_0: left promiscuous mode
[ 2416.932633][ T4090] hsr_slave_1: left promiscuous mode
[ 2417.464037][ T4090] veth1_macvtap: left promiscuous mode
[ 2417.481539][ T4090] veth0_macvtap: left promiscuous mode
[ 2417.494366][ T4090] veth1_vlan: left promiscuous mode
[ 2417.530960][ T4090] veth0_vlan: left promiscuous mode
[ 2478.296466][ T4352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2479.725581][ T4352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2482.338828][ T4347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2482.728841][ T4347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2510.878511][ T4352] hsr_slave_0: entered promiscuous mode
[ 2510.962071][ T4352] hsr_slave_1: entered promiscuous mode
[ 2515.235035][ T4347] hsr_slave_0: entered promiscuous mode
[ 2515.298702][ T4347] hsr_slave_1: entered promiscuous mode
[ 2515.461362][ T4347] debugfs: 'hsr0' already exists in 'hsr'
[ 2515.471136][ T4347] Cannot create hsr debugfs directory
[ 2541.467213][ T4352] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 2542.436717][ T4352] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 2543.058834][ T4352] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 2543.528969][ T4352] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 2550.192500][ T4347] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2550.632135][ T4347] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2551.164874][ T4347] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2551.692786][ T4347] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2582.114599][ T4352] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2590.107727][ T4347] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2756.071855][ T4352] veth0_vlan: entered promiscuous mode
[ 2757.655391][ T4352] veth1_vlan: entered promiscuous mode
[ 2762.702774][ T4347] veth0_vlan: entered promiscuous mode
[ 2765.377599][ T4352] veth0_macvtap: entered promiscuous mode
[ 2765.668111][ T4347] veth1_vlan: entered promiscuous mode
[ 2766.695820][ T4352] veth1_macvtap: entered promiscuous mode
[ 2774.701096][ T3234] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2774.745241][ T4349] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2774.843217][ T3394] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2774.868130][ T3394] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2774.963171][ T4347] veth0_macvtap: entered promiscuous mode
[ 2776.636751][ T4347] veth1_macvtap: entered promiscuous mode
[ 2785.675793][ T3645] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2785.680493][ T3645] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2785.702180][ T3645] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2785.708913][ T3645] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3051.258783][ T4644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3051.924602][ T4644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3067.494397][ T4650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3068.206683][ T4650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3115.597102][ T4644] hsr_slave_0: entered promiscuous mode
[ 3115.786013][ T4644] hsr_slave_1: entered promiscuous mode
[ 3116.023223][ T4644] debugfs: 'hsr0' already exists in 'hsr'
[ 3116.031671][ T4644] Cannot create hsr debugfs directory
[ 3139.273931][ T4650] hsr_slave_0: entered promiscuous mode
[ 3139.457603][ T4650] hsr_slave_1: entered promiscuous mode
[ 3139.565500][ T4650] debugfs: 'hsr0' already exists in 'hsr'
[ 3139.613585][ T4650] Cannot create hsr debugfs directory
[ 3173.073243][ T4644] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 3175.342477][ T4644] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 3177.221605][ T4644] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 3178.511272][ T4644] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 3193.398058][ T4650] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 3194.413807][ T4650] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 3195.434329][ T4650] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 3196.368960][ T4650] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 3245.627483][ T4644] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3260.578275][ T4650] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3290.941647][   T27] INFO: task syz.6.75:4627 blocked for more than 430 seconds.
[ 3290.943068][   T27]       Not tainted syzkaller #0
[ 3290.960807][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3290.961447][   T27] task:syz.6.75        state:D stack:0     pid:4627  tgid:4627  ppid:4347   task_flags:0x400040 flags:0x00000011
[ 3290.962929][   T27] Call trace:
[ 3290.963400][   T27]  __switch_to+0x584/0xb00 (T)
[ 3290.965521][   T27]  __schedule+0x200c/0x3428
[ 3290.966530][   T27]  schedule+0xac/0x27c
[ 3290.967020][   T27]  schedule_timeout+0x68/0x1ec
[ 3290.967530][   T27]  do_wait_for_common+0x28c/0x440
[ 3290.968027][   T27]  wait_for_completion+0x44/0x5c
[ 3290.968504][   T27]  __synchronize_srcu+0x2a4/0x320
[ 3290.969007][   T27]  synchronize_srcu+0x3d0/0x4f8
[ 3291.227135][   T27]  mmu_notifier_unregister+0x320/0x428
[ 3291.234017][   T27]  kvm_put_kvm+0x698/0xbe0
[ 3291.234682][   T27]  kvm_vm_release+0x58/0x78
[ 3291.235179][   T27]  __fput+0x4ac/0x978
[ 3291.235662][   T27]  ____fput+0x20/0x58
[ 3291.236097][   T27]  task_work_run+0x1b8/0x250
[ 3291.236563][   T27]  exit_to_user_mode_loop+0x110/0x188
[ 3291.237019][   T27]  el0_svc+0x17c/0x238
[ 3291.237530][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 3291.238019][   T27]  el0t_64_sync+0x198/0x19c
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 3291.411164][   T27] INFO: task syz.6.75:4630 blocked for more than 430 seconds.
[ 3291.420787][   T27]       Not tainted syzkaller #0
[ 3291.421267][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3291.421564][   T27] task:syz.6.75        state:D stack:0     pid:4630  tgid:4627  ppid:4347   task_flags:0x400040 flags:0x00000011
[ 3291.422341][   T27] Call trace:
[ 3291.422641][   T27]  __switch_to+0x584/0xb00 (T)
[ 3291.423177][   T27]  __schedule+0x200c/0x3428
[ 3291.423692][   T27]  schedule+0xac/0x27c
[ 3291.424174][   T27]  schedule_timeout+0x68/0x1ec
[ 3291.424681][   T27]  do_wait_for_common+0x28c/0x440
[ 3291.425151][   T27]  wait_for_completion+0x44/0x5c
[ 3291.425619][   T27]  __synchronize_srcu+0x2a4/0x320
[ 3291.426132][   T27]  synchronize_srcu+0x3d0/0x4f8
[ 3291.426630][   T27]  mmu_notifier_unregister+0x320/0x428
[ 3291.427137][   T27]  kvm_put_kvm+0x698/0xbe0
[ 3291.427559][   T27]  kvm_vm_release+0x58/0x78
[ 3291.428062][   T27]  __fput+0x4ac/0x978
[ 3291.428516][   T27]  fput_close_sync+0xd0/0x240
[ 3291.428938][   T27]  __arm64_sys_close+0x8c/0x13c
[ 3291.631444][   T27]  invoke_syscall+0x90/0x230
[ 3291.654377][   T27]  el0_svc_common+0x120/0x2f4
[ 3291.655133][   T27]  do_el0_svc+0x58/0x74
[ 3291.655678][   T27]  el0_svc+0x5c/0x238
[ 3291.656196][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 3291.656715][   T27]  el0t_64_sync+0x198/0x19c
[ 3291.657700][   T27] 
[ 3291.657700][   T27] Showing all locks held in the system:
[ 3291.658185][   T27] 1 lock held by khungtaskd/27:
[ 3291.658589][   T27]  #0: ffff800087a86d08 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44
[ 3291.783901][   T27] 3 locks held by kworker/u4:4/50:
[ 3291.784509][   T27] 1 lock held by klogd/3133:
[ 3291.784885][   T27] 1 lock held by dhcpcd/3169:
[ 3291.785196][   T27] 1 lock held by dhcpcd/3170:
[ 3291.785511][   T27] 2 locks held by getty/3200:
[ 3291.785855][   T27]  #0: 0bf00000123628a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 3291.787739][   T27]  #1: f7ff80008c80b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234
[ 3291.987816][   T27] 2 locks held by kworker/u4:2/3234:
[ 3292.010717][   T27]  #0: e9f000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10
[ 3292.013066][   T27]  #1: ffff80008ee27c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10
[ 3292.014826][   T27] 1 lock held by syz-executor/3344:
[ 3292.015165][   T27] 3 locks held by kworker/u4:3/3394:
[ 3292.015489][   T27] 3 locks held by kworker/u4:7/3399:
[ 3292.015850][   T27] 3 locks held by kworker/u4:8/3455:
[ 3292.016698][   T27] 4 locks held by kworker/0:5/3501:
[ 3292.017033][   T27] 2 locks held by kworker/u4:9/3645:
[ 3292.017333][   T27]  #0: e9f000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10
[ 3292.192748][   T27]  #1: ffff80008dfd7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10
[ 3292.287791][   T27] 2 locks held by kworker/u4:0/3972:
[ 3292.302204][   T27] 3 locks held by kworker/u4:6/4349:
[ 3292.302747][   T27] 2 locks held by kworker/u4:14/4374:
[ 3292.303116][   T27] 2 locks held by syz.7.74/4621:
[ 3292.303519][   T27] 2 locks held by modprobe/4797:
[ 3292.304040][   T27] 
[ 3292.304321][   T27] =============================================
[ 3292.304321][   T27] 
[ 3292.305253][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 3292.313270][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 3292.314729][   T27] Hardware name: linux,dummy-virt (DT)
[ 3292.315638][   T27] Call trace:
[ 3292.316488][   T27]  show_stack+0x2c/0x3c (C)
[ 3292.317471][   T27]  __dump_stack+0x30/0x40
[ 3292.318386][   T27]  dump_stack_lvl+0x30/0x12c
[ 3292.319332][   T27]  dump_stack+0x1c/0x28
[ 3292.320266][   T27]  vpanic+0x1d4/0x4e4
[ 3292.321085][   T27]  vpanic+0x0/0x4e4
[ 3292.321869][   T27]  hung_task_panic+0x0/0x2c
[ 3292.322752][   T27]  kthread+0x794/0x99c
[ 3292.323585][   T27]  ret_from_fork+0x10/0x20
[ 3292.325378][   T27] Kernel Offset: disabled
[ 3292.326099][   T27] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f
[ 3292.327165][   T27] Memory Limit: none
[ 3292.329379][   T27] Rebooting in 86400 seconds..