last executing test programs:

1h10m28.217289857s ago: executing program 1 (id=552):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x3, 0x3})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff})
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000280)="d6011813013c360000000000f4ff8000802346cbd98762c7795582ba3948ecff090001000000000000000000040000000100", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x40305828, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0})
r9 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a5a000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000012, [0x140000002, 0x100080001, 0x5, 0x101, 0x11]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r9, 0x0, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x6, 0x6, 0x74, 0x86, 0xdd, 0x3, 0x0, 0x209, 0x6, 0x0, 0x3, 0x5, 0x5, '\x00', 0x1, 0x400000000002})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)
r15 = syz_kvm_vgic_v3_setup(r14, 0x2, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000000)=0x9})
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, <r16=>0xffffffffffffffff, 0x1})
write$eventfd(r16, &(0x7f00000001c0)=0x1, 0x11)

1h10m18.53019178s ago: executing program 1 (id=554):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x15)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000000)={0x6, 0xeeef0000, 0x2, 0xffffffffffffffff, 0xa})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0xa, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x6, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x9, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x400000000002})
r6 = eventfd2(0x1, 0x1)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x40000, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0x80111500, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x930, 0x8, 0x100010, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r9, 0x541b, 0x2000001c)
r10 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94)
r11 = eventfd2(0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0x4020940d, 0x20000000)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000100)={r6, 0x3, 0x2, r6})
ioctl$KVM_SET_GSI_ROUTING(r10, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0x3, 0x2, 0x0, 0x0, @sint={0x2, 0x20005}}]})
write$eventfd(r6, &(0x7f0000000000)=0xb, 0x8)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000140)={0x4, 0x0, [{0x1, 0x2, 0x1, 0x0, @msi={0x5, 0x4ec6}}, {0x9, 0x3, 0x1, 0x0, @irqchip={0x8, 0xd}}, {0x0, 0x0, 0x0, 0x0, @adapter={0x6, 0x8000, 0x2, 0x81, 0xfffffff8}}, {0x0, 0x0, 0x0, 0x0, @msi={0x0, 0x0, 0x0, 0x7fffffff}}]})
write$eventfd(r5, &(0x7f00000001c0)=0x3, 0x50)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r12 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f00000000c0)={0x7, 0x2})
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)

1h10m18.365928911s ago: executing program 0 (id=555):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c0c000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r7, 0x800454e0, 0xc)
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7fff}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, <r13=>0xffffffffffffffff, 0x1})
r14 = ioctl$KVM_CREATE_VM(r13, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r14, 0xb704, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1h10m8.368803455s ago: executing program 1 (id=556):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
eventfd2(0x2, 0x80001) (async)
r2 = eventfd2(0x2, 0x80001)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r0, 0x245, 0x0, r2})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000ae9000/0x400000)=nil) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000ae9000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2e)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0x2, 0x2020000c)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3) (async)
r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3)
syz_kvm_setup_cpu$arm64(r9, r11, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_setup_cpu$arm64(r9, r11, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) (async)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r13, 0x8040aeb6, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000000)=@arm64_fw={0x6030000000140003, &(0x7f00000000c0)=0xfffffffffffffffb})
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000b80)={0x0, 0x0}, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x6)
r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r16, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_GET_ONE_REG(r16, 0x4010aeab, &(0x7f0000000140)=@arm64_ccsidr={0x6020000000110004, 0x0}) (async)
ioctl$KVM_GET_ONE_REG(r16, 0x4010aeab, &(0x7f0000000140)=@arm64_ccsidr={0x6020000000110004, 0x0})
ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000240)=@riscv64_core={0x8030000000200018, &(0x7f00000002c0)=0xc})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000300)=0x9}) (async)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000300)=0x9})

1h10m6.710185292s ago: executing program 0 (id=557):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x80402, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f0000000140)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x7fe, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1f8}}], 0x58}, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xd7)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x2, 0x100)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x3b)
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, 0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000000)={0x1ff, 0x4, 0xffff1000, 0x2000, &(0x7f0000e7a000/0x2000)=nil})

1h9m59.47843124s ago: executing program 0 (id=558):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x22)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100036, &(0x7f0000000000)=0x3bf})

1h9m51.217240861s ago: executing program 0 (id=559):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8a902, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2)
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000008, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000003, [0xa00000000, 0x4, 0x4, 0x9, 0x3]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f0000c73000/0x2000)=nil, 0x930, 0x280000b, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
r12 = eventfd2(0x0, 0x0)
close(r12)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r12, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000100)=@riscv64_smstateen_csr={0x8030000003020000, 0x0})

1h9m49.785978442s ago: executing program 1 (id=560):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f000000f000/0x4000)=nil, r3, 0x7, 0x13, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000000)="0b5d6b5bcf2a4ce4767f8c3b69981270cc5572eea25e50f1fca31477d63d406a41f08e923f665f24912d4daeb8f9b6518bff4d5a039705ed6acb5b5cce1903b7fc961305cbc116f1", 0x0, 0x48)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r3, 0x2, 0x12, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48)

1h9m42.004009068s ago: executing program 1 (id=561):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x40600, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000000)=@other={0x5, &(0x7f0000000240)=0x9})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r5, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x9, 0xfffffffffffffffe, &(0x7f0000000080)=0xfe})
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x930, 0x7, 0x2010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x0, 0x2000002, 0x10, r5, 0x0)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x1}}, @eret={0xe6, 0x18, 0xf}], 0x40}, 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r9, 0x4018aee3, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, 0x0})
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, 0xfffffffffffffffe)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r13, 0x4010aeab, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)

1h9m33.303438999s ago: executing program 0 (id=562):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x210441, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x82800, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x401c5820, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)=0x6})
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x86, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x57cfd999, 0x0, 0x0, 0x3, 0x9, 0x48, '\x00', 0x1, 0x93})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4, <r10=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0xffffffff, 0x80080, 0x0})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r12, 0x40a0ae49, &(0x7f0000000180)={0x5, 0x6fdff59387f1a0f4, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000080)=@arm64_sys={0x603000000013df5d, &(0x7f00000001c0)=0x20000000004})
write$eventfd(r7, &(0x7f00000001c0)=0x3, 0xfdef)

1h9m22.771004778s ago: executing program 0 (id=563):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f0000000080)=[@mrs={0xbe, 0x18, {0x6030000000138032}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x5)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r7, 0x2, 0x12, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000180)="66ae48b21646fe8d3216e9dbe341f0e555d754c47f3d35e4b086d58410f63aead30f8902cfa325aec5fa4d54ef4006953bbb5697cdb0b09c13a661914f7721cbf98149362853d2ee", 0x0, 0x48)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_riscv64=@attr_imsic={0x0, 0x1, 0x400, &(0x7f0000000000)=0x1})
mmap$KVM_VCPU(&(0x7f0000010000/0x4000)=nil, r7, 0x100000a, 0x12, r6, 0x0)

1h9m22.043999989s ago: executing program 1 (id=564):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000009c0)={0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x84000006, [0x4, 0x10000, 0x1, 0x4, 0x101]}}, @uexit={0x0, 0x18, 0x10001}, @code={0xa, 0xcc, {"c02b94d200c0b8f2810080d2220080d2a30180d2c40180d2020000d40000c0ace0b782d200e0b8f2c10080d2220180d2030180d2440180d2020000d4e0818fd20040b0f2210180d2220180d2030080d2c40080d2020000d4008008d5c0da93d20020b0f2010180d2a20180d2e30080d2840080d2020000d40064200e000028d5000880d20080b0f2810180d2e20180d2630180d2a40080d2020000d4a01a9cd200a0b8f2210180d2420080d2a30080d2640080d2020000d4"}}, @memwrite={0x6e, 0x30, @generic={0xe000, 0xd1d, 0x71, 0xc}}, @irq_setup={0x46, 0x18, {0x4, 0x355}}, @eret={0xe6, 0x18, 0x81}, @irq_setup={0x46, 0x18, {0x2, 0x31f}}, @smc={0x1e, 0x40, {0x84000000, [0x7, 0x3, 0x4, 0xdb, 0x4]}}, @eret={0xe6, 0x18, 0x7b8}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x4, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013805d}}, @memwrite={0x6e, 0x30, @generic={0x50000, 0xedf, 0x8000000000000000, 0x1}}, @uexit={0x0, 0x18, 0x6}, @eret={0xe6, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013dea4}}, @irq_setup={0x46, 0x18, {0x3, 0xa7}}, @code={0xa, 0x9c, {"000028d5e09c8bd200e0b8f2a10080d2020080d2e30080d2640080d2020000d40000200b007008d5000008d520dc9cd200a0b0f2010180d2e20180d2230080d2440080d2020000d4008008d5007008d500ab87d20040b0f2a10180d2e20180d2230080d2e40080d2020000d4003395d200e0b8f2e10180d2220080d2630080d2840080d2020000d4"}}, @uexit={0x0, 0x18, 0x9}, @msr={0x14, 0x20, {0x603000000013df11, 0x7fffffffffffffff}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x3c1}}, @code={0xa, 0xcc, {"e0d69dd200a0b0f2410080d2020180d2030180d2c40080d2020000d4007008d500b8a15e000008d500084038000e9ed200e0b0f2210080d2420180d2a30180d2240180d2020000d420a782d20000b8f2e10180d2220180d2430080d2c40180d2020000d480e894d20080b0f2010080d2220080d2630180d2c40180d2020000d4a05094d20000b0f2e10080d2420080d2a30080d2040080d2020000d4007b98d20000b0f2c10080d2020180d2c30080d2840180d2020000d4"}}, @hvc={0x32, 0x40, {0x84008000, [0x8, 0x800, 0xb, 0x10a, 0x1]}}, @irq_setup={0x46, 0x18, {0x3, 0x158}}, @code={0xa, 0x84, {"0000029e030000d4a0829fd20040b8f2210180d2420080d2030080d2440180d2020000d40000802800e4207e000400b8007008d5a0b98ed200c0b0f2e10180d2020080d2630080d2c40080d2020000d480a686d20060b0f2610180d2220080d2830080d2e40180d2020000d40008a038"}}, @code={0xa, 0x6c, {"0000c0ad008008d580f581d20080b8f2c10180d2c20180d2630080d2240080d2020000d40000005c000008d5007008d5008008d5007008d5404187d20040b0f2c10180d2620180d2c30080d2840080d2020000d40030202e"}}, @code={0xa, 0x54, {"007008d5007008d500a8217e000008d50000599ec05b94d200a0b8f2810080d2820080d2230180d2a40180d2020000d4007008d5008008d50068212e007008d5"}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x48}}, @hvc={0x32, 0x40, {0xc4000014, [0x4, 0x1000, 0x6, 0x9, 0x2]}}, @code={0xa, 0xcc, {"a0d183d20080b0f2210080d2420080d2230180d2240080d2020000d4a02389d200c0b8f2c10180d2420180d2a30080d2440080d2020000d4a0ad87d200c0b8f2010180d2c20180d2630080d2a40080d2020000d4203d96d200e0b0f2810080d2420180d2630180d2a40080d2020000d4e03891d20060b0f2410180d2620080d2430080d2040180d2020000d4007008d5000028d580a186d200c0b8f2410080d2020180d2230080d2840080d2020000d40000403a008008d5"}}], 0x764}, &(0x7f0000000a00)=[@featur2={0x1, 0x40}], 0x1)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f0000000a80)=@attr_other={0x0, 0x7, 0x7, &(0x7f0000000a40)=0x9})
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x8000)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dcea, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
ioctl$KVM_CAP_DIRTY_LOG_RING(r5, 0x4068aea3, &(0x7f0000000ac0))
ioctl$KVM_HAS_DEVICE_ATTR_vm(r2, 0x4018aee3, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000040)=0x1})
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100042, &(0x7f00000000c0)=0x1b})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r11 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x14)
r12 = ioctl$KVM_CREATE_GUEST_MEMFD(r11, 0xc040aed4, &(0x7f0000000080)={0x240001fe0000, 0x2})
ioctl$KVM_SET_USER_MEMORY_REGION2(r11, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r12})

1h8m36.819912715s ago: executing program 32 (id=563):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f0000000080)=[@mrs={0xbe, 0x18, {0x6030000000138032}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x5)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r7, 0x2, 0x12, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000180)="66ae48b21646fe8d3216e9dbe341f0e555d754c47f3d35e4b086d58410f63aead30f8902cfa325aec5fa4d54ef4006953bbb5697cdb0b09c13a661914f7721cbf98149362853d2ee", 0x0, 0x48)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_riscv64=@attr_imsic={0x0, 0x1, 0x400, &(0x7f0000000000)=0x1})
mmap$KVM_VCPU(&(0x7f0000010000/0x4000)=nil, r7, 0x100000a, 0x12, r6, 0x0)

1h8m33.539521864s ago: executing program 33 (id=564):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000009c0)={0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x84000006, [0x4, 0x10000, 0x1, 0x4, 0x101]}}, @uexit={0x0, 0x18, 0x10001}, @code={0xa, 0xcc, {"c02b94d200c0b8f2810080d2220080d2a30180d2c40180d2020000d40000c0ace0b782d200e0b8f2c10080d2220180d2030180d2440180d2020000d4e0818fd20040b0f2210180d2220180d2030080d2c40080d2020000d4008008d5c0da93d20020b0f2010180d2a20180d2e30080d2840080d2020000d40064200e000028d5000880d20080b0f2810180d2e20180d2630180d2a40080d2020000d4a01a9cd200a0b8f2210180d2420080d2a30080d2640080d2020000d4"}}, @memwrite={0x6e, 0x30, @generic={0xe000, 0xd1d, 0x71, 0xc}}, @irq_setup={0x46, 0x18, {0x4, 0x355}}, @eret={0xe6, 0x18, 0x81}, @irq_setup={0x46, 0x18, {0x2, 0x31f}}, @smc={0x1e, 0x40, {0x84000000, [0x7, 0x3, 0x4, 0xdb, 0x4]}}, @eret={0xe6, 0x18, 0x7b8}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x4, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013805d}}, @memwrite={0x6e, 0x30, @generic={0x50000, 0xedf, 0x8000000000000000, 0x1}}, @uexit={0x0, 0x18, 0x6}, @eret={0xe6, 0x18, 0x3}, @mrs={0xbe, 0x18, {0x603000000013dea4}}, @irq_setup={0x46, 0x18, {0x3, 0xa7}}, @code={0xa, 0x9c, {"000028d5e09c8bd200e0b8f2a10080d2020080d2e30080d2640080d2020000d40000200b007008d5000008d520dc9cd200a0b0f2010180d2e20180d2230080d2440080d2020000d4008008d5007008d500ab87d20040b0f2a10180d2e20180d2230080d2e40080d2020000d4003395d200e0b8f2e10180d2220080d2630080d2840080d2020000d4"}}, @uexit={0x0, 0x18, 0x9}, @msr={0x14, 0x20, {0x603000000013df11, 0x7fffffffffffffff}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x3c1}}, @code={0xa, 0xcc, {"e0d69dd200a0b0f2410080d2020180d2030180d2c40080d2020000d4007008d500b8a15e000008d500084038000e9ed200e0b0f2210080d2420180d2a30180d2240180d2020000d420a782d20000b8f2e10180d2220180d2430080d2c40180d2020000d480e894d20080b0f2010080d2220080d2630180d2c40180d2020000d4a05094d20000b0f2e10080d2420080d2a30080d2040080d2020000d4007b98d20000b0f2c10080d2020180d2c30080d2840180d2020000d4"}}, @hvc={0x32, 0x40, {0x84008000, [0x8, 0x800, 0xb, 0x10a, 0x1]}}, @irq_setup={0x46, 0x18, {0x3, 0x158}}, @code={0xa, 0x84, {"0000029e030000d4a0829fd20040b8f2210180d2420080d2030080d2440180d2020000d40000802800e4207e000400b8007008d5a0b98ed200c0b0f2e10180d2020080d2630080d2c40080d2020000d480a686d20060b0f2610180d2220080d2830080d2e40180d2020000d40008a038"}}, @code={0xa, 0x6c, {"0000c0ad008008d580f581d20080b8f2c10180d2c20180d2630080d2240080d2020000d40000005c000008d5007008d5008008d5007008d5404187d20040b0f2c10180d2620180d2c30080d2840080d2020000d40030202e"}}, @code={0xa, 0x54, {"007008d5007008d500a8217e000008d50000599ec05b94d200a0b8f2810080d2820080d2230180d2a40180d2020000d4007008d5008008d50068212e007008d5"}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x48}}, @hvc={0x32, 0x40, {0xc4000014, [0x4, 0x1000, 0x6, 0x9, 0x2]}}, @code={0xa, 0xcc, {"a0d183d20080b0f2210080d2420080d2230180d2240080d2020000d4a02389d200c0b8f2c10180d2420180d2a30080d2440080d2020000d4a0ad87d200c0b8f2010180d2c20180d2630080d2a40080d2020000d4203d96d200e0b0f2810080d2420180d2630180d2a40080d2020000d4e03891d20060b0f2410180d2620080d2430080d2040180d2020000d4007008d5000028d580a186d200c0b8f2410080d2020180d2230080d2840080d2020000d40000403a008008d5"}}], 0x764}, &(0x7f0000000a00)=[@featur2={0x1, 0x40}], 0x1)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f0000000a80)=@attr_other={0x0, 0x7, 0x7, &(0x7f0000000a40)=0x9})
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x8000)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dcea, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
ioctl$KVM_CAP_DIRTY_LOG_RING(r5, 0x4068aea3, &(0x7f0000000ac0))
ioctl$KVM_HAS_DEVICE_ATTR_vm(r2, 0x4018aee3, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000040)=0x1})
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100042, &(0x7f00000000c0)=0x1b})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r11 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x14)
r12 = ioctl$KVM_CREATE_GUEST_MEMFD(r11, 0xc040aed4, &(0x7f0000000080)={0x240001fe0000, 0x2})
ioctl$KVM_SET_USER_MEMORY_REGION2(r11, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r12})

41m51.116084121s ago: executing program 3 (id=753):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0x40086602, 0x110ca32000)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r6, 0x400454d0, 0x110c230004)
r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f00000003c0)=[@smc={0x1e, 0x40, {0xef000000, [0x50, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r7, 0x8040ae9f, &(0x7f0000000000)=@arm64)
syz_kvm_vgic_v3_setup(r1, 0x3, 0x60)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

41m35.419743975s ago: executing program 3 (id=754):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
write$eventfd(r1, &(0x7f0000000000), 0xfffffdef)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r2, 0x5452, 0x2000fdfd)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0xe0000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0xc4000003, [0x1000004, 0x100000003, 0x5, 0x101, 0x9]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) (async)
write$eventfd(r1, &(0x7f0000000000), 0xfffffdef) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0x5452, 0x2000fdfd) (async)
openat$kvm(0x0, &(0x7f0000000040), 0xe0000, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0xc4000003, [0x1000004, 0x100000003, 0x5, 0x101, 0x9]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)

41m24.499240844s ago: executing program 3 (id=757):
r0 = mmap$KVM_VCPU(&(0x7f0000dd4000/0x3000)=nil, 0x0, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ff8000/0x8000)=nil, r2, 0x1000000, 0x110, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0, 0xffffffffffffffe9}, 0x0, 0xfffffdf9)
r8 = syz_kvm_vgic_v3_setup(r5, 0xfffffffffffffffe, 0xa0)
close(0xffffffffffffffff)
close(r7)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x1e)
r11 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f00000000c0)={0x4, 0x25000, 0x0, 0xffffffffffffffff, 0x2})
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000140)={0x8000000000000002, 0x100000, 0x2, r11, 0x2})
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r11, 0x3})
close(r8)
close(0x5)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x0, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0xe5)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x7f)

41m14.275526657s ago: executing program 3 (id=759):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xa4, 0x1, 0xb}}], 0x30}, 0x0, 0x0) (async, rerun: 32)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 32)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013c006, &(0x7f0000000280)=0x3}) (async, rerun: 64)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async, rerun: 64)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x9, 0x5, 0x0}) (async)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x23)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x46cc00, 0x0)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x8003, 0x10000000004}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x280) (async)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

41m4.839694326s ago: executing program 3 (id=761):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x101000, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000300)={0x0, &(0x7f0000000000)=[@irq_setup={0x46, 0x18, {0x1, 0x26e}}, @irq_setup={0x46, 0x18, {0x1, 0x57}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0x7, 0x684, 0x6, 0x2}}, @smc={0x1e, 0x40, {0x4000, [0x5eab, 0xffffffff, 0xffffffffffffffff, 0x9, 0x2e1e]}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x0, 0x0, 0x4, 0x2, 0x2}}, @uexit={0x0, 0x18, 0x8}, @msr={0x14, 0x20, {0x7b51, 0x6}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x3000, 0x8000, 0xa}}, @msr={0x14, 0x20, {0x603000000013c602, 0x6}}, @uexit={0x0, 0x18, 0x5}, @code={0xa, 0x84, {"007008d5404498d20020b8f2e10080d2020180d2a30080d2e40180d2020000d4007008d5000008d5402b90d20060b8f2810080d2620180d2230180d2240180d2020000d4007008d5000440f80000ff0d007008d5a02a91d200c0b8f2410080d2020180d2630080d2840080d2020000d4"}}, @code={0xa, 0x6c, {"007008d5000020d4000008d5008008d500c8b07e007008d500a8205e209d85d20060b8f2210180d2a20180d2630180d2840180d2020000d480529dd20040b0f2810180d2820180d2630080d2040080d2020000d40068a038"}}, @irq_setup={0x46, 0x18, {0x2, 0x268}}, @code={0xa, 0x84, {"000008d5003c207ee00300eb0004c03ca0998fd200e0b8f2e10080d2a20180d2c30180d2040180d2020000d4007008d5007008d5603d84d20020b8f2c10080d2620080d2230180d2840080d2020000d4008008d5c02497d200a0b0f2a10180d2820080d2030180d2c40080d2020000d4"}}], 0x2ec}, &(0x7f0000000340)=[@featur2={0x1, 0xf}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101441, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x88)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r2, 0x1000000, 0x11, r3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x72402, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, 0xffffffffffffffff)
ioctl$KVM_CAP_ARM_USER_IRQ(r1, 0x4068aea3, &(0x7f0000000880))
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000007c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @generic={0x58000, 0x118, 0x1, 0x4}}, @msr={0x14, 0x20, {0x603000000013df1a, 0x3d81}}, @eret={0xe6, 0x18, 0x26e1}, @smc={0x1e, 0x40, {0x84000052, [0x10000, 0x7fffffff, 0xff, 0xffffffffffffffff, 0x8ea5]}}, @eret={0xe6, 0x18, 0x41a}, @irq_setup={0x46, 0x18, {0x0, 0x241}}, @svc={0x122, 0x40, {0xf6001073, [0x0, 0x0, 0x1, 0x1, 0x7fffffff]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x58, 0x3f2, 0xe}}, @code={0xa, 0xe4, {"000008d5406a9ad200c0b0f2e10080d2a20180d2030080d2a40180d2020000d4008099d20000b0f2210180d2a20180d2e30080d2640080d2020000d420cf9bd20040b8f2010080d2220180d2030180d2640180d2020000d440d38fd20000b0f2c10080d2220080d2a30180d2c40180d2020000d4a03e9dd20060b8f2810080d2020180d2a30080d2640180d2020000d4e0098dd200e0b8f2c10180d2620180d2230180d2c40080d2020000d4606e9ed20080b0f2c10180d2c20180d2430080d2040180d2020000d4007008d5007008d5"}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0xe, 0x3, 0x247fa319, 0x2}}, @its_setup={0x82, 0x28, {0x8, 0x3, 0x314}}, @svc={0x122, 0x40, {0x2000, [0x1, 0x42, 0x0, 0x3, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x4}}, @eret={0xe6, 0x18, 0x7ff}, @hvc={0x32, 0x40, {0x8400000a, [0x6, 0x5, 0x7, 0x3, 0x6]}}, @irq_setup={0x46, 0x18, {0x4, 0x18a}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x8, 0xd126, 0x3, 0x2}}, @hvc={0x32, 0x40, {0x84000000, [0x0, 0x5, 0x7, 0x5, 0x9]}}], 0x3c4}, &(0x7f0000000800)=[@featur1={0x1, 0x1}], 0x1)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, 0x0})
ioctl$KVM_KVMCLOCK_CTRL(r5, 0xaead)

40m53.258415244s ago: executing program 3 (id=763):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000000)={0x9, 0xa})

40m5.440141856s ago: executing program 34 (id=763):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000000)={0x9, 0xa})

38m20.368573173s ago: executing program 2 (id=775):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x44)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454d8, 0x2)
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a72000/0x400000)=nil) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 64)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100032, &(0x7f0000000100)=0xc5c3}) (rerun: 64)
r6 = openat$kvm(0x0, &(0x7f00000001c0), 0x1f9721, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xd)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x22)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 32)
ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async, rerun: 32)
ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x57fd, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x4, 0xd7, &(0x7f0000000780)=0x100000001})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r11, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3}) (async, rerun: 32)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x8080000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 32)
r12 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x29)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x2}) (async, rerun: 32)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000240)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0x84000011, [0x6, 0x4, 0x5, 0x176c, 0x9]}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x7, 0x4}}, @eret={0xe6, 0x18, 0x1}, @code={0xa, 0x9c, {"809d81d20000b0f2410180d2820080d2c30080d2a40080d2020000d480ee81d20060b8f2410180d2420080d2e30080d2240180d2020000d400a4c00d000008d50080a09ba0789ad20080b8f2a10080d2620180d2430180d2c40080d2020000d4000008d5007008d5601a9ad20020b0f2a10080d2e20180d2230180d2c40180d2020000d40000611e"}}, @hvc={0x32, 0x40, {0x80000002, [0x1ff, 0x7991, 0x308, 0x951c, 0x2]}}, @irq_setup={0x46, 0x18, {0x3, 0x173}}, @svc={0x122, 0x40, {0x84000050, [0x8, 0x6, 0x6, 0x101, 0xfff]}}, @code={0xa, 0x6c, {"0020000d002583d20040b0f2410080d2620180d2c30080d2440080d2020000d4000028d5006c200e00008052007008d5000020eb000008d5008d85d20020b8f2610180d2820080d2830080d2c40080d2020000d40080200d"}}, @mrs={0xbe, 0x18, {0x603000000013e72a}}, @eret={0xe6, 0x18, 0x2}, @irq_setup={0x46, 0x18, {0x4, 0x1e8}}, @eret={0xe6, 0x18, 0x10000}, @irq_setup={0x46, 0x18, {0x2, 0x2a6}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x24, 0x180000, 0x3}}, @eret={0xe6, 0x18, 0x8000000000000001}, @eret={0xe6, 0x18, 0x1}, @code={0xa, 0xb4, {"007008d5000008d5007008d500168fd20020b8f2410080d2a20180d2230080d2640080d2020000d400a0800d0080400c20f483d200c0b0f2810180d2420080d2030080d2640180d2020000d4209f96d20020b0f2610080d2e20180d2c30180d2840180d2020000d480d994d20020b8f2e10180d2220080d2230180d2440080d2020000d4c05089d20040b0f2e10080d2420180d2a30080d2e40080d2020000d4"}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x39d}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8, 0xe2, 0x1}}, @smc={0x1e, 0x40, {0x80000001, [0x0, 0x7ff, 0x5, 0x0, 0x3]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x2}}, @eret={0xe6, 0x18, 0x8}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0xcfd, 0x2}}], 0x4d4}, 0x0, 0x0) (async, rerun: 32)
r13 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)

38m12.01785926s ago: executing program 2 (id=776):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xd0102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26)
syz_kvm_vgic_v3_setup(r2, 0x11, 0x2f0)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000280)=@attr_other={0x0, 0x4, 0x6, 0x0})
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f0000000200)=[@msr={0x14, 0x20, {0x6030000000138055, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013c010, 0xb}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = eventfd2(0x5, 0x800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x8, 0x30000, 0x2, r9, 0xf})
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f00000000c0)={0x8100000008000800, 0x0, 0x0, r9, 0x2})
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x0, r9, 0x2})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x42002, 0x0)
openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffffffffffffc)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
r12 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r11, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd940000c2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c8ad3e5952305abf0", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c41000/0x3000)=nil, 0x930, 0x280000b, 0x2010, 0xffffffffffffffff, 0x0)

38m0.318010485s ago: executing program 2 (id=777):
mmap$KVM_VCPU(&(0x7f0000008000/0x1000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
mmap$KVM_VCPU(&(0x7f0000dc3000/0x2000)=nil, 0x930, 0x0, 0x28131, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r4 = eventfd2(0x0, 0x0)
close(r4)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@riscv64_smstateen_csr={0x8030000003020000, 0x0})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)

37m50.957645848s ago: executing program 2 (id=778):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x180, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000)
close(r5) (async)
ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r7, 0x541b, 0x20)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r9, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r9, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_GUEST_MEMFD(r11, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
ioctl$KVM_SET_USER_MEMORY_REGION2(r11, 0x40a0ae49, &(0x7f0000000080)={0x0, 0x4, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil, 0x1000010000000, r12})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, 0xfffffffffffffffe)

37m39.797617429s ago: executing program 2 (id=779):
r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, r1, 0x2800002, 0x4010, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, r1, 0x2800002, 0x4010, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}], 0x28}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r1, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000013000/0x400000)=nil) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000013000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (rerun: 64)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfd000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000180)=@arm64_sys={0x603000000013d801, &(0x7f0000000000)=0x1})
syz_kvm_vgic_v3_setup(r3, 0x1, 0x3a0)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

37m22.78364182s ago: executing program 2 (id=780):
openat$kvm(0x0, &(0x7f0000000040), 0x4000, 0x0)
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = openat$kvm(0x0, &(0x7f0000000000), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x4, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f00000000c0)})
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xa)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bc5000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0x1, 0x401}})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000000c0)={0x65, 0x5}})
ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f0000000080)={[0x2, 0x9, 0x7fff, 0x6f, 0x3, 0x401, 0x5, 0x6, 0x4, 0x1, 0x7, 0x5, 0x3, 0x7f, 0x7, 0x8e8], 0x40000, 0x48080})

36m35.088199641s ago: executing program 35 (id=780):
openat$kvm(0x0, &(0x7f0000000040), 0x4000, 0x0)
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = openat$kvm(0x0, &(0x7f0000000000), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x4, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f00000000c0)})
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xa)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bc5000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0x1, 0x401}})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000000c0)={0x65, 0x5}})
ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f0000000080)={[0x2, 0x9, 0x7fff, 0x6f, 0x3, 0x401, 0x5, 0x6, 0x4, 0x1, 0x7, 0x5, 0x3, 0x7f, 0x7, 0x8e8], 0x40000, 0x48080})

30m32.00055936s ago: executing program 4 (id=790):
r0 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
eventfd2(0xfffff800, 0x80000)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2000000000000000)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000240)={0x2, 0x0, [{0x2f15, 0x5, 0x0, 0x0, @sint={0x1, 0x8}}, {0x8, 0x5, 0x1, 0x0, @irqchip={0x2, 0x6d}}]})
openat$kvm(0xffffffffffffff9c, 0x0, 0x141201, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0)
r11 = eventfd2(0x0, 0x80801)
close(r11)
openat$kvm(0xffffff9c, &(0x7f0000000000), 0x1e5b32, 0x1f01)
write$eventfd(r11, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)

30m7.727301249s ago: executing program 4 (id=791):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r2, 0x4208ae9b, &(0x7f0000000240)={0x0, 0x0, {[0x94f, 0x6, 0x1ff, 0x7, 0x0, 0x9, 0x5, 0x3, 0x400, 0x1, 0x1, 0x7fff, 0x7, 0x1, 0x0, 0x91df], [0x101, 0x10001, 0x100000001, 0x3, 0xf, 0x80000000, 0x1000, 0x9, 0x9, 0x5, 0x7, 0x400, 0x8, 0x7, 0x1, 0x1], [0x6, 0x10001, 0x1, 0x5, 0x0, 0x6, 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x534e, 0x5, 0x4, 0x8, 0x100000001, 0x2], [0x9, 0x0, 0x4, 0x5, 0x12fa, 0x800, 0x8, 0xf50, 0x3, 0x8000000000000001, 0xfffffffffffffff9, 0x4, 0x9, 0x7, 0x8, 0x8]}})
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

29m54.368692324s ago: executing program 4 (id=792):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x1, 0x2, 0x0})
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x3, 0x0, 0x173}}, @uexit={0x0, 0x0, 0xe0e}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x4, 0x40)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8})
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2000000000, 0x2, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x1}}], 0x50}, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r10=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x86, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x57cfd999, 0x0, 0x0, 0x3, 0x9, 0x48, '\x00', 0x1, 0x93})
write$eventfd(r10, &(0x7f00000001c0)=0x3, 0xfdef)
r11 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x40)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000b80)={0x0, 0x0}, 0x0, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r15, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x8}})
ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000000)=@arm64_core={0x6030000000100006, &(0x7f0000000100)=0x8d0a})
close(0xffffffffffffffff)

29m33.85891293s ago: executing program 5 (id=781):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000000c0)={0xffffffffffffffff, 0xc8, 0x2}) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000000c0)={0xffffffffffffffff, 0xc8, 0x2})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x9, 0x6, 0x6, 0x6, 0x74, 0x86, 0xdd, 0x68, 0x0, 0x209, 0x0, 0x0, 0x3, 0x5, 0x5, '\x00', 0x1, 0x400000000002}) (async)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x9, 0x6, 0x6, 0x6, 0x74, 0x86, 0xdd, 0x68, 0x0, 0x209, 0x0, 0x0, 0x3, 0x5, 0x5, '\x00', 0x1, 0x400000000002})
r3 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2c)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x6030000000100034, &(0x7f0000000140)=0x9}) (async)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x6030000000100034, &(0x7f0000000140)=0x9})
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000002c0)={0x5, 0x0, [{0x1, 0x1, 0x0, 0x0, @adapter={0x8000000000000001, 0x2, 0x202, 0xfffffff9, 0xf}}, {0x9, 0x3, 0x1, 0x0, @irqchip={0xffffffff, 0xd2}}, {0xfffffffe, 0x0, 0x0, 0x0, @msi={0x82}}, {0x0, 0x0, 0x1, 0x0, @adapter={0x5, 0x5, 0x80, 0x7f, 0xb2c}}, {0xfffffffd, 0x5, 0x1, 0x0, @msi={0x1, 0x1, 0x1, 0x9}}]})
write$eventfd(r2, &(0x7f00000001c0)=0x3, 0x50) (async)
write$eventfd(r2, &(0x7f00000001c0)=0x3, 0x50)
openat$kvm(0x0, &(0x7f0000000040), 0x20200, 0x0) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x20200, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r9, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) (async)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ebf000/0x1000)=nil, r9, 0xa, 0x1c013, r12, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r14, 0xc018aec0, &(0x7f0000000280)={0xb})
r15 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x0) (async)
r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x0)
syz_kvm_vgic_v3_setup(r15, 0x3, 0x340)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94) (async)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94)
eventfd2(0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x4020940d, 0x38)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r16, 0x4018aee1, &(0x7f0000000240)=@attr_irq_timer={0x0, 0x1, 0x435d278e9d37e2af, &(0x7f0000000200)=0x15})

29m29.641054443s ago: executing program 4 (id=793):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x4})
syz_kvm_vgic_v3_setup(r3, 0x4, 0x360)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000000)={0x4})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000300)=[@featur2={0x1, 0x2}], 0x1)
syz_kvm_setup_cpu$arm64(r1, r5, &(0x7f0000bfd000/0x400000)=nil, &(0x7f00000000c0)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x2}], 0x1)

29m10.491512427s ago: executing program 4 (id=794):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r4 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0) (async, rerun: 64)
ioctl$KVM_CREATE_DEVICE(r3, 0xc018aec0, &(0x7f00000000c0)={0x6, 0xffffffffffffffff, 0x1}) (async, rerun: 64)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
write$eventfd(r7, &(0x7f00000001c0)=0x8100000001, 0x51a8) (async)
r8 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x2, 0x80000, 0x7, 0x0, 0xdc}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async, rerun: 64)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff}) (rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r11 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000040)={0x0, &(0x7f0000000240)=[@eret={0xe6, 0x18, 0x20}, @msr={0x14, 0x20, {0x603000000013deaa, 0x40}}, @hvc={0x32, 0x40, {0x8400000c, [0xc, 0x6, 0x1, 0x6, 0x7]}}, @smc={0x1e, 0x40, {0xc4000012, [0xfffffffffffffbff, 0x5, 0x10, 0x8, 0xd7]}}, @eret={0xe6, 0x18}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x4, 0xb, 0x1, 0x7, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0xe, 0xfffffffe, 0x2, 0x3}}, @uexit={0x0, 0x18, 0x3}, @code={0xa, 0x9c, {"e05092d200a0b0f2410180d2020080d2e30080d2a40080d2020000d4007008d560469fd20060b0f2c10080d2e20180d2030180d2c40180d2020000d40010c05a000028d5e0030032e0a28ad20080b0f2810080d2c20080d2e30080d2e40180d2020000d4008008d5000008d500889dd20060b0f2410080d2420080d2830080d2a40180d2020000d4"}}, @svc={0x122, 0x40, {0x80007fff, [0x4, 0xa, 0xbbb, 0xffffffffffffffbc, 0xff]}}, @svc={0x122, 0x40, {0x84000003, [0xf, 0x5c67, 0xfff, 0xbd9, 0x8]}}, @irq_setup={0x46, 0x18, {0x2, 0x20f}}, @eret={0xe6, 0x18, 0x3}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8}}, @hvc={0x32, 0x40, {0xc4000005, [0x9c, 0x8, 0xa3, 0x6d23, 0x9]}}], 0x2f4}, &(0x7f0000000540)=[@featur2={0x1, 0x88}], 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r11, 0xc040aed5, &(0x7f0000000580)={0x2000, 0x105000})
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2) (async, rerun: 32)
r15 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x380000a, 0x4000010, r9, 0x0) (rerun: 32)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f0000000380)="f30149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a3ff7fbc51869be2e2e0000000000000f000000000000000001000000000000000000000000000e00", 0x0, 0x34) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r14, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x64c542, 0x0) (async, rerun: 64)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6) (async, rerun: 64)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000005c0), 0x10301, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

29m8.618059526s ago: executing program 5 (id=795):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
r12 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
r13 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000280)="d6011813013c360000000000f4ff8000802346cbd98762c7795582ba3948ecff090001000000000000000000040000000100", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x40305828, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0})
r14 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
ioctl$KVM_SET_DEVICE_ATTR_vm(r14, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0xc82, 0xe87, &(0x7f0000000000)=0x7})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x40305828, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0})
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0x6, 0x4, &(0x7f00000000c0)})

28m55.826350116s ago: executing program 4 (id=796):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x82fc, 0x0, 0x4000, 0x1000, &(0x7f0000f15000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x0, 0xeeee0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})

28m20.280126193s ago: executing program 36 (id=795):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
r12 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
r13 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000280)="d6011813013c360000000000f4ff8000802346cbd98762c7795582ba3948ecff090001000000000000000000040000000100", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x40305828, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0})
r14 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
ioctl$KVM_SET_DEVICE_ATTR_vm(r14, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0xc82, 0xe87, &(0x7f0000000000)=0x7})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x40305828, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0})
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0x6, 0x4, &(0x7f00000000c0)})

28m7.038969094s ago: executing program 37 (id=796):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x82fc, 0x0, 0x4000, 0x1000, &(0x7f0000f15000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x0, 0xeeee0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})

19m46.918320567s ago: executing program 7 (id=799):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x2, 0x80})
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000240)=@arm64_extra={0x603000000013c023, &(0x7f0000000200)=0x84})

19m32.435881027s ago: executing program 6 (id=800):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_vgic_v3_setup(r3, 0x4, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x5})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r5, 0x401054d5, 0x110c23001e)

19m28.400415247s ago: executing program 7 (id=801):
openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x1000000}) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x1000000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xc0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000036000/0x2000)=nil, r6, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, 0x0, 0x22200, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) (async)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
r8 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r7, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xe2a00, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x8, 0x1}})
ioctl$KVM_CREATE_VM(r9, 0x5452, 0x2000fdfd) (async)
ioctl$KVM_CREATE_VM(r9, 0x5452, 0x2000fdfd)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x2001, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async)
r13 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r13, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, r13, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)

19m10.25978599s ago: executing program 6 (id=802):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x212000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xfc)

19m5.0678978s ago: executing program 7 (id=803):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f000080b000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000140)=[@its_setup={0x82, 0x28, {0x1, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
r7 = syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000000)=0x8})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000280)=0x1})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f00000000c0)={0x10200, 0x2, 0xeeee8000, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x7f, r1})
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f000080b000/0x400000)=nil) (async)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000140)=[@its_setup={0x82, 0x28, {0x1, 0x2, 0x1}}], 0x28}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000000)=0x8}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000280)=0x1}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f00000000c0)={0x10200, 0x2, 0xeeee8000, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x7f, r1}) (async)

18m55.673540651s ago: executing program 6 (id=804):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=[@featur1={0x1, 0x9}], 0x1) (async)
syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=[@featur1={0x1, 0x9}], 0x1)
r3 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x0)
ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x2000000008}) (async)
ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x2000000008})
r4 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})

18m43.742045511s ago: executing program 7 (id=805):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32)
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) (rerun: 32)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bc2000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140002, &(0x7f0000000000)=0x5}) (async)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xa) (async, rerun: 32)
r9 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (rerun: 32)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r9, 0x4208ae9b, 0xffffffffffffffff)

18m36.935681475s ago: executing program 6 (id=806):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r3, 0x2, 0x12, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000030000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48)

18m24.641221723s ago: executing program 7 (id=807):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c0c000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r3, 0x894c, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x6})
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x7, 0xb, 0x89, 0x0, 0x7, 0xa, 0x20, 0x8, 0x2, 0x7, 0x1, 0x7, 0x0, 0x1000081, 0x81, 0x0, 0x5, 0x1, 0xb1, '\x00', 0xff, 0x3})
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x5000, 0x12000, 0x81})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
close(r6)
r9 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_DIRTY_TLB(0xffffffffffffffff, 0x4010aeaa, &(0x7f00000000c0)={0x3765, 0x3})
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, &(0x7f0000000040)}, &(0x7f0000000080)=[@featur2={0x1, 0xa}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0xb, 0x30d2a4fbfbfad6b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x20000, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)

18m19.039823403s ago: executing program 6 (id=808):
openat$kvm(0x0, &(0x7f0000000000), 0x139201, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000)
write$eventfd(r0, &(0x7f0000000000), 0xfffffdef)
openat$kvm(0xffffffffffffff9c, 0x0, 0x722601, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x100, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
r5 = eventfd2(0x0, 0x0)
close(r5)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r5, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={r5, 0xc9, 0x0, r5})
r6 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x29)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000040)={0xdddd1000, 0x8000})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3038c1, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r8, 0x400454e2, 0x400200010130)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

17m57.567462614s ago: executing program 7 (id=809):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
r2 = eventfd2(0x7, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x220)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_riscv64=@attr_aplic={0x0, 0x1, @any=0x3, &(0x7f0000000200)}) (async)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000001c0)={0x1, 0x1, 0xeeee8000, 0x1000, &(0x7f0000f95000/0x1000)=nil}) (async, rerun: 64)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000100)={0xc, 0x26000, 0x4, r2}) (async, rerun: 64)
ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x1}) (async, rerun: 32)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (rerun: 32)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x3a0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8})
syz_kvm_vgic_v3_setup(r7, 0x3, 0x40) (async)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x22)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) (async)
r11 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000f8c000/0x4000)=nil, r10, 0x1000002, 0x16832, r11, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, &(0x7f0000000000)=@arm64={0xa9, 0xc0, 0x7, '\x00', 0x3})

17m54.655414543s ago: executing program 6 (id=810):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x1000}) (async)
write$eventfd(0xffffffffffffffff, &(0x7f0000000080)=0x9, 0x8)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f00000000c0)={0xa8, 0x0, 0x3})
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000140)={0x10002, 0x0, &(0x7f0000ffb000/0x5000)=nil}) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x2}) (async, rerun: 32)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1a) (rerun: 32)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0xeeee8000, 0xeeeb0000, 0x2, 0x0, 0x76}) (async)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000700)={0x0, &(0x7f0000000240)=[@irq_setup={0x46, 0x18, {0x4, 0x359}}, @svc={0x122, 0x40, {0x84000053, [0xb5, 0x100000001, 0x645, 0x5, 0x7]}}, @irq_setup={0x46, 0x18, {0x1, 0x268}}, @uexit={0x0, 0x18}, @code={0xa, 0x6c, {"0084006f007008d5a0fd89d200c0b8f2010180d2a20180d2830080d2040180d2020000d4007008d500f8b07e402594d20040b0f2410180d2e20080d2630080d2c40080d2020000d400d0005f007008d50000003c0080df0c"}}, @irq_setup={0x46, 0x18, {0x1, 0x397}}, @eret={0xe6, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013c524}}, @msr={0x14, 0x20, {0x603000000013c101}}, @svc={0x122, 0x40, {0x84000006, [0x7, 0x3, 0x4, 0xce56, 0x3]}}, @msr={0x14, 0x20, {0x603000000013c009}}, @smc={0x1e, 0x40, {0x208, [0x3, 0x260, 0x8000000000000000, 0x1, 0x4]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x2, 0xa, 0x6, 0x1, 0x4}}, @irq_setup={0x46, 0x18, {0x0, 0x155}}, @smc={0x1e, 0x40, {0xfb0000d0, [0x3, 0x7, 0xff, 0x4, 0x4edd]}}, @mrs={0xbe, 0x18, {0x603000000013df49}}, @irq_setup={0x46, 0x18, {0x0, 0x2ed}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x5, 0xffffff7f, 0x34d}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0xee1, 0x400, 0xb}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x3, 0x6, 0xe, 0xfffffff9, 0x3}}, @hvc={0x32, 0x40, {0x10, [0xfff, 0x4, 0x4, 0x1, 0x4]}}, @smc={0x1e, 0x40, {0x1b, [0xd73, 0x0, 0x4, 0x401, 0x2]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0xd, 0x5, 0x0, 0x1}}, @hvc={0x32, 0x40, {0x32000000, [0x3, 0x6, 0x3, 0xfff, 0x5]}}, @code={0xa, 0x84, {"00a4ff0d000cc038000008d5200680d20060b0f2810180d2a20180d2830080d2a40080d2020000d40098210e007008d5205195d200e0b0f2410180d2820080d2c30080d2c40080d2020000d4e06199d200c0b0f2010180d2020180d2030080d2840080d2020000d4007008d5008008d5"}}, @irq_setup={0x46, 0x18, {0x0, 0x174}}], 0x4b0}, &(0x7f0000000740), 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000780)=@x86={0x2a, 0xc, 0x5, 0x0, 0xa, 0x7, 0x4, 0x3, 0x7f, 0x4, 0x3f, 0x80, 0x0, 0x3, 0x1, 0x6, 0x7, 0xfc, 0x8, '\x00', 0x7}) (async, rerun: 32)
ioctl$KVM_SET_REGS(r2, 0x4360ae82, &(0x7f00000007c0)={[0xfffffffffffffe01, 0x5, 0x0, 0x1, 0x1, 0x5, 0xfff, 0x2, 0x4, 0x0, 0x9, 0x1, 0x4, 0x0, 0x10000, 0x4f319d41], 0xeeee8000}) (async, rerun: 32)
ioctl$KVM_SET_SREGS(r2, 0x4000ae84, &(0x7f0000000880)={{0x5000, 0x0, 0xa, 0x1, 0x1, 0x3, 0x7f, 0x2, 0x6, 0x7, 0x9, 0x9}, {0xeeef0000, 0x8080000, 0x4, 0x3, 0x8, 0xbc, 0x7, 0x8, 0x5, 0x80, 0x9d, 0x1}, {0x26000, 0xfec00000, 0x0, 0x2, 0x3, 0x0, 0x4, 0xff, 0x51, 0x6, 0x4, 0x8}, {0x10000, 0x7000, 0xd, 0x5, 0x9, 0x1, 0xf, 0x79, 0x99, 0xd, 0x4, 0x9}, {0x58000, 0x2000, 0x3, 0x0, 0x2, 0x1, 0x2, 0x4, 0x5, 0x76, 0x6, 0xd7}, {0x2000, 0x8080000, 0x9, 0xe, 0x7, 0x9, 0x5, 0x5c, 0x4, 0x34, 0x0, 0x6}, {0xeeef0000, 0x0, 0x9, 0x6, 0x72, 0x18, 0xf, 0x3, 0x8, 0xf0, 0x3}, {0x200000, 0x1, 0xf, 0x80, 0xf4, 0x15, 0xe, 0x1, 0x6, 0x81, 0x4, 0x2}, {0xdddd1000, 0x5}, {0x4, 0x1ff}, 0x20000000, 0x0, 0xd000, 0x4000, 0x9, 0x6b00, 0x7000, [0x7, 0x8000, 0xfffffffffffff063, 0x21b]}) (async)
r3 = eventfd2(0x1, 0x80800)
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f00000009c0)={r3, 0x9, 0x1, r1}) (async)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a00), 0x300, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x4) (async)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000a40)) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000a80)={0x7, 0xf000, 0x4, r3, 0x4})
r6 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000000ac0)={0x7, 0x5}) (async)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000b00)={0x2, 0x0, [{0x47a, 0x3, 0x1, 0x0, @irqchip={0x6, 0x68}}, {0xff6c, 0x4, 0x0, 0x0, @irqchip={0x4, 0x2}}]}) (async)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x36b1) (async)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0xd)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r8, 0x4010aeb5, &(0x7f0000000b80)={0x9, 0x4bb4}) (async)
r9 = eventfd2(0x7, 0x80800)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000bc0)={r3, 0x7, 0x0, r9})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000c00)={0xfffffffffffffff2, 0x70000, 0x2, 0xffffffffffffffff, 0xc}) (async)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000c40)={0x8, 0x5})

17m9.642154357s ago: executing program 38 (id=809):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
r2 = eventfd2(0x7, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x220)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_riscv64=@attr_aplic={0x0, 0x1, @any=0x3, &(0x7f0000000200)}) (async)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000001c0)={0x1, 0x1, 0xeeee8000, 0x1000, &(0x7f0000f95000/0x1000)=nil}) (async, rerun: 64)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000100)={0xc, 0x26000, 0x4, r2}) (async, rerun: 64)
ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x1}) (async, rerun: 32)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (rerun: 32)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x3a0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8})
syz_kvm_vgic_v3_setup(r7, 0x3, 0x40) (async)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x22)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) (async)
r11 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000f8c000/0x4000)=nil, r10, 0x1000002, 0x16832, r11, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, &(0x7f0000000000)=@arm64={0xa9, 0xc0, 0x7, '\x00', 0x3})

17m1.262305561s ago: executing program 39 (id=810):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x1000}) (async)
write$eventfd(0xffffffffffffffff, &(0x7f0000000080)=0x9, 0x8)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f00000000c0)={0xa8, 0x0, 0x3})
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000140)={0x10002, 0x0, &(0x7f0000ffb000/0x5000)=nil}) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x2}) (async, rerun: 32)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1a) (rerun: 32)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0xeeee8000, 0xeeeb0000, 0x2, 0x0, 0x76}) (async)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000700)={0x0, &(0x7f0000000240)=[@irq_setup={0x46, 0x18, {0x4, 0x359}}, @svc={0x122, 0x40, {0x84000053, [0xb5, 0x100000001, 0x645, 0x5, 0x7]}}, @irq_setup={0x46, 0x18, {0x1, 0x268}}, @uexit={0x0, 0x18}, @code={0xa, 0x6c, {"0084006f007008d5a0fd89d200c0b8f2010180d2a20180d2830080d2040180d2020000d4007008d500f8b07e402594d20040b0f2410180d2e20080d2630080d2c40080d2020000d400d0005f007008d50000003c0080df0c"}}, @irq_setup={0x46, 0x18, {0x1, 0x397}}, @eret={0xe6, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013c524}}, @msr={0x14, 0x20, {0x603000000013c101}}, @svc={0x122, 0x40, {0x84000006, [0x7, 0x3, 0x4, 0xce56, 0x3]}}, @msr={0x14, 0x20, {0x603000000013c009}}, @smc={0x1e, 0x40, {0x208, [0x3, 0x260, 0x8000000000000000, 0x1, 0x4]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x2, 0xa, 0x6, 0x1, 0x4}}, @irq_setup={0x46, 0x18, {0x0, 0x155}}, @smc={0x1e, 0x40, {0xfb0000d0, [0x3, 0x7, 0xff, 0x4, 0x4edd]}}, @mrs={0xbe, 0x18, {0x603000000013df49}}, @irq_setup={0x46, 0x18, {0x0, 0x2ed}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x5, 0xffffff7f, 0x34d}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0xee1, 0x400, 0xb}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x3, 0x6, 0xe, 0xfffffff9, 0x3}}, @hvc={0x32, 0x40, {0x10, [0xfff, 0x4, 0x4, 0x1, 0x4]}}, @smc={0x1e, 0x40, {0x1b, [0xd73, 0x0, 0x4, 0x401, 0x2]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0xd, 0x5, 0x0, 0x1}}, @hvc={0x32, 0x40, {0x32000000, [0x3, 0x6, 0x3, 0xfff, 0x5]}}, @code={0xa, 0x84, {"00a4ff0d000cc038000008d5200680d20060b0f2810180d2a20180d2830080d2a40080d2020000d40098210e007008d5205195d200e0b0f2410180d2820080d2c30080d2c40080d2020000d4e06199d200c0b0f2010180d2020180d2030080d2840080d2020000d4007008d5008008d5"}}, @irq_setup={0x46, 0x18, {0x0, 0x174}}], 0x4b0}, &(0x7f0000000740), 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000780)=@x86={0x2a, 0xc, 0x5, 0x0, 0xa, 0x7, 0x4, 0x3, 0x7f, 0x4, 0x3f, 0x80, 0x0, 0x3, 0x1, 0x6, 0x7, 0xfc, 0x8, '\x00', 0x7}) (async, rerun: 32)
ioctl$KVM_SET_REGS(r2, 0x4360ae82, &(0x7f00000007c0)={[0xfffffffffffffe01, 0x5, 0x0, 0x1, 0x1, 0x5, 0xfff, 0x2, 0x4, 0x0, 0x9, 0x1, 0x4, 0x0, 0x10000, 0x4f319d41], 0xeeee8000}) (async, rerun: 32)
ioctl$KVM_SET_SREGS(r2, 0x4000ae84, &(0x7f0000000880)={{0x5000, 0x0, 0xa, 0x1, 0x1, 0x3, 0x7f, 0x2, 0x6, 0x7, 0x9, 0x9}, {0xeeef0000, 0x8080000, 0x4, 0x3, 0x8, 0xbc, 0x7, 0x8, 0x5, 0x80, 0x9d, 0x1}, {0x26000, 0xfec00000, 0x0, 0x2, 0x3, 0x0, 0x4, 0xff, 0x51, 0x6, 0x4, 0x8}, {0x10000, 0x7000, 0xd, 0x5, 0x9, 0x1, 0xf, 0x79, 0x99, 0xd, 0x4, 0x9}, {0x58000, 0x2000, 0x3, 0x0, 0x2, 0x1, 0x2, 0x4, 0x5, 0x76, 0x6, 0xd7}, {0x2000, 0x8080000, 0x9, 0xe, 0x7, 0x9, 0x5, 0x5c, 0x4, 0x34, 0x0, 0x6}, {0xeeef0000, 0x0, 0x9, 0x6, 0x72, 0x18, 0xf, 0x3, 0x8, 0xf0, 0x3}, {0x200000, 0x1, 0xf, 0x80, 0xf4, 0x15, 0xe, 0x1, 0x6, 0x81, 0x4, 0x2}, {0xdddd1000, 0x5}, {0x4, 0x1ff}, 0x20000000, 0x0, 0xd000, 0x4000, 0x9, 0x6b00, 0x7000, [0x7, 0x8000, 0xfffffffffffff063, 0x21b]}) (async)
r3 = eventfd2(0x1, 0x80800)
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f00000009c0)={r3, 0x9, 0x1, r1}) (async)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a00), 0x300, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x4) (async)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000a40)) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000a80)={0x7, 0xf000, 0x4, r3, 0x4})
r6 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000000ac0)={0x7, 0x5}) (async)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000b00)={0x2, 0x0, [{0x47a, 0x3, 0x1, 0x0, @irqchip={0x6, 0x68}}, {0xff6c, 0x4, 0x0, 0x0, @irqchip={0x4, 0x2}}]}) (async)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x36b1) (async)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0xd)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r8, 0x4010aeb5, &(0x7f0000000b80)={0x9, 0x4bb4}) (async)
r9 = eventfd2(0x7, 0x80800)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000bc0)={r3, 0x7, 0x0, r9})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000c00)={0xfffffffffffffff2, 0x70000, 0x2, 0xffffffffffffffff, 0xc}) (async)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000c40)={0x8, 0x5})

3m12.388533108s ago: executing program 8 (id=830):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xfffffffffffffffe)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x0, 0x0, 0x20010, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

2m45.945683528s ago: executing program 9 (id=831):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0, 0xfffffea8}, &(0x7f0000000040)=[@featur2={0x1, 0x1}], 0x1)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_bitmap={0x6030000000160002, &(0x7f00000000c0)=0x6}) (async)
ioctl$KVM_S390_VCPU_FAULT(r3, 0x4008ae52, &(0x7f0000000000)=0x6)

2m45.47917551s ago: executing program 8 (id=832):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc9, 0x3})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4030582b, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)={0x53cb, 0x1000, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x57fd, 0x2}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000003c0)=[@svc={0x122, 0x40, {0x0, [0x5253, 0xfffffffffffffffc, 0x3, 0x25, 0xfffffffffffffffe]}}, @msr={0x14, 0x20, {0x603000000013c65f, 0xf}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x1de}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x3d4}}, @svc={0x122, 0x40, {0x5c, [0xff, 0x84, 0x1, 0x6a, 0x8001]}}, @svc={0x122, 0x40, {0xc4000014, [0x3, 0x4, 0x4df, 0x8, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013c2a9}}, @smc={0x1e, 0x40, {0x80000000, [0xa, 0x3, 0x9, 0x0, 0x4]}}, @msr={0x14, 0x20, {0x603000000013c015, 0x8}}, @code={0xa, 0x9c, {"400598d20060b0f2610180d2220080d2a30180d2e40180d2020000d400001fd600fca00e0060c00c00358bd200e0b8f2e10080d2c20080d2230080d2040080d2020000d40000651e00fca05e20db88d20000b0f2810080d2020180d2e30080d2040080d2020000d4e0cb99d200c0b8f2e10080d2420180d2430180d2840180d2020000d40098207e"}}, @smc={0x1e, 0x40, {0x2, [0x5, 0x4, 0x8, 0x1, 0x6]}}, @smc={0x1e, 0x40, {0xc4000003, [0x100000001, 0x9, 0x1, 0x8, 0x100000000]}}, @irq_setup={0x46, 0x18, {0x1, 0x1e5}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0xf8, 0x9}}, @smc={0x1e, 0x40, {0xc400000c, [0x6, 0xdd, 0x9, 0x1, 0x9]}}, @svc={0x122, 0x40, {0x8600002f, [0x5, 0xfa4, 0x6, 0x5, 0x8]}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x17}}, @hvc={0x32, 0x40, {0x40000005, [0x8, 0xc946, 0x40, 0xdb32, 0x5b11]}}, @code={0xa, 0x6c, {"007c209b007008d5007008d5a0e68dd20040b8f2e10080d2020180d2430080d2e40080d2020000d400d0000f0008202e005c202e0040200d20039bd20020b8f2c10180d2c20080d2030180d2640180d2020000d40000bf0d"}}, @uexit={0x0, 0x18, 0x5}, @irq_setup={0x46, 0x18, {0x4, 0x2ad}}, @memwrite={0x6e, 0x30, @generic={0x60000, 0x22b, 0x9, 0x4}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x232}}, @eret={0xe6, 0x18, 0x1}, @code={0xa, 0xb4, {"e0ed95d20020b8f2610080d2620180d2c30180d2440180d2020000d4007008d5206380d200e0b0f2810180d2220180d2830080d2e40180d2020000d4007008d5a05586d20020b8f2e10080d2220080d2630180d2240080d2020000d40020e00d0068000e606b8fd20040b0f2a10180d2c20180d2c30080d2640080d2020000d40000001ce0a39dd20040b0f2a10080d2c20180d2830080d2e40180d2020000d4"}}, @uexit={0x0, 0x18, 0x10000}, @mrs={0xbe, 0x18, {0x603000000013c510}}, @irq_setup={0x46, 0x18, {0x2, 0x8}}], 0x5fc}, &(0x7f00000000c0)=[@featur1={0x1, 0x18}], 0x1)
mmap$KVM_VCPU(&(0x7f0000cbc000/0x4000)=nil, r7, 0x2000002, 0x12, r8, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000100)={0x4, 0x1, 0x0, 0x1000, &(0x7f0000ee6000/0x1000)=nil})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x2000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r12, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
r13 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013d801, 0x81}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r14=>0xffffffffffffffff})
ioctl$KVM_CREATE_VM(r14, 0x401054d5, 0x110c23001e)

2m24.446213012s ago: executing program 9 (id=833):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1})
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = eventfd2(0x0, 0x0)
close(r1)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000400000/0xc00000)=nil, r2, 0x200001e, 0x2011, r1, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x6, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x9, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x400000000002})
ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000000)={0x9, 0x3df7})
write$eventfd(r5, &(0x7f00000001c0)=0x3, 0x50)

2m14.177553095s ago: executing program 8 (id=834):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x600, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r7, 0x1, 0x12, r5, 0x0)
r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x0, 0x100)
ioctl$KVM_SIGNAL_MSI(r10, 0x4020aea5, &(0x7f0000000000)={0xd0c19de284cd3ebf, 0x4, 0x7, 0x0, 0x6})
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r11, 0x0, 0x12, r8, 0x0)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r12, 0x3, 0x13, r8, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)

2m3.242124892s ago: executing program 9 (id=835):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x57fd, 0x2}})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000b7b000/0x400000)=nil)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101900, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x26)
ioctl$KVM_CAP_ARM_MTE(r8, 0x4068aea3, &(0x7f0000000200)={0x3e8}) (async)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000b7b000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c020, &(0x7f00000003c0)=0x1101001001111111}) (async)
r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000a, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000380)="f30149ddae810b65d0ecc1d3a6abf4e7454e37c4b85007000000b7fbc51869be2e0000000f000000000000000001000000000000000000000000000e00", 0x0, 0x48) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x7, 0x401, &(0x7f00000000c0)=0xf000000000000000})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x753481, 0x0) (async)
r11 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000180)={0x10003, 0x4, 0x7000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f00000001c0)={0x1, 0x1, 0xeeee8000, 0x1000, &(0x7f0000f95000/0x1000)=nil})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000001, 0x12, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (rerun: 32)

1m48.301305523s ago: executing program 8 (id=836):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0})
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x5, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x6, 0xffffffffffff8001, &(0x7f0000000040)=0x3ff})
r6 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000000000/0x400000)=nil)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000140)={0x0, &(0x7f00000002c0)=[@mrs={0xbe, 0x18, {0x603000000013e703}}, @svc={0x122, 0x40, {0x8000, [0x7c, 0x1, 0xe71d2ef, 0x37e5, 0x3]}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8}}, @uexit={0x0, 0x18, 0x7f}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffd0, 0x8, 0x8}}, @eret={0xe6, 0x18, 0x81}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x1e1}}, @msr={0x14, 0x20, {0x603000000013c018, 0xee00}}, @msr={0x14, 0x20, {0x4028, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x180, 0x445, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x124}}, @svc={0x122, 0x40, {0xc4000007, [0x7, 0x5, 0x3, 0x0, 0x5]}}, @eret={0xe6, 0x18, 0x4}, @msr={0x14, 0x20, {0x603000000013c800, 0x88}}, @svc={0x122, 0x40, {0x8400000c, [0x863, 0x1b4b, 0x0, 0x0, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013de95}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x12e}}, @irq_setup={0x46, 0x18, {0x1, 0x4d}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x1, 0xa, 0x200, 0x7, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x3, 0x1}}, @uexit={0x0, 0x18, 0x9}, @eret={0xe6, 0x18, 0x9}, @msr={0x14, 0x20, {0x603000000013c4f6, 0x9}}, @svc={0x122, 0x40, {0x84000014, [0x6c, 0xf4a, 0x7, 0x9, 0x4]}}, @msr={0x14, 0x20, {0x603000000013c091, 0x40}}, @eret={0xe6, 0x18, 0x2}, @smc={0x1e, 0x40, {0x80008000, [0xfffffffffffffffc, 0x2, 0x400, 0x8, 0x2]}}, @irq_setup={0x46, 0x18, {0x2, 0x2e6}}], 0x420}, &(0x7f00000001c0)=[@featur2={0x1, 0xec}], 0x1)
close(r4)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)

1m35.678090886s ago: executing program 9 (id=837):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x80000000000000)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b17000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000140)=ANY=[@ANYRES32=r0], 0xfffffee8}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m19.498190985s ago: executing program 8 (id=838):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033ae3ad2c06009e8babf4e7450400008900000000000000449a7a835673310054ebb2aa760a00d226d6f70ce4884698cba500", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
close(0xffffffffffffffff) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x2, 0x10, 0x0, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013debf}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0xf, 0x58600c55, 0x5}}, @svc={0x122, 0x40, {0x5000000, [0x1, 0x2, 0x5, 0x7]}}, @svc={0x122, 0x40, {0xc400000d, [0x6, 0x9, 0xc, 0x1, 0x7]}}, @smc={0x1e, 0x40, {0xc4000003, [0x4, 0xb, 0x5, 0x790ed262, 0xffffffffffffffff]}}, @code={0xa, 0x9c, {"a0ef96d20000b0f2610080d2220080d2630180d2c40180d2020000d4000008d5007008d50098a10e202895d20000b0f2610080d2220180d2430080d2440180d2020000d4007008d5609f97d20040b8f2410180d2220080d2630080d2a40180d2020000d4004c200e00c0251ec0dc8cd200a0b8f2c10080d2420080d2630180d2c40080d2020000d4"}}, @eret={0xe6, 0x18, 0x8}, @memwrite={0x6e, 0x30, @generic={0xffffffff, 0x802, 0x2, 0xa}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0x0, 0x3}}, @svc={0x122, 0x40, {0x3000000, [0x5, 0x800000000000, 0x1, 0x9, 0x1000]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe0, 0xfffffffffffffffe, 0xd}}, @code={0xa, 0xb4, {"60e289d200e0b0f2610180d2420180d2430080d2a40080d2020000d480ff83d20000b0f2c10180d2a20080d2e30080d2240080d2020000d420b298d20080b8f2410080d2e20080d2e30080d2640180d2020000d4205a90d20000b8f2a10080d2620080d2030180d2240080d2020000d4008008d5000028d50080800c00c0241e000008d5408692d20000b0f2410080d2020080d2e30080d2e40080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x0, 0x2fc}}, @eret={0xe6, 0x18, 0x4be}, @msr={0x14, 0x20, {0x6030000000138034}}, @uexit={0x0, 0x18, 0x602}], 0x3c8}, &(0x7f0000000500)=[@featur2={0x1, 0x8}], 0x1)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000580)=@arm64_core={0x603000000010001c, &(0x7f0000000540)=0x8}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

1m14.403218431s ago: executing program 9 (id=839):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f00009e9000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0, 0x4e}, 0x0, 0x0)
r3 = syz_kvm_vgic_v3_setup(r1, 0x2, 0xc0)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000180)=@attr_riscv64=@attr_config={0x0, 0x1, 0x0, &(0x7f0000000040)=0x6})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x580, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f00000000c0)=@arm64_fp_extra={0x60200000001000d4, 0xffffffffffffffff})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x7})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_REG_LIST(r11, 0x4020aeae, 0x0)
r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, <r13=>0xffffffffffffffff, 0x1})
write$eventfd(r13, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f000000b000/0x400000)=nil)

59.930183973s ago: executing program 8 (id=840):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f0000000240)=@attr_set_pmu={0x0, 0x0, 0x3, 0x0})
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0xfffffffffffffffe)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) (async)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f0000000240)=@attr_set_pmu={0x0, 0x0, 0x3, 0x0}) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) (async)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0xfffffffffffffffe) (async)

51.054554365s ago: executing program 9 (id=841):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2a)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r3, 0x4068aea3, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)={0xffffffff, 0x2, 0x3}})
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xf4)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000240)={0x0, &(0x7f0000000000)=[@eret={0xe6, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x32}}, @msr={0x14, 0x20, {0x59465e2ada9930d7, 0x8}}, @smc={0x1e, 0x40, {0x80000001, [0x3ff, 0x8, 0x5, 0x6, 0xcef]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x37a}}, @hvc={0x32, 0x40, {0x8, [0x3, 0x5, 0x6, 0x2, 0x800]}}, @code={0xa, 0xb4, {"a0f799d20080b0f2c10080d2820080d2230080d2840080d2020000d4000028d5e0019cd200e0b8f2210080d2220080d2630180d2040080d2020000d4009f90d20020b8f2e10180d2420080d2830180d2240180d2020000d40054007f405b96d20040b0f2a10080d2420180d2230180d2e40080d2020000d4000040bc000008d5a0869cd20060b0f2010080d2220180d2e30180d2040180d2020000d4007008d5"}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x2ef}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x180, 0x2, 0x8}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x3e7}}], 0x23c}, &(0x7f0000000280)=[@featur2={0x1, 0x40}], 0x1)
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)

11.678816501s ago: executing program 40 (id=840):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f0000000240)=@attr_set_pmu={0x0, 0x0, 0x3, 0x0})
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0xfffffffffffffffe)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) (async)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f0000000240)=@attr_set_pmu={0x0, 0x0, 0x3, 0x0}) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) (async)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0xfffffffffffffffe) (async)

0s ago: executing program 41 (id=841):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2a)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r3, 0x4068aea3, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)={0xffffffff, 0x2, 0x3}})
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xf4)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000240)={0x0, &(0x7f0000000000)=[@eret={0xe6, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x32}}, @msr={0x14, 0x20, {0x59465e2ada9930d7, 0x8}}, @smc={0x1e, 0x40, {0x80000001, [0x3ff, 0x8, 0x5, 0x6, 0xcef]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x37a}}, @hvc={0x32, 0x40, {0x8, [0x3, 0x5, 0x6, 0x2, 0x800]}}, @code={0xa, 0xb4, {"a0f799d20080b0f2c10080d2820080d2230080d2840080d2020000d4000028d5e0019cd200e0b8f2210080d2220080d2630180d2040080d2020000d4009f90d20020b8f2e10180d2420080d2830180d2240180d2020000d40054007f405b96d20040b0f2a10080d2420180d2230180d2e40080d2020000d4000040bc000008d5a0869cd20060b0f2010080d2220180d2e30180d2040180d2020000d4007008d5"}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x2ef}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x180, 0x2, 0x8}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x3e7}}], 0x23c}, &(0x7f0000000280)=[@featur2={0x1, 0x40}], 0x1)
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

[  390.262683][ T3170] 8021q: adding VLAN 0 to HW filter on device bond0
[  425.029607][ T3170] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:12040' (ED25519) to the list of known hosts.
[  602.333335][   T24] audit: type=1400 audit(601.530:60): avc:  denied  { name_bind } for  pid=3324 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  603.867722][   T24] audit: type=1400 audit(603.060:61): avc:  denied  { execute } for  pid=3325 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  603.898320][   T24] audit: type=1400 audit(603.080:62): avc:  denied  { execute_no_trans } for  pid=3325 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  627.311669][   T24] audit: type=1400 audit(626.510:63): avc:  denied  { mounton } for  pid=3325 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  627.353835][   T24] audit: type=1400 audit(626.550:64): avc:  denied  { mount } for  pid=3325 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  627.445943][ T3325] cgroup: Unknown subsys name 'net'
[  627.508142][   T24] audit: type=1400 audit(626.700:65): avc:  denied  { unmount } for  pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  627.931002][ T3325] cgroup: Unknown subsys name 'cpuset'
[  628.051354][ T3325] cgroup: Unknown subsys name 'rlimit'
[  628.913975][   T24] audit: type=1400 audit(628.110:66): avc:  denied  { setattr } for  pid=3325 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  628.935248][   T24] audit: type=1400 audit(628.130:67): avc:  denied  { mounton } for  pid=3325 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  628.962860][   T24] audit: type=1400 audit(628.160:68): avc:  denied  { mount } for  pid=3325 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  629.976804][ T3328] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  630.003389][   T24] audit: type=1400 audit(629.200:69): avc:  denied  { relabelto } for  pid=3328 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  630.022824][   T24] audit: type=1400 audit(629.220:70): avc:  denied  { write } for  pid=3328 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  630.211699][   T24] audit: type=1400 audit(629.410:71): avc:  denied  { read } for  pid=3325 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  630.235106][   T24] audit: type=1400 audit(629.410:72): avc:  denied  { open } for  pid=3325 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  630.274914][ T3325] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  686.620965][   T24] audit: type=1400 audit(685.820:73): avc:  denied  { execmem } for  pid=3329 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  690.435961][   T24] audit: type=1400 audit(689.620:74): avc:  denied  { read } for  pid=3332 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  690.444528][   T24] audit: type=1400 audit(689.630:75): avc:  denied  { open } for  pid=3331 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  690.511212][   T24] audit: type=1400 audit(689.710:76): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  690.797847][   T24] audit: type=1400 audit(689.960:77): avc:  denied  { module_request } for  pid=3332 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  691.770252][   T24] audit: type=1400 audit(690.950:78): avc:  denied  { sys_module } for  pid=3332 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  718.589252][ T3331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  718.932583][ T3331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  719.304021][ T3332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  719.615297][ T3332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  731.573642][ T3331] hsr_slave_0: entered promiscuous mode
[  731.604894][ T3331] hsr_slave_1: entered promiscuous mode
[  732.712245][ T3332] hsr_slave_0: entered promiscuous mode
[  732.763757][ T3332] hsr_slave_1: entered promiscuous mode
[  732.800046][ T3332] debugfs: 'hsr0' already exists in 'hsr'
[  732.818051][ T3332] Cannot create hsr debugfs directory
[  738.845392][   T24] audit: type=1400 audit(738.040:79): avc:  denied  { create } for  pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  738.928032][   T24] audit: type=1400 audit(738.080:80): avc:  denied  { write } for  pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  738.989686][   T24] audit: type=1400 audit(738.180:81): avc:  denied  { read } for  pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  739.083941][ T3331] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  739.452132][ T3331] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  739.712538][ T3331] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  740.198433][ T3331] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  741.824879][ T3332] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  741.975485][ T3332] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  742.134062][ T3332] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  742.294080][ T3332] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  754.429584][ T3331] 8021q: adding VLAN 0 to HW filter on device bond0
[  757.035193][ T3332] 8021q: adding VLAN 0 to HW filter on device bond0
[  810.474838][ T3331] veth0_vlan: entered promiscuous mode
[  811.024878][ T3331] veth1_vlan: entered promiscuous mode
[  812.732439][ T3332] veth0_vlan: entered promiscuous mode
[  813.265782][ T3331] veth0_macvtap: entered promiscuous mode
[  813.590108][ T3332] veth1_vlan: entered promiscuous mode
[  813.677165][ T3331] veth1_macvtap: entered promiscuous mode
[  816.268071][ T3377] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  816.359908][ T3377] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  816.410095][ T3377] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  816.413999][ T3377] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  816.570527][ T3332] veth0_macvtap: entered promiscuous mode
[  817.240745][ T3332] veth1_macvtap: entered promiscuous mode
[  820.165382][   T24] audit: type=1400 audit(819.360:82): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  820.507555][   T24] audit: type=1400 audit(819.620:83): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/syzkaller.HZtCVY/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  820.679190][   T24] audit: type=1400 audit(819.860:84): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  821.188686][   T24] audit: type=1400 audit(820.380:85): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/syzkaller.HZtCVY/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  821.449127][   T24] audit: type=1400 audit(820.640:86): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/syzkaller.HZtCVY/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  821.643523][   T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  821.650464][   T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  821.690006][   T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  821.730711][   T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  822.607896][   T24] audit: type=1400 audit(821.800:87): avc:  denied  { unmount } for  pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  823.071112][   T24] audit: type=1400 audit(822.270:88): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  823.351940][   T24] audit: type=1400 audit(822.400:89): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="gadgetfs" ino=3758 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  823.988164][   T24] audit: type=1400 audit(823.150:90): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  824.180752][   T24] audit: type=1400 audit(823.380:91): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  826.729363][ T3331] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  828.839812][   T24] kauditd_printk_skb: 1 callbacks suppressed
[  828.887998][   T24] audit: type=1400 audit(827.960:93): avc:  denied  { read write } for  pid=3331 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  828.889329][   T24] audit: type=1400 audit(828.080:94): avc:  denied  { open } for  pid=3331 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  828.969334][   T24] audit: type=1400 audit(828.140:95): avc:  denied  { ioctl } for  pid=3331 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  843.825385][   T24] audit: type=1400 audit(842.960:96): avc:  denied  { read } for  pid=3489 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  843.851015][   T24] audit: type=1400 audit(843.020:97): avc:  denied  { open } for  pid=3489 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  844.369995][   T24] audit: type=1400 audit(843.560:98): avc:  denied  { ioctl } for  pid=3489 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  853.885445][   T24] audit: type=1400 audit(853.070:99): avc:  denied  { write } for  pid=3501 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  855.476324][   T24] audit: type=1400 audit(854.650:100): avc:  denied  { execute } for  pid=3501 comm="syz.0.4" path=2F312FE16F8F1F449A7A8356 dev="tmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  861.289798][   T24] audit: type=1400 audit(860.440:101): avc:  denied  { append } for  pid=3505 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  895.305734][   T24] audit: type=1400 audit(894.500:102): avc:  denied  { execute } for  pid=3526 comm="syz.0.10" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4284 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  993.408458][   T24] audit: type=1400 audit(992.530:103): avc:  denied  { ioctl } for  pid=3587 comm="syz.0.28" path="net:[4026532630]" dev="nsfs" ino=4026532630 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1015.348669][   T24] audit: type=1400 audit(1014.520:104): avc:  denied  { map } for  pid=3600 comm="syz.0.33" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1015.381771][   T24] audit: type=1400 audit(1014.580:105): avc:  denied  { execute } for  pid=3600 comm="syz.0.33" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1027.014961][   T24] audit: type=1400 audit(1026.210:106): avc:  denied  { create } for  pid=3608 comm="syz.0.35" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1038.360297][   T24] audit: type=1400 audit(1037.550:107): avc:  denied  { setattr } for  pid=3613 comm="syz.1.37" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1161.333108][ T3680] kvm [3680]: Failed to find VMA for hva 0x20c01000
[ 1525.574419][ T3907] kvm [3907]: Failed to find VMA for hva 0x21016000
[ 1525.620471][ T3908] kvm [3908]: Failed to find VMA for hva 0x21016000
[ 1525.834179][ T3908] kvm [3908]: Failed to find VMA for hva 0x21016000
[ 1525.895479][ T3907] kvm [3907]: Failed to find VMA for hva 0x21016000
[ 1746.353245][   T24] audit: type=1400 audit(1745.550:108): avc:  denied  { map } for  pid=4042 comm="syz.0.169" path="pipe:[2754]" dev="pipefs" ino=2754 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1746.458061][   T24] audit: type=1400 audit(1745.650:109): avc:  denied  { execute } for  pid=4042 comm="syz.0.169" path="pipe:[2754]" dev="pipefs" ino=2754 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1773.442160][ T4053] kvm [4053]: Failed to find VMA for hva 0x20d8e000
[ 1784.111517][ T4060] kvm [4060]: Failed to find VMA for hva 0x21016000
[ 1915.891899][ T4139] kvm [4139]: Failed to find VMA for hva 0x20c01000
[ 2155.331936][ T4284] kvm [4283]: Unsupported guest access at: eeef0000
[ 2155.331936][ T4284]  { Op0( 2), Op1( 0), CRn( 0), CRm( 6), Op2( 2), func_read },
[ 2340.909440][   T24] audit: type=1400 audit(2340.070:110): avc:  denied  { map } for  pid=4387 comm="syz.0.279" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=19640 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2340.937775][   T24] audit: type=1400 audit(2340.130:111): avc:  denied  { read } for  pid=4387 comm="syz.0.279" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=19640 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2762.058566][   T24] audit: type=1400 audit(2761.240:112): avc:  denied  { write } for  pid=4641 comm="syz.0.357" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=23976 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2850.765220][ T4697] KVM: debugfs: duplicate directory 4697-5
[ 3275.481752][ T4944] kvm [4944]: Failed to find VMA for hva 0x20dda000
[ 3372.402283][ T5009] kvm [5009]: Failed to find VMA for hva 0x20c01000
[ 3657.480166][ T5191] debugfs: 'vgic-its-state@8080000' already exists in '5191-10'
[ 3869.972128][ T5316] kvm [5314]: Unsupported guest access at: eeef0000
[ 3869.972128][ T5316]  { Op0( 2), Op1( 0), CRn( 0), CRm( 6), Op2( 2), func_read },
[ 3981.249457][ T5323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3981.512166][ T5323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3984.782432][ T5326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3985.058443][ T5326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4005.072304][ T5323] hsr_slave_0: entered promiscuous mode
[ 4005.121889][ T5323] hsr_slave_1: entered promiscuous mode
[ 4005.201843][ T5323] debugfs: 'hsr0' already exists in 'hsr'
[ 4005.202796][ T5323] Cannot create hsr debugfs directory
[ 4009.645209][ T5326] hsr_slave_0: entered promiscuous mode
[ 4009.724914][ T5326] hsr_slave_1: entered promiscuous mode
[ 4009.763649][ T5326] debugfs: 'hsr0' already exists in 'hsr'
[ 4009.768194][ T5326] Cannot create hsr debugfs directory
[ 4030.305916][ T5323] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 4031.304743][ T5323] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 4031.961815][ T5323] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 4032.792460][ T5323] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 4040.898667][ T4290] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4041.400517][ T5326] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 4041.821751][ T5326] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 4042.055681][ T5326] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 4042.504183][ T4290] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4042.825599][ T5326] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 4043.703367][ T4290] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4045.025544][ T4290] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4059.731816][ T4290] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4059.923645][ T4290] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4060.049261][ T4290] bond0 (unregistering): Released all slaves
[ 4061.820881][ T4290] hsr_slave_0: left promiscuous mode
[ 4061.921139][ T4290] hsr_slave_1: left promiscuous mode
[ 4062.770103][ T4290] veth1_macvtap: left promiscuous mode
[ 4062.780926][ T4290] veth0_macvtap: left promiscuous mode
[ 4062.823193][ T4290] veth1_vlan: left promiscuous mode
[ 4062.825307][ T4290] veth0_vlan: left promiscuous mode
[ 4092.745652][ T4290] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4093.702484][ T5323] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4094.230496][ T4290] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4095.234762][ T4290] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4096.331467][ T4290] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4112.630799][ T4290] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4112.748604][ T4290] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4112.795211][ T4290] bond0 (unregistering): Released all slaves
[ 4113.925142][ T4290] hsr_slave_0: left promiscuous mode
[ 4113.997972][ T4290] hsr_slave_1: left promiscuous mode
[ 4114.321569][ T4290] veth1_macvtap: left promiscuous mode
[ 4114.325247][ T4290] veth0_macvtap: left promiscuous mode
[ 4114.344601][ T4290] veth1_vlan: left promiscuous mode
[ 4114.389736][ T4290] veth0_vlan: left promiscuous mode
[ 4131.163351][ T5326] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4208.610076][ T5323] veth0_vlan: entered promiscuous mode
[ 4209.369992][ T5323] veth1_vlan: entered promiscuous mode
[ 4212.630746][ T5323] veth0_macvtap: entered promiscuous mode
[ 4213.272874][ T5323] veth1_macvtap: entered promiscuous mode
[ 4216.397479][   T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4216.406065][   T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4216.457890][   T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4216.490615][ T3377] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4226.510183][ T5326] veth0_vlan: entered promiscuous mode
[ 4227.513223][ T5326] veth1_vlan: entered promiscuous mode
[ 4230.968906][ T5326] veth0_macvtap: entered promiscuous mode
[ 4231.652974][ T5326] veth1_macvtap: entered promiscuous mode
[ 4235.311142][ T4969] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4235.315706][ T4969] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4235.341803][ T4969] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4235.408025][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4721.839869][ T5836] kvm [5836]: Failed to find VMA for hva 0x20c01000
[ 4965.790266][   T24] audit: type=1400 audit(4964.970:113): avc:  denied  { ioctl } for  pid=5968 comm="syz.3.666" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=43925 ioctlcmd=0xae49 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 5030.495025][ T6008] kvm [6008]: Failed to find VMA for hva 0x21016000
[ 5309.788842][ T6155] kvm [6155]: Failed to find VMA for hva 0x20c01000
[ 5456.484332][ T6233] kvm [6233]: Failed to find VMA for hva 0x20d8d000
[ 5640.875730][   T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5642.994868][   T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5645.263166][   T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5647.075281][   T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5671.973679][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5672.229390][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5672.469661][   T49] bond0 (unregistering): Released all slaves
[ 5674.465684][   T49] hsr_slave_0: left promiscuous mode
[ 5674.628376][   T49] hsr_slave_1: left promiscuous mode
[ 5675.249320][   T49] veth1_macvtap: left promiscuous mode
[ 5675.265672][   T49] veth0_macvtap: left promiscuous mode
[ 5675.312530][   T49] veth1_vlan: left promiscuous mode
[ 5675.318729][   T49] veth0_vlan: left promiscuous mode
[ 5762.535330][ T6323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5763.009035][ T6323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5801.158227][ T6323] hsr_slave_0: entered promiscuous mode
[ 5801.239406][ T6323] hsr_slave_1: entered promiscuous mode
[ 5818.366082][ T6323] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 5818.894194][ T6323] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 5819.232304][ T6323] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 5819.672080][ T6323] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 5854.262460][   T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5855.794784][   T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5857.191380][   T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5858.684831][   T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5861.295172][ T6323] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5877.060044][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5877.389625][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5877.559194][   T49] bond0 (unregistering): Released all slaves
[ 5879.699268][   T49] hsr_slave_0: left promiscuous mode
[ 5880.207604][   T49] hsr_slave_1: left promiscuous mode
[ 5881.334015][   T49] veth1_macvtap: left promiscuous mode
[ 5881.385363][   T49] veth0_macvtap: left promiscuous mode
[ 5881.413921][   T49] veth1_vlan: left promiscuous mode
[ 5881.450708][   T49] veth0_vlan: left promiscuous mode
[ 5962.892583][ T6454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5963.328921][ T6454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5993.004170][ T6454] hsr_slave_0: entered promiscuous mode
[ 5993.054907][ T6454] hsr_slave_1: entered promiscuous mode
[ 5993.100966][ T6454] debugfs: 'hsr0' already exists in 'hsr'
[ 5993.158123][ T6454] Cannot create hsr debugfs directory
[ 6014.965963][ T6454] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 6015.463618][ T6454] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 6016.011215][ T6454] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 6016.591608][ T6454] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 6021.611155][ T6323] veth0_vlan: entered promiscuous mode
[ 6022.940104][ T6323] veth1_vlan: entered promiscuous mode
[ 6026.611290][ T6323] veth0_macvtap: entered promiscuous mode
[ 6027.369646][ T6323] veth1_macvtap: entered promiscuous mode
[ 6031.386225][   T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6031.420070][ T6327] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6031.421028][ T6327] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6031.421825][ T6327] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6035.804565][   T24] audit: type=1400 audit(6034.980:114): avc:  denied  { unmount } for  pid=6323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 6053.546121][ T6454] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6231.005465][ T6454] veth0_vlan: entered promiscuous mode
[ 6232.041256][ T6454] veth1_vlan: entered promiscuous mode
[ 6236.221401][ T6454] veth0_macvtap: entered promiscuous mode
[ 6236.945677][ T6454] veth1_macvtap: entered promiscuous mode
[ 6241.999598][ T6475] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6242.039728][ T6327] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6242.348843][ T6327] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6242.350321][ T6327] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6373.211999][ T6762] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6377.399627][ T6762] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6379.641426][ T6762] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6381.885548][ T6762] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6407.650203][ T6762] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6407.912055][ T6762] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6408.040006][ T6762] bond0 (unregistering): Released all slaves
[ 6409.802554][ T6762] hsr_slave_0: left promiscuous mode
[ 6410.230084][ T6762] hsr_slave_1: left promiscuous mode
[ 6411.015869][ T6762] veth1_macvtap: left promiscuous mode
[ 6411.020270][ T6762] veth0_macvtap: left promiscuous mode
[ 6411.049988][ T6762] veth1_vlan: left promiscuous mode
[ 6411.071290][ T6762] veth0_vlan: left promiscuous mode
[ 6446.933651][ T6762] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6448.912484][ T6762] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6450.244127][ T6762] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6451.608440][ T6762] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6471.092902][ T6762] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6471.183693][ T6762] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6471.330632][ T6762] bond0 (unregistering): Released all slaves
[ 6474.716251][ T6762] hsr_slave_0: left promiscuous mode
[ 6474.822301][ T6762] hsr_slave_1: left promiscuous mode
[ 6475.355738][ T6762] veth1_macvtap: left promiscuous mode
[ 6475.412541][ T6762] veth0_macvtap: left promiscuous mode
[ 6475.422276][ T6762] veth1_vlan: left promiscuous mode
[ 6475.445816][ T6762] veth0_vlan: left promiscuous mode
[ 6527.254272][ T6758] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6528.479107][ T6758] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6528.661913][ T6751] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6529.580892][ T6751] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6562.021803][ T6758] hsr_slave_0: entered promiscuous mode
[ 6562.092037][ T6758] hsr_slave_1: entered promiscuous mode
[ 6565.175192][ T6751] hsr_slave_0: entered promiscuous mode
[ 6565.271348][ T6751] hsr_slave_1: entered promiscuous mode
[ 6565.360851][ T6751] debugfs: 'hsr0' already exists in 'hsr'
[ 6565.387696][ T6751] Cannot create hsr debugfs directory
[ 6584.775361][ T6758] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 6585.491759][ T6758] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 6586.171390][ T6758] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 6586.853092][ T6758] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 6593.195947][ T6751] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 6593.631765][ T6751] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 6594.104345][ T6751] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 6594.607960][ T6751] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 6625.802150][ T6758] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6634.092510][ T6751] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6794.740884][ T6758] veth0_vlan: entered promiscuous mode
[ 6796.182539][ T6758] veth1_vlan: entered promiscuous mode
[ 6800.591197][ T6758] veth0_macvtap: entered promiscuous mode
[ 6801.455405][ T6758] veth1_macvtap: entered promiscuous mode
[ 6807.244139][ T6751] veth0_vlan: entered promiscuous mode
[ 6808.679886][ T6458] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6808.685615][ T6458] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6808.929815][ T6152] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6808.931314][ T6152] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6810.274219][ T6751] veth1_vlan: entered promiscuous mode
[ 6818.600808][ T6751] veth0_macvtap: entered promiscuous mode
[ 6819.974432][ T6751] veth1_macvtap: entered promiscuous mode
[ 6825.351262][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6825.405707][ T6762] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6825.425586][ T4969] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6825.426276][ T4969] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7028.300941][ T6458] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7031.490929][ T6458] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7034.613011][ T6458] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7037.289319][ T6458] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7069.810595][ T6458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 7070.567863][ T6458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 7071.092761][ T6458] bond0 (unregistering): Released all slaves
[ 7073.640979][ T6458] hsr_slave_0: left promiscuous mode
[ 7073.812050][ T6458] hsr_slave_1: left promiscuous mode
[ 7074.388558][ T6458] veth1_macvtap: left promiscuous mode
[ 7074.391686][ T6458] veth0_macvtap: left promiscuous mode
[ 7074.411802][ T6458] veth1_vlan: left promiscuous mode
[ 7074.419734][ T6458] veth0_vlan: left promiscuous mode
[ 7116.243072][ T6458] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7118.570063][ T6458] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7120.468730][ T6458] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7122.244748][ T6458] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7144.030178][ T6458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 7144.238840][ T6458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 7144.450676][ T6458] bond0 (unregistering): Released all slaves
[ 7148.008818][ T6458] hsr_slave_0: left promiscuous mode
[ 7148.289570][ T6458] hsr_slave_1: left promiscuous mode
[ 7148.930720][ T6458] veth1_macvtap: left promiscuous mode
[ 7148.945254][ T6458] veth0_macvtap: left promiscuous mode
[ 7148.988355][ T6458] veth1_vlan: left promiscuous mode
[ 7149.041351][ T6458] veth0_vlan: left promiscuous mode
[ 7232.023206][ T7092] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7232.483645][ T7092] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7236.838649][ T7095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7237.232641][ T7095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7268.152419][ T7092] hsr_slave_0: entered promiscuous mode
[ 7268.284215][ T7092] hsr_slave_1: entered promiscuous mode
[ 7274.795233][ T7095] hsr_slave_0: entered promiscuous mode
[ 7274.892949][ T7095] hsr_slave_1: entered promiscuous mode
[ 7274.985130][ T7095] debugfs: 'hsr0' already exists in 'hsr'
[ 7275.017973][ T7095] Cannot create hsr debugfs directory
[ 7301.198539][ T7092] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 7302.105740][ T7092] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 7302.998801][ T7092] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 7303.716126][ T7092] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 7311.845504][ T7095] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 7312.244217][ T7095] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 7312.781320][ T7095] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 7313.381159][ T7095] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 7350.071551][ T7092] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7359.212678][ T7095] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7544.180733][ T7092] veth0_vlan: entered promiscuous mode
[ 7545.782014][ T7092] veth1_vlan: entered promiscuous mode
[ 7553.281632][ T7095] veth0_vlan: entered promiscuous mode
[ 7553.651768][ T7092] veth0_macvtap: entered promiscuous mode
[ 7555.764212][ T7092] veth1_macvtap: entered promiscuous mode
[ 7556.893403][ T7095] veth1_vlan: entered promiscuous mode
[ 7563.099190][ T6152] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7563.145324][   T12] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7563.210607][ T7101] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7563.485704][ T7101] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7565.819828][ T7095] veth0_macvtap: entered promiscuous mode
[ 7567.491856][ T7095] veth1_macvtap: entered promiscuous mode
[ 7576.838240][   T12] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7576.860874][   T12] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7577.095479][   T12] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7577.133061][   T12] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 8229.735207][ T7515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 8232.789680][ T7515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 8235.479525][ T7519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 8238.648928][ T7519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 8305.562449][ T7515] hsr_slave_0: entered promiscuous mode
[ 8305.695469][ T7515] hsr_slave_1: entered promiscuous mode
[ 8305.891398][ T7515] debugfs: 'hsr0' already exists in 'hsr'
[ 8305.904832][ T7515] Cannot create hsr debugfs directory
[ 8314.756041][ T7519] hsr_slave_0: entered promiscuous mode
[ 8314.973224][ T7519] hsr_slave_1: entered promiscuous mode
[ 8315.104552][ T7519] debugfs: 'hsr0' already exists in 'hsr'
[ 8315.190121][ T7519] Cannot create hsr debugfs directory
[ 8397.805958][ T7515] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 8399.388589][ T7515] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 8400.993878][ T7515] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 8403.815146][ T7515] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 8414.260304][ T7519] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 8415.111584][ T7519] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 8416.131896][ T7519] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 8416.925412][ T7519] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 8429.483773][   T26] INFO: task syz.9.841:7500 blocked for more than 430 seconds.
[ 8429.571097][   T26]       Not tainted syzkaller #0
[ 8429.601919][   T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 8429.602546][   T26] task:syz.9.841       state:D stack:0     pid:7500  tgid:7500  ppid:7095   task_flags:0x400040 flags:0x00000011
[ 8429.604088][   T26] Call trace:
[ 8429.604614][   T26]  __switch_to+0x584/0xb00 (T)
[ 8429.752066][   T26]  __schedule+0x1da4/0x3678
[ 8429.767785][   T26]  schedule+0xac/0x27c
[ 8429.768526][   T26]  schedule_timeout+0x68/0x1ec
[ 8429.769053][   T26]  do_wait_for_common+0x28c/0x440
[ 8429.769488][   T26]  wait_for_completion+0x44/0x5c
[ 8429.770047][   T26]  __synchronize_srcu+0x2a4/0x320
[ 8429.770480][   T26]  synchronize_srcu+0x3d0/0x4f8
[ 8429.770948][   T26]  mmu_notifier_unregister+0x320/0x428
[ 8429.771422][   T26]  kvm_put_kvm+0x698/0xbe0
[ 8429.771928][   T26]  kvm_vm_release+0x58/0x78
[ 8429.772411][   T26]  __fput+0x4ac/0x978
[ 8429.772958][   T26]  ____fput+0x20/0x58
[ 8429.773464][   T26]  task_work_run+0x1b8/0x250
[ 8429.773976][   T26]  exit_to_user_mode_loop+0x110/0x188
[ 8429.774464][   T26]  el0_svc+0x17c/0x238
[ 8429.774959][   T26]  el0t_64_sync_handler+0x84/0x12c
[ 8429.775422][   T26]  el0t_64_sync+0x198/0x19c
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 8430.018583][   T26] 
[ 8430.018583][   T26] Showing all locks held in the system:
[ 8430.038290][   T26] 3 locks held by kworker/u4:0/12:
[ 8430.039007][   T26] 1 lock held by khungtaskd/26:
[ 8430.039389][   T26]  #0: ffff800087c971f8 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44
[ 8430.041816][   T26] 3 locks held by kworker/u4:5/49:
[ 8430.042282][   T26] 2 locks held by getty/3199:
[ 8430.042647][   T26]  #0: 19f00000128ca8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 8430.044399][   T26]  #1: 0fff80008ca2b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234
[ 8430.202636][   T26] 2 locks held by syz-executor/3325:
[ 8430.203096][   T26] 2 locks held by kworker/u4:7/4969:
[ 8430.203415][   T26]  #0: fdf000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7f8/0x1d94
[ 8430.205597][   T26]  #1: ffff80008f347ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x884/0x1d94
[ 8430.349223][   T26] 2 locks held by kworker/u4:9/5407:
[ 8430.349577][   T26]  #0: fdf000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7f8/0x1d94
[ 8430.351493][   T26]  #1: ffff80008e797ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x884/0x1d94
[ 8430.353213][   T26] 3 locks held by kworker/u4:10/6458:
[ 8430.353603][   T26] 2 locks held by kworker/u4:12/6480:
[ 8430.353968][   T26] 3 locks held by kworker/u4:1/6762:
[ 8430.354280][   T26] 3 locks held by kworker/u4:13/6768:
[ 8430.354652][   T26] 3 locks held by kworker/u4:14/7242:
[ 8430.354993][   T26] 2 locks held by syz.8.840/7495:
[ 8430.355307][   T26] 3 locks held by kworker/u4:4/7521:
[ 8430.355649][   T26] 3 locks held by kworker/u4:6/7526:
[ 8430.355974][   T26] 3 locks held by kworker/u4:15/7580:
[ 8430.501559][   T26] 1 lock held by modprobe/7646:
[ 8430.537976][   T26] 1 lock held by dhcpcd-run-hook/7647:
[ 8430.538467][   T26] 1 lock held by modprobe/7648:
[ 8430.539034][   T26] 
[ 8430.539319][   T26] =============================================
[ 8430.539319][   T26] 
[ 8430.540321][   T26] Kernel panic - not syncing: hung_task: blocked tasks
[ 8430.547423][   T26] CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 8430.548957][   T26] Hardware name: linux,dummy-virt (DT)
[ 8430.549964][   T26] Call trace:
[ 8430.550774][   T26]  show_stack+0x2c/0x3c (C)
[ 8430.551877][   T26]  __dump_stack+0x30/0x40
[ 8430.552894][   T26]  dump_stack_lvl+0x30/0x12c
[ 8430.553925][   T26]  dump_stack+0x1c/0x28
[ 8430.554729][   T26]  vpanic+0x4d0/0x848
[ 8430.555618][   T26]  vpanic+0x0/0x848
[ 8430.556452][   T26]  hung_task_panic+0x0/0x2c
[ 8430.557505][   T26]  kthread+0x4d4/0x51c
[ 8430.558487][   T26]  ret_from_fork+0x10/0x20
[ 8430.560432][   T26] Kernel Offset: disabled
[ 8430.561106][   T26] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f
[ 8430.562316][   T26] Memory Limit: none
[ 8430.564571][   T26] Rebooting in 86400 seconds..