last executing test programs:

1h31m22.612825775s ago: executing program 1 (id=139):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0xea12157bff932e6})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x2})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)

1h31m17.642095084s ago: executing program 1 (id=140):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_fw={0x6030000000140000, &(0x7f0000000040)=0x10000})
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013802d, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1h31m16.001236386s ago: executing program 0 (id=141):
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0)
r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x2000006, 0x13, r1, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

1h31m10.16399815s ago: executing program 0 (id=142):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f00000001c0), 0x200000, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x240000, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000180)={0x800, 0x4, 0x8, r4, 0x8})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x4, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x9, 0xee9, &(0x7f0000000240)=0x7})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r2, 0x4068aea3, &(0x7f0000000040)={0xe4, 0x0, 0x1000})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000a89000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0xdddd0000, 0x2000, &(0x7f000000a000/0x2000)=nil})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r2, 0x4068aea3, &(0x7f0000000100)={0xe4, 0x0, 0x80})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x24)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = mmap$KVM_VCPU(&(0x7f0000e77000/0x1000)=nil, 0x0, 0x2000000, 0x12, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0)
r9 = eventfd2(0x80000000, 0x80000)
close(r9)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r9, &(0x7f0000000000)=0xffffffffffffca16, 0xffffffffffffff3b)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)

1h31m8.901127108s ago: executing program 1 (id=143):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000000)={0x1, 0x10})
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x27)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
r3 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x10000})
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xf)
ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, &(0x7f0000000100)={0x10201, 0x0, &(0x7f0000ffb000/0x4000)=nil})
close(r4)
ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f0000000140)=0x9)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000180)={0xe4, 0x0, 0x5})
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x80)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xc)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r6, 0x4010ae74, &(0x7f0000000200)={0x5, 0x0, 0x40})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000240)={0x9, 0x25000, 0x6, r3, 0x5})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r5, 0x4008ae73, &(0x7f0000000280)={0x40, 0x8})
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000002c0)={0x76002, 0x30000, 0x169, 0x0, 0x5f923874})
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xd)
ioctl$KVM_CHECK_EXTENSION_VM(r7, 0xae03, 0xb)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000300)={0xfff, 0x8001})
ioctl$KVM_RESET_DIRTY_RINGS(r7, 0xaec7)
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000340)={0x1, [0x6]})
close(r6)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x111180, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000003c0)={0x2, 0xffffffffffffffff, 0x1})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000400)=@arm64)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r6, 0x4010aeb5, &(0x7f0000000440)={0x8, 0x7e})

1h31m3.200449383s ago: executing program 1 (id=144):
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

1h31m1.344574459s ago: executing program 0 (id=145):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x1, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000040)=0x9a0d})
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0x0, 0x4}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x180)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1h30m56.854407618s ago: executing program 1 (id=146):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000080)=[@eret={0xe6, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x101, 0x9}}, @irq_setup={0x46, 0x18, {0x0, 0x342}}, @mrs={0xbe, 0x18, {0x6030000000138047}}, @irq_setup={0x46, 0x18, {0x2, 0x2b9}}, @svc={0x122, 0x40, {0x8000, [0x7fffffff, 0xb, 0xc, 0x7]}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x3fc}}], 0xf8}, &(0x7f00000001c0)=[@featur2={0x1, 0x4}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x100010, r2, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
r3 = mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000040)=0xe7})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000280)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000240)=0x9f})
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
syz_memcpy_off$KVM_EXIT_MMIO(r3, 0x20, &(0x7f0000000200)="7138efbe1891f79e18525660258a095c585272d5ae5cc2b6", 0x0, 0x18)
r8 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
eventfd2(0x6, 0x80801)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0)
r10 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000040)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

1h30m52.368985738s ago: executing program 0 (id=147):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x80000b, 0x20010, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000680)=[@its_setup={0x82, 0x28, {0x3, 0x0, 0x16f}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x8, 0x8, 0x100}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x29f}}], 0x50}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil)

1h30m44.501628587s ago: executing program 0 (id=148):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = eventfd2(0xffff10c0, 0x801)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8086000, 0x0, r3})
r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r11 = syz_kvm_vgic_v3_setup(r9, 0x3, 0xa0)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x5, 0x173fc715, 0xffffffffffffffff})
write$eventfd(r7, &(0x7f0000000000), 0xfffffdef)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r13, 0x541b, 0x2004001f)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000000)=0x4})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1h30m39.32502643s ago: executing program 1 (id=149):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x82000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f00000001c0), 0x400, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x200200, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x240000, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xc0189436, 0x172)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000002c0)={0xef000000, 0x1000, 0x2}})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
openat$kvm(0x0, &(0x7f0000000340), 0x840, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000180)={0x5c, 0xeeee0000, 0x8, 0xffffffffffffffff, 0x8})
r6 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x4, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x9, 0xee9, &(0x7f0000000240)=0x7})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r4, 0x4068aea3, &(0x7f0000000380)={0xe4, 0x0, 0x4})
r8 = eventfd2(0x3, 0x0)
write$eventfd(r8, &(0x7f0000000400)=0xfffffffffffffffc, 0x8)
write$eventfd(r8, &(0x7f0000000480)=0x8c49, 0x8)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x34)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000b80), &(0x7f0000000280)=[@featur2={0x1, 0x51}], 0x1)

1h30m29.171101902s ago: executing program 0 (id=150):
r0 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x5)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r9, 0x4018aee2, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0})
r10 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000180)=@arm64_sys={0x603000000013d801, &(0x7f0000000000)=0x1})
r11 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000007c0)=@attr_arm64={0x0, 0x5, 0x3, &(0x7f0000000800)=0x428})
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e3d000/0x2000)=nil, r14, 0x1, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r14, 0x1000007, 0x10010, 0xffffffffffffffff, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000040)={0x5, 0x10})
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0xb, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0)

1h29m55.680254706s ago: executing program 32 (id=149):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x82000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f00000001c0), 0x400, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x200200, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x240000, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xc0189436, 0x172)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000002c0)={0xef000000, 0x1000, 0x2}})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
openat$kvm(0x0, &(0x7f0000000340), 0x840, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000180)={0x5c, 0xeeee0000, 0x8, 0xffffffffffffffff, 0x8})
r6 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x4, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x9, 0xee9, &(0x7f0000000240)=0x7})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r4, 0x4068aea3, &(0x7f0000000380)={0xe4, 0x0, 0x4})
r8 = eventfd2(0x3, 0x0)
write$eventfd(r8, &(0x7f0000000400)=0xfffffffffffffffc, 0x8)
write$eventfd(r8, &(0x7f0000000480)=0x8c49, 0x8)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x34)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000b80), &(0x7f0000000280)=[@featur2={0x1, 0x51}], 0x1)

1h29m42.001651483s ago: executing program 33 (id=150):
r0 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x5)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r9, 0x4018aee2, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0})
r10 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000180)=@arm64_sys={0x603000000013d801, &(0x7f0000000000)=0x1})
r11 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000007c0)=@attr_arm64={0x0, 0x5, 0x3, &(0x7f0000000800)=0x428})
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e3d000/0x2000)=nil, r14, 0x1, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r14, 0x1000007, 0x10010, 0xffffffffffffffff, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000040)={0x5, 0x10})
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0xb, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0)

1h20m5.821597157s ago: executing program 3 (id=180):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000e04000/0x2000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
close(r3)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r4, 0x8, 0x13, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r4, 0x1000001, 0x12, r3, 0x0)

1h19m53.489161965s ago: executing program 3 (id=181):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x183643, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r3, 0x400454d8, 0x110c23000a)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x86000001, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r8, 0x4068aea3, &(0x7f0000000140)={0xb6, 0x0, 0x4})
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r8, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81})

1h19m35.490656234s ago: executing program 3 (id=183):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000080)={0x8000, 0xfff})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x2, 0x100)
r4 = eventfd2(0x10000, 0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x3})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000a5a000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000012, [0x100000002, 0x100080001, 0x5, 0x101, 0x13]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000100)={r4, 0xb16b, 0x2, r4})
r9 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, &(0x7f00000002c0)=[@code={0xa, 0x0, {"007008d500a59dd200e0b8f2010080d2820080d2c30180d2640080d2020000d4000c00fc0080400d000008d5000080dac09996d200c0b0f2c10180d2820080d2e30180d2240080d2020000d4007008d5000008d500fa98d200a0b0f2010180d2420080d2c30180d2440180d2020000d4"}}, @code={0xa, 0x0, {"00c4200e000020ea008008d50040400c0000008a00fca00e000008d5405791d200a0b0f2610080d2c20080d2830180d2440180d2020000d420ed8dd200a0b8f2a10180d2820180d2830180d2a40180d2020000d4a0b788d200e0b8f2410180d2a20080d2830080d2240080d2020000d4"}}, @smc={0x1e, 0x0, {0x84000053, [0x4, 0x100000000, 0x3, 0x3, 0xf]}}, @smc={0x1e, 0x0, {0x800, [0x8000000000000000, 0x1, 0x6, 0x3]}}, @code={0xa, 0x0, {"002cc09a007c0053407486d200e0b8f2c10180d2020080d2030180d2a40080d2020000d4208a98d20080b8f2010080d2620080d2a30180d2c40180d2020000d4609582d20020b0f2e10180d2c20080d2830080d2640180d2020000d4000028d5007008d50020000d0000001f0024c01a"}}, @msr={0x14, 0x0, {0x603000000013c110, 0x9}}, @code={0xa, 0x0, {"0010800f0048c01a000020eb0004000f004b8dd200c0b0f2610180d2220180d2630080d2840080d2020000d40020c01a0070400c80de90d20060b0f2a10180d2e20180d2830180d2c40080d2020000d4c07c8ad200e0b0f2e10080d2e20080d2e30080d2440080d2020000d4802e92d20080b0f2810180d2820180d2230180d2e40080d2020000d4"}}, @mrs={0xbe, 0x0, {0x603000000013e091}}, @memwrite={0x6e, 0x0, @vgic_gits={0x8080000, 0x80, 0x1ff, 0x4}}, @uexit, @svc={0x122, 0x0, {0x2, [0x1, 0x5, 0x4, 0x3, 0x4]}}, @svc={0x122, 0x0, {0x3000000, [0x200, 0x1, 0x5, 0x7]}}, @irq_setup={0x46, 0x0, {0x2, 0x1d}}, @its_setup={0x82, 0x0, {0x4, 0x2, 0x235}}, @svc={0x122, 0x0, {0x1000000, [0x3, 0x2, 0x100000000, 0x8a, 0x3]}}, @code={0xa, 0x0, {"00f8a00e0070005f20a79ed200e0b0f2210080d2c20080d2630080d2640180d2020000d4000008d5007008d5007008d50014c05a007008d560bd91d20020b0f2810180d2420180d2630080d2e40080d2020000d4c0ee9bd200c0b0f2210180d2020080d2a30180d2240080d2020000d4"}}, @irq_setup={0x46, 0x0, {0x4, 0x270}}, @msr={0x14, 0x0, {0x603000000013c648, 0x3}}, @irq_setup={0x46, 0x0, {0x2, 0x16}}, @msr={0x14, 0x0, {0x603000000013800d, 0x4}}, @eret={0xe6, 0x0, 0x1}, @code={0xa, 0x0, {"a03282d20060b8f2810180d2220180d2c30180d2c40080d2020000d4000040ba002c004e00a0204e0000211e000008d5008008d5201790d20080b0f2210180d2220080d2c30080d2240080d2020000d400f497d20060b8f2c10180d2820180d2a30080d2840080d2020000d4000008d5"}}, @msr={0x14, 0x0, {0x603000000013deee, 0x1000}}, @its_send_cmd={0xaa, 0x0, {0xa, 0x0, 0x1, 0x5, 0x6, 0x3, 0x3}}, @its_setup={0x82, 0x0, {0x1, 0x4, 0x393}}, @irq_setup={0x46, 0x0, {0x3, 0x1ef}}, @mrs={0xbe, 0x0, {0x6030000000139820}}], 0x6b}, &(0x7f0000000280)=[@featur1={0x1, 0x1}], 0x1)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000b10000/0x400000)=nil)
r14 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r15, 0x8030aeb4, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}})
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x3c5)
r16 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0x84000006, [0x4, 0x1, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r16, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0x100)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

1h19m5.863818723s ago: executing program 3 (id=186):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bc2000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2f)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f00000001c0)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r2, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x2})
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, 0xfffffffffffffffe)

1h18m38.019274744s ago: executing program 3 (id=189):
ioctl$KVM_CAP_PTP_KVM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000))
r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000080)={0x3, 0x5006})
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r3 = mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, r2, 0x2, 0x40010, r0, 0x0)
write$eventfd(r0, &(0x7f00000000c0)=0x8000000000000000, 0x8)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2020c0, 0x0)
r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000740)={0x0, &(0x7f0000000140)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x380, 0x8000000000000001, 0xc}}, @smc={0x1e, 0x40, {0x8400000d, [0x8001, 0x6, 0x1000, 0xfffffffffffffffc, 0x7]}}, @smc={0x1e, 0x40, {0x84000011, [0x7f, 0x6, 0x400, 0xd29, 0x2]}}, @svc={0x122, 0x40, {0x84000002, [0x66, 0x3ff, 0x3758, 0xa82, 0xb05]}}, @smc={0x1e, 0x40, {0x3f000000, [0x5, 0x10, 0x0, 0xbf60, 0x20000]}}, @hvc={0x32, 0x40, {0xc5000020, [0x3ff, 0x6, 0x10000, 0xfffffffffffffd8c, 0x380]}}, @uexit={0x0, 0x18, 0x4}, @svc={0x122, 0x40, {0x4, [0x524a3109, 0x81, 0x8, 0x3, 0x7]}}, @hvc={0x32, 0x40, {0x8, [0x7, 0x4, 0xffffffff, 0x9, 0x4]}}, @code={0xa, 0x9c, {"0000c09be07681d20040b8f2610080d2a20080d2a30180d2840080d2020000d40020002f007008d5402e97d20000b0f2010180d2220180d2e30180d2640080d2020000d4007008d5008008d580b98ad200a0b8f2e10180d2e20080d2230180d2040180d2020000d480359bd20040b0f2810180d2e20180d2830080d2040080d2020000d4008008d5"}}, @code={0xa, 0x9c, {"603496d20020b0f2210080d2c20080d2230080d2640080d2020000d4000040c840b78ad20060b0f2a10180d2c20080d2a30080d2440180d2020000d4405485d20060b8f2c10080d2c20080d2a30180d2840180d2020000d4007008d5008008d5000000a80064202e00e0c00d404392d200e0b8f2a10080d2820080d2e30180d2040180d2020000d4"}}, @code={0xa, 0x54, {"0048284e008008d520418ad20000b0f2810180d2c20080d2e30080d2840080d2020000d40000319e007008d5000008d5007008d5000800b800000029007008d5"}}, @uexit={0x0, 0x18, 0xfffffffffffffffe}, @uexit={0x0, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x309}}, @irq_setup={0x46, 0x18, {0x4, 0xe6}}, @mrs={0xbe, 0x18, {0x603000000013c801}}, @eret={0xe6, 0x18, 0x8}, @eret={0xe6, 0x18, 0xd86f}, @uexit={0x0, 0x18, 0xfffffffffffffff9}, @eret={0xe6, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013c082, 0x89f}}, @uexit={0x0, 0x18, 0x8}, @hvc={0x32, 0x40, {0x1000000, [0xfffffffffffff2db, 0xffffffffffffffff, 0x7, 0x6, 0x8]}}, @hvc={0x32, 0x40, {0x4000, [0x5, 0xb7, 0xac3, 0x7, 0x1000]}}, @irq_setup={0x46, 0x18, {0x3, 0x240}}, @uexit={0x0, 0x18, 0x8001}, @memwrite={0x6e, 0x30, @generic={0xd000, 0x7f, 0x7e2}}, @eret={0xe6, 0x18}, @its_send_cmd={0xaa, 0x28, {0x0, 0x1, 0x4, 0xd, 0x8001, 0x9, 0x2}}], 0x5d4}, &(0x7f0000000780)=[@featur2={0x1, 0xc}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r2, 0x1, 0x8010, r4, 0x0)
r5 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f00000007c0))
ioctl$KVM_PPC_ALLOCATE_HTAB(r5, 0xc004aea7, &(0x7f0000000840)=0x7ff)
ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000000880)={0x54000, 0xeeef0000, 0x0, 0x1, 0x2})
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000008c0)={0x7})
ioctl$KVM_RESET_DIRTY_RINGS(r5, 0xaec7)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r5, 0x4068aea3, &(0x7f0000000900)={0xe4, 0x0, 0x15})
ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, &(0x7f0000000d80)={0x10002, 0x40, 0x40, &(0x7f0000000980)=[0x7, 0x1, 0x9, 0x3, 0x1da195ea, 0xff, 0x90, 0x55, 0x0, 0x3, 0x9, 0x3, 0x3000000000000000, 0xb, 0x1ff, 0x0, 0x711, 0x1, 0x9, 0x8, 0x101, 0x7, 0x1, 0x5, 0xfffffffffffffffd, 0x800000000000, 0x8, 0x7, 0x3, 0x6, 0x7, 0xfffffffffffffffe, 0x1ff, 0x2, 0xbfae27f, 0x3, 0x0, 0x7, 0x6, 0x910, 0x6, 0xfffffffffffffff7, 0x3, 0x88, 0xf92, 0x10000, 0x0, 0x10001, 0x5, 0xc, 0x2, 0x2, 0x3, 0x0, 0xf, 0xd, 0x955, 0xef, 0x7fff, 0x80000000, 0x1, 0x10001, 0x7f, 0x5, 0xf3e, 0xcea, 0x438, 0x0, 0x1, 0x800, 0x6, 0x10001, 0x6, 0x5, 0x80000001, 0x3, 0xb, 0x100000000, 0x4, 0x8, 0x8, 0x2, 0xc3d, 0x101, 0x4000000000000000, 0x4, 0xd, 0xb5dc, 0x7, 0x5, 0x9b2, 0xfffffffffffffff7, 0xe, 0x5, 0x80000001, 0x6, 0xfffffffffffffffc, 0x5, 0xfbda, 0x1, 0x134, 0xeec, 0x5, 0x8000000000000000, 0x884, 0xf201, 0x10001, 0x2, 0x5, 0xf, 0x3ff, 0x5d89, 0x1, 0x5, 0x8, 0x7fff, 0xa, 0x0, 0x3, 0xfffffffffffffff9, 0x1, 0x0, 0x2, 0xffff, 0x5, 0xb1, 0x3, 0x4]})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000dc0)="fefc79083377c892d2fa35ea27ec619e7588203614ee0dc38bd80fdc5ed295f401212d3f71642d3c2c6aca11d3407a71f61942666c5d3947eb23892f628edf2e4109aa25bc459cde", 0x0, 0x48)
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000e40))
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000ec0)=@attr_arm64={0x0, 0xb, 0x2, &(0x7f0000000e80)=0x401})
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0xff)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000f00)={0x101, 0x6})
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000f40)=@arm64)
ioctl$KVM_GET_DEVICE_ATTR_vm(r5, 0x4018aee2, &(0x7f0000000fc0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000f80)={0x8, 0x3}})
ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000001000)={0x6, 0x0, [{0x1f92, 0x4, 0x1, 0x0, @sint={0x3, 0xa}}, {0x1, 0x2, 0x0, 0x0, @irqchip={0xe, 0xad20}}, {0xfffffff7, 0x3, 0x3, 0x0, @sint={0x9, 0x9}}, {0x0, 0x1, 0x1, 0x0, @sint={0xf, 0xfffff8ff}}, {0x9, 0x5, 0x1, 0x0, @irqchip={0x10000, 0xd}}, {0x2, 0x2, 0x1, 0x0, @irqchip={0x8, 0xff}}]})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001140), 0x414a00, 0x0)
ioctl$KVM_GET_API_VERSION(r6, 0xae00, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4360ae82, &(0x7f0000001180)={[0x0, 0xffff, 0xda0, 0x8, 0x4, 0xffffffffffffffff, 0x100000001, 0x7ff, 0x8, 0x1000, 0x60f16845, 0x4, 0x8a, 0x7, 0xcebd, 0x7f7b], 0x5000, 0x101090})

1h18m25.87720132s ago: executing program 3 (id=190):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013c600, 0xfefefee0}}], 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c600, &(0x7f0000000140)})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_FINALIZE(r5, 0x4004aec2, 0x0)

1h17m37.267532081s ago: executing program 34 (id=190):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013c600, 0xfefefee0}}], 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c600, &(0x7f0000000140)})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_FINALIZE(r5, 0x4004aec2, 0x0)

27m21.080878522s ago: executing program 2 (id=520):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r6})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000180)={0x20000, 0xf000, 0x0, r6, 0x3})
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x8040aeb6, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x7fffffff, 0x2}})
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x4)
ioctl$KVM_SET_GSI_ROUTING(r9, 0x4008ae6a, &(0x7f00000001c0)={0x2, 0x0, [{0x6, 0x2, 0x1, 0x0, @sint={0x5, 0x3}}, {0x6, 0x2, 0x0, 0x0, @msi={0x100, 0x8000, 0x5a}}]})
ioctl$KVM_ARM_VCPU_FINALIZE(0xffffffffffffffff, 0x4004aec2, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000af6000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="140000ee0700000000000000"], 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c600, &(0x7f0000000140)=0x8000000})

27m0.300520009s ago: executing program 2 (id=523):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013803f, 0x9}}, @irq_setup={0x46, 0x18, {0x3, 0xd3}}, @eret={0xe6, 0x18, 0x1ff}, @hvc={0x32, 0x40, {0x8700800a, [0x3, 0xe0fb, 0x8, 0x0, 0x9]}}, @eret={0xe6, 0x18, 0x7fffffffffffffff}, @smc={0x1e, 0x40, {0x8400004e, [0x6, 0x7, 0x800, 0x4, 0x6]}}, @msr={0x14, 0x20, {0x603000000013e669, 0x776}}], 0x108}, &(0x7f0000000140)=[@featur2={0x1, 0x92}], 0x1)
ioctl$KVM_ARM_PREFERRED_TARGET(r0, 0x8020aeaf, &(0x7f0000000300))
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f00000000c0)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000180)=0x2})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xc020660b, 0xe1)

26m48.781594563s ago: executing program 2 (id=524):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0x8000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r5 = openat$kvm(0x0, &(0x7f0000000280), 0x101820, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xe4)
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x401c5820, &(0x7f0000000100)=@attr_other={0x0, 0xc5b, 0x1000000000000000, &(0x7f0000000140)=0x8})
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r14})

26m29.479950399s ago: executing program 4 (id=526):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000100)="fb0149dd033be3ac2cc4a2fbff67521ce1070000009a7a835673312b54ebb2aa76c869d22627e7002000", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
r4 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r7 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r7, 0x3}) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0xf0780000002e2172, 0x0}) (async)
ioctl$KVM_CREATE_VM(r4, 0x401c5820, 0x20000001)

26m20.930270449s ago: executing program 2 (id=527):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ec2000/0x3000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x52)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x408400, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3c)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x2, 0x100)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000000)={0x2, 0x0, &(0x7f0000f21000/0x3000)=nil})

26m16.299565657s ago: executing program 4 (id=528):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bc2000/0x400000)=nil)
r1 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) (async)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fee000/0x2000)=nil, 0x0, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async)
ioctl$KVM_RUN(r1, 0xae80, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
r6 = eventfd2(0x0, 0x0)
close(r6) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async)
write$eventfd(r6, &(0x7f0000000180)=0x5, 0xfffffde3)

26m10.617796649s ago: executing program 2 (id=529):
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x800454e1, 0x36)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x1, 0x6000, 0x9fff, 0xffffffffffffffff, 0x8})

26m5.480070328s ago: executing program 4 (id=530):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x0, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x7, 0x10005, 0x0})
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000d5a000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f3d000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
r3 = eventfd2(0xfffffff8, 0x80001)
write$eventfd(r3, &(0x7f0000000200)=0x8, 0x8)
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bdb000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000180), 0xe0041, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000080)=[@hvc={0x32, 0x40, {0x84000051, [0x846b, 0x2, 0xa, 0x1, 0x7]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0xc84, 0x5000, 0x1, r3, 0x9})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
munmap(&(0x7f0000c07000/0x4000)=nil, 0x4000)

25m57.479131864s ago: executing program 2 (id=531):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xd)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r3, 0x4010aeab, &(0x7f0000000000)={0x7fffffff, 0x8000001})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a5a000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
r10 = mmap$KVM_VCPU(&(0x7f0000011000/0x11000)=nil, r9, 0x3000004, 0x110, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x774d1209, &(0x7f0000000100)=0x3})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000540)=@attr_other={0x0, 0x8, 0x80, &(0x7f0000000500)=0x5})
r14 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, <r15=>0xffffffffffffffff, 0x1})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r16 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x34)
r17 = ioctl$KVM_CREATE_VCPU(r16, 0xae41, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r17, 0x4018aee3, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xb})
ioctl$KVM_CREATE_VM(r15, 0x400454d8, 0x10000000000000)

25m50.346924347s ago: executing program 4 (id=532):
munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000ffe000/0x1000)=nil})
munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000003c0)={0x0, &(0x7f0000000040)=[@hvc={0x32, 0x40, {0x0, [0x4, 0x9, 0x7fffffffffffffff, 0xa, 0x3]}}, @memwrite={0x6e, 0x30, @generic={0x40000, 0x9cf, 0x0, 0x8}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x2fc}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x29a}}, @eret={0xe6, 0x18, 0x7ff}, @mrs={0xbe, 0x18, {0x603000000013c800}}, @mrs={0xbe, 0x18}, @hvc={0x32, 0x40, {0x9191bb0c2b161b64, [0xfffffffffffffc00, 0x8, 0x7, 0xffffffffffffa8c5, 0x8]}}, @smc={0x1e, 0x40, {0xc4000014, [0x3, 0x55b, 0x9, 0x9, 0x8000000000000001]}}, @hvc={0x32, 0x40, {0xc400000d, [0x1, 0x5, 0x46, 0x7, 0xe]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x1, 0x0, 0x7fffffff, 0x81, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1200, 0x6000000000000, 0x2}}, @irq_setup={0x46, 0x18, {0x3, 0x2e9}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x2f1}}, @irq_setup={0x46, 0x18, {0x3, 0x2fd}}, @memwrite={0x6e, 0x30, @generic={0x9000, 0xa43, 0x9, 0xb}}, @hvc={0x32, 0x40, {0x5b07333483341ee6, [0x48, 0xfffffffffffffffc, 0x7fffffff, 0x2, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013dea0}}, @uexit={0x0, 0x18, 0xfffffffffffffffc}, @uexit={0x0, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013c112, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013c016, 0x8}}], 0x370}, &(0x7f0000000400)=[@featur1={0x1, 0x30}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r0, 0x3000000, 0x40010, r1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x10000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x16)
ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000480)={0xb6, 0x0, 0x64c7})
ioctl$KVM_SET_USER_MEMORY_REGION2(r3, 0x40a0ae49, &(0x7f0000000500)={0x1, 0x6, 0x6000, 0x1000, &(0x7f0000fff000/0x1000)=nil, 0x200})
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f00000005c0)={0x10003, 0x0, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000600)=@arm64={0x0, 0x1, 0x5a, '\x00', 0x8})
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r0, 0x0, 0x10, r1, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x1)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r3, 0x4068aea3, &(0x7f0000000640))
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f00000006c0))
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000740)=@x86={0x9, 0x5, 0x7, 0x0, 0x9, 0x5, 0x5, 0xfb, 0x8, 0x92, 0x5, 0x4, 0x0, 0x6, 0x5, 0x4, 0x3, 0x3, 0x2, '\x00', 0xff, 0x10})
ioctl$KVM_PPC_ALLOCATE_HTAB(r3, 0xc004aea7, &(0x7f0000000780)=0x10000)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x40)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f00000007c0)={0x58000})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000800)={0x10201, 0x0, 0xa000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000840)={0x1000, 0x105000, 0x1})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f0000000880)={0xb5, 0xfec00000})
ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f00000008c0)=0xfffffeff)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000900)={0x10003, 0x0, &(0x7f0000ffc000/0x4000)=nil})
ioctl$KVM_CAP_HALT_POLL(r5, 0x4068aea3, &(0x7f0000000940)={0xb6, 0x0, 0x4})

25m40.287200051s ago: executing program 4 (id=533):
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000400)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80, [0x1, 0xf, 0x7fffffffffffffff, 0x80000000, 0xb]}}, @hvc={0x32, 0x40, {0xc4000003, [0xffff, 0x8, 0x7, 0x3, 0x7]}}, @eret={0xe6, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x603000000013ff12}}, @uexit={0x0, 0x18, 0x1}, @hvc={0x32, 0x40, {0x603f52151470d51d, [0x0, 0x3, 0x3, 0x8, 0xfffffffffffff452]}}, @hvc={0x32, 0x40, {0x6ef16a42f65d462a, [0x4, 0x8bb, 0x5, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @hvc={0x32, 0x40, {0x84000007, [0x4, 0x660, 0x4, 0x8000000000000001, 0x7ab5]}}, @hvc={0x32, 0x40, {0x200, [0xfffffffffffffffb, 0x7f, 0x4d98, 0xfffffffffffffff7, 0xb84]}}, @code={0xa, 0x6c, {"005c202e000028d5e0df9cd20060b8f2e10080d2620080d2230080d2e40180d2020000d4007008d560c49ed20020b0f2810180d2c20180d2e30180d2440180d2020000d4000040ace003006b00800008007008d50018000e"}}, @mrs={0xbe, 0x18, {0x603000000013c230}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x4, 0x6, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x0, 0x10, 0x0, 0xffffffff}}, @hvc={0x32, 0x40, {0x8400000f, [0x6, 0x5, 0x4, 0x8d12, 0xf92]}}, @smc={0x1e, 0x40, {0x8400000b, [0xa, 0xfffffffffffffff9, 0x4, 0x8001, 0x800000000]}}, @smc={0x1e, 0x40, {0x6000000, [0x5, 0x3, 0x7, 0x1, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x5, 0x93, 0xe68, 0x4}}, @code={0xa, 0x6c, {"007008d5007008d5c0398ed20040b0f2410080d2a20180d2e30180d2640180d2020000d4a0a996d20080b8f2010180d2820080d2630080d2040180d2020000d4000028d5000880b8007008d5007008d5000008d5000020ca"}}], 0x3f8}, &(0x7f0000000440)=[@featur1={0x1, 0x18}], 0x1) (async)
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000400)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80, [0x1, 0xf, 0x7fffffffffffffff, 0x80000000, 0xb]}}, @hvc={0x32, 0x40, {0xc4000003, [0xffff, 0x8, 0x7, 0x3, 0x7]}}, @eret={0xe6, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x603000000013ff12}}, @uexit={0x0, 0x18, 0x1}, @hvc={0x32, 0x40, {0x603f52151470d51d, [0x0, 0x3, 0x3, 0x8, 0xfffffffffffff452]}}, @hvc={0x32, 0x40, {0x6ef16a42f65d462a, [0x4, 0x8bb, 0x5, 0xfffffffffffffff7, 0xfffffffffffffffa]}}, @hvc={0x32, 0x40, {0x84000007, [0x4, 0x660, 0x4, 0x8000000000000001, 0x7ab5]}}, @hvc={0x32, 0x40, {0x200, [0xfffffffffffffffb, 0x7f, 0x4d98, 0xfffffffffffffff7, 0xb84]}}, @code={0xa, 0x6c, {"005c202e000028d5e0df9cd20060b8f2e10080d2620080d2230080d2e40180d2020000d4007008d560c49ed20020b0f2810180d2c20180d2e30180d2440180d2020000d4000040ace003006b00800008007008d50018000e"}}, @mrs={0xbe, 0x18, {0x603000000013c230}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x4, 0x6, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x0, 0x10, 0x0, 0xffffffff}}, @hvc={0x32, 0x40, {0x8400000f, [0x6, 0x5, 0x4, 0x8d12, 0xf92]}}, @smc={0x1e, 0x40, {0x8400000b, [0xa, 0xfffffffffffffff9, 0x4, 0x8001, 0x800000000]}}, @smc={0x1e, 0x40, {0x6000000, [0x5, 0x3, 0x7, 0x1, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x5, 0x93, 0xe68, 0x4}}, @code={0xa, 0x6c, {"007008d5007008d5c0398ed20040b0f2410080d2a20180d2e30180d2640180d2020000d4a0a996d20080b8f2010180d2820080d2630080d2040180d2020000d4000028d5000880b8007008d5007008d5000008d5000020ca"}}], 0x3f8}, &(0x7f0000000440)=[@featur1={0x1, 0x18}], 0x1)
ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f00000004c0)=@other={0x4, &(0x7f0000000480)=0x2})
ioctl$KVM_PRE_FAULT_MEMORY(r0, 0xc040aed5, &(0x7f0000000500)={0xeefcc001, 0x110000})
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, r1, 0x1000002, 0x110, r0, 0x0) (async)
r2 = mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, r1, 0x1000002, 0x110, r0, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000540)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x7b}}, @hvc={0x32, 0x40, {0x10, [0x100, 0x5, 0xf, 0xd3, 0x7]}}], 0x68}, &(0x7f0000000600)=[@featur2={0x1, 0x16}], 0x1) (async)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000540)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x7b}}, @hvc={0x32, 0x40, {0x10, [0x100, 0x5, 0xf, 0xd3, 0x7]}}], 0x68}, &(0x7f0000000600)=[@featur2={0x1, 0x16}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r1, 0x5, 0x12, r3, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(0xffffffffffffffff, 0x4010aeb5, &(0x7f0000000640)={0x80000000, 0x7734}) (async)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(0xffffffffffffffff, 0x4010aeb5, &(0x7f0000000640)={0x80000000, 0x7734})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r1, 0x0, 0x8010, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0xa0002, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x38) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x38)
syz_memcpy_off$KVM_EXIT_MMIO(r2, 0x20, &(0x7f00000006c0)="ba445290661949acba9baa521f52b2984a505fdef6de3165", 0x0, 0x18)
close(r0)
ioctl$KVM_SET_REGS(r3, 0x4360ae82, &(0x7f0000000700)={[0x5, 0x3, 0x1, 0x100000000, 0x5, 0x7, 0x5, 0x0, 0x6, 0x8, 0x684d, 0x7, 0xa7e, 0x5, 0x40, 0xe], 0x9000, 0x10})
r6 = eventfd2(0x81, 0x1)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000007c0)={0x100000001, 0xeeee0000, 0x2, r6, 0x3})
ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f0000000800)={[0x0, 0x8, 0x5, 0xa2, 0x6, 0x6, 0x1, 0x3ff, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x13d, 0xc661], 0x0, 0x92281}) (async)
ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f0000000800)={[0x0, 0x8, 0x5, 0xa2, 0x6, 0x6, 0x1, 0x3ff, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x13d, 0xc661], 0x0, 0x92281})
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1c) (async)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1c)
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f0000000900)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000008c0)={0x4, 0x9}}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f0000000900)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000008c0)={0x4, 0x9}})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r5, 0x4068aea3, &(0x7f0000000940)={0xa8, 0x0, 0x3}) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r5, 0x4068aea3, &(0x7f0000000940)={0xa8, 0x0, 0x3})
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f00000009c0)={0x5, 0x1})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000a00)={0x3, <r8=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r8, 0x4018aee3, &(0x7f0000000a80)=@attr_other={0x0, 0x666, 0x54c259cb, &(0x7f0000000a40)=0x8})
close(r0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x88000, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000b00)={0x3, 0x8b})

25m29.379132448s ago: executing program 4 (id=534):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f00000000c0)={0x3, 0x80, 0x80, &(0x7f00000006c0)=[0x200, 0x1, 0x101, 0x2, 0x7, 0x973ba68, 0x8000000000000001, 0x7ff, 0x7, 0x2, 0xca5, 0x8, 0x100000000, 0x4, 0xb64, 0x161f, 0x400, 0x0, 0x3, 0x0, 0x9f6, 0x0, 0x9, 0x7ff, 0x0, 0x4dfe, 0x3ff00000000000, 0xad0a, 0x9, 0x9, 0x3, 0x5, 0xa6, 0x9, 0x80, 0x0, 0x7, 0xd, 0x9, 0x0, 0x2000000000, 0x7, 0xd, 0x1, 0x6, 0x2, 0x87a, 0x0, 0x1ff, 0x9, 0x2, 0x450, 0x77c, 0x6, 0x3, 0x2, 0x3d6, 0x400, 0x3b69, 0x7fffffff, 0x8, 0x3, 0x8, 0x100, 0x6, 0x6, 0x2, 0x4793a07a, 0x1, 0x2, 0x9, 0x7f, 0x56d2, 0x7, 0x3, 0xfff, 0x5, 0x1, 0xfff, 0x3, 0x5, 0x88d, 0x3, 0x30, 0xc, 0x100000000, 0x1, 0x5, 0x400, 0x8, 0x5874, 0xfffffffffffffffd, 0x5, 0x3, 0x2, 0xaa, 0x5, 0xa72, 0x101, 0x47a, 0x7d76, 0x5, 0x100, 0x6, 0x9, 0x4, 0x1, 0xff, 0xbca, 0x82cf, 0xffffffffffffffff, 0x7fffffff, 0x3, 0x2, 0x6, 0x5, 0xcada, 0x6, 0x2, 0x90, 0x800, 0x100, 0xb32f, 0x93, 0x0, 0x4, 0x28, 0x1]}) (async)
munmap(&(0x7f0000fdf000/0x2000)=nil, 0x2000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000001c0)={0x1, 0x1, 0xeeee8000, 0x2000, &(0x7f0000f96000/0x2000)=nil}) (async)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) (async)
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xe)
ioctl$KVM_GET_DEVICE_ATTR_vm(r7, 0x4018aee2, &(0x7f0000000ac0)=@attr_other={0x0, 0x1, 0x4f, &(0x7f0000000100)=0x6})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000200)={0x4, 0xffda, 0x2}}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000001, 0x12, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r8, 0x6000006, 0x13, r6, 0x0) (async)
r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@code={0xa, 0xcc, {"007008d51f0000eb80a883d20060b8f2810180d2a20080d2030180d2a40080d2020000d4c0698cd20080b8f2c10180d2e20180d2230180d2840080d2020000d480999fd200c0b8f2c10080d2c20180d2430180d2040080d2020000d460768dd20060b0f2e10080d2e20080d2e30080d2040180d2020000d4000028d50068000e00f298d200c0b8f2410180d2620180d2630080d2640080d2020000d400d892d20060b0f2010180d2220080d2a30180d2640080d2020000d4"}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3d6}}, @smc={0x1e, 0x40, {0x8, [0x1200000000000, 0x4, 0x0, 0x4, 0x8]}}, @uexit={0x0, 0x18, 0xa}, @uexit={0x0, 0x18, 0xffffffff}, @irq_setup={0x46, 0x18, {0x3, 0x22b}}, @msr={0x14, 0x20, {0x603000000013def4, 0x8}}, @hvc={0x32, 0x40, {0x84000001, [0x9, 0x2, 0x6, 0x6]}}, @eret={0xe6, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0xa, 0x3, 0x80000000, 0x4}}, @mrs={0xbe, 0x18, {0x6030000000130203}}, @smc={0x1e, 0x40, {0xc4000010, [0x6, 0x8, 0x4, 0x8]}}, @svc={0x122, 0x40, {0x1, [0xb, 0x8, 0x8, 0x5]}}, @code={0xa, 0xb4, {"0028000e0080401f008008d5e0b984d20040b8f2610080d2a20080d2630180d2040080d2020000d4a09f85d200c0b0f2610080d2620080d2430080d2240180d2020000d440e58cd20020b8f2810080d2820080d2830080d2040080d2020000d4e0c097d20020b0f2a10180d2420180d2230080d2a40180d2020000d4202a8ed20080b8f2a10080d2220080d2e30180d2440180d2020000d4000820bc0050200e"}}, @code={0xa, 0x54, {"008008d5007008d5002c000e007008d5007008d50058602e007008d500e4005f00a8200ec02a87d200a0b8f2410080d2e20080d2430080d2240080d2020000d4"}}, @uexit={0x0, 0x18, 0x5}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x21e}}, @msr={0x14, 0x20, {0x603000000013dea1, 0x7fffffff}}, @eret={0xe6, 0x18, 0x9}, @eret={0xe6, 0x18}], 0x44c}, &(0x7f0000000080)=[@featur1={0x1, 0x10}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, r9, 0x0) (async)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
r12 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r11, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r11, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0xc4180, 0x0)

25m9.597443477s ago: executing program 35 (id=531):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xd)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r3, 0x4010aeab, &(0x7f0000000000)={0x7fffffff, 0x8000001})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a5a000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
r10 = mmap$KVM_VCPU(&(0x7f0000011000/0x11000)=nil, r9, 0x3000004, 0x110, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x774d1209, &(0x7f0000000100)=0x3})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000540)=@attr_other={0x0, 0x8, 0x80, &(0x7f0000000500)=0x5})
r14 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, <r15=>0xffffffffffffffff, 0x1})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r16 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x34)
r17 = ioctl$KVM_CREATE_VCPU(r16, 0xae41, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r17, 0x4018aee3, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xb})
ioctl$KVM_CREATE_VM(r15, 0x400454d8, 0x10000000000000)

24m40.344913414s ago: executing program 36 (id=534):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f00000000c0)={0x3, 0x80, 0x80, &(0x7f00000006c0)=[0x200, 0x1, 0x101, 0x2, 0x7, 0x973ba68, 0x8000000000000001, 0x7ff, 0x7, 0x2, 0xca5, 0x8, 0x100000000, 0x4, 0xb64, 0x161f, 0x400, 0x0, 0x3, 0x0, 0x9f6, 0x0, 0x9, 0x7ff, 0x0, 0x4dfe, 0x3ff00000000000, 0xad0a, 0x9, 0x9, 0x3, 0x5, 0xa6, 0x9, 0x80, 0x0, 0x7, 0xd, 0x9, 0x0, 0x2000000000, 0x7, 0xd, 0x1, 0x6, 0x2, 0x87a, 0x0, 0x1ff, 0x9, 0x2, 0x450, 0x77c, 0x6, 0x3, 0x2, 0x3d6, 0x400, 0x3b69, 0x7fffffff, 0x8, 0x3, 0x8, 0x100, 0x6, 0x6, 0x2, 0x4793a07a, 0x1, 0x2, 0x9, 0x7f, 0x56d2, 0x7, 0x3, 0xfff, 0x5, 0x1, 0xfff, 0x3, 0x5, 0x88d, 0x3, 0x30, 0xc, 0x100000000, 0x1, 0x5, 0x400, 0x8, 0x5874, 0xfffffffffffffffd, 0x5, 0x3, 0x2, 0xaa, 0x5, 0xa72, 0x101, 0x47a, 0x7d76, 0x5, 0x100, 0x6, 0x9, 0x4, 0x1, 0xff, 0xbca, 0x82cf, 0xffffffffffffffff, 0x7fffffff, 0x3, 0x2, 0x6, 0x5, 0xcada, 0x6, 0x2, 0x90, 0x800, 0x100, 0xb32f, 0x93, 0x0, 0x4, 0x28, 0x1]}) (async)
munmap(&(0x7f0000fdf000/0x2000)=nil, 0x2000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000001c0)={0x1, 0x1, 0xeeee8000, 0x2000, &(0x7f0000f96000/0x2000)=nil}) (async)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) (async)
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xe)
ioctl$KVM_GET_DEVICE_ATTR_vm(r7, 0x4018aee2, &(0x7f0000000ac0)=@attr_other={0x0, 0x1, 0x4f, &(0x7f0000000100)=0x6})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000200)={0x4, 0xffda, 0x2}}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000001, 0x12, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r8, 0x6000006, 0x13, r6, 0x0) (async)
r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@code={0xa, 0xcc, {"007008d51f0000eb80a883d20060b8f2810180d2a20080d2030180d2a40080d2020000d4c0698cd20080b8f2c10180d2e20180d2230180d2840080d2020000d480999fd200c0b8f2c10080d2c20180d2430180d2040080d2020000d460768dd20060b0f2e10080d2e20080d2e30080d2040180d2020000d4000028d50068000e00f298d200c0b8f2410180d2620180d2630080d2640080d2020000d400d892d20060b0f2010180d2220080d2a30180d2640080d2020000d4"}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3d6}}, @smc={0x1e, 0x40, {0x8, [0x1200000000000, 0x4, 0x0, 0x4, 0x8]}}, @uexit={0x0, 0x18, 0xa}, @uexit={0x0, 0x18, 0xffffffff}, @irq_setup={0x46, 0x18, {0x3, 0x22b}}, @msr={0x14, 0x20, {0x603000000013def4, 0x8}}, @hvc={0x32, 0x40, {0x84000001, [0x9, 0x2, 0x6, 0x6]}}, @eret={0xe6, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0xa, 0x3, 0x80000000, 0x4}}, @mrs={0xbe, 0x18, {0x6030000000130203}}, @smc={0x1e, 0x40, {0xc4000010, [0x6, 0x8, 0x4, 0x8]}}, @svc={0x122, 0x40, {0x1, [0xb, 0x8, 0x8, 0x5]}}, @code={0xa, 0xb4, {"0028000e0080401f008008d5e0b984d20040b8f2610080d2a20080d2630180d2040080d2020000d4a09f85d200c0b0f2610080d2620080d2430080d2240180d2020000d440e58cd20020b8f2810080d2820080d2830080d2040080d2020000d4e0c097d20020b0f2a10180d2420180d2230080d2a40180d2020000d4202a8ed20080b8f2a10080d2220080d2e30180d2440180d2020000d4000820bc0050200e"}}, @code={0xa, 0x54, {"008008d5007008d5002c000e007008d5007008d50058602e007008d500e4005f00a8200ec02a87d200a0b8f2410080d2e20080d2430080d2240080d2020000d4"}}, @uexit={0x0, 0x18, 0x5}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x21e}}, @msr={0x14, 0x20, {0x603000000013dea1, 0x7fffffff}}, @eret={0xe6, 0x18, 0x9}, @eret={0xe6, 0x18}], 0x44c}, &(0x7f0000000080)=[@featur1={0x1, 0x10}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, r9, 0x0) (async)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
r12 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r11, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r11, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0xc4180, 0x0)

13m57.632204967s ago: executing program 5 (id=547):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r6, 0x3, 0x40b2811, r5, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, r6, 0xf, 0x40010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x100)
r9 = ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r9, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r11, 0x3000003, 0x2011, r9, 0x0)

13m33.503828059s ago: executing program 5 (id=549):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x801c581f, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x3, 0xeeee0000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bc2000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x8080000, 0x8, 0x8, 0xc, 0xe6, 0x40, 0x9, 0x0, 0x81, 0x80}, {0x5000, 0x3000, 0x3, 0x0, 0x42, 0x5, 0x7d, 0x6, 0x36, 0x0, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0x7, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x3, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x16, 0x88, 0xab, 0x8, 0x9, 0x9, 0xf7, 0x97}, {0xdddd1000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0xc000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0x7000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0xfec00000, [0x6800000000000000, 0x4, 0x3, 0x8]})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)

13m28.83969912s ago: executing program 6 (id=550):
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000006c0)=[@hvc={0x32, 0x40, {0xc5000021, [0xfffffffffffffde5, 0x3ff, 0x1, 0x7, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_GET_REGS(r3, 0x8360ae81, &(0x7f0000000080))
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100014, &(0x7f0000000000)=0x8})
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

13m11.490133147s ago: executing program 6 (id=551):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013df7f, 0x8000}}], 0x20}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r7, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000100)={0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x84000050, [0x9, 0xb4, 0x100, 0x6, 0x88]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r12 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0xaa)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

13m2.750861383s ago: executing program 5 (id=552):
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x6000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3b)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0x801c581f, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2e)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000ae8000/0x400000)=nil, &(0x7f0000000180)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x35)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100036, 0x0})
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000f2b000/0x2000)=nil, 0x930, 0x600000c, 0x4010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x10, r4, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x7, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000280)=0x400000080a0000})
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x5, 0x2, 0xfec00000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bc2000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000540)={0x0, 0x0}, &(0x7f00000000c0)=[@featur1={0x1, 0x10}], 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

12m47.24759031s ago: executing program 6 (id=553):
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_PREFERRED_TARGET(0xffffffffffffffff, 0x8020aeaf, &(0x7f0000000000))
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_ARM_PREFERRED_TARGET(0xffffffffffffffff, 0x8020aeaf, &(0x7f0000000000)) (async)

12m34.899896964s ago: executing program 6 (id=554):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000000), 0x153f01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x4)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x2, 0x100)
close(r2)
r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r8, 0x2, 0x12, r7, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
r11 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r8, 0x3000001, 0x80010, r11, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0)
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r12, 0x1, 0x100)

12m33.570163981s ago: executing program 5 (id=555):
r0 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r3, 0xa00000001, 0x320)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000000)={0x4})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = eventfd2(0xffff, 0x80001)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x46, 0x58000, 0x4, r5, 0xa})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000000)=0xf4020000})

12m11.13961592s ago: executing program 6 (id=556):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x800454e0, 0x110c230000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0x0, 0x63)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000240)={0x0, 0x5ded})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_VM(r2, 0x800454e0, 0x110c230000) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0x0, 0x63) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000240)={0x0, 0x5ded}) (async)

12m8.149451095s ago: executing program 5 (id=557):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000000)={0x6553, 0x101})
ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, &(0x7f0000000040)={0x2, 0x2})
syz_kvm_vgic_v3_setup(r0, 0x1, 0x100)
r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bfe000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000080)={0x6, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x8001, 0x4, &(0x7f00000000c0)=0xbf})
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000140)={0x1ff, 0xb1})
ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f0000000180)={0xb6, 0x0, 0x4})
r3 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
ioctl$KVM_SIGNAL_MSI(r0, 0x4020aea5, &(0x7f0000000200)={0x100000, 0x5e004, 0x6, 0x0, 0x9})
ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000240)={0x3, 0x39, 0x1}})
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x181000, 0x0)
syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000740)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xe00, 0x9, 0xe}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0x7e5, 0x5, 0xdd513ed6b3f4415e}}, @irq_setup={0x46, 0x18, {0x4, 0x255}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x100, 0x80000000, 0x8}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x2ca}}, @smc={0x1e, 0x40, {0x80, [0x9, 0xaa, 0x101, 0xe, 0x51b92e3a]}}, @svc={0x122, 0x40, {0x84000007, [0x3, 0x1, 0x22, 0x4, 0x7]}}, @smc={0x1e, 0x40, {0x1000000, [0x9, 0x6, 0x200, 0x10000, 0x902]}}, @svc={0x122, 0x40, {0xc4000053, [0x5, 0x4, 0x8, 0x400, 0x3]}}, @svc={0x122, 0x40, {0x8000, [0x4, 0x5, 0xf90, 0xffffffffffffffff, 0x9]}}, @hvc={0x32, 0x40, {0xffff, [0x1, 0x8, 0x7, 0x800, 0xffff]}}, @eret={0xe6, 0x18, 0xffff}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x0, 0xfffffff7, 0x4, 0x5, 0x2}}, @svc={0x122, 0x40, {0x80008000, [0x7, 0xfffffffffffffff8, 0x9, 0x9, 0x8000]}}, @irq_setup={0x46, 0x18, {0x2, 0x86}}, @its_send_cmd={0xaa, 0x28, {0x2, 0x0, 0x1, 0x5, 0x5, 0x6, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x1, 0x9, 0x2, 0x91, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e664}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffd0, 0x147c, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0xd, 0x7, 0x8, 0x2}}, @uexit={0x0, 0x18, 0xfffffffffffffffd}, @eret={0xe6, 0x18}, @smc={0x1e, 0x40, {0x84000010, [0x0, 0x2, 0x5, 0x6, 0x2fd714d7]}}], 0x418}, &(0x7f0000000780)=[@featur2={0x1, 0x68}], 0x1)
mmap$KVM_VCPU(&(0x7f0000d8c000/0x4000)=nil, 0x0, 0x1000000, 0x100010, r3, 0x0)
ioctl$KVM_GET_SREGS(r3, 0x8000ae83, &(0x7f00000007c0))
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f0000000900)={0xb6, 0x0, 0x1})
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000c80)={0x0, &(0x7f0000000980)=[@eret={0xe6, 0x18, 0xfffffffffffffff8}, @uexit={0x0, 0x18, 0x60af4115}, @code={0xa, 0x9c, {"805197d20040b8f2610080d2e20180d2c30080d2e40080d2020000d4000080b8000040d3007008d500eca07e404a9fd200c0b8f2210080d2620080d2630080d2840080d2020000d4000060880000002f208a87d20080b8f2210080d2420180d2830180d2440080d2020000d4002a8cd20000b0f2e10080d2a20080d2230080d2640080d2020000d4"}}, @code={0xa, 0xb4, {"0014005fe0a889d20020b8f2a10080d2a20180d2430080d2640080d2020000d4e01088d20020b0f2e10180d2220080d2230080d2a40080d2020000d4007008d520158bd200a0b8f2a10180d2820080d2030180d2240080d2020000d4007008d5008008d5000028d5609a86d20080b0f2010080d2c20180d2430080d2e40080d2020000d4408e89d200a0b0f2010180d2420180d2430080d2640180d2020000d4"}}, @svc={0x122, 0x40, {0x84000001, [0x9, 0xffffffff80000000, 0x7c4, 0x852, 0x80000000]}}, @code={0xa, 0x9c, {"a0dd9ed200c0b0f2a10180d2420180d2030080d2c40080d2020000d40098212ea0b582d200c0b0f2210080d2220080d2c30180d2e40180d2020000d4209181d20040b8f2610180d2420180d2c30180d2240180d2020000d4000400fca07c89d20020b0f2410180d2e20180d2e30180d2840080d2020000d400000011007008d50000003700f4a00e"}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x9, 0xb, 0x101, 0x3}}, @hvc={0x32, 0x40, {0x30000000, [0x3, 0x9, 0x2, 0x2, 0x7f89d7b4]}}, @mrs={0xbe, 0x18, {0x6030000000138046}}], 0x2dc}, &(0x7f0000000cc0)=[@featur1={0x1, 0x40}], 0x1)
syz_kvm_setup_cpu$arm64(r0, r5, &(0x7f0000a25000/0x400000)=nil, &(0x7f0000001240)=[{0x0, &(0x7f0000000d00)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1000, 0x10, 0xd}}, @smc={0x1e, 0x40, {0x40, [0xffff, 0xffffffffffffffff, 0x0, 0x3, 0x2]}}, @hvc={0x32, 0x40, {0x8400000d, [0x4f64c2b8, 0xd, 0x6, 0x7, 0x7]}}, @hvc={0x32, 0x40, {0x31000000, [0x0, 0x59138a8, 0x401, 0x10000, 0xa]}}, @smc={0x1e, 0x40, {0x1, [0x3, 0x6, 0xffffffffffff7021, 0xffffffffffff29cb, 0x600000]}}, @irq_setup={0x46, 0x18, {0x2, 0x39d}}, @hvc={0x32, 0x40, {0x80007fff, [0x9e1, 0x9d81, 0x81, 0x5, 0x690]}}, @eret={0xe6, 0x18, 0x800}, @eret={0xe6, 0x18, 0x7ff}, @irq_setup={0x46, 0x18, {0x1, 0xbd}}, @hvc={0x32, 0x40, {0x84000011, [0x8, 0x3, 0x3, 0x4d, 0x8000]}}, @hvc={0x32, 0x40, {0x1000, [0x4, 0x3, 0x0, 0x400, 0x5]}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x7b}}, @eret={0xe6, 0x18, 0x10000}, @irq_setup={0x46, 0x18, {0x4, 0x40}}, @hvc={0x32, 0x40, {0x80008000, [0x2, 0xd, 0xfffffffffffffff2, 0x40, 0xfffffffffffffff7]}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ad}}, @mrs={0xbe, 0x18, {0x603000000013d000}}, @msr={0x14, 0x20, {0x603000000013e6c8, 0x2}}, @hvc={0x32, 0x40, {0x800, [0x5e5834b1, 0x9f2c, 0x0, 0x8, 0x8]}}, @svc={0x122, 0x40, {0x8000, [0x3, 0x8001, 0x9, 0x7f, 0x8]}}, @memwrite={0x6e, 0x30, @generic={0xeeee0000, 0x1e4}}, @svc={0x122, 0x40, {0xc4000053, [0x9, 0x5, 0x5, 0x1, 0xc]}}, @smc={0x1e, 0x40, {0x2000000, [0x2, 0x6, 0x100, 0x100000001]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf00, 0x6, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x2, 0xe, 0x8001, 0x8, 0x2}}, @svc={0x122, 0x40, {0x80, [0x7, 0x9214, 0x4, 0xffff, 0x4]}}], 0x508}], 0x1, 0x0, &(0x7f0000001280), 0x1)
r6 = ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece)
openat$kvm(0xffffffffffffff9c, &(0x7f00000012c0), 0x80, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000001300)={0x9, 0x3})
syz_kvm_add_vcpu$arm64(r1, &(0x7f00000016c0)={0x0, &(0x7f0000001340)=[@smc={0x1e, 0x40, {0x5000000, [0xa, 0x8, 0x4, 0x9, 0xffffffffffffffff]}}, @svc={0x122, 0x40, {0x3000000, [0x7fffffffffffffff, 0xb0d0, 0x81, 0x1, 0x800]}}, @msr={0x14, 0x20, {0x603000000013801a, 0x7}}, @msr={0x14, 0x20, {0x603000000013e64a, 0x66}}, @eret={0xe6, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x6}}, @msr={0x14, 0x20, {0x603000000013c687, 0x58bc}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1c00, 0xa17}}, @hvc={0x32, 0x40, {0x84000002, [0x10001, 0x3, 0x8, 0x4, 0x100000001]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x18f}}, @smc={0x1e, 0x40, {0x3000000, [0x0, 0xa, 0x8, 0x6, 0x8]}}, @mrs={0xbe, 0x18}, @smc={0x1e, 0x40, {0x30000000, [0x0, 0x2b, 0x2, 0x5, 0x3ff]}}, @uexit={0x0, 0x18, 0xffffffffd8018d3f}, @hvc={0x32, 0x40, {0x84000006, [0x7, 0x5, 0x7, 0x4, 0x100]}}, @irq_setup={0x46, 0x18, {0x3, 0x130}}, @eret={0xe6, 0x18, 0x1}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x87}}, @smc={0x1e, 0x40, {0x80007fff, [0x7fffffff, 0xffffffff, 0x2, 0x1000, 0x7fffffffffffffff]}}, @irq_setup={0x46, 0x18, {0x3, 0x3af}}], 0x358}, &(0x7f0000001700)=[@featur1={0x1, 0x1a}], 0x1)
ioctl$KVM_S390_VCPU_FAULT(r6, 0x4008ae52, &(0x7f0000001740)=0x2)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001780), 0x2, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x14)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f0000001800)=@attr_other={0x0, 0x1, 0x5220, &(0x7f00000017c0)=0x6})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r8, 0x4018aee3, &(0x7f0000001880)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000001840)={0x4, 0x101}})

11m54.934919246s ago: executing program 5 (id=558):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c029, &(0x7f00000000c0)=0x8})
openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c029, &(0x7f00000000c0)=0x8}) (async)

11m51.380749701s ago: executing program 6 (id=559):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x7fffffff, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x9, 0x0, 0x80}}], 0x58}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000000000000000000009503000000000000220100000000000040000000000000001300008400000000ffff0000000000000000000000000080ffffffffffffffff0e000000000000000101000000000000be00000000000000180000000000000013c0130000003060e600000000000000180000000000000040000000000000001400000000000000200000000000000019c113000000306006000000000000004600000000000000180000000000000002000000580000001e00000000000000400000000000000000020000000000000600000000000000abb90000000000000400000000000000001000000000000004000000000000000a00000000000000840000000000000000a8310ee02393d200e0b8f2e10180d2420180d2a30180d2240080d2020000d40080a00de00e81d200e0b0f2610080d2420180d2830080d2e40180d2020000d40044207e007008d5000020ab000040b3007008d5e0f58ad20040b0f2210080d2a20080d2630080d2c40180d2020000d4c0035fd600000000000000001800000000000000090000000000000022010000000000004000000000000000130000840000000001000000000000000700000000000000f5d3000000000000080000000000000025000000000000006e0000000000000030000000000000000000080800000000000100000000000009000000000000000500000000000000460000000000000018000000000000000100000003030000000000000000000018000000000000000c0000000000000032000000000000004000000000000000060000840000000004000000000000000500000000000000ffffff7f000000000008000000000000ff070000000000004600000000000000180000000000006b81f9f84c91323c5a39baae190002000000fe0100001400000000000000200000000000000012c013000000306009000000000000000000000000000000180000000000000005000000000000000a00000000000000cc00000000000000007008d5805d98d20040b8f2210180d2a20080d2030080d2c40080d2020000d480cc9ed200c0b0f2410180d2a20080d2430180d2840080d2020000d460808dd200a0b0f2410180d2c20080d2230180d2a40180d2020000d4007394d20080b8f2810080d2820180d2630080d2c40080d2020000d4008008d5607889d20000b0f2810180d2c20180d2e30080d2640180d2020000d4000b9fd20040b8f2610180d2e20180d2030080d2640080d2020000d40000251e000008d5c0035fd60000000000000000180000000000000000000000000000001e00000000000000400000000000000001000000000000000400000000000000a00b0000000000000300000000000000070000000000000004000000000000001400000000000000200000000000000046df1300000030600800000000000000587d56914a0c0d7b33dfe35a20ac314368c3ada5a27a1c54d2063701e1c38c3ab0a9928516118313ada1c8093cf113db45d8fcab2f3ec8f81c1521ab5e13c01b43e3340aaae38f67e11d3b511c3a8b387ececa9e11532157ffe12ded204331fb2355ca70ff1e7f23ab7b8e86da32019816e2a0f0c3af78193476f7bcf5c97f329dc3f6bf2debbdb989f8"], 0x420}], 0x1, 0x0, &(0x7f0000000040)=[@featur2={0x1, 0x8}], 0x1)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

11m6.529732829s ago: executing program 37 (id=558):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c029, &(0x7f00000000c0)=0x8})
openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c029, &(0x7f00000000c0)=0x8}) (async)

10m59.079907679s ago: executing program 38 (id=559):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x7fffffff, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x9, 0x0, 0x80}}], 0x58}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000000000000000000009503000000000000220100000000000040000000000000001300008400000000ffff0000000000000000000000000080ffffffffffffffff0e000000000000000101000000000000be00000000000000180000000000000013c0130000003060e600000000000000180000000000000040000000000000001400000000000000200000000000000019c113000000306006000000000000004600000000000000180000000000000002000000580000001e00000000000000400000000000000000020000000000000600000000000000abb90000000000000400000000000000001000000000000004000000000000000a00000000000000840000000000000000a8310ee02393d200e0b8f2e10180d2420180d2a30180d2240080d2020000d40080a00de00e81d200e0b0f2610080d2420180d2830080d2e40180d2020000d40044207e007008d5000020ab000040b3007008d5e0f58ad20040b0f2210080d2a20080d2630080d2c40180d2020000d4c0035fd600000000000000001800000000000000090000000000000022010000000000004000000000000000130000840000000001000000000000000700000000000000f5d3000000000000080000000000000025000000000000006e0000000000000030000000000000000000080800000000000100000000000009000000000000000500000000000000460000000000000018000000000000000100000003030000000000000000000018000000000000000c0000000000000032000000000000004000000000000000060000840000000004000000000000000500000000000000ffffff7f000000000008000000000000ff070000000000004600000000000000180000000000006b81f9f84c91323c5a39baae190002000000fe0100001400000000000000200000000000000012c013000000306009000000000000000000000000000000180000000000000005000000000000000a00000000000000cc00000000000000007008d5805d98d20040b8f2210180d2a20080d2030080d2c40080d2020000d480cc9ed200c0b0f2410180d2a20080d2430180d2840080d2020000d460808dd200a0b0f2410180d2c20080d2230180d2a40180d2020000d4007394d20080b8f2810080d2820180d2630080d2c40080d2020000d4008008d5607889d20000b0f2810180d2c20180d2e30080d2640180d2020000d4000b9fd20040b8f2610180d2e20180d2030080d2640080d2020000d40000251e000008d5c0035fd60000000000000000180000000000000000000000000000001e00000000000000400000000000000001000000000000000400000000000000a00b0000000000000300000000000000070000000000000004000000000000001400000000000000200000000000000046df1300000030600800000000000000587d56914a0c0d7b33dfe35a20ac314368c3ada5a27a1c54d2063701e1c38c3ab0a9928516118313ada1c8093cf113db45d8fcab2f3ec8f81c1521ab5e13c01b43e3340aaae38f67e11d3b511c3a8b387ececa9e11532157ffe12ded204331fb2355ca70ff1e7f23ab7b8e86da32019816e2a0f0c3af78193476f7bcf5c97f329dc3f6bf2debbdb989f8"], 0x420}], 0x1, 0x0, &(0x7f0000000040)=[@featur2={0x1, 0x8}], 0x1)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m21.630080648s ago: executing program 8 (id=561):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x801c581f, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_GET_REGS(r3, 0x8360ae81, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0xb)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bc2000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1a)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000080)={0x3, 0xffffffffffffffff, 0x1})
r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x8}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)

1m13.672142583s ago: executing program 7 (id=560):
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000200)={0x4, 0x0, [{0x6, 0x4, 0x0, 0x0, @irqchip={0x80000000, 0x1}}, {0x6, 0x4, 0x1, 0x0, @sint={0x3, 0x4}}, {0x80000000, 0x4, 0x0, 0x0, @msi={0xb264, 0x3, 0x100, 0x9}}, {0x1, 0x2, 0x0, 0x0, @irqchip={0x7, 0x2}}]})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x20010, 0xffffffffffffffff, 0x0)

56.685825123s ago: executing program 8 (id=562):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x801c581f, 0x40000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r4 = eventfd2(0x0, 0x0)
close(r4)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3)
write$eventfd(r4, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bc2000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

54.151302493s ago: executing program 7 (id=563):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff})
close(r2)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x34)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x6030000000138064, &(0x7f00000000c0)=0x8000}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1f8, 0x4, 0x58000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x27)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x8, 0x0, 0x0}) (async)
syz_kvm_vgic_v3_setup(r6, 0xffffffffffffffff, 0x100) (async, rerun: 64)
close(r4) (rerun: 64)

8.570061107s ago: executing program 39 (id=562):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x801c581f, 0x40000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r4 = eventfd2(0x0, 0x0)
close(r4)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3)
write$eventfd(r4, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bc2000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

0s ago: executing program 40 (id=563):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff})
close(r2)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x34)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x6030000000138064, &(0x7f00000000c0)=0x8000}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1f8, 0x4, 0x58000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x27)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x8, 0x0, 0x0}) (async)
syz_kvm_vgic_v3_setup(r6, 0xffffffffffffffff, 0x100) (async, rerun: 64)
close(r4) (rerun: 64)

kernel console output (not intermixed with test programs):

[  414.815784][ T3172] 8021q: adding VLAN 0 to HW filter on device bond0
[  469.535690][ T3172] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:22541' (ED25519) to the list of known hosts.
[  646.566193][   T25] audit: type=1400 audit(645.760:61): avc:  denied  { name_bind } for  pid=3331 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  648.446266][   T25] audit: type=1400 audit(647.640:62): avc:  denied  { execute } for  pid=3332 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  648.480907][   T25] audit: type=1400 audit(647.670:63): avc:  denied  { execute_no_trans } for  pid=3332 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  674.114935][   T25] audit: type=1400 audit(673.300:64): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  674.176268][   T25] audit: type=1400 audit(673.370:65): avc:  denied  { mount } for  pid=3332 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  674.274722][ T3332] cgroup: Unknown subsys name 'net'
[  674.358008][   T25] audit: type=1400 audit(673.550:66): avc:  denied  { unmount } for  pid=3332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  674.890778][ T3332] cgroup: Unknown subsys name 'cpuset'
[  675.025831][ T3332] cgroup: Unknown subsys name 'rlimit'
[  676.045011][   T25] audit: type=1400 audit(675.240:67): avc:  denied  { setattr } for  pid=3332 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  676.065527][   T25] audit: type=1400 audit(675.250:68): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  676.090264][   T25] audit: type=1400 audit(675.280:69): avc:  denied  { mount } for  pid=3332 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  677.178697][ T3335] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  677.206453][   T25] audit: type=1400 audit(676.390:70): avc:  denied  { relabelto } for  pid=3335 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  677.229471][   T25] audit: type=1400 audit(676.420:71): avc:  denied  { write } for  pid=3335 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  677.426750][   T25] audit: type=1400 audit(676.610:72): avc:  denied  { read } for  pid=3332 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  677.456710][   T25] audit: type=1400 audit(676.630:73): avc:  denied  { open } for  pid=3332 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  677.497596][ T3332] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  736.196727][   T25] audit: type=1400 audit(735.390:74): avc:  denied  { execmem } for  pid=3336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  740.098707][   T25] audit: type=1400 audit(739.290:75): avc:  denied  { read } for  pid=3338 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  740.119266][   T25] audit: type=1400 audit(739.310:76): avc:  denied  { open } for  pid=3338 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  740.157313][   T25] audit: type=1400 audit(739.350:77): avc:  denied  { open } for  pid=3339 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  740.214736][   T25] audit: type=1400 audit(739.390:78): avc:  denied  { mounton } for  pid=3338 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  740.450570][   T25] audit: type=1400 audit(739.640:79): avc:  denied  { module_request } for  pid=3338 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  740.471048][   T25] audit: type=1400 audit(739.660:80): avc:  denied  { module_request } for  pid=3339 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  741.557941][   T25] audit: type=1400 audit(740.750:81): avc:  denied  { sys_module } for  pid=3339 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  766.443787][ T3339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  766.636485][ T3339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  768.736876][ T3338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  768.974184][ T3338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  787.039632][ T3339] hsr_slave_0: entered promiscuous mode
[  787.107990][ T3339] hsr_slave_1: entered promiscuous mode
[  788.688361][ T3338] hsr_slave_0: entered promiscuous mode
[  788.733628][ T3338] hsr_slave_1: entered promiscuous mode
[  788.768283][ T3338] debugfs: 'hsr0' already exists in 'hsr'
[  788.776029][ T3338] Cannot create hsr debugfs directory
[  794.560558][   T25] audit: type=1400 audit(793.750:82): avc:  denied  { create } for  pid=3339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  794.590563][   T25] audit: type=1400 audit(793.780:83): avc:  denied  { write } for  pid=3339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  794.643671][   T25] audit: type=1400 audit(793.830:84): avc:  denied  { read } for  pid=3339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  794.789287][ T3339] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  795.185482][ T3339] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  795.594381][ T3339] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  795.975804][ T3339] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  797.609741][ T3338] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  797.793473][ T3338] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  797.980367][ T3338] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  798.159313][ T3338] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  811.120756][ T3339] 8021q: adding VLAN 0 to HW filter on device bond0
[  814.099085][ T3338] 8021q: adding VLAN 0 to HW filter on device bond0
[  871.816714][ T3339] veth0_vlan: entered promiscuous mode
[  872.447198][ T3339] veth1_vlan: entered promiscuous mode
[  874.396049][ T3338] veth0_vlan: entered promiscuous mode
[  875.046929][ T3339] veth0_macvtap: entered promiscuous mode
[  875.504840][ T3338] veth1_vlan: entered promiscuous mode
[  875.665671][ T3339] veth1_macvtap: entered promiscuous mode
[  878.270555][ T3388] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  878.313206][ T3388] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  878.318891][ T3388] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  878.354001][   T52] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  878.420015][ T3338] veth0_macvtap: entered promiscuous mode
[  879.079422][ T3338] veth1_macvtap: entered promiscuous mode
[  881.308266][   T25] audit: type=1400 audit(880.470:85): avc:  denied  { mount } for  pid=3339 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  881.494044][   T25] audit: type=1400 audit(880.680:86): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/syzkaller.NtX2wl/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  881.677513][   T25] audit: type=1400 audit(880.870:87): avc:  denied  { mount } for  pid=3339 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  882.016092][   T25] audit: type=1400 audit(881.160:88): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/syzkaller.NtX2wl/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  882.135586][   T25] audit: type=1400 audit(881.280:89): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/syzkaller.NtX2wl/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  882.194133][ T3346] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  882.235280][ T3346] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  882.284714][ T3346] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  882.294308][ T3346] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  882.998016][   T25] audit: type=1400 audit(882.190:90): avc:  denied  { unmount } for  pid=3339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  883.221084][   T25] audit: type=1400 audit(882.410:91): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  883.404623][   T25] audit: type=1400 audit(882.590:92): avc:  denied  { mount } for  pid=3339 comm="syz-executor" name="/" dev="gadgetfs" ino=3776 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  883.884890][   T25] audit: type=1400 audit(883.060:93): avc:  denied  { mount } for  pid=3339 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  883.963132][   T25] audit: type=1400 audit(883.150:94): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  886.165542][ T3339] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  887.826326][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  887.835630][   T25] audit: type=1400 audit(887.010:96): avc:  denied  { read write } for  pid=3339 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  887.927715][   T25] audit: type=1400 audit(887.100:97): avc:  denied  { open } for  pid=3339 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  887.964243][   T25] audit: type=1400 audit(887.140:98): avc:  denied  { ioctl } for  pid=3339 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  900.662981][   T25] audit: type=1400 audit(899.850:99): avc:  denied  { read write } for  pid=3496 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  900.757942][   T25] audit: type=1400 audit(899.950:100): avc:  denied  { open } for  pid=3496 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  901.140744][   T25] audit: type=1400 audit(900.330:101): avc:  denied  { ioctl } for  pid=3496 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  906.852426][   T25] audit: type=1400 audit(906.030:102): avc:  denied  { map } for  pid=3498 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  906.969052][   T25] audit: type=1400 audit(906.100:103): avc:  denied  { execute } for  pid=3498 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  914.884181][   T25] audit: type=1400 audit(914.060:104): avc:  denied  { execute } for  pid=3510 comm="syz.1.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3904 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  934.994653][   T25] audit: type=1400 audit(934.170:105): avc:  denied  { ioctl } for  pid=3522 comm="syz.1.8" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  940.856409][ T3526] FAULT_INJECTION: forcing a failure.
[  940.856409][ T3526] name failslab, interval 1, probability 0, space 0, times 1
[  940.889238][ T3526] CPU: 0 UID: 0 PID: 3526 Comm: syz.0.9 Not tainted syzkaller #0 PREEMPT 
[  940.889869][ T3526] Hardware name: linux,dummy-virt (DT)
[  940.890359][ T3526] Call trace:
[  940.890765][ T3526]  show_stack+0x2c/0x3c (C)
[  940.892799][ T3526]  __dump_stack+0x30/0x40
[  940.893210][ T3526]  dump_stack_lvl+0xd8/0x12c
[  940.893528][ T3526]  dump_stack+0x1c/0x28
[  940.893817][ T3526]  should_fail_ex+0x56c/0x6d8
[  940.894032][ T3526]  should_failslab+0xb8/0xec
[  940.894342][ T3526]  __kmalloc_noprof+0xe8/0x680
[  940.894592][ T3526]  tomoyo_encode+0x274/0x4e4
[  940.894871][ T3526]  tomoyo_realpath_from_path+0x5bc/0x628
[  940.895182][ T3526]  tomoyo_path_number_perm+0x13c/0x33c
[  940.895447][ T3526]  tomoyo_file_ioctl+0x2c/0x3c
[  940.895731][ T3526]  security_file_ioctl+0xe0/0x2cc
[  940.896030][ T3526]  __arm64_sys_ioctl+0xd0/0x244
[  940.896379][ T3526]  invoke_syscall+0x90/0x230
[  940.896677][ T3526]  el0_svc_common+0x120/0x2f4
[  940.896959][ T3526]  do_el0_svc+0x58/0x74
[  940.897265][ T3526]  el0_svc+0x5c/0x238
[  940.897567][ T3526]  el0t_64_sync_handler+0x84/0x12c
[  940.897856][ T3526]  el0t_64_sync+0x198/0x19c
[  941.026545][ T3526] ERROR: Out of memory at tomoyo_realpath_from_path.
[  951.517719][   T25] audit: type=1400 audit(950.660:106): avc:  denied  { append } for  pid=3531 comm="syz.0.11" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  974.430694][ T3549] FAULT_INJECTION: forcing a failure.
[  974.430694][ T3549] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  974.485417][ T3549] CPU: 0 UID: 0 PID: 3549 Comm: syz.0.15 Not tainted syzkaller #0 PREEMPT 
[  974.485816][ T3549] Hardware name: linux,dummy-virt (DT)
[  974.485924][ T3549] Call trace:
[  974.486005][ T3549]  show_stack+0x2c/0x3c (C)
[  974.486398][ T3549]  __dump_stack+0x30/0x40
[  974.486696][ T3549]  dump_stack_lvl+0xd8/0x12c
[  974.486987][ T3549]  dump_stack+0x1c/0x28
[  974.487298][ T3549]  should_fail_ex+0x56c/0x6d8
[  974.487524][ T3549]  should_fail+0x14/0x24
[  974.487732][ T3549]  should_fail_usercopy+0x20/0x30
[  974.487953][ T3549]  _inline_copy_from_user+0x44/0x18c
[  974.488232][ T3549]  kvm_vm_ioctl+0x63c/0x9a4
[  974.488521][ T3549]  __arm64_sys_ioctl+0x18c/0x244
[  974.488826][ T3549]  invoke_syscall+0x90/0x230
[  974.489138][ T3549]  el0_svc_common+0x120/0x2f4
[  974.489428][ T3549]  do_el0_svc+0x58/0x74
[  974.489703][ T3549]  el0_svc+0x5c/0x238
[  974.489994][ T3549]  el0t_64_sync_handler+0x84/0x12c
[  974.490318][ T3549]  el0t_64_sync+0x198/0x19c
[ 1042.043698][   T25] audit: type=1400 audit(1041.170:107): avc:  denied  { setattr } for  pid=3582 comm="syz.1.27" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1117.476176][   T25] audit: type=1400 audit(1116.660:108): avc:  denied  { create } for  pid=3629 comm="syz.0.41" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1454.963215][   T25] audit: type=1400 audit(1454.150:109): avc:  denied  { map } for  pid=3844 comm="syz.0.107" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=8805 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1455.082559][   T25] audit: type=1400 audit(1454.260:110): avc:  denied  { read } for  pid=3844 comm="syz.0.107" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=8805 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1512.996658][ T3871] FAULT_INJECTION: forcing a failure.
[ 1512.996658][ T3871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1513.068092][ T3871] CPU: 0 UID: 0 PID: 3871 Comm: syz.0.115 Not tainted syzkaller #0 PREEMPT 
[ 1513.068519][ T3871] Hardware name: linux,dummy-virt (DT)
[ 1513.068633][ T3871] Call trace:
[ 1513.068714][ T3871]  show_stack+0x2c/0x3c (C)
[ 1513.069088][ T3871]  __dump_stack+0x30/0x40
[ 1513.069410][ T3871]  dump_stack_lvl+0xd8/0x12c
[ 1513.069705][ T3871]  dump_stack+0x1c/0x28
[ 1513.069987][ T3871]  should_fail_ex+0x56c/0x6d8
[ 1513.070232][ T3871]  should_fail+0x14/0x24
[ 1513.070436][ T3871]  should_fail_usercopy+0x20/0x30
[ 1513.070654][ T3871]  simple_read_from_buffer+0xd0/0x294
[ 1513.070899][ T3871]  proc_fail_nth_read+0x184/0x214
[ 1513.071175][ T3871]  vfs_read+0x220/0x9d8
[ 1513.071388][ T3871]  ksys_read+0x108/0x1fc
[ 1513.071587][ T3871]  __arm64_sys_read+0x98/0xcc
[ 1513.071790][ T3871]  invoke_syscall+0x90/0x230
[ 1513.072085][ T3871]  el0_svc_common+0x120/0x2f4
[ 1513.072412][ T3871]  do_el0_svc+0x58/0x74
[ 1513.072701][ T3871]  el0_svc+0x5c/0x238
[ 1513.072995][ T3871]  el0t_64_sync_handler+0x84/0x12c
[ 1513.073322][ T3871]  el0t_64_sync+0x198/0x19c
[ 1794.096362][ T3973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1794.989801][ T3973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1812.766036][ T3981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1812.991007][ T3981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1824.997876][ T3973] hsr_slave_0: entered promiscuous mode
[ 1825.046529][ T3973] hsr_slave_1: entered promiscuous mode
[ 1825.088024][ T3973] debugfs: 'hsr0' already exists in 'hsr'
[ 1825.104896][ T3973] Cannot create hsr debugfs directory
[ 1839.183759][ T3981] hsr_slave_0: entered promiscuous mode
[ 1839.230084][ T3981] hsr_slave_1: entered promiscuous mode
[ 1839.310092][ T3981] debugfs: 'hsr0' already exists in 'hsr'
[ 1839.323111][ T3981] Cannot create hsr debugfs directory
[ 1843.080844][ T3973] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1844.397178][ T3973] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1845.049989][ T3973] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1845.645417][ T3973] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1859.424475][ T3981] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1859.994477][ T3981] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1860.487742][ T3981] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1861.049141][ T3981] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1886.757403][ T3973] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1901.755804][ T3981] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1911.408821][ T4062] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1912.948525][ T4062] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1914.845170][ T4062] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1916.521082][ T4062] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1937.615018][ T4062] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1938.139027][ T4062] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1938.410963][ T4062] bond0 (unregistering): Released all slaves
[ 1940.440828][ T4062] hsr_slave_0: left promiscuous mode
[ 1940.492999][ T4062] hsr_slave_1: left promiscuous mode
[ 1940.756683][ T4062] veth1_macvtap: left promiscuous mode
[ 1940.760778][ T4062] veth0_macvtap: left promiscuous mode
[ 1940.778013][ T4062] veth1_vlan: left promiscuous mode
[ 1940.788580][ T4062] veth0_vlan: left promiscuous mode
[ 1965.929532][ T4062] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1968.130975][ T4062] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1970.134587][ T4062] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1972.046184][ T4062] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1994.335803][ T4062] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1994.564444][ T4062] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1994.740277][ T4062] bond0 (unregistering): Released all slaves
[ 1997.334339][ T4062] hsr_slave_0: left promiscuous mode
[ 1997.394445][ T4062] hsr_slave_1: left promiscuous mode
[ 1997.974191][ T4062] veth1_macvtap: left promiscuous mode
[ 1997.977788][ T4062] veth0_macvtap: left promiscuous mode
[ 1998.005641][ T4062] veth1_vlan: left promiscuous mode
[ 1998.043999][ T4062] veth0_vlan: left promiscuous mode
[ 2070.349566][ T3973] veth0_vlan: entered promiscuous mode
[ 2071.459385][ T3973] veth1_vlan: entered promiscuous mode
[ 2072.735248][ T3981] veth0_vlan: entered promiscuous mode
[ 2073.850676][ T3981] veth1_vlan: entered promiscuous mode
[ 2075.834371][ T3973] veth0_macvtap: entered promiscuous mode
[ 2076.557276][ T3973] veth1_macvtap: entered promiscuous mode
[ 2078.605735][ T3981] veth0_macvtap: entered promiscuous mode
[ 2079.227218][ T3981] veth1_macvtap: entered promiscuous mode
[ 2080.956666][ T3907] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2080.958101][ T3907] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2080.970673][ T3907] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2080.983954][ T3907] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2084.077111][ T3388] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2084.198941][ T3907] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2084.236215][ T3907] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2084.348335][ T3907] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2492.254635][ T4080] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2493.856211][ T4080] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2495.913706][ T4080] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2497.710267][ T4080] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2527.396256][ T4080] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2528.157681][ T4080] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2528.423937][ T4080] bond0 (unregistering): Released all slaves
[ 2531.003519][ T4080] hsr_slave_0: left promiscuous mode
[ 2531.125183][ T4080] hsr_slave_1: left promiscuous mode
[ 2532.313421][ T4080] veth1_macvtap: left promiscuous mode
[ 2532.325258][ T4080] veth0_macvtap: left promiscuous mode
[ 2532.343726][ T4080] veth1_vlan: left promiscuous mode
[ 2532.374206][ T4080] veth0_vlan: left promiscuous mode
[ 2642.584926][ T4396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2643.038109][ T4396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2683.836326][ T4396] hsr_slave_0: entered promiscuous mode
[ 2683.937107][ T4396] hsr_slave_1: entered promiscuous mode
[ 2709.000650][ T4396] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2709.628026][ T4396] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2710.338660][ T4396] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2710.950705][ T4396] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2748.117074][ T4396] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2921.687462][ T4396] veth0_vlan: entered promiscuous mode
[ 2923.566151][ T4396] veth1_vlan: entered promiscuous mode
[ 2927.956644][ T4396] veth0_macvtap: entered promiscuous mode
[ 2928.845587][ T4396] veth1_macvtap: entered promiscuous mode
[ 2934.224213][ T3907] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2934.260988][ T3907] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2934.680705][ T3907] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2934.703813][ T3346] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3223.383437][   T25] audit: type=1400 audit(3222.460:111): avc:  denied  { write } for  pid=4800 comm="syz.4.249" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=18263 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 5708.019465][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5708.419597][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5748.155801][ T5824] hsr_slave_0: entered promiscuous mode
[ 5748.260872][ T5824] hsr_slave_1: entered promiscuous mode
[ 5748.375570][ T5824] debugfs: 'hsr0' already exists in 'hsr'
[ 5748.380107][ T5824] Cannot create hsr debugfs directory
[ 5752.956611][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 5754.123574][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 5773.238085][ T5824] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 5773.950666][ T5824] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 5774.589691][ T5824] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 5776.693111][ T5824] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 5801.475017][ T5838] hsr_slave_0: entered promiscuous mode
[ 5801.567050][ T5838] hsr_slave_1: entered promiscuous mode
[ 5801.654434][ T5838] debugfs: 'hsr0' already exists in 'hsr'
[ 5801.665256][ T5838] Cannot create hsr debugfs directory
[ 5826.257212][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5830.176194][ T5838] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 5831.034348][ T5838] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 5831.893861][ T5838] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 5832.587926][ T5838] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 5876.864415][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[ 5961.466846][ T5928] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5963.987690][ T5928] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5966.268356][ T5928] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5968.855908][ T5928] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5998.015690][ T5928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5998.473464][ T5928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5999.028605][ T5928] bond0 (unregistering): Released all slaves
[ 6001.892455][ T5928] hsr_slave_0: left promiscuous mode
[ 6002.074869][ T5928] hsr_slave_1: left promiscuous mode
[ 6003.489246][ T5928] veth1_macvtap: left promiscuous mode
[ 6003.502794][ T5928] veth0_macvtap: left promiscuous mode
[ 6003.557743][ T5928] veth1_vlan: left promiscuous mode
[ 6003.604049][ T5928] veth0_vlan: left promiscuous mode
[ 6046.779532][ T5928] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6049.033807][ T5928] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6050.985312][ T5928] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6052.834808][ T5928] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6080.337549][ T5928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6080.954508][ T5928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6081.846538][ T5928] bond0 (unregistering): Released all slaves
[ 6085.773628][ T5928] hsr_slave_0: left promiscuous mode
[ 6085.988181][ T5928] hsr_slave_1: left promiscuous mode
[ 6087.423333][ T5928] veth1_macvtap: left promiscuous mode
[ 6087.427297][ T5928] veth0_macvtap: left promiscuous mode
[ 6087.495025][ T5928] veth1_vlan: left promiscuous mode
[ 6087.504471][ T5928] veth0_vlan: left promiscuous mode
[ 6117.935496][ T5824] veth0_vlan: entered promiscuous mode
[ 6119.837375][ T5824] veth1_vlan: entered promiscuous mode
[ 6123.949043][ T5824] veth0_macvtap: entered promiscuous mode
[ 6124.757365][ T5824] veth1_macvtap: entered promiscuous mode
[ 6128.958710][ T4062] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6129.044184][ T4062] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6129.046089][ T4062] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6129.109672][ T3907] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6134.644540][   T25] audit: type=1400 audit(6133.820:112): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 6169.828421][ T5838] veth0_vlan: entered promiscuous mode
[ 6170.858019][ T5838] veth1_vlan: entered promiscuous mode
[ 6175.399769][ T5838] veth0_macvtap: entered promiscuous mode
[ 6176.039330][ T5838] veth1_macvtap: entered promiscuous mode
[ 6181.133170][ T3907] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6181.246096][ T5283] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6181.457686][ T5283] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6181.468590][ T5283] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6561.749995][ T3381] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6566.355114][ T3381] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6569.626195][ T3381] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6572.358981][ T3381] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6598.269860][ T3381] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6598.448568][ T3381] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6598.700140][ T3381] bond0 (unregistering): Released all slaves
[ 6601.926026][ T3381] hsr_slave_0: left promiscuous mode
[ 6602.716615][ T3381] hsr_slave_1: left promiscuous mode
[ 6604.623096][ T3381] veth1_macvtap: left promiscuous mode
[ 6604.635986][ T3381] veth0_macvtap: left promiscuous mode
[ 6604.646184][ T3381] veth1_vlan: left promiscuous mode
[ 6604.675354][ T3381] veth0_vlan: left promiscuous mode
[ 6650.699684][ T3381] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6652.539627][ T3381] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6654.350978][ T3381] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6656.190913][ T3381] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6681.494689][ T3381] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6682.015728][ T3381] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6682.223521][ T3381] bond0 (unregistering): Released all slaves
[ 6686.385265][ T3381] hsr_slave_0: left promiscuous mode
[ 6686.473027][ T3381] hsr_slave_1: left promiscuous mode
[ 6687.182730][ T3381] veth1_macvtap: left promiscuous mode
[ 6687.184101][ T3381] veth0_macvtap: left promiscuous mode
[ 6687.205028][ T3381] veth1_vlan: left promiscuous mode
[ 6687.223687][ T3381] veth0_vlan: left promiscuous mode
[ 6715.724821][ T6168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6716.254983][ T6164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6716.654772][ T6168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6716.920365][ T6164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6757.008952][ T6168] hsr_slave_0: entered promiscuous mode
[ 6757.097703][ T6168] hsr_slave_1: entered promiscuous mode
[ 6760.675781][ T6164] hsr_slave_0: entered promiscuous mode
[ 6760.754856][ T6164] hsr_slave_1: entered promiscuous mode
[ 6760.800914][ T6164] debugfs: 'hsr0' already exists in 'hsr'
[ 6760.852968][ T6164] Cannot create hsr debugfs directory
[ 6777.595039][ T6168] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 6778.497609][ T6168] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 6778.989223][ T6168] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 6780.204615][ T6168] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 6788.777503][ T6164] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 6789.317902][ T6164] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 6789.867229][ T6164] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 6790.595337][ T6164] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 6825.327449][ T6168] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6832.448710][ T6164] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7005.464796][ T6168] veth0_vlan: entered promiscuous mode
[ 7007.053992][ T6168] veth1_vlan: entered promiscuous mode
[ 7013.289702][ T6164] veth0_vlan: entered promiscuous mode
[ 7013.465990][ T6168] veth0_macvtap: entered promiscuous mode
[ 7014.868540][ T6168] veth1_macvtap: entered promiscuous mode
[ 7016.313567][ T6164] veth1_vlan: entered promiscuous mode
[ 7021.758260][ T6166] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7021.804986][ T6405] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7021.839131][ T6405] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7022.040814][ T6405] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7024.324973][ T6164] veth0_macvtap: entered promiscuous mode
[ 7025.969774][ T6164] veth1_macvtap: entered promiscuous mode
[ 7034.344759][ T6166] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7034.499502][ T6166] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7034.505310][ T6166] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7034.559115][ T4062] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7308.189511][ T6459] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7310.860988][ T6459] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7317.729606][ T6461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7318.485268][ T6461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7380.336971][ T6459] hsr_slave_0: entered promiscuous mode
[ 7380.536946][ T6459] hsr_slave_1: entered promiscuous mode
[ 7380.621240][ T6459] debugfs: 'hsr0' already exists in 'hsr'
[ 7380.732976][ T6459] Cannot create hsr debugfs directory
[ 7389.143332][ T6461] hsr_slave_0: entered promiscuous mode
[ 7389.355088][ T6461] hsr_slave_1: entered promiscuous mode
[ 7389.514349][ T6461] debugfs: 'hsr0' already exists in 'hsr'
[ 7389.543098][ T6461] Cannot create hsr debugfs directory
[ 7438.563998][ T6459] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 7443.863804][ T6459] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 7448.583805][ T6459] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 7449.673718][ T6459] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 7472.150445][ T6461] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 7473.148927][ T6461] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 7474.395912][ T6461] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 7475.265590][ T6461] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 7513.608332][   T27] INFO: task syz.8.562:6437 blocked for more than 430 seconds.
[ 7513.714526][   T27]       Not tainted syzkaller #0
[ 7513.745205][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 7513.745857][   T27] task:syz.8.562       state:D stack:0     pid:6437  tgid:6437  ppid:6168   task_flags:0x400040 flags:0x00000011
[ 7513.747089][   T27] Call trace:
[ 7513.747519][   T27]  __switch_to+0x584/0xb00 (T)
[ 7513.748140][   T27]  __schedule+0x200c/0x3428
[ 7513.748661][   T27]  schedule+0xac/0x27c
[ 7513.749130][   T27]  schedule_timeout+0x68/0x1ec
[ 7513.750148][   T27]  do_wait_for_common+0x28c/0x440
[ 7513.750663][   T27]  wait_for_completion+0x44/0x5c
[ 7513.751238][   T27]  __synchronize_srcu+0x2a4/0x320
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 7513.879765][   T27]  synchronize_srcu+0x3d0/0x4f8
[ 7513.896852][   T27]  mmu_notifier_unregister+0x320/0x428
[ 7513.897626][   T27]  kvm_put_kvm+0x698/0xbe0
[ 7513.898089][   T27]  kvm_vm_release+0x58/0x78
[ 7513.898579][   T27]  __fput+0x4ac/0x978
[ 7513.899010][   T27]  ____fput+0x20/0x58
[ 7513.899929][   T27]  task_work_run+0x1b8/0x250
[ 7513.900476][   T27]  exit_to_user_mode_loop+0x110/0x188
[ 7513.900978][   T27]  el0_svc+0x17c/0x238
[ 7513.993644][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 7514.010948][   T27]  el0t_64_sync+0x198/0x19c
[ 7514.014140][   T27] 
[ 7514.014140][   T27] Showing all locks held in the system:
[ 7514.014714][   T27] 1 lock held by khungtaskd/27:
[ 7514.015142][   T27]  #0: ffff800087a86d08 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44
[ 7514.018423][   T27] 1 lock held by klogd/3135:
[ 7514.018819][   T27] 2 locks held by getty/3200:
[ 7514.019195][   T27]  #0: 42f000001231e8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 7514.021081][   T27]  #1: 2eff80008c80b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234
[ 7514.230914][   T27] 2 locks held by syz-executor/3332:
[ 7514.255814][   T27] 3 locks held by kworker/u4:8/5774:
[ 7514.260000][   T27]  #0: fff0000072d59ed8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x368/0x3428
[ 7514.313999][   T27]  #1: fff0000072d45588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x6c/0x6e8
[ 7514.315783][   T27]  #2: fff0000072d46e98 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x5c8/0xe7c
[ 7514.318073][   T27] 3 locks held by kworker/u4:12/5885:
[ 7514.318446][   T27] 3 locks held by kworker/u4:11/6184:
[ 7514.318771][   T27] 3 locks held by kworker/u4:15/6206:
[ 7514.319132][   T27] 2 locks held by syz.7.563/6440:
[ 7514.319486][   T27] 2 locks held by kworker/u4:16/6514:
[ 7514.319793][   T27]  #0: e4f000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10
[ 7514.485770][   T27]  #1: ffff80008f0f7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10
[ 7514.487727][   T27] 3 locks held by kworker/u4:17/6587:
[ 7514.488098][   T27] 1 lock held by modprobe/6594:
[ 7514.488460][   T27] 4 locks held by dhcpcd-run-hook/6595:
[ 7514.488998][   T27] 
[ 7514.489286][   T27] =============================================
[ 7514.489286][   T27] 
[ 7514.490215][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 7514.498737][   T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 7514.499954][   T27] Hardware name: linux,dummy-virt (DT)
[ 7514.500820][   T27] Call trace:
[ 7514.501471][   T27]  show_stack+0x2c/0x3c (C)
[ 7514.502437][   T27]  __dump_stack+0x30/0x40
[ 7514.503372][   T27]  dump_stack_lvl+0x30/0x12c
[ 7514.504217][   T27]  dump_stack+0x1c/0x28
[ 7514.505123][   T27]  vpanic+0x1d4/0x4e4
[ 7514.505898][   T27]  vpanic+0x0/0x4e4
[ 7514.506686][   T27]  hung_task_panic+0x0/0x2c
[ 7514.507620][   T27]  kthread+0x794/0x99c
[ 7514.508511][   T27]  ret_from_fork+0x10/0x20
[ 7514.510374][   T27] Kernel Offset: disabled
[ 7514.511138][   T27] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f
[ 7514.512264][   T27] Memory Limit: none
[ 7514.514520][   T27] Rebooting in 86400 seconds..