last executing test programs:

46m46.563531036s ago: executing program 0 (id=171):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000000))
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f00004d2000/0x3000)=nil, r3, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@mrs={0xbe, 0x18, {0x603000000013c520}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r10=>0xffffffffffffffff, 0x1})
write$eventfd(r10, 0x0, 0x0)
r11 = eventfd2(0x10000, 0x80800)
write$eventfd(r11, &(0x7f0000000000)=0x81, 0x8)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)

46m39.344469227s ago: executing program 1 (id=172):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x2, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x3, 0x10000, 0x0, 0x100, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x7, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = openat$kvm(0x0, 0x0, 0x72483, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r10, 0x3, 0x11, r8, 0x0)
mmap$KVM_VCPU(&(0x7f0000eaf000/0x3000)=nil, r10, 0x5000008, 0x52ec1e76ba39a297, r8, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000c00000/0x400000)=nil, 0x0, 0xfffffefb, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, 0x0)
r13 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r15, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x100000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r15, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_DEVICE_ATTR_vm(r15, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000080)={0x7fff, 0x5}})

46m37.08042077s ago: executing program 0 (id=173):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
r4 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000340)={0x1a64afb6, 0x8000000, 0x8, r4})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r9, 0x4008ae73, &(0x7f0000000000)={0x4, 0xb})
r10 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}], 0x28}, 0x0, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r12, 0x4010ae68, &(0x7f0000000240)={0x58000, 0x8000})
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8})
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x10000, 0x0, 0x4, 0x2}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r16, 0xae80, 0x0)
r17 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r18, &(0x7f0000c00000/0x400000)=nil)

46m28.286932237s ago: executing program 1 (id=174):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r3, 0x4018aee2, &(0x7f0000000080)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x3040, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000100)={0x0, &(0x7f0000000340)=[@memwrite={0x6e, 0x0, @vgic_gicr={0x80e0000, 0x80, 0x8, 0x1}}, @irq_setup={0x46, 0x0, {0x4, 0x18b}}, @irq_setup={0x46, 0x0, {0x1, 0x339}}, @svc={0x122, 0x0, {0x80000000, [0x9, 0x4, 0x5, 0x3c, 0x10001]}}, @uexit={0x0, 0x0, 0x6}, @memwrite={0x6e, 0x0, @generic={0xffffffff, 0x45b, 0x6a3, 0x4}}, @its_setup={0x82, 0x0, {0x1, 0x3, 0x1d2}}, @its_send_cmd={0xaa, 0x0, {0xb, 0x1, 0x200004, 0x2, 0x8a, 0x3}}, @hvc={0x32, 0x0, {0x4000000, [0x0, 0x74c4, 0x9, 0x66, 0x9]}}, @svc={0x122, 0x0, {0x84000011, [0x3, 0x2, 0x7, 0x8]}}, @code={0xa, 0x0, {"000008d5209686d20040b0f2a10180d2220080d2c30080d2240080d2020000d480b38dd200c0b0f2410180d2a20080d2c30180d2840180d2020000d4e00300cb000000f1000028d5000040bd007008d5204d8dd200c0b0f2810180d2a20080d2e30180d2040180d2020000d4004c207e"}}, @mrs={0xbe, 0x0, {0x603000000013c4cf}}, @uexit, @svc={0x122, 0x0, {0xc4000083, [0x3e0, 0x7, 0xe9d9, 0x7, 0x8]}}, @hvc={0x32, 0x0, {0x86000001, [0x3d8, 0x4, 0x3, 0x5e30, 0xc]}}, @svc={0x122, 0x0, {0x4000000, [0x6, 0x1, 0x7ff, 0x100, 0x30]}}, @irq_setup={0x46, 0x0, {0x1, 0xde}}, @its_send_cmd={0xaa, 0x0, {0xa, 0x1, 0x0, 0xd, 0x1, 0x43e7, 0x1}}, @uexit={0x0, 0x0, 0x200}, @code={0xa, 0x0, {"e00f9cd200a0b8f2c10080d2e20080d2230080d2a40180d2020000d460359fd20040b8f2410080d2820180d2e30080d2a40080d2020000d400008052e0328fd20040b0f2810080d2620080d2630180d2240080d2020000d4804e99d20040b0f2e10080d2820080d2030180d2840080d2020000d4e0f196d20020b8f2a10180d2e20180d2830080d2840180d2020000d4000008d560738dd20080b0f2a10080d2620180d2430180d2640180d2020000d4000008d5007008d5"}}, @its_send_cmd={0xaa, 0x0, {0xc, 0x1, 0x0, 0x7, 0x9, 0x2, 0x2}}, @msr={0x14, 0x0, {0x603000000013e6d1, 0x8}}, @hvc={0x32, 0x0, {0x80007fff, [0xc88a, 0x9, 0xe1, 0x1000, 0x10]}}, @memwrite={0x6e, 0x0, @vgic_gicd={0x8000000, 0xe00, 0x8, 0xc}}, @memwrite={0x6e, 0x0, @vgic_gicr={0x80e0000, 0x4, 0x6, 0x1}}], 0xffffffffffffff10}, 0x0, 0x0)
r11 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x1000004, 0x1010, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x3, 0xa0) (async)
syz_kvm_vgic_v3_setup(r8, 0x3, 0xa0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000080)="fa0149dd033be3062cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x48) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000080)="fa0149dd033be3062cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
r12 = eventfd2(0x0, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r13, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r13, 0x5, 0x10, r11, 0x0)
close(r12)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x2)

46m22.827332975s ago: executing program 0 (id=175):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x1, 0x5000, 0x1000, &(0x7f0000304000/0x1000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
syz_kvm_vgic_v3_setup(r1, 0xffffffffffffffff, 0x100)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x1001ffd})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x187901, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x4000, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000080), 0x100, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
openat$kvm(0x0, &(0x7f0000000040), 0x109000, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2f)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x1800009, 0x30, 0xffffffffffffffff, 0x0)

46m19.885517145s ago: executing program 1 (id=176):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1e)
ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x80000001, 0xffffffff, 0x2}})

46m13.909093895s ago: executing program 1 (id=177):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x10, 0xffffffffffffffff, 0x20000000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
syz_kvm_vgic_v3_setup(r3, 0x0, 0x60)
ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000080)={0xb6, 0x0, 0x10})
ioctl$KVM_CREATE_VM(r1, 0xae03, 0xbb)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)

46m0.620538046s ago: executing program 1 (id=178):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r3, 0x2, 0x12, r2, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r3, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010003e, &(0x7f0000000240)=0x2fffffffffe})
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)

45m59.570616109s ago: executing program 0 (id=179):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xc0189436, 0x20004000)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
r5 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x304, &(0x7f00000000c0)=0x82})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

45m51.86618175s ago: executing program 0 (id=180):
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0x0, 0x0, 0x100, 0x0)
close(0x3)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xab)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
r7 = eventfd2(0x0, 0x0)
close(r7)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r7, &(0x7f00000001c0)=0x87, 0xffea)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r8, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)

45m49.496408304s ago: executing program 1 (id=181):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@mrs={0xbe, 0x18, {0x603000000013e6d5}}], 0x18}, 0x0, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013c006, &(0x7f0000000000)=0x3}) (async)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) (async)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async)
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r10, 0x4008ae73, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

45m46.932416277s ago: executing program 0 (id=182):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x80000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = syz_kvm_vgic_v3_setup(r2, 0x2, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0xc, &(0x7f0000000240)=0x80000001})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x1})

45m3.543404684s ago: executing program 32 (id=181):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@mrs={0xbe, 0x18, {0x603000000013e6d5}}], 0x18}, 0x0, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013c006, &(0x7f0000000000)=0x3}) (async)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) (async)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async)
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r10, 0x4008ae73, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

44m59.700413785s ago: executing program 33 (id=182):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x80000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = syz_kvm_vgic_v3_setup(r2, 0x2, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0xc, &(0x7f0000000240)=0x80000001})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x1})

34m43.443273376s ago: executing program 3 (id=232):
openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f00000001c0)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000180)=0x6}) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f00000001c0)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000180)=0x6})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c029, &(0x7f00000000c0)=0x8})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f00000000c0)={0xa3fd, 0xf7862122e2b48ff})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x17})

34m37.924540528s ago: executing program 2 (id=233):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x2, 0x100)
r6 = eventfd2(0x1, 0x80001)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6, 0x26df8})
write$eventfd(r6, &(0x7f0000000100)=0x6, 0x8)
write$eventfd(r6, &(0x7f0000000100)=0x40, 0x8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd030000ac2cc4a29ea6abf4f7454e37c4b85400005a9610fbff67521ce16f8f9a7a835673312b54eb00", 0x0, 0x48)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454d0, 0x1)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r9, 0x400454d0, 0x1)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r11, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r11, 0x1000001, 0x11, r2, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)

34m0.640709701s ago: executing program 3 (id=234):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0xa}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0xa, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x40) (async)
r5 = syz_kvm_vgic_v3_setup(r4, 0x1, 0x40)
ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f0000000080)=@attr_other={0x0, 0x5, 0x2, 0x0}) (async)
ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f0000000080)=@attr_other={0x0, 0x5, 0x2, 0x0})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x5, 0x2})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x1})

33m59.978055128s ago: executing program 2 (id=235):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
r6 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, 0xffffffffffffffff, 0x3})
ioctl$KVM_CREATE_VM(r6, 0x401c5820, 0x20000001)
r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000140)=[@featur1={0x1, 0x633563f6b2813d7}], 0x1)

33m48.362475011s ago: executing program 3 (id=236):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1})
r3 = eventfd2(0x0, 0x80000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0x8, 0x80800)
r7 = eventfd2(0x8, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x4, 0x25000, 0x0, r7, 0x2})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000140)={0x8000000000000002, 0x0, 0x2, r6, 0x2})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r6, 0x3})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x2, 0x100)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r3, 0x3})
r10 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r12, r13, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100028, &(0x7f0000000100)=0xc5c8})
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000, r2})
close(r1)
close(r2)

33m45.847361343s ago: executing program 2 (id=237):
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xd)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000040)={0x2})
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, 0x0, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

33m35.754428754s ago: executing program 2 (id=238):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x22)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000000)={0xc5, 0x10001})
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
close(r4) (async)
close(0x4) (async)
close(0x5)

33m33.663512323s ago: executing program 3 (id=239):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3f)
syz_kvm_vgic_v3_setup(r1, 0x0, 0x80)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000000)={0x10001, 0x400, 0xc0, 0x0})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bc2000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

33m26.300553621s ago: executing program 2 (id=240):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0x80111500, 0x20000000)
write$eventfd(r2, 0x0, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x0, 0x3c0) (async)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x603000000010002c, &(0x7f0000000080)=0x3})

33m20.726483499s ago: executing program 3 (id=241):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000140)={0xeeee0000, 0x200000, 0x7f, 0x1, 0x200})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x3, 0x2, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r4, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bfe000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@svc={0x122, 0x40, {0x84000011, [0x8000000000000001, 0x800, 0x1, 0xbddb, 0xfffffffffffffffe]}}, @smc={0x1e, 0x40, {0x84000006, [0x8, 0x7, 0x3, 0xc35]}}, @smc={0x1e, 0x40, {0x84000004, [0xf, 0x1, 0x1, 0x8, 0xbd]}}, @irq_setup={0x46, 0x18, {0x2, 0xcd}}, @mrs={0xbe, 0x18, {0x603000000013c210}}, @code={0xa, 0x84, {"0000403aa00f95d20080b8f2610080d2420180d2a30180d2640180d2020000d4a06984d200e0b0f2c10180d2620080d2430180d2240080d2020000d40080800c007008d5007008d5007008d500e4207ec0db92d20020b8f2610180d2a20080d2030180d2e40180d2020000d40008403a"}}, @uexit={0x0, 0x18, 0x6}, @svc={0x122, 0x40, {0x84000008, [0x6, 0x3ff, 0x3, 0x6, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x5, 0x2, 0xffff, 0x1}}, @svc={0x122, 0x40, {0x84000006, [0x8, 0x6b02, 0x50, 0xfffffffffffffffc, 0x1000]}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x2f3}}, @code={0xa, 0xcc, {"0000002e007008d5007008d580ae8dd200a0b0f2410080d2020180d2a30180d2e40180d2020000d40044200e009787d200c0b8f2610180d2420180d2630180d2c40180d2020000d4a07a88d20000b8f2610180d2a20180d2430080d2040180d2020000d4a04a93d20080b0f2210080d2c20080d2630180d2640080d2020000d460b29cd20020b8f2c10080d2820180d2830080d2440080d2020000d4406a86d200c0b0f2010080d2620080d2830080d2a40080d2020000d4"}}, @smc={0x1e, 0x40, {0x31000000, [0x4, 0x5, 0x8000000000000000, 0xefd, 0xffffffffffffffff]}}, @uexit={0x0, 0x18, 0x5}, @msr={0x14, 0x20, {0x603000000013de95, 0x5}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xc0, 0x45, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0xcc}}, @code={0xa, 0x9c, {"a02998d200c0b0f2210180d2e20080d2e30080d2a40180d2020000d40000259ec0759dd200e0b8f2610180d2220080d2630180d2c40180d2020000d40000002c007008d5000028d5202f93d20060b0f2210080d2e20080d2030080d2c40180d2020000d4000028d5e0bd87d200c0b0f2c10180d2820180d2030080d2840180d2020000d40000689e"}}, @memwrite={0x6e, 0x30, @generic={0x1, 0xa03, 0x7}}, @hvc={0x32, 0x40, {0x6003f6f, [0x8f, 0xc000000000000000, 0x0, 0x10001, 0x8]}}, @hvc={0x32, 0x40, {0x80007fff, [0x9, 0x3, 0x7, 0x8000000000000001]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x2, 0x7, 0x800, 0x9a3, 0x2}}], 0x56c}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c61000/0x3000)=nil, 0x930, 0x100000f, 0x100010, 0xffffffffffffffff, 0x0)

33m17.637353489s ago: executing program 2 (id=242):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3b)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r5 = mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000000)="0a08967ca175bbf8b041c2ee5d7a66edfa57f772ff646299d8bc24e8868b7de738de907fea10dd5f5c70bb983984e227b946f44027a487dded10868001cb79c1ed2763efcd2a6eeb", 0x0, 0x48)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000180)={0x56, 0x8})
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r6, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff})
write$eventfd(r2, &(0x7f00000001c0)=0x8100000001, 0x51a8)

33m9.274999406s ago: executing program 3 (id=243):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000000)={0xe4, 0x0, 0x3})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r4, 0x8, 0x13, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r4, 0x1000001, 0x12, r3, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

32m31.752294326s ago: executing program 34 (id=242):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3b)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r5 = mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000000)="0a08967ca175bbf8b041c2ee5d7a66edfa57f772ff646299d8bc24e8868b7de738de907fea10dd5f5c70bb983984e227b946f44027a487dded10868001cb79c1ed2763efcd2a6eeb", 0x0, 0x48)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000180)={0x56, 0x8})
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r6, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff})
write$eventfd(r2, &(0x7f00000001c0)=0x8100000001, 0x51a8)

32m22.873085656s ago: executing program 35 (id=243):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000000)={0xe4, 0x0, 0x3})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r4, 0x8, 0x13, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r4, 0x1000001, 0x12, r3, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

26m41.702485628s ago: executing program 4 (id=244):
openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 32)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)) (async, rerun: 64)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async, rerun: 64)
syz_kvm_assert_syzos_uexit$arm64(0x0, 0xffffffffffffffff) (async)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xf5)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x140) (async)
r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x8000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2000002d)
syz_kvm_vgic_v3_setup(r8, 0x1, 0x2c0)
ioctl$KVM_IRQ_LINE_STATUS(r8, 0xc008ae67, &(0x7f0000000000)={0x9, 0x5})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x1}) (async, rerun: 64)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x26) (rerun: 64)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xc6) (async, rerun: 32)
r10 = mmap$KVM_VCPU(&(0x7f0000fa9000/0x2000)=nil, 0x0, 0x1000002, 0x810, r6, 0x0) (rerun: 32)
munmap(&(0x7f0000eac000/0x4000)=nil, 0x4000) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r10, 0x20, 0x0, 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000200), 0x200600, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1f)

26m28.632659869s ago: executing program 5 (id=245):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x24)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0xfffffffffffffffe)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_vgic_v3_setup(r4, 0x1, 0x240)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x2, 0x0})

26m27.514975432s ago: executing program 4 (id=246):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
r7 = ioctl$KVM_CREATE_VM(r6, 0x400454d0, 0x7ffffffd)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r8 = eventfd2(0x0, 0x0)
close(r8)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x78b7, 0x81, &(0x7f0000000100)=0x3})
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
ioctl$KVM_CAP_HALT_POLL(r7, 0x4068aea3, &(0x7f0000000200)={0xb6, 0x0, 0x1})
r9 = openat$kvm(0x0, &(0x7f0000000000), 0x222000, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
write$eventfd(r8, &(0x7f00000001c0)=0x87, 0xffea)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)

26m16.166232042s ago: executing program 5 (id=247):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0xfec00000, 0x80000, 0x1}) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0xfec00000, 0x80000, 0x1})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

26m12.843076327s ago: executing program 4 (id=248):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0xffd0, 0x0})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140000, &(0x7f0000000000)=0x7})
r7 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0x5421, 0xfffffffefffffffe) (async)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) (async)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_GET_DIRTY_LOG(r11, 0x4010ae42, &(0x7f0000000100)={0x5, 0x0, &(0x7f0000d99000/0x4000)=nil}) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r9, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r12 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r14, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616}) (async)
r15 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000080)=[@memwrite={0x6e, 0x0, @vgic_gicr={0x80e0000, 0x280, 0x3ff, 0xf}}], 0xfff6}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)

26m2.245051851s ago: executing program 5 (id=249):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f00000001c0))
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0xfffffffffffffe9c) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x21)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x84000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

25m57.478183054s ago: executing program 4 (id=250):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r3, 0x400454d1, 0xffffffffffffc)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x800}}]}) (async)
close(r4) (async)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x7, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
r11 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64)
r12 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r14 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r13, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r15, 0x3, 0x11, r14, 0x0) (rerun: 64)
mmap$KVM_VCPU(&(0x7f0000eb6000/0x3000)=nil, r15, 0x200000e, 0x8010, r14, 0x0) (async)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x5, 0x2})

25m15.092842929s ago: executing program 36 (id=249):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f00000001c0))
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0xfffffffffffffe9c) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x21)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x84000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

25m8.344585105s ago: executing program 37 (id=250):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r3, 0x400454d1, 0xffffffffffffc)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x800}}]}) (async)
close(r4) (async)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x7, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
r11 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64)
r12 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r14 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r13, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r15, 0x3, 0x11, r14, 0x0) (rerun: 64)
mmap$KVM_VCPU(&(0x7f0000eb6000/0x3000)=nil, r15, 0x200000e, 0x8010, r14, 0x0) (async)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x5, 0x2})

14m52.674280281s ago: executing program 7 (id=262):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
r9 = eventfd2(0x4, 0x80801)
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r9, 0x6, 0x2, r8})
r10 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x18, 0x2}}], 0x30}, 0x0, 0x0)
r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r12, 0x2000003, 0x11, r11, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fed000/0x11000)=nil, r18, 0x3000000, 0x20010, r13, 0x0)
r19 = syz_kvm_vgic_v3_setup(r15, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR(r19, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r17, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000f58000/0x2000)=nil, r12, 0xc, 0x10010, r17, 0x20000000)

14m34.983089758s ago: executing program 6 (id=263):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x4, 0x8, 0x0}) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000e02000/0x1000)=nil, 0x930, 0xf, 0x20010, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x0, 0x0}) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil)
r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x23)
ioctl$KVM_IRQ_LINE(r10, 0x4008ae61, &(0x7f0000000100)={0x7, 0x8}) (async)
r11 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, &(0x7f00000001c0)=[@uexit={0x0, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x2, 0xb, 0x5, 0x200000}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x6}}, @memwrite={0x6e, 0x30, @generic={0x26000, 0xd1b, 0x7, 0xa}}, @code={0xa, 0x54, {"0060006f20a492d20040b8f2010080d2220180d2e30180d2040080d2020000d4000028d5008008d5008008d5007008d500e8a00e007ca09b0064202e0004407c"}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x236}}, @code={0xa, 0x9c, {"c00089d200e0b8f2e10080d2a20080d2030180d2840080d2020000d4c0668ed200a0b0f2a10080d2820180d2030180d2240080d2020000d4000028d5000008d5000000ab000028d5a09488d20020b0f2e10080d2220080d2e30180d2c40180d2020000d4000028d5609f91d20060b8f2e10180d2020180d2e30180d2c40080d2020000d40000c068"}}, @uexit={0x0, 0x18, 0x4}, @its_setup={0x82, 0x28, {0x2, 0x0, 0xd7}}, @hvc={0x32, 0x40, {0x84000004, [0x67, 0xa9a, 0x34f1, 0xb, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x1, 0x1, 0x5, 0x4}}, @eret={0xe6, 0x18, 0x6}, @msr={0x14, 0x20, {0x603000000013e218, 0x8}}, @code={0xa, 0x6c, {"007008d500ec207e008020880080c088007008d520329dd20000b0f2010180d2e20080d2030080d2e40080d2020000d4000028d50004007f1f0000eba0e284d200a0b8f2810080d2220080d2e30080d2640080d2020000d4"}}, @smc={0x1e, 0x40, {0x84000014, [0x8, 0xee14, 0xfffffffffffffff7, 0x1, 0x2]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x3d5}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x3, 0x4}}, @mrs={0xbe, 0x18, {0x6030000000138037}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0x3, 0x8}}], 0x3e4}, &(0x7f00000005c0)=[@featur1={0x1, 0x68}], 0x1)
ioctl$KVM_ARM_VCPU_INIT(r11, 0x4020aeae, &(0x7f0000000600)={0x5, 0x49})
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r9, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
r12 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000040)={0x0, &(0x7f0000000700)=[@uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0xd}}, @irq_setup={0x46, 0x18, {0x0, 0xd0}}, @smc={0x1e, 0x40, {0x0, [0xffffffffffffff5f, 0x6, 0x10, 0x8000, 0x3]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x89}}, @hvc={0x32, 0x40, {0x8, [0x1000, 0x4, 0xffffffffffff8003, 0x8, 0x2]}}, @msr={0x14, 0x20, {0x6030000000138034, 0x21}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x108}}, @code={0xa, 0x6c, {"e0b78ed200a0b0f2c10180d2e20180d2030080d2c40080d2020000d4000028d50068217e00728cd20020b8f2810080d2820080d2230080d2a40180d2020000d4007008d5007008d5008008d5000440f80000219e000028d5"}}, @eret={0xe6, 0x18, 0x100}, @eret={0xe6, 0x18, 0x8}, @msr={0x14, 0x20, {0x603000000013e687, 0x1ff}}, @mrs={0xbe, 0x18, {0x603000000013df46}}, @mrs={0xbe, 0x18, {0x6030000000138036}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x1, 0x358}}, @hvc={0x32, 0x40, {0x80003fff, [0xd, 0x1, 0x4, 0x5, 0x7ff]}}, @svc={0x122, 0x40, {0xc400000c, [0xfffffffffffffffc, 0x2, 0x9, 0xe81, 0x8000000000000000]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x1e6}}, @eret={0xe6, 0x18, 0x3}, @smc={0x1e, 0x40, {0x8400000e, [0x1, 0xc695, 0x0, 0x9cbe0000000, 0x1ff]}}, @hvc={0x32, 0x40, {0x84000000, [0x7fff, 0x80000000, 0x1ff, 0xc, 0x1]}}, @eret={0xe6, 0x18, 0xa8}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x371}}, @svc={0x122, 0x40, {0x84001084, [0x3, 0x8, 0xffffffffffffffcb, 0xe758, 0x7fffffffffffffff]}}, @hvc={0x32, 0x40, {0x80, [0x2, 0x2, 0x31f, 0x8000000000000000, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013c080}}, @svc={0x122, 0x40, {0x80000000, [0x5, 0x6, 0xffffffff8e654e29, 0x2, 0x8]}}, @hvc={0x32, 0x40, {0x3000000, [0xd, 0x7, 0x2, 0x101, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xff68, 0x7, 0x9}}], 0x52c}, &(0x7f0000000080)=[@featur1={0x1, 0x47}], 0x1) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r13, 0xae03, 0xb2)
ioctl$KVM_GET_REG_LIST(r12, 0xc008aeb0, &(0x7f00000000c0)={0x2, [0x0, 0x9]})
r14 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_SET_VCPU_EVENTS(r14, 0x4040aea0, &(0x7f0000000000)=@arm64={0xc3, 0x10, 0x2, '\x00', 0x7}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

14m26.497102999s ago: executing program 7 (id=264):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r5, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x8000})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df19, &(0x7f0000000280)=0x1})
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
r6 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000000000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000000)=0xf4020000})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000f2a000/0x4000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING(r5, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x8000}) (async)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df19, &(0x7f0000000280)=0x1}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000000000/0x400000)=nil) (async)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000000)=0xf4020000}) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
mmap$KVM_VCPU(&(0x7f0000f2a000/0x4000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)

14m15.927351616s ago: executing program 6 (id=265):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x140, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r8, 0xc008aeb0, &(0x7f0000000080))
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x20)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000a67000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100020, &(0x7f0000000040)=0x40})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x5000})
r12 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2)
r16 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r15, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r16, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r16, 0x20, &(0x7f00000001c0)="7eb0dbfba3bf626a8119471b24e31f858557cf8c6c13b3a55c02172fb71c5b1120732e8188cff91774067b4f7a78d5b4378a5a25e036bdf46914ce7f5764471240600dc819374a15", 0x0, 0x48)

14m7.176460883s ago: executing program 7 (id=266):
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94)
r0 = eventfd2(0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x4020940d, 0x20000000)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000400)={0x0, &(0x7f0000000040)=[@eret={0xe6, 0x18, 0x3}, @svc={0x122, 0x40, {0x86000000, [0x7f, 0x9, 0x8, 0x1, 0x7fffffff]}}, @msr={0x14, 0x20, {0x603000000013e08c, 0x400}}, @irq_setup={0x46, 0x18, {0x4, 0x2c}}, @msr={0x14, 0x20, {0x603000000013e281, 0x3}}, @hvc={0x32, 0x40, {0x84000050, [0xd9, 0x7f, 0x3, 0x5, 0x6]}}, @irq_setup={0x46, 0x18, {0x3, 0x30f}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0x1, 0x6, 0x9}}, @irq_setup={0x46, 0x18, {0x1, 0x288}}, @irq_setup={0x46, 0x18, {0x0, 0x1b5}}, @irq_setup={0x46, 0x18, {0x1, 0x2d9}}, @smc={0x1e, 0x40, {0x20, [0x200, 0xfffffffffffff712, 0x7, 0x8, 0x7]}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0xf64, 0x9, 0x8}}, @mrs={0xbe, 0x18, {0x603000000013c111}}, @smc={0x1e, 0x40, {0x84000052, [0xa, 0x4, 0x0, 0x80, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x10, 0x7fff, 0x9, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013df54}}, @uexit={0x0, 0x18, 0x8}, @msr={0x14, 0x20, {0x603000000013dea5, 0x6c00}}, @code={0xa, 0x84, {"802888d200a0b8f2010080d2e20180d2a30180d2240180d2020000d4000008d50000000a00e4002f00f8a02e0000649e00b8205e000008d500e686d200c0b8f2610080d2c20180d2030180d2040180d2020000d4e02b8ad20080b8f2810080d2a20080d2230180d2640080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x2, 0xb, 0x6d8, 0x178a, 0x1}}, @irq_setup={0x46, 0x18, {0x0, 0x36a}}, @uexit={0x0, 0x18, 0x5}], 0x394}, &(0x7f0000000440)=[@featur2={0x1, 0x2}], 0x1)

13m54.777603969s ago: executing program 7 (id=267):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2d)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x41, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x5, 0x5, &(0x7f00000003c0)})
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000300)={0x0, 0x0}, &(0x7f0000000000)=[@featur1={0x1, 0x1}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0})
mmap$KVM_VCPU(&(0x7f0000001000/0x4000)=nil, r6, 0x7, 0x10, r2, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_vgic_v3_setup(r12, 0x1, 0x100)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x3d9682, 0x0)
r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000001c0)={0x5, 0x2, 0x5000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r16, r10, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x10002, 0x0, 0xeeef0000, 0x1000, &(0x7f0000ca8000/0x1000)=nil})
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)

13m53.167953096s ago: executing program 6 (id=268):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x1, 0x1001, 0x2}}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 32)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) (rerun: 32)
ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f0000000040)=0x3) (async, rerun: 64)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r10 = syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000400)=@arm64_ccsidr={0x6020000000110005, &(0x7f0000000340)=0x8000000000000000}) (async)
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1d)
syz_kvm_vgic_v3_setup(r11, 0x2, 0x60) (async)
r12 = eventfd2(0x10000, 0x0)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r12, 0x3})
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000100)={r12, 0xb16b, 0x2, r12}) (async, rerun: 32)
syz_kvm_add_vcpu$arm64(r6, 0x0, 0x0, 0x0) (async, rerun: 32)
r13 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@uexit={0x0, 0x18, 0xfff}, @uexit={0x0, 0x18, 0x80}, @eret={0xe6, 0x18, 0x7fffffff}, @uexit={0x0, 0x18, 0x9}, @msr={0x14, 0x20, {0x6030000000138010, 0x4}}, @msr={0x14, 0x20, {0x603000000013c011, 0x1}}, @msr={0x14, 0x20, {0x603000000013c601, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x15}}, @irq_setup={0x46, 0x18, {0x7, 0x32a}}, @smc={0x1e, 0x40, {0x80000000, [0x8, 0x3, 0x4, 0xba, 0x2]}}, @hvc={0x32, 0x40, {0x8, [0xf4e, 0x1000000000004, 0x2, 0xffffffff, 0x4]}}, @irq_setup={0x46, 0x18, {0x1, 0x3af}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x2, 0xc, 0x2, 0x9, 0x2}}, @code={0xa, 0x6c, {"007008d5003c0013007008d5007008d5609a80d200e0b8f2210080d2220080d2a30180d2040180d2020000d460029dd20060b8f2610080d2420180d2a30180d2040080d2020000d4008008d5007008d5007008d50040261e"}}, @mrs={0xbe, 0x18, {0x603000000013806d}}, @msr={0x14, 0x20, {0x603000000013df76, 0x7fffffff}}], 0x264}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0) (async, rerun: 32)
r14 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x27) (rerun: 32)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r14, 0x4068aea3, &(0x7f0000000380)={0xa8, 0x0, 0x2})

13m34.565506463s ago: executing program 6 (id=269):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@mrs={0xbe, 0x18, {0x603000000013c520}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

13m31.544152376s ago: executing program 7 (id=270):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0x80111500, 0x20000000)
close(r2)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
r6 = eventfd2(0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x21) (async)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x21)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) (async)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r9, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r9, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r9, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r9, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r9, 0x4018aee3, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x12})
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) (async)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x22)
syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000100)=[@featur2={0x1, 0xd0}], 0x1) (async)
syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000100)=[@featur2={0x1, 0xd0}], 0x1)
syz_kvm_add_vcpu$arm64(r12, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=[@featur1={0x1, 0x4}], 0x1) (async)
syz_kvm_add_vcpu$arm64(r12, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=[@featur1={0x1, 0x4}], 0x1)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000003, [0x6, 0x100000003, 0x4, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r14, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r15, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21)
close(0xffffffffffffffff)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000340)={0x1a64afb6, 0x8000000, 0x4, r6}) (async)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000340)={0x1a64afb6, 0x8000000, 0x4, r6})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

13m21.502574696s ago: executing program 6 (id=271):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x302, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013df19, 0x9}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r6, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x600000e, 0x4d832, 0xffffffffffffffff, 0x0)

13m14.890487941s ago: executing program 7 (id=272):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x181000, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x35)
munmap(&(0x7f0000dcc000/0x2000)=nil, 0x2000)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2d)
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(r7, 0xc040aed4, &(0x7f00000001c0)={0x5, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION2(r7, 0x40a0ae49, &(0x7f0000000180)={0x0, 0x4, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x48000000000, r8}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000380)={0x1, 0x7, 0xe000, 0x2000, &(0x7f0000000000/0x2000)=nil, 0x8000, r8})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x400000, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000300)="81ffb2dce061da197dc8d043c5fdb3eb9cfd354b668538e0d3efe0ef55bab0f2f094807a70c4b628101ac47422ec948a78f2f609ab96d2da6e2e1f0a813d9a04e57fe571b5a165b8", 0x0, 0x48) (async)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010001a, &(0x7f0000000000)=0x3})
syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013df63, &(0x7f00000002c0)=0x5})
close(0xffffffffffffffff)
write$eventfd(0xffffffffffffffff, &(0x7f0000000440)=0x87, 0x8)
r16 = eventfd2(0x8, 0x801)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0x7fea, 0x2, r16})
ioctl$KVM_SET_USER_MEMORY_REGION2(r4, 0x40a0ae49, &(0x7f0000000100)={0x1ff, 0x7, 0x30000, 0x1000, &(0x7f0000ffc000/0x1000)=nil, 0x20008})

13m6.378465782s ago: executing program 6 (id=273):
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10})
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2e)

12m27.010610933s ago: executing program 38 (id=272):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x181000, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x35)
munmap(&(0x7f0000dcc000/0x2000)=nil, 0x2000)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2d)
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(r7, 0xc040aed4, &(0x7f00000001c0)={0x5, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION2(r7, 0x40a0ae49, &(0x7f0000000180)={0x0, 0x4, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x48000000000, r8}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000380)={0x1, 0x7, 0xe000, 0x2000, &(0x7f0000000000/0x2000)=nil, 0x8000, r8})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x400000, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000300)="81ffb2dce061da197dc8d043c5fdb3eb9cfd354b668538e0d3efe0ef55bab0f2f094807a70c4b628101ac47422ec948a78f2f609ab96d2da6e2e1f0a813d9a04e57fe571b5a165b8", 0x0, 0x48) (async)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010001a, &(0x7f0000000000)=0x3})
syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013df63, &(0x7f00000002c0)=0x5})
close(0xffffffffffffffff)
write$eventfd(0xffffffffffffffff, &(0x7f0000000440)=0x87, 0x8)
r16 = eventfd2(0x8, 0x801)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0x7fea, 0x2, r16})
ioctl$KVM_SET_USER_MEMORY_REGION2(r4, 0x40a0ae49, &(0x7f0000000100)={0x1ff, 0x7, 0x30000, 0x1000, &(0x7f0000ffc000/0x1000)=nil, 0x20008})

12m17.182056109s ago: executing program 39 (id=273):
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10})
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2e)

2m54.352380666s ago: executing program 8 (id=278):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x200000a, 0x11, r0, 0x0)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)

2m36.61031236s ago: executing program 8 (id=279):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, 0xfffffffffffffffe)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r9, 0x400454d0, 0x7ffffff9)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, <r12=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r12, 0x400454d0, 0x7ffffff9)
r13 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x1)
ioctl$KVM_SET_MP_STATE(r14, 0x4004ae99, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m30.662264649s ago: executing program 9 (id=280):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x1002ffffffd)
write$eventfd(r1, &(0x7f0000000000), 0xfffffdef)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async, rerun: 64)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r9 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) (async)
r14 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
write$eventfd(0xffffffffffffffff, &(0x7f00000000c0)=0x4, 0x8) (async)
mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r15, 0x3, 0x11, r14, 0x0) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) (async)
r16 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async)
r17 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r17, 0x8, 0x13, r9, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r17, 0x1000001, 0x12, r9, 0x0) (rerun: 32)
r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r18, 0x3, 0x11, r8, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r18, 0x3, 0x11, r16, 0x0)
munmap(&(0x7f0000008000/0x1000)=nil, 0x200000)

2m9.524848769s ago: executing program 9 (id=281):
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r3, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f000002c000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000040)={0x0, &(0x7f0000000200)=[@irq_setup={0x46, 0x18, {0x0, 0x181}}, @its_setup={0x82, 0x28, {0x3, 0xb, 0x2ac}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x7, 0x9d, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013dce9}}, @irq_setup={0x46, 0x18, {0x4, 0x211}}, @msr={0x14, 0x20, {0x603000000013c011, 0x10001}}, @msr={0x14, 0x20, {0x603000000013f088, 0x4}}, @code={0xa, 0x54, {"0004809a00c8307e000028d5000000b1e0c794d20040b0f2c10180d2020180d2c30080d2c40080d2020000d4007008d5007008d5000028d500a4200d000000f2"}}, @svc={0x122, 0x40, {0x86000001, [0x2d4e, 0x2, 0xc83, 0x58, 0x879b]}}, @eret={0xe6, 0x18}, @mrs={0xbe, 0x18, {0x6030000000138026}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x4, 0x4, 0x2, 0x1, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013e18d}}, @smc={0x1e, 0x40, {0x84000011, [0x1, 0x5, 0x0, 0xfff, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013e100}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0x2, 0x7fffffff, 0x50a, 0x3}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x17e}}, @eret={0xe6, 0x18, 0xffffffffffffd03d}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x1, 0x1, 0xffff6a82, 0x3, 0x3}}, @smc={0x1e, 0x40, {0x84000010, [0x8, 0x80000000, 0x6, 0x5d, 0x4]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x180, 0x4, 0x1}}, @msr={0x14, 0x20, {0x603000000013e081, 0xffffffff}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x280, 0xfffffffffffffffb, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x2ee}}, @uexit={0x0, 0x18, 0x2}], 0x3c4}, &(0x7f00000000c0)=[@featur1={0x1, 0xd0}], 0x1)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r5, 0x3000003, 0x2011, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)

2m6.312167258s ago: executing program 8 (id=282):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x23)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000900)=[@memwrite={0x6e, 0x30, @generic={0x0, 0x434, 0xffffffffffffffff, 0x8}}, @uexit={0x0, 0x18, 0xfffffffffffff000}, @code={0xa, 0xb4, {"40789bd20080b0f2c10180d2420080d2c30180d2c40180d2020000d460c49cd20060b0f2410080d2a20080d2830180d2e40180d2020000d460759bd20000b8f2610080d2220080d2e30180d2c40180d2020000d40080009b000c003880d892d200c0b0f2a10080d2220180d2e30180d2a40080d2020000d4007008d500c0231e0000c0a900ed91d200c0b8f2610080d2420080d2630080d2e40080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x2, 0x2d3}}, @code={0xa, 0x54, {"0014002f008008d5007008d5007008d5000008d5003c202e000008d5e00300eb208a8ed200c0b8f2210180d2820080d2630180d2640180d2020000d40028200e"}}, @svc={0x122, 0x40, {0x84000003, [0x4, 0xf, 0xc29e, 0xc, 0xffffffffffffffff]}}, @eret={0xe6, 0x18, 0x2}, @code={0xa, 0x3c, {"008c006f007008d5000028d50080600d0000004b000400f8009c007f008008d50070400c007008d5"}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x4, 0x6, 0x9, 0x8}}, @hvc={0x32, 0x40, {0x84000050, [0xfffffffffffff0e9, 0x3ff, 0x0, 0x6, 0x4]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x280, 0xfff, 0x4}}, @smc={0x1e, 0x40, {0x8400000b, [0xfffffffffffffff9, 0x800000005, 0x9, 0x7, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013c289}}, @msr={0x14, 0x20, {0x603000000013e130, 0x21e}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x3ef}}, @irq_setup={0x46, 0x18, {0x3, 0x55}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf00, 0x3}}, @svc={0x122, 0x40, {0x84000005, [0x9, 0x9, 0x0, 0x1, 0x5]}}, @hvc={0x32, 0x40, {0x80, [0xb12, 0x1, 0x40, 0x5, 0x1]}}, @irq_setup={0x46, 0x18, {0x2, 0xbb}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x0, 0x3, 0x7, 0x40, 0x3}}, @smc={0x1e, 0x40, {0x20, [0x1ff, 0x3, 0x4, 0x10001, 0xffff]}}, @eret={0xe6, 0x18, 0x7}], 0x494}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x3a0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000040)={0x7, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0x9, 0x5, &(0x7f0000000000)=0x16})
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000780)=[@its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x0, 0xc, 0x8, 0x8001, 0x4}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x23e}}, @msr={0x14, 0x20, {0x6030000000139820, 0x5}}, @msr={0x14, 0x20, {0x603000000013c529}}, @uexit={0x0, 0x18, 0x80000000}, @its_setup={0x82, 0x28, {0x2, 0x2, 0xf5}}, @irq_setup={0x46, 0x18, {0x3, 0x397}}, @smc={0x1e, 0x40, {0xc4000007, [0x9, 0x6, 0x101, 0x9, 0x2]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x3, 0x1}}], 0x158}, &(0x7f0000000140)=[@featur2], 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f00000001c0)=@x86={0x7, 0x1a, 0x3, 0x0, 0x0, 0xa, 0x1, 0xb, 0xec, 0x7, 0x0, 0x5, 0x0, 0x3f43, 0x3, 0x4, 0x9, 0xe, 0x40, '\x00', 0x4, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
r11 = syz_kvm_vgic_v3_setup(r10, 0x4, 0x40)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r13, 0x1, 0x100)
ioctl$KVM_IRQ_LINE(r13, 0x4008ae61, &(0x7f0000000100)={0x100001f, 0x1})
ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x1, 0x800000000208, &(0x7f00000004c0)=0x1})
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000040)=0x2)

1m50.578789826s ago: executing program 9 (id=283):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfd000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x4, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x62)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000240)={0xdddd1000, 0x1000})
r8 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

1m38.733381316s ago: executing program 8 (id=284):
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f0000000200)=[@eret={0xe6, 0x18, 0x8}], 0x18}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
close(r1)

1m27.649051168s ago: executing program 9 (id=285):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x4, 0xa}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[@irq_setup={0x46, 0x0, {0x0, 0x2ce}}, @code={0xa, 0x0, {"0040bf0d000c00b8007008d580f286d20040b0f2210080d2420180d2c30080d2840080d2020000d4e08b81d200e0b0f2e10180d2020180d2e30180d2c40080d2020000d400b59ad20020b0f2810180d2220080d2e30080d2a40080d2020000d40000789e0064007f607588d20000b8f2010080d2620180d2a30180d2240180d2020000d40000c078"}}, @mrs={0xbe, 0x0, {0x603000000013e6ce}}, @eret={0xe6, 0x0, 0x4}, @code={0xa, 0x0, {"000008d5808e99d20060b0f2610180d2e20080d2230080d2440180d2020000d4603387d200c0b8f2010080d2620180d2030180d2640080d2020000d4000080f2206e98d20060b8f2010180d2420180d2a30080d2e40180d2020000d4008008d560778ed20020b0f2c10080d2c20180d2c30080d2040080d2020000d4007008d5c0a38cd200c0b8f2010180d2e20080d2c30180d2640180d2020000d40000000b"}}, @uexit={0x0, 0x0, 0xae}, @its_send_cmd={0xaa, 0x0, {0x5, 0x1, 0x1, 0x3, 0x10001, 0x4, 0x1}}, @smc={0x1e, 0x0, {0x84000013, [0x9, 0x1, 0x800, 0x1, 0xa]}}, @smc={0x1e, 0x0, {0x10c000000, [0xaa, 0x2a, 0x2, 0x8001, 0x6]}}, @svc={0x122, 0x0, {0x40000000, [0x4d, 0x8000000000000000, 0xd56, 0x80000000, 0x8000]}}, @smc={0x1e, 0x0, {0x2000000, [0x7fffffff, 0xb9da, 0x0, 0x8, 0x10001]}}, @mrs={0xbe, 0x0, {0x603000000013dce0}}, @its_setup={0x82, 0x0, {0x4, 0x1, 0x312}}, @uexit={0x0, 0x0, 0x8000}, @uexit, @eret={0xe6, 0x0, 0xa6d}, @irq_setup={0x46, 0x0, {0x4, 0x2ef}}, @its_setup={0x82, 0x0, {0x2, 0x3, 0x350}}, @its_setup={0x82, 0x0, {0x2, 0x1, 0x287}}, @msr={0x14, 0x0, {0x603000000013c520, 0x2}}, @irq_setup={0x46, 0x0, {0x3, 0x4e}}, @mrs={0xbe, 0x0, {0x603000000013c00d}}, @memwrite={0x6e, 0x0, @generic={0x0, 0x21e, 0x8, 0xa}}, @svc={0x122, 0x0, {0x6000000, [0xa, 0xffffffff00000000, 0x2, 0x1ff, 0x2]}}, @irq_setup={0x46, 0x0, {0x4, 0x347}}, @irq_setup={0x46, 0x0, {0x3, 0x252}}, @smc={0x1e, 0x0, {0x8400000c, [0x7f, 0x5, 0x9, 0x9, 0xf]}}], 0x6}, 0x0, 0x4c)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async)
r8 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x360) (async)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x360)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

1m15.69268587s ago: executing program 8 (id=286):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil)
r1 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000004c0)={0x0, &(0x7f0000000000)=[@uexit={0x0, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x80, 0x5}}, @memwrite={0x6e, 0x30, @generic={0x100000, 0x1ee, 0x3, 0x7}}, @irq_setup={0x46, 0x18, {0x3, 0x7f}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x2, 0x0, 0x1, 0x7f, 0x2}}, @code={0xa, 0xcc, {"000000ab60478ed200c0b8f2610180d2220080d2830180d2a40080d2020000d4007008d5a02e83d200c0b0f2210180d2420080d2830180d2440180d2020000d4203189d20080b8f2010180d2c20180d2830080d2640080d2020000d4007008d520ea99d200e0b0f2210180d2420180d2a30080d2440080d2020000d4a05a80d20080b8f2010180d2a20080d2a30180d2440180d2020000d40000649e40fd86d20000b0f2210080d2a20080d2c30080d2c40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x180, 0xffff}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x1d}}, @hvc={0x32, 0x40, {0x2, [0x0, 0x9, 0x9, 0x9, 0x3]}}, @smc={0x1e, 0x40, {0x84000001, [0x7fff, 0x4800000000000, 0x81, 0x1, 0x60]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x3ac}}, @eret={0xe6, 0x18, 0x101}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x2, 0x2, 0x6, 0x1, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013e000}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x7, 0x0, 0xfffffffd}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x316}}, @svc={0x122, 0x40, {0xc5000021, [0x80000001, 0x100000000, 0x3, 0x6, 0x7ff]}}, @memwrite={0x6e, 0x30, @generic={0x100000, 0xd5b, 0x7, 0xb}}, @msr={0x14, 0x20, {0x603000000013803c, 0x4}}, @uexit={0x0, 0x18, 0x9}, @uexit={0x0, 0x18, 0x3}, @smc={0x1e, 0x40, {0x6000000, [0x400, 0xffff, 0xbda, 0x2, 0x4]}}, @uexit={0x0, 0x18, 0x101}, @svc={0x122, 0x40, {0x30000000, [0x7a, 0x6c4, 0x8, 0x4]}}, @irq_setup={0x46, 0x18, {0x4, 0x140}}], 0x49c}, &(0x7f0000000500)=[@featur1={0x1, 0x8e}], 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x20140, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r4 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r4, 0x4010aeb5, &(0x7f0000000580)={0x40, 0x6})
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000005c0)={0x4, 0x0, [{0x100, 0x7, 0x1, 0x0, @adapter={0xa3, 0xf, 0x3, 0x7def, 0x7}}, {0x10, 0x2, 0x0, 0x0, @adapter={0x9b4, 0x5, 0x9, 0x7ff, 0x5}}, {0x3, 0x2, 0x1, 0x0, @adapter={0xbb, 0xf, 0x9, 0x4, 0xf}}, {0x10001, 0x1, 0x1, 0x0, @irqchip={0x5, 0x1000}}]})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0), 0x4080, 0x0)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000700)={0xffffffffffffffff, 0x18000, 0x2})
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c30000/0x1000)=nil, r6, 0x8, 0x5012, r1, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x4, 0x100)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000740)=@attr_pmu_init)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x3f)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000780)={0x2})
mmap$KVM_VCPU(&(0x7f0000f52000/0x2000)=nil, r3, 0x2000002, 0x10, r4, 0x0)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f00000007c0)={r4, 0x1528, 0x2, r4})
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x18)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r8, 0x4010aeb5, &(0x7f0000000800)={0x4, 0xabfe})
r9 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000c00)={0x0, &(0x7f0000000840)=[@smc={0x1e, 0x40, {0x84000009, [0x9, 0x7ff, 0x10001, 0xffffffff, 0x800]}}, @uexit={0x0, 0x18, 0x6}, @code={0xa, 0x84, {"000008d5007008d500e382d200a0b8f2210180d2020180d2030080d2e40180d2020000d40028212e00d4a00e007008d5a0189ed200c0b0f2a10080d2e20180d2c30180d2840180d2020000d4000000910000259e00279dd20060b8f2210180d2e20080d2030080d2840180d2020000d4"}}, @msr={0x14, 0x20, {0x0, 0xeb}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0xd2}}, @eret={0xe6, 0x18, 0x6}, @svc={0x122, 0x40, {0xc4000053, [0x1, 0x6, 0x8, 0x8, 0x5]}}, @svc={0x122, 0x40, {0x84000001, [0x200, 0x0, 0xffff, 0xa, 0x4]}}, @irq_setup={0x46, 0x18, {0x0, 0x34f}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x1, 0x5, 0x8, 0x3, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xffe8, 0x0, 0x5}}, @svc={0x122, 0x40, {0x84000010, [0x2, 0x6, 0x4, 0x5df, 0x80]}}, @code={0xa, 0x9c, {"0058202e80049dd20000b8f2410180d2620080d2230080d2a40080d2020000d4e07c8dd20080b0f2c10180d2620180d2430080d2240180d2020000d4008008d5006793d20040b8f2e10080d2c20180d2a30180d2440080d2020000d460d995d200e0b0f2610180d2020080d2c30180d2a40180d2020000d4007008d5000008d51f4000d5007008d5"}}, @irq_setup={0x46, 0x18, {0x3, 0x1d0}}, @smc={0x1e, 0x40, {0x84000053, [0x8, 0x2, 0x9, 0xffffffffffff8000, 0x8]}}, @smc={0x1e, 0x40, {0x35007ff4, [0x4966, 0x7, 0x9, 0x6, 0xb18]}}], 0x3a0}, &(0x7f0000000c40)=[@featur1={0x1, 0x2}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000cc0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000c80)={0x7, 0x6, 0x1}})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r6, 0x1000006, 0x4010, r1, 0x0)
r10 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0xd)
r11 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x3)
syz_kvm_add_vcpu$arm64(r0, &(0x7f0000001000)={0x0, &(0x7f0000000d00)=[@uexit={0x0, 0x18, 0x7fffffff}, @msr={0x14, 0x20, {0x6030000000139808, 0x8000000000000001}}, @msr={0x14, 0x20, {0x603000000013de96, 0x1}}, @uexit={0x0, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013de96, 0x100000001}}, @smc={0x1e, 0x40, {0x84000010, [0x2, 0x2, 0x732, 0x6, 0x3]}}, @code={0xa, 0x6c, {"00c0601e007008d5007008d50030000e007008d540ec85d20060b0f2c10080d2e20180d2830180d2a40180d2020000d4007008d5a08293d200c0b0f2210180d2020080d2230080d2640180d2020000d4008008d5000028d5"}}, @svc={0x122, 0x40, {0x84000012, [0x41a, 0x8000000000000001, 0x10000, 0xe4, 0x3]}}, @msr={0x14, 0x20, {0x603000000013df59, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x4, 0x1, 0x9, 0x4}}, @mrs={0xbe, 0x18, {0x6a0}}, @hvc={0x32, 0x40, {0x84000004, [0x4, 0x6, 0x1, 0x0, 0x3]}}, @eret={0xe6, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x0, 0x12e}}, @its_send_cmd={0xaa, 0x28, {0x7, 0x0, 0x3, 0x9, 0x4, 0x6, 0x4}}, @smc={0x1e, 0x40, {0xc4000010, [0x2, 0x0, 0x0, 0x3, 0x6]}}, @svc={0x122, 0x40, {0x80000000, [0x0, 0x0, 0xe, 0xffffffffffffff7f, 0x1]}}], 0x2f4}, &(0x7f0000001040)=[@featur1={0x1, 0xc8}], 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r1, 0x8040ae9f, &(0x7f0000001080)=@arm64)
syz_kvm_setup_cpu$arm64(r10, r9, &(0x7f0000acf000/0x400000)=nil, &(0x7f0000001500)=[{0x0, &(0x7f00000010c0)=[@code={0xa, 0x3c, {"007008d50094002f007008d5007008d5000008d5000008d5007008d5000008d5008008d5000008d5"}}, @svc={0x122, 0x40, {0x3f000000, [0x0, 0x7, 0x21, 0x9, 0x8]}}, @irq_setup={0x46, 0x18, {0x0, 0x15b}}, @memwrite={0x6e, 0x30, @generic={0xc000, 0x760, 0x81, 0x8}}, @eret={0xe6, 0x18, 0xb36}, @mrs={0xbe, 0x18, {0x603000000013dee6}}, @eret={0xe6, 0x18, 0x40}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x1be}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0x9, 0x42, 0x3, 0x50e069ef}}, @svc={0x122, 0x40, {0x84000013, [0x74, 0x61, 0x4, 0x2, 0x3301]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0x4, 0x8}}, @svc={0x122, 0x40, {0x0, [0x1, 0x8, 0x9, 0x8, 0x40]}}, @eret={0xe6, 0x18, 0xd0}, @msr={0x14, 0x20, {0x603000000013e6d1, 0x5}}, @code={0xa, 0x84, {"0000df0d20f997d20020b0f2810180d2e20180d2630180d2040180d2020000d460308ad20080b0f2010080d2c20180d2630080d2840080d2020000d4000008d5801b8ad200e0b0f2a10180d2420180d2830080d2040080d2020000d4000028d5000008d5008008d5007008d5008008d5"}}, @svc={0x122, 0x40, {0x84000003, [0x1, 0x7, 0x0, 0x1, 0xff]}}, @eret={0xe6, 0x18, 0x2}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x21e}}, @code={0xa, 0x9c, {"007008d5400e90d20020b0f2410180d2420180d2a30080d2240080d2020000d4209382d20020b0f2a10080d2020180d2830080d2240080d2020000d460c681d20020b0f2c10080d2e20080d2030080d2e40180d2020000d4001c602e008008d5000008d5604597d200a0b8f2410180d2620080d2230180d2440080d2020000d4000028d500000091"}}, @irq_setup={0x46, 0x18, {0x2, 0x158}}, @smc={0x1e, 0x40, {0x84000000, [0x1, 0x9, 0x7, 0xb]}}], 0x43c}], 0x1, 0x0, &(0x7f0000001540)=[@featur1={0x1, 0x10}], 0x1)
ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000001580)={0xb000, 0x58000, 0x4, 0x1, 0x3})
ioctl$KVM_GET_STATS_FD_vm(r8, 0xaece)
ioctl$KVM_CHECK_EXTENSION_VM(r11, 0xae03, 0x408000000)

1m7.533431584s ago: executing program 9 (id=287):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x3)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x10001})
ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0)
r5 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f0000000640)=[@smc={0x1e, 0x40, {0xc4000012, [0x0, 0x4, 0x0, 0x4, 0x8001]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

59.123246083s ago: executing program 8 (id=288):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x24)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x149d01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x1, <r4=>0xffffffffffffffff, 0x1})
r5 = ioctl$KVM_CREATE_VM(r4, 0x894c, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f00004dc000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x7, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x5)
mmap$KVM_VCPU(&(0x7f0000e04000/0x2000)=nil, 0x930, 0x1, 0x11, r12, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f0000f35000/0x3000)=nil, r13, 0x8, 0x13, r12, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r13, 0x1000001, 0x4010, r12, 0x0)
openat$kvm(0x0, &(0x7f0000000180), 0x123000, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x0, 0xe, 0x30, r12, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x1})
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x20200, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)

49.603741535s ago: executing program 9 (id=289):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x3, 0x7c}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000000)=0x8090000}) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000240)=@arm64_core={0x603000000010001c, &(0x7f0000000000)=0x10000})
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r10, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x800}) (async)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r12, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x800}}]}) (async)
close(r12) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r12, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x1}) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x12800, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x9)

11.090217948s ago: executing program 40 (id=288):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x24)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x149d01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x1, <r4=>0xffffffffffffffff, 0x1})
r5 = ioctl$KVM_CREATE_VM(r4, 0x894c, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f00004dc000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x7, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x5)
mmap$KVM_VCPU(&(0x7f0000e04000/0x2000)=nil, 0x930, 0x1, 0x11, r12, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f0000f35000/0x3000)=nil, r13, 0x8, 0x13, r12, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r13, 0x1000001, 0x4010, r12, 0x0)
openat$kvm(0x0, &(0x7f0000000180), 0x123000, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x0, 0xe, 0x30, r12, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x1})
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r14 = openat$kvm(0x0, &(0x7f0000000140), 0x20200, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)

0s ago: executing program 41 (id=289):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x3, 0x7c}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000000)=0x8090000}) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000240)=@arm64_core={0x603000000010001c, &(0x7f0000000000)=0x10000})
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r10, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x800}) (async)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r12, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x800}}]}) (async)
close(r12) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r12, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x1}) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x12800, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x9)

kernel console output (not intermixed with test programs):

[  373.653678][ T3165] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.807501][ T3165] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:8647' (ED25519) to the list of known hosts.
[  580.758693][   T25] audit: type=1400 audit(579.990:60): avc:  denied  { name_bind } for  pid=3316 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  583.452827][   T25] audit: type=1400 audit(582.670:61): avc:  denied  { execute } for  pid=3317 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  583.482829][   T25] audit: type=1400 audit(582.710:62): avc:  denied  { execute_no_trans } for  pid=3317 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  603.238231][   T25] audit: type=1400 audit(602.470:63): avc:  denied  { mounton } for  pid=3317 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  603.294095][   T25] audit: type=1400 audit(602.520:64): avc:  denied  { mount } for  pid=3317 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  603.375476][ T3317] cgroup: Unknown subsys name 'net'
[  603.444867][   T25] audit: type=1400 audit(602.680:65): avc:  denied  { unmount } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  603.911217][ T3317] cgroup: Unknown subsys name 'cpuset'
[  604.032528][ T3317] cgroup: Unknown subsys name 'rlimit'
[  604.969287][   T25] audit: type=1400 audit(604.200:66): avc:  denied  { setattr } for  pid=3317 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  604.997246][   T25] audit: type=1400 audit(604.230:67): avc:  denied  { mounton } for  pid=3317 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  605.011832][   T25] audit: type=1400 audit(604.240:68): avc:  denied  { mount } for  pid=3317 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  606.020277][ T3320] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  606.043121][   T25] audit: type=1400 audit(605.270:69): avc:  denied  { relabelto } for  pid=3320 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  606.082412][   T25] audit: type=1400 audit(605.290:70): avc:  denied  { write } for  pid=3320 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  606.248199][   T25] audit: type=1400 audit(605.480:71): avc:  denied  { read } for  pid=3317 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  606.276973][   T25] audit: type=1400 audit(605.500:72): avc:  denied  { open } for  pid=3317 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  606.321184][ T3317] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  657.365314][   T25] audit: type=1400 audit(656.570:73): avc:  denied  { execmem } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  661.579342][   T25] audit: type=1400 audit(660.810:74): avc:  denied  { read } for  pid=3323 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  661.599567][   T25] audit: type=1400 audit(660.830:75): avc:  denied  { open } for  pid=3323 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  661.692084][   T25] audit: type=1400 audit(660.910:76): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  661.949544][   T25] audit: type=1400 audit(661.180:77): avc:  denied  { module_request } for  pid=3324 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  661.969842][   T25] audit: type=1400 audit(661.200:78): avc:  denied  { module_request } for  pid=3323 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  662.973225][   T25] audit: type=1400 audit(662.200:79): avc:  denied  { sys_module } for  pid=3324 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  684.523273][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  684.601951][ T3324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  684.671455][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  684.905043][ T3324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  697.067351][ T3323] hsr_slave_0: entered promiscuous mode
[  697.119555][ T3323] hsr_slave_1: entered promiscuous mode
[  699.215680][ T3324] hsr_slave_0: entered promiscuous mode
[  699.286188][ T3324] hsr_slave_1: entered promiscuous mode
[  699.352240][ T3324] debugfs: 'hsr0' already exists in 'hsr'
[  699.361772][ T3324] Cannot create hsr debugfs directory
[  707.349323][   T25] audit: type=1400 audit(706.580:80): avc:  denied  { create } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  707.392650][   T25] audit: type=1400 audit(706.620:81): avc:  denied  { write } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  707.465006][   T25] audit: type=1400 audit(706.700:82): avc:  denied  { read } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  707.566304][ T3323] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  707.929004][ T3323] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  708.276704][ T3323] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  708.564750][ T3323] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  710.035634][ T3324] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  710.222503][ T3324] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  710.394581][ T3324] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  710.545466][ T3324] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  721.745662][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0
[  724.144469][ T3324] 8021q: adding VLAN 0 to HW filter on device bond0
[  773.796391][ T3323] veth0_vlan: entered promiscuous mode
[  774.567728][ T3323] veth1_vlan: entered promiscuous mode
[  776.518958][ T3324] veth0_vlan: entered promiscuous mode
[  776.979024][ T3323] veth0_macvtap: entered promiscuous mode
[  777.227422][ T3324] veth1_vlan: entered promiscuous mode
[  777.394406][ T3323] veth1_macvtap: entered promiscuous mode
[  779.695119][ T3380] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  779.802291][ T3380] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  779.803570][ T3380] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  779.813991][ T3380] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  779.856685][ T3324] veth0_macvtap: entered promiscuous mode
[  780.339527][ T3324] veth1_macvtap: entered promiscuous mode
[  782.336748][   T25] audit: type=1400 audit(781.570:83): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  782.625716][   T25] audit: type=1400 audit(781.810:84): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/syzkaller.0moXJo/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  782.922225][   T25] audit: type=1400 audit(782.150:85): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  783.203347][ T3460] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  783.213415][ T3460] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  783.227970][ T3460] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  783.244358][ T3460] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  783.262983][   T25] audit: type=1400 audit(782.440:86): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/syzkaller.0moXJo/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  783.419052][   T25] audit: type=1400 audit(782.650:87): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/syzkaller.0moXJo/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3774 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  783.894397][   T25] audit: type=1400 audit(783.120:88): avc:  denied  { unmount } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  784.174943][   T25] audit: type=1400 audit(783.410:89): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  784.325510][   T25] audit: type=1400 audit(783.560:90): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="gadgetfs" ino=3785 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  784.729104][   T25] audit: type=1400 audit(783.960:91): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  784.827081][   T25] audit: type=1400 audit(784.040:92): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  785.846947][ T3323] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  795.334873][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  795.347097][   T25] audit: type=1400 audit(794.570:97): avc:  denied  { read } for  pid=3475 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  795.391613][   T25] audit: type=1400 audit(794.620:98): avc:  denied  { open } for  pid=3475 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  795.742897][   T25] audit: type=1400 audit(794.970:99): avc:  denied  { ioctl } for  pid=3475 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  797.288021][   T25] audit: type=1400 audit(796.520:100): avc:  denied  { write } for  pid=3477 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  818.582934][   T25] audit: type=1400 audit(817.740:101): avc:  denied  { setattr } for  pid=3491 comm="syz.0.6" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  832.592789][   T25] audit: type=1400 audit(831.810:102): avc:  denied  { ioctl } for  pid=3497 comm="syz.0.8" path="net:[4026532625]" dev="nsfs" ino=4026532625 ioctlcmd=0xb70d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  868.071880][   T25] audit: type=1400 audit(867.290:103): avc:  denied  { execute } for  pid=3520 comm="syz.1.16" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4665 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  869.828792][   T25] audit: type=1400 audit(869.060:104): avc:  denied  { append } for  pid=3524 comm="syz.0.17" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  921.329542][ T3565] kvm [3565]: Failed to find VMA for hva 0x20c01000
[  921.634555][ T3565] kvm [3565]: Failed to find VMA for hva 0x20c01000
[ 1052.528644][   T25] audit: type=1400 audit(1051.700:105): avc:  denied  { create } for  pid=3660 comm="syz.0.57" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1054.065048][   T25] audit: type=1400 audit(1053.250:106): avc:  denied  { map } for  pid=3660 comm="syz.0.57" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=6593 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1054.076427][   T25] audit: type=1400 audit(1053.290:107): avc:  denied  { read } for  pid=3660 comm="syz.0.57" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=6593 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1402.049856][ T3885] kvm [3885]: Failed to find VMA for hva 0x20000000
[ 1520.584287][   T25] audit: type=1400 audit(1519.750:108): avc:  denied  { execute } for  pid=3956 comm="syz.0.148" path=2F37312FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1800.014825][ T4063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1800.298006][ T4063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1806.117334][ T4067] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1806.349912][ T4067] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1823.146507][ T4063] hsr_slave_0: entered promiscuous mode
[ 1823.218736][ T4063] hsr_slave_1: entered promiscuous mode
[ 1823.282382][ T4063] debugfs: 'hsr0' already exists in 'hsr'
[ 1823.292066][ T4063] Cannot create hsr debugfs directory
[ 1827.959884][ T4067] hsr_slave_0: entered promiscuous mode
[ 1828.012057][ T4067] hsr_slave_1: entered promiscuous mode
[ 1828.037137][ T4067] debugfs: 'hsr0' already exists in 'hsr'
[ 1828.052037][ T4067] Cannot create hsr debugfs directory
[ 1843.997412][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1844.964549][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1845.898707][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1846.808952][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1847.565380][ T4063] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1847.977417][ T4063] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1848.502952][ T4063] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1849.106635][ T4063] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1862.425710][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1862.706966][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1862.766507][   T12] bond0 (unregistering): Released all slaves
[ 1864.182770][   T12] hsr_slave_0: left promiscuous mode
[ 1864.242159][   T12] hsr_slave_1: left promiscuous mode
[ 1864.845082][   T12] veth1_macvtap: left promiscuous mode
[ 1864.862463][   T12] veth0_macvtap: left promiscuous mode
[ 1864.883051][   T12] veth1_vlan: left promiscuous mode
[ 1864.892816][   T12] veth0_vlan: left promiscuous mode
[ 1878.517247][ T4067] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1878.869864][ T4067] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1879.347033][ T4067] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1879.857728][ T4067] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1884.239194][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1885.407612][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1886.652713][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1887.942436][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1903.428141][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1903.671484][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1903.844890][   T12] bond0 (unregistering): Released all slaves
[ 1905.885342][   T12] hsr_slave_0: left promiscuous mode
[ 1906.152074][   T12] hsr_slave_1: left promiscuous mode
[ 1907.123197][   T12] veth1_macvtap: left promiscuous mode
[ 1907.142683][   T12] veth0_macvtap: left promiscuous mode
[ 1907.147156][   T12] veth1_vlan: left promiscuous mode
[ 1907.166472][   T12] veth0_vlan: left promiscuous mode
[ 1931.974782][ T4063] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1933.586787][ T4067] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2011.674169][ T4063] veth0_vlan: entered promiscuous mode
[ 2012.919686][ T4063] veth1_vlan: entered promiscuous mode
[ 2013.712933][ T4067] veth0_vlan: entered promiscuous mode
[ 2014.725643][ T4067] veth1_vlan: entered promiscuous mode
[ 2016.693484][ T4063] veth0_macvtap: entered promiscuous mode
[ 2017.447211][ T4063] veth1_macvtap: entered promiscuous mode
[ 2018.847415][ T4067] veth0_macvtap: entered promiscuous mode
[ 2019.624474][ T4067] veth1_macvtap: entered promiscuous mode
[ 2021.159225][ T3363] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2021.173215][ T3363] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2021.186314][ T3363] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2021.384569][ T4143] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2024.178914][ T3460] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2024.194852][ T3460] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2024.223103][ T3460] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2024.227983][ T3460] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2549.955571][ T4143] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2550.947168][ T4143] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2552.007471][ T4143] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2553.235828][ T4143] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2571.861962][ T4143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2572.234954][ T4143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2572.467673][ T4143] bond0 (unregistering): Released all slaves
[ 2574.242726][ T4143] hsr_slave_0: left promiscuous mode
[ 2574.392143][ T4143] hsr_slave_1: left promiscuous mode
[ 2575.251869][ T4143] veth1_macvtap: left promiscuous mode
[ 2575.262000][ T4143] veth0_macvtap: left promiscuous mode
[ 2575.276241][ T4143] veth1_vlan: left promiscuous mode
[ 2575.277853][ T4143] veth0_vlan: left promiscuous mode
[ 2597.066640][ T4579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2597.978469][ T4579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2601.866076][ T4143] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2603.366771][ T4143] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2604.425999][ T4143] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2605.654390][ T4143] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2620.984435][ T4143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2621.145102][ T4143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2621.262800][ T4143] bond0 (unregistering): Released all slaves
[ 2622.694747][ T4143] hsr_slave_0: left promiscuous mode
[ 2622.722380][ T4143] hsr_slave_1: left promiscuous mode
[ 2622.905511][ T4143] veth1_macvtap: left promiscuous mode
[ 2622.909333][ T4143] veth0_macvtap: left promiscuous mode
[ 2622.931972][ T4143] veth1_vlan: left promiscuous mode
[ 2622.935848][ T4143] veth0_vlan: left promiscuous mode
[ 2643.566242][ T4587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2644.006511][ T4587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2654.613108][ T4579] hsr_slave_0: entered promiscuous mode
[ 2654.665060][ T4579] hsr_slave_1: entered promiscuous mode
[ 2665.902954][ T4587] hsr_slave_0: entered promiscuous mode
[ 2665.934791][ T4587] hsr_slave_1: entered promiscuous mode
[ 2665.978895][ T4587] debugfs: 'hsr0' already exists in 'hsr'
[ 2666.001648][ T4587] Cannot create hsr debugfs directory
[ 2669.393491][ T4579] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2669.694764][ T4579] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2670.903619][ T4579] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2671.099597][ T4579] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2681.517416][ T4587] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2681.984594][ T4587] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2682.278883][ T4587] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2682.549680][ T4587] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2700.025257][ T4579] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2711.195571][ T4587] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2818.494707][ T4579] veth0_vlan: entered promiscuous mode
[ 2819.475155][ T4579] veth1_vlan: entered promiscuous mode
[ 2823.353230][ T4579] veth0_macvtap: entered promiscuous mode
[ 2823.896333][ T4579] veth1_macvtap: entered promiscuous mode
[ 2827.558265][   T21] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2827.677234][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2827.713240][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2827.747628][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2832.835461][ T4587] veth0_vlan: entered promiscuous mode
[ 2834.507288][ T4587] veth1_vlan: entered promiscuous mode
[ 2838.735571][ T4587] veth0_macvtap: entered promiscuous mode
[ 2839.395261][ T4587] veth1_macvtap: entered promiscuous mode
[ 2843.837427][ T4748] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2843.852947][ T4748] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2843.951212][ T4748] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2843.964348][ T4748] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3053.319411][ T4875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3053.777767][ T4875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3059.514620][ T4879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3059.986582][ T4879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3100.405013][ T4875] hsr_slave_0: entered promiscuous mode
[ 3100.495035][ T4875] hsr_slave_1: entered promiscuous mode
[ 3100.584083][ T4875] debugfs: 'hsr0' already exists in 'hsr'
[ 3100.601956][ T4875] Cannot create hsr debugfs directory
[ 3105.577544][ T4879] hsr_slave_0: entered promiscuous mode
[ 3105.665168][ T4879] hsr_slave_1: entered promiscuous mode
[ 3105.808540][ T4879] debugfs: 'hsr0' already exists in 'hsr'
[ 3105.813885][ T4879] Cannot create hsr debugfs directory
[ 3136.064463][ T4875] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 3137.109490][ T4875] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 3138.253419][ T4875] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 3138.938641][ T4875] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 3148.418295][ T4879] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 3149.027514][ T4879] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 3149.577327][ T4879] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 3150.189252][ T4879] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 3186.704772][ T4875] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3195.769077][ T4879] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3258.425931][   T21] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3260.678055][   T21] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3262.742569][   T21] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3264.454294][   T21] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3287.663820][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3287.856732][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3288.029367][   T21] bond0 (unregistering): Released all slaves
[ 3291.562447][   T21] hsr_slave_0: left promiscuous mode
[ 3291.732245][   T21] hsr_slave_1: left promiscuous mode
[ 3292.997318][   T21] veth1_macvtap: left promiscuous mode
[ 3293.059706][   T21] veth0_macvtap: left promiscuous mode
[ 3293.103389][   T21] veth1_vlan: left promiscuous mode
[ 3293.123428][   T21] veth0_vlan: left promiscuous mode
[ 3331.585719][   T21] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3333.185019][   T21] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3335.042837][   T21] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3336.553673][   T21] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3361.103388][   T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3361.644694][   T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3361.854696][   T21] bond0 (unregistering): Released all slaves
[ 3363.993411][   T21] hsr_slave_0: left promiscuous mode
[ 3364.126772][   T21] hsr_slave_1: left promiscuous mode
[ 3365.369254][   T21] veth1_macvtap: left promiscuous mode
[ 3365.392550][   T21] veth0_macvtap: left promiscuous mode
[ 3365.427427][   T21] veth1_vlan: left promiscuous mode
[ 3365.464174][   T21] veth0_vlan: left promiscuous mode
[ 3431.584083][ T4875] veth0_vlan: entered promiscuous mode
[ 3432.727537][ T4875] veth1_vlan: entered promiscuous mode
[ 3436.373818][ T4875] veth0_macvtap: entered promiscuous mode
[ 3437.057360][ T4875] veth1_macvtap: entered promiscuous mode
[ 3442.002234][ T4879] veth0_vlan: entered promiscuous mode
[ 3443.331662][ T4143] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3443.333976][ T4143] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3443.353025][ T4143] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3443.389727][ T4143] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3444.606529][ T4879] veth1_vlan: entered promiscuous mode
[ 3450.076329][ T4879] veth0_macvtap: entered promiscuous mode
[ 3450.886901][ T4879] veth1_macvtap: entered promiscuous mode
[ 3454.799707][ T4481] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3454.813046][ T4481] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3454.923506][ T4481] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3454.957810][ T4481] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3742.645124][ T4132] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3744.974319][ T4132] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3747.224920][ T4132] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3749.704849][ T4132] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3775.318227][ T4132] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3776.153185][ T4132] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3776.723497][ T4132] bond0 (unregistering): Released all slaves
[ 3779.241563][ T4132] hsr_slave_0: left promiscuous mode
[ 3779.372519][ T4132] hsr_slave_1: left promiscuous mode
[ 3780.602058][ T4132] veth1_macvtap: left promiscuous mode
[ 3780.623462][ T4132] veth0_macvtap: left promiscuous mode
[ 3780.643122][ T4132] veth1_vlan: left promiscuous mode
[ 3780.665267][ T4132] veth0_vlan: left promiscuous mode
[ 3823.405028][ T4132] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3824.434068][ T4132] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3825.987457][ T4132] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3827.534463][ T4132] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3857.673811][ T4132] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3858.027235][ T4132] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3858.256349][ T4132] bond0 (unregistering): Released all slaves
[ 3861.125123][ T4132] hsr_slave_0: left promiscuous mode
[ 3861.222471][ T4132] hsr_slave_1: left promiscuous mode
[ 3862.291487][ T4132] veth1_macvtap: left promiscuous mode
[ 3862.292867][ T4132] veth0_macvtap: left promiscuous mode
[ 3862.364114][ T4132] veth1_vlan: left promiscuous mode
[ 3862.383892][ T4132] veth0_vlan: left promiscuous mode
[ 3913.594458][ T5246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3913.987081][ T5246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3918.189008][ T5251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3918.569621][ T5251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3946.507429][ T5246] hsr_slave_0: entered promiscuous mode
[ 3946.566337][ T5246] hsr_slave_1: entered promiscuous mode
[ 3950.726242][ T5251] hsr_slave_0: entered promiscuous mode
[ 3950.817923][ T5251] hsr_slave_1: entered promiscuous mode
[ 3950.983812][ T5251] debugfs: 'hsr0' already exists in 'hsr'
[ 3950.984764][ T5251] Cannot create hsr debugfs directory
[ 3976.424353][ T5246] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 3977.552620][ T5246] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 3978.383566][ T5246] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 3980.232571][ T5246] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 3986.108267][ T5251] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 3986.759068][ T5251] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 3987.346740][ T5251] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 3987.829226][ T5251] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 4018.268397][ T5246] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4025.099603][ T5251] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4190.233186][ T5246] veth0_vlan: entered promiscuous mode
[ 4191.643988][ T5246] veth1_vlan: entered promiscuous mode
[ 4197.436695][ T5246] veth0_macvtap: entered promiscuous mode
[ 4199.027482][ T5246] veth1_macvtap: entered promiscuous mode
[ 4199.499800][ T5251] veth0_vlan: entered promiscuous mode
[ 4202.554302][ T5251] veth1_vlan: entered promiscuous mode
[ 4206.879036][ T5000] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4207.017358][ T4627] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4207.332954][ T4627] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4207.334164][ T4627] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4212.807032][ T5251] veth0_macvtap: entered promiscuous mode
[ 4214.628175][ T5251] veth1_macvtap: entered promiscuous mode
[ 4220.482693][ T3363] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 4220.523291][ T3363] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 4220.573318][ T3363] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 4220.574264][ T3363] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 4600.065351][ T5589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4600.728560][ T5589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4610.695136][ T5594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 4611.247529][ T5594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 4660.844775][ T5589] hsr_slave_0: entered promiscuous mode
[ 4661.025289][ T5589] hsr_slave_1: entered promiscuous mode
[ 4661.125532][ T5589] debugfs: 'hsr0' already exists in 'hsr'
[ 4661.178706][ T5589] Cannot create hsr debugfs directory
[ 4673.136785][ T5594] hsr_slave_0: entered promiscuous mode
[ 4673.257764][ T5594] hsr_slave_1: entered promiscuous mode
[ 4673.453337][ T5594] debugfs: 'hsr0' already exists in 'hsr'
[ 4673.465718][ T5594] Cannot create hsr debugfs directory
[ 4729.709575][ T5589] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 4732.894151][ T5589] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 4736.486095][ T5589] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 4739.884400][ T5589] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 4755.597407][ T5594] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 4756.629412][ T5594] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 4757.692493][ T5594] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 4758.918149][ T5594] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 4793.878338][ T5589] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4811.145120][ T5594] 8021q: adding VLAN 0 to HW filter on device bond0
[ 4842.217701][   T27] INFO: task syz.9.289:5573 blocked for more than 430 seconds.
[ 4842.232783][   T27]       Not tainted syzkaller #0
[ 4842.261614][   T27]       Blocked by coredump.
[ 4842.262224][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 4842.262736][   T27] task:syz.9.289       state:D stack:0     pid:5573  tgid:5571  ppid:5251   task_flags:0x40044c flags:0x00000018
[ 4842.264188][   T27] Call trace:
[ 4842.264689][   T27]  __switch_to+0x584/0xb20 (T)
[ 4842.266714][   T27]  __schedule+0x1eec/0x33a4
[ 4842.267235][   T27]  schedule+0xac/0x27c
[ 4842.267704][   T27]  schedule_timeout+0x5c/0x1e4
[ 4842.268214][   T27]  do_wait_for_common+0x28c/0x444
[ 4842.268694][   T27]  wait_for_completion+0x44/0x5c
[ 4842.269131][   T27]  __synchronize_srcu+0x2a4/0x320
[ 4842.269592][   T27]  synchronize_srcu+0x3cc/0x4f0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 4842.451775][   T27]  __mmu_notifier_release+0x424/0x614
[ 4842.452735][   T27]  exit_mmap+0xbc/0xbbc
[ 4842.453256][   T27]  __mmput+0x10c/0x530
[ 4842.453767][   T27]  mmput+0x70/0xac
[ 4842.454240][   T27]  exit_mm+0x158/0x258
[ 4842.454706][   T27]  do_exit+0x788/0x2378
[ 4842.455169][   T27]  do_group_exit+0x1d4/0x2ac
[ 4842.455646][   T27]  get_signal+0x1440/0x1554
[ 4842.456116][   T27]  arch_do_signal_or_restart+0x23c/0x4d98
[ 4842.456674][   T27]  exit_to_user_mode_loop+0x7c/0x178
[ 4842.457112][   T27]  el0_svc+0x170/0x234
[ 4842.457578][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 4842.458075][   T27]  el0t_64_sync+0x198/0x19c
[ 4842.459652][   T27] 
[ 4842.459652][   T27] Showing all locks held in the system:
[ 4842.632241][   T27] 3 locks held by kworker/u4:1/21:
[ 4842.696846][   T27] 1 lock held by khungtaskd/27:
[ 4842.716385][   T27]  #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 4842.719069][   T27] 1 lock held by klogd/3128:
[ 4842.719428][   T27] 2 locks held by getty/3194:
[ 4842.719772][   T27]  #0: 68f0000011c368a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 4842.873326][   T27]  #1: 09ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 4842.875062][   T27] 2 locks held by syz-executor/3317:
[ 4842.875384][   T27] 3 locks held by kworker/u4:2/3363:
[ 4842.875688][   T27] 3 locks held by kworker/u4:7/4132:
[ 4842.876004][   T27] 3 locks held by kworker/u4:9/4143:
[ 4842.876344][   T27] 3 locks held by kworker/u4:3/4481:
[ 4842.876702][   T27] 2 locks held by kworker/u4:10/4627:
[ 4842.877018][   T27]  #0: 2ff000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 4842.878522][   T27]  #1: ffff80008f1d7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 4843.041917][   T27] 3 locks held by kworker/0:0/4810:
[ 4843.042587][   T27]  #0: 75f0000011b50948 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 4843.044331][   T27]  #1: ffff80008c6c7c88 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 4843.045937][   T27]  #2: 83f000001cba7d38 (&idev->mc_lock){+.+.}-{4:4}, at: mld_ifc_work+0x40/0xe30
[ 4843.047541][   T27] 3 locks held by kworker/u4:12/5000:
[ 4843.047901][   T27] 2 locks held by kworker/u4:4/5255:
[ 4843.048217][   T27]  #0: 2ff000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 4843.049768][   T27]  #1: ffff80008eec7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 4843.233930][   T27] 2 locks held by kworker/u4:11/5258:
[ 4843.234275][   T27] 3 locks held by kworker/u4:14/5262:
[ 4843.234615][   T27] 2 locks held by syz.8.288/5566:
[ 4843.234933][   T27] 1 lock held by syz-executor/5589:
[ 4843.235220][   T27]  #0: ffff800087c7a400 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c
[ 4843.236848][   T27] 5 locks held by kworker/u4:8/5645:
[ 4843.237196][   T27] 3 locks held by kworker/u4:16/5738:
[ 4843.237484][   T27] 3 locks held by modprobe/5750:
[ 4843.237786][   T27] 1 lock held by modprobe/5751:
[ 4843.238288][   T27] 
[ 4843.238536][   T27] =============================================
[ 4843.238536][   T27] 
[ 4863.392986][   T27] INFO: task syz.9.289:5573 blocked for more than 451 seconds.
[ 4863.403589][   T27]       Not tainted syzkaller #0
[ 4863.412966][   T27]       Blocked by coredump.
[ 4863.413320][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 4863.413568][   T27] task:syz.9.289       state:D stack:0     pid:5573  tgid:5571  ppid:5251   task_flags:0x40044c flags:0x00000018
[ 4863.414363][   T27] Call trace:
[ 4863.414636][   T27]  __switch_to+0x584/0xb20 (T)
[ 4863.415152][   T27]  __schedule+0x1eec/0x33a4
[ 4863.415576][   T27]  schedule+0xac/0x27c
[ 4863.416026][   T27]  schedule_timeout+0x5c/0x1e4
[ 4863.416546][   T27]  do_wait_for_common+0x28c/0x444
[ 4863.417029][   T27]  wait_for_completion+0x44/0x5c
[ 4863.417460][   T27]  __synchronize_srcu+0x2a4/0x320
[ 4863.417948][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 4863.418396][   T27]  __mmu_notifier_release+0x424/0x614
[ 4863.418840][   T27]  exit_mmap+0xbc/0xbbc
[ 4863.419266][   T27]  __mmput+0x10c/0x530
[ 4863.419751][   T27]  mmput+0x70/0xac
[ 4863.604435][   T27]  exit_mm+0x158/0x258
[ 4863.605098][   T27]  do_exit+0x788/0x2378
[ 4863.605558][   T27]  do_group_exit+0x1d4/0x2ac
[ 4863.606042][   T27]  get_signal+0x1440/0x1554
[ 4863.606505][   T27]  arch_do_signal_or_restart+0x23c/0x4d98
[ 4863.607019][   T27]  exit_to_user_mode_loop+0x7c/0x178
[ 4863.607440][   T27]  el0_svc+0x170/0x234
[ 4863.607935][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 4863.608448][   T27]  el0t_64_sync+0x198/0x19c
[ 4863.609192][   T27] 
[ 4863.609192][   T27] Showing all locks held in the system:
[ 4863.609487][   T27] 3 locks held by kworker/u4:1/21:
[ 4863.609835][   T27] 1 lock held by khungtaskd/27:
[ 4863.665387][   T27]  #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 4863.667353][   T27] 1 lock held by klogd/3128:
[ 4863.667733][   T27] 2 locks held by getty/3194:
[ 4863.668042][   T27]  #0: 68f0000011c368a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 4863.669819][   T27]  #1: 09ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 4863.773389][   T27] 2 locks held by kworker/u4:5/4070:
[ 4863.773760][   T27] 3 locks held by kworker/u4:3/4481:
[ 4863.774088][   T27] 2 locks held by kworker/u4:10/4627:
[ 4863.774383][   T27]  #0: 2ff000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 4863.775930][   T27]  #1: ffff80008f1d7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 4863.777540][   T27] 3 locks held by kworker/u4:13/5012:
[ 4863.777883][   T27] 2 locks held by kworker/0:6/5175:
[ 4863.778179][   T27] 3 locks held by kworker/u4:11/5258:
[ 4863.778505][   T27] 2 locks held by syz.9.289/5573:
[ 4863.778881][   T27] 2 locks held by modprobe/5757:
[ 4863.779245][   T27] 
[ 4863.779459][   T27] =============================================
[ 4863.779459][   T27]