last executing test programs:

26m9.171364337s ago: executing program 1 (id=2):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000})
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000000000)={0xe1, 0x300})
r3 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r5, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r10 = syz_kvm_vgic_v3_setup(r7, 0xfffffffffffffffe, 0xa0)
close(0xffffffffffffffff)
close(r9)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = eventfd2(0x8, 0x80800)
r14 = eventfd2(0x8, 0x80000)
ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f00000000c0)={0x4, 0x25000, 0x0, r14, 0x2})
ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f0000000140)={0x8000000000000002, 0x0, 0x2, r13, 0x2})
ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r13, 0x3})
close(r10)
close(0x5)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

26m5.992647125s ago: executing program 0 (id=1):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x340042, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1c)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xc0189436, 0x20003fff)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x10200, 0x0, &(0x7f0000dda000/0x14000)=nil})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a76000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x7, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000100)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x3, 0x0, 0x16f}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x8, 0x8, 0x100}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x2, 0x40)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8})
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)

25m48.271041834s ago: executing program 1 (id=3):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x22)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4030582a, 0x0)
close(r4)
ioctl$KVM_GET_DEVICE_ATTR_vm(r1, 0x4018aee2, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000140)={0xff, 0xe, 0x2}})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r9, 0xc018aec0, &(0x7f00000000c0)={0x1})
close(0x4)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r10 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000500)=[@uexit={0x0, 0x18}, @msr={0x14, 0x20, {0x603000000013df43, 0x8}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x235}}, @mrs={0xbe, 0x18, {0x603000000013c644}}, @msr={0x14, 0x20, {0x603000000013dee1, 0x2}}, @irq_setup={0x46, 0x18, {0x3, 0x146}}, @smc={0x1e, 0x40, {0x8400000c, [0x3, 0x4, 0x8735, 0xfffffffffffffffd, 0x2]}}, @code={0xa, 0x84, {"007008d5007008d5007c209be0f78dd200a0b8f2810080d2420080d2030180d2440180d2020000d480c285d20080b8f2410080d2e20080d2430080d2040080d2020000d4007008d5000028d5c06396d20040b8f2810180d2e20080d2630080d2840180d2020000d4000028d5000820f8"}}, @uexit={0x0, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x8, 0xfffffffb, 0x9c4, 0x2}}, @hvc={0x32, 0x40, {0x84000007, [0x4, 0x0, 0x1, 0xfffffefffffffffc, 0xfff]}}, @hvc={0x32, 0x40, {0x8600ff01, [0x1, 0x362, 0x3ff, 0xffffffffffffff0c]}}, @eret={0xe6, 0x18, 0x5}, @smc={0x1e, 0x40, {0xc400000e, [0x8, 0x1ff, 0x4, 0x8, 0x5]}}, @uexit={0x0, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x1, 0x5, 0xa, 0x7}}, @eret={0xe6, 0x18, 0x4}, @uexit={0x0, 0x18, 0x3}, @eret={0xe6, 0x18, 0x6000000}, @irq_setup={0x46, 0x18, {0x2, 0x2eb}}], 0x32c}, &(0x7f0000000040)=[@featur1={0x1, 0x8}], 0x1)
close(0x5)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r10, 0x4010aeab, &(0x7f00000000c0)={0x8, 0xfec00000})

25m47.473272031s ago: executing program 0 (id=4):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}], 0x28}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c103, &(0x7f00000000c0)=0xa0})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @hvc={0x32, 0x40, {0xc5000021, [0x0, 0x1, 0x2, 0x3, 0x6]}}], 0x80}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

25m39.144345144s ago: executing program 0 (id=5):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x24)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x40000, 0x5, &(0x7f0000000240)=0x7})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0xfffffffffffffffd}}, @its_send_cmd={0xaa, 0x28, {0x5, 0xfc, 0x1, 0x3, 0x9, 0xfffffffb, 0x4}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r3=>0xffffffffffffffff})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100050, &(0x7f0000000000)=0x85c7})
r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000cdf000/0x2000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000e92000/0x4000)=nil, 0x0, 0x1000001, 0xa2c14754205083be, r8, 0x0)
r11 = eventfd2(0x0, 0x0)
close(r11)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r11, &(0x7f0000000180)=0x7e, 0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110006, &(0x7f00000001c0)=0x2})
mmap$KVM_VCPU(&(0x7f0000db4000/0x3000)=nil, 0x930, 0x8, 0x12, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

25m37.273217673s ago: executing program 1 (id=6):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
write$eventfd(r1, &(0x7f0000000000), 0xfffffdef)
openat$kvm(0xffffffffffffff9c, 0x0, 0x141201, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x632002, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673ff2b54ebb2aa76c869d22627e700", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
r5 = eventfd2(0x0, 0x80000)
close(r5)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r5, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x30, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40800, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0xc)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
r9 = syz_kvm_vgic_v3_setup(r8, 0xffffffffffffffff, 0x400)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000000)=0x9})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000ae9000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x6, 0x58000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})

25m24.294518769s ago: executing program 0 (id=7):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r4, 0x4068aea3, &(0x7f0000000180)={0xdf, 0x0, 0x4000})
ioctl$KVM_CREATE_DEVICE(r4, 0xc018aec0, &(0x7f00000000c0)={0x1})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x86, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x93})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
write$eventfd(r2, &(0x7f00000001c0)=0x3, 0xfdef)

25m22.315725584s ago: executing program 1 (id=8):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013df40, 0x8000}}], 0x20}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x23)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r7, 0x4068aea3, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x1800002, 0x10010, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000200)="f3211813013c36000000005e2a8398f89643cbd9ae00000001908b9463d139887a01955edef90000000000ffff00000000000000000000db02000000000000007ab100000000ffe3", 0x0, 0xfffffffffffffdd9)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x40305839, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000c19000/0x11000)=nil, 0x11000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000140)={0x4})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

25m10.245566202s ago: executing program 0 (id=9):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x30)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a21000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x210}}], 0x18}, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x30)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000a21000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x210}}], 0x18}, 0x0, 0x0)
r10 = eventfd2(0x8, 0x80801)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x3a0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000140)={0x8000000})
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000000)={0x6, 0x8000000, 0x0, r10})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b6b000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
r11 = eventfd2(0x8, 0x80801)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x3a0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000140)={0x8000000})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x6, 0x8000000, 0x0, r11})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

24m35.922949308s ago: executing program 32 (id=8):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013df40, 0x8000}}], 0x20}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x23)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r7, 0x4068aea3, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x1800002, 0x10010, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000200)="f3211813013c36000000005e2a8398f89643cbd9ae00000001908b9463d139887a01955edef90000000000ffff00000000000000000000db02000000000000007ab100000000ffe3", 0x0, 0xfffffffffffffdd9)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x40305839, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000c19000/0x11000)=nil, 0x11000)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000140)={0x4})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

24m22.611121641s ago: executing program 33 (id=9):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x30)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a21000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x210}}], 0x18}, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x30)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000a21000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x210}}], 0x18}, 0x0, 0x0)
r10 = eventfd2(0x8, 0x80801)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x3a0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000140)={0x8000000})
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000000)={0x6, 0x8000000, 0x0, r10})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b6b000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
r11 = eventfd2(0x8, 0x80801)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x3a0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000140)={0x8000000})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x6, 0x8000000, 0x0, r11})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

15m12.570086513s ago: executing program 3 (id=44):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x8040aeb6, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1002b)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000b28000/0x400000)=nil)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100018, &(0x7f0000000000)=0x10})

14m56.373404004s ago: executing program 3 (id=46):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000040)={0xff, 0x40}) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1fe, 0x4, 0x1000, 0x2000, &(0x7f0000285000/0x2000)=nil}) (async, rerun: 32)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000000)={0x200, 0x7, 0xf297}) (async, rerun: 32)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0xf) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@msr={0x14, 0x20, {0x603000000013c65e, 0x5}}], 0x20}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x2, 0x100) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

14m43.631424659s ago: executing program 3 (id=47):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013e208, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013e208, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)

14m31.890124257s ago: executing program 3 (id=49):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r4, 0x4068aea3, &(0x7f0000000180)={0xdf, 0x0, 0x4000})
ioctl$KVM_CREATE_DEVICE(r4, 0xc018aec0, &(0x7f00000000c0)={0x1})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
r7 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r6, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x80000, 0x10000, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e700", 0x0, 0x48)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = eventfd2(0x4, 0x801)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x0, 0x4, 0x2, r11})
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000000)={0xf, <r12=>0xffffffffffffffff})
eventfd2(0x5, 0x2)
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

14m12.671400889s ago: executing program 3 (id=51):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xeeee0000, 0x1000, &(0x7f0000fd1000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x25)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfd000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)

13m59.816027994s ago: executing program 3 (id=53):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000200)=[@mrs={0xbe, 0x18, {0x603000000013c800}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a55000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013800f, 0x8000}}], 0x20}, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1c1800, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2b)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000aec000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000040)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f00000000c0)=@arm64={0x7, 0x0, 0xfc, '\x00', 0x4})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000080)=@arm64={0xd, 0x8, 0x7, '\x00', 0x2d})
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000080)={0x2, 0x0, [{0x0, 0x2, 0x0, 0x0, @msi}, {0x2, 0x1, 0x0, 0x0, @msi={0x1f, 0x0, 0x0, 0x3}}]})
munmap(&(0x7f00005ed000/0x800000)=nil, 0x800000)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r5, 0xaead)

13m12.053405013s ago: executing program 34 (id=53):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000200)=[@mrs={0xbe, 0x18, {0x603000000013c800}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a55000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013800f, 0x8000}}], 0x20}, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1c1800, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2b)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000aec000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000040)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f00000000c0)=@arm64={0x7, 0x0, 0xfc, '\x00', 0x4})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000080)=@arm64={0xd, 0x8, 0x7, '\x00', 0x2d})
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000080)={0x2, 0x0, [{0x0, 0x2, 0x0, 0x0, @msi}, {0x2, 0x1, 0x0, 0x0, @msi={0x1f, 0x0, 0x0, 0x3}}]})
munmap(&(0x7f00005ed000/0x800000)=nil, 0x800000)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r5, 0xaead)

9m47.044561855s ago: executing program 2 (id=70):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a5a000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x3, 0x27, 0x6, 0x0, 0x4, 0x9, 0xff, 0x7, 0xc7, 0x43, 0x5, 0x7, 0x0, 0x5, 0x2e, 0xd7, 0x10, 0xaa, 0x7, '\x00', 0x2, 0x100000000000000})
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f00000001c0)=0xffffff7f, 0xff25)
r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000a, [0x140000002, 0x100080001, 0x5, 0x101, 0x11]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a5a000/0x400000)=nil) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x3, 0x27, 0x6, 0x0, 0x4, 0x9, 0xff, 0x7, 0xc7, 0x43, 0x5, 0x7, 0x0, 0x5, 0x2e, 0xd7, 0x10, 0xaa, 0x7, '\x00', 0x2, 0x100000000000000}) (async)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async)
write$eventfd(r5, &(0x7f00000001c0)=0xffffff7f, 0xff25) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000a, [0x140000002, 0x100080001, 0x5, 0x101, 0x11]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)

9m35.068970407s ago: executing program 2 (id=71):
openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2e)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x6)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x4000005, 0x6, 0x86, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x1})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x7, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
r8 = eventfd2(0x3ff, 0x0)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r8, 0x5, 0x2, r8})
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000140)={r8, 0x5, 0x1})
write$eventfd(r4, &(0x7f00000001c0)=0x3, 0xfdef)
ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x8})

9m22.350884124s ago: executing program 2 (id=72):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000000)={0x1b4000000000, 0x3ff})
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r3 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_set_pmu={0x0, 0x0, 0x3, 0xffffffffffffffff})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000000c0)={0xbbfbfe6201889764, 0xffffffffffffffff, 0x1})

8m56.071919411s ago: executing program 2 (id=73):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2e)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3})
r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x1, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x10)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = eventfd2(0xeffffffd, 0x801)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r11, 0x3})
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r11, 0xf})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10})
ioctl$KVM_CAP_ARM_USER_IRQ(r1, 0x4068aea3, &(0x7f0000000240))

8m31.7912643s ago: executing program 2 (id=74):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x301081, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 32)
r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (rerun: 32)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f00000000c0)=@arm64_sys={0x603000000013e290, 0x0}) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x40000000000001, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x80000, 0x10007, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0) (async, rerun: 64)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (rerun: 64)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000240)=0x8080000})
r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x9b)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 32)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (rerun: 32)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000340)={0x0, &(0x7f0000000380)=[@mrs={0xbe, 0x18, {0x603000000013e66a}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x2f3}}, @mrs={0xbe, 0x18, {0x603000000013807d}}, @hvc={0x32, 0x40, {0xc4000012, [0x6, 0x613, 0xffffffff, 0x1, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013e6c5}}], 0xb0}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r12, 0x0, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async, rerun: 64)
ioctl$KVM_RUN(r14, 0xae80, 0x0) (async, rerun: 64)
r16 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0xc, {0x4, 0x1, 0x39d}}], 0x28}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r9, 0xffffffffffbffffc, 0x120) (async, rerun: 64)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r17=>0xffffffffffffffff}) (rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r17, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r16, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r17, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0})

8m19.268182249s ago: executing program 2 (id=75):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000340)=[@msr={0x14, 0x20, {0x603000000013e712, 0x4}}, @memwrite={0x6e, 0x30, @generic={0x7000, 0x802, 0x101, 0x8}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x0, 0x3c9}}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x8400000d, [0x6, 0x6, 0x3, 0x4, 0x8000]}}, @hvc={0x32, 0x40, {0x45000030, [0x5, 0x4800000, 0x7, 0x0, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013dea0}}, @code={0xa, 0x9c, {"a01b97d20000b0f2810180d2220080d2c30180d2640180d2020000d460e49cd20040b0f2a10080d2c20080d2a30180d2640080d2020000d4007008d5c09191d200e0b0f2410180d2420180d2030180d2440080d2020000d4008008d5000008d5007008d5e05381d20040b8f2010080d2c20080d2030180d2640080d2020000d40048601e00e4a07e"}}, @mrs={0xbe, 0x18, {0x603000000013e661}}, @code={0xa, 0x84, {"000008d5404d9ad200c0b0f2210180d2c20080d2c30080d2040180d2020000d4000028d500a4004f008008d5000008d5604a8bd200e0b0f2810080d2a20080d2c30080d2640080d2020000d400b8315e008008d520dd98d200a0b0f2810080d2c20080d2030180d2e40180d2020000d4"}}, @code={0xa, 0x84, {"008008d5a07384d20000b0f2810180d2020180d2c30080d2640080d2020000d4e0e69cd200e0b8f2a10080d2a20080d2030080d2440180d2020000d4007008d5000040380034205e40018bd200e0b0f2810180d2620180d2e30180d2840080d2020000d40040000d0000c09b000c80b8"}}, @eret={0xe6, 0x18, 0x6}, @hvc={0x32, 0x40, {0x2000, [0x80, 0x5, 0x200, 0x74b, 0xf]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x2, 0xa}}, @msr={0x14, 0x20, {0x603000000013e6c0, 0x6}}, @smc={0x1e, 0x40, {0x3f000000, [0x6, 0x8, 0x2, 0x401]}}, @smc={0x1e, 0x40, {0xf700ffcb, [0x21c7dc390000, 0x9, 0x1, 0x0, 0x6]}}, @code={0xa, 0x54, {"00009f0c008008d5007008d500e4002f008008d5000008d5007008d5a06e90d20000b8f2810180d2620180d2a30080d2640080d2020000d4000028d5007008d5"}}, @smc={0x1e, 0x40, {0x31000000, [0x2, 0x2, 0xfffffffffffffff8, 0xffffffff, 0x1]}}, @mrs={0xbe, 0x18, {0x6030000000138005}}, @svc={0x122, 0x40, {0x84000011, [0x5, 0x6, 0x7, 0xc501, 0x10]}}], 0x500}, &(0x7f0000000080)=[@featur2], 0x1) (async)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000340)=[@msr={0x14, 0x20, {0x603000000013e712, 0x4}}, @memwrite={0x6e, 0x30, @generic={0x7000, 0x802, 0x101, 0x8}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x0, 0x3c9}}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x8400000d, [0x6, 0x6, 0x3, 0x4, 0x8000]}}, @hvc={0x32, 0x40, {0x45000030, [0x5, 0x4800000, 0x7, 0x0, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013dea0}}, @code={0xa, 0x9c, {"a01b97d20000b0f2810180d2220080d2c30180d2640180d2020000d460e49cd20040b0f2a10080d2c20080d2a30180d2640080d2020000d4007008d5c09191d200e0b0f2410180d2420180d2030180d2440080d2020000d4008008d5000008d5007008d5e05381d20040b8f2010080d2c20080d2030180d2640080d2020000d40048601e00e4a07e"}}, @mrs={0xbe, 0x18, {0x603000000013e661}}, @code={0xa, 0x84, {"000008d5404d9ad200c0b0f2210180d2c20080d2c30080d2040180d2020000d4000028d500a4004f008008d5000008d5604a8bd200e0b0f2810080d2a20080d2c30080d2640080d2020000d400b8315e008008d520dd98d200a0b0f2810080d2c20080d2030180d2e40180d2020000d4"}}, @code={0xa, 0x84, {"008008d5a07384d20000b0f2810180d2020180d2c30080d2640080d2020000d4e0e69cd200e0b8f2a10080d2a20080d2030080d2440180d2020000d4007008d5000040380034205e40018bd200e0b0f2810180d2620180d2e30180d2840080d2020000d40040000d0000c09b000c80b8"}}, @eret={0xe6, 0x18, 0x6}, @hvc={0x32, 0x40, {0x2000, [0x80, 0x5, 0x200, 0x74b, 0xf]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x2, 0xa}}, @msr={0x14, 0x20, {0x603000000013e6c0, 0x6}}, @smc={0x1e, 0x40, {0x3f000000, [0x6, 0x8, 0x2, 0x401]}}, @smc={0x1e, 0x40, {0xf700ffcb, [0x21c7dc390000, 0x9, 0x1, 0x0, 0x6]}}, @code={0xa, 0x54, {"00009f0c008008d5007008d500e4002f008008d5000008d5007008d5a06e90d20000b8f2810180d2620180d2a30080d2640080d2020000d4000028d5007008d5"}}, @smc={0x1e, 0x40, {0x31000000, [0x2, 0x2, 0xfffffffffffffff8, 0xffffffff, 0x1]}}, @mrs={0xbe, 0x18, {0x6030000000138005}}, @svc={0x122, 0x40, {0x84000011, [0x5, 0x6, 0x7, 0xc501, 0x10]}}], 0x500}, &(0x7f0000000080)=[@featur2], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x10, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1600, 0x6, &(0x7f00000001c0)})
openat$kvm(0x0, &(0x7f0000000280), 0x103080, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000280), 0x103080, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0xfffffefffffffffe) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0xfffffefffffffffe)
r6 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000240)=0x7})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x34) (async)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x34)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f00000002c0))
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000ce7000/0x2000)=nil, 0x930, 0x280000d, 0x10, r3, 0x0) (async)
r14 = mmap$KVM_VCPU(&(0x7f0000ce7000/0x2000)=nil, 0x930, 0x280000d, 0x10, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000db5000/0x2000)=nil, 0x0, 0x7, 0x80010, r13, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000db5000/0x2000)=nil, 0x0, 0x7, 0x80010, r13, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2b)
r15 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1f40ba4abaa7c2c7, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0})
ioctl$KVM_CREATE_VM(r15, 0x401c5820, 0x20000006) (async)
ioctl$KVM_CREATE_VM(r15, 0x401c5820, 0x20000006)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)

7m31.960859122s ago: executing program 35 (id=75):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000340)=[@msr={0x14, 0x20, {0x603000000013e712, 0x4}}, @memwrite={0x6e, 0x30, @generic={0x7000, 0x802, 0x101, 0x8}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x0, 0x3c9}}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x8400000d, [0x6, 0x6, 0x3, 0x4, 0x8000]}}, @hvc={0x32, 0x40, {0x45000030, [0x5, 0x4800000, 0x7, 0x0, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013dea0}}, @code={0xa, 0x9c, {"a01b97d20000b0f2810180d2220080d2c30180d2640180d2020000d460e49cd20040b0f2a10080d2c20080d2a30180d2640080d2020000d4007008d5c09191d200e0b0f2410180d2420180d2030180d2440080d2020000d4008008d5000008d5007008d5e05381d20040b8f2010080d2c20080d2030180d2640080d2020000d40048601e00e4a07e"}}, @mrs={0xbe, 0x18, {0x603000000013e661}}, @code={0xa, 0x84, {"000008d5404d9ad200c0b0f2210180d2c20080d2c30080d2040180d2020000d4000028d500a4004f008008d5000008d5604a8bd200e0b0f2810080d2a20080d2c30080d2640080d2020000d400b8315e008008d520dd98d200a0b0f2810080d2c20080d2030180d2e40180d2020000d4"}}, @code={0xa, 0x84, {"008008d5a07384d20000b0f2810180d2020180d2c30080d2640080d2020000d4e0e69cd200e0b8f2a10080d2a20080d2030080d2440180d2020000d4007008d5000040380034205e40018bd200e0b0f2810180d2620180d2e30180d2840080d2020000d40040000d0000c09b000c80b8"}}, @eret={0xe6, 0x18, 0x6}, @hvc={0x32, 0x40, {0x2000, [0x80, 0x5, 0x200, 0x74b, 0xf]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x2, 0xa}}, @msr={0x14, 0x20, {0x603000000013e6c0, 0x6}}, @smc={0x1e, 0x40, {0x3f000000, [0x6, 0x8, 0x2, 0x401]}}, @smc={0x1e, 0x40, {0xf700ffcb, [0x21c7dc390000, 0x9, 0x1, 0x0, 0x6]}}, @code={0xa, 0x54, {"00009f0c008008d5007008d500e4002f008008d5000008d5007008d5a06e90d20000b8f2810180d2620180d2a30080d2640080d2020000d4000028d5007008d5"}}, @smc={0x1e, 0x40, {0x31000000, [0x2, 0x2, 0xfffffffffffffff8, 0xffffffff, 0x1]}}, @mrs={0xbe, 0x18, {0x6030000000138005}}, @svc={0x122, 0x40, {0x84000011, [0x5, 0x6, 0x7, 0xc501, 0x10]}}], 0x500}, &(0x7f0000000080)=[@featur2], 0x1) (async)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000340)=[@msr={0x14, 0x20, {0x603000000013e712, 0x4}}, @memwrite={0x6e, 0x30, @generic={0x7000, 0x802, 0x101, 0x8}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x0, 0x3c9}}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x8400000d, [0x6, 0x6, 0x3, 0x4, 0x8000]}}, @hvc={0x32, 0x40, {0x45000030, [0x5, 0x4800000, 0x7, 0x0, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013dea0}}, @code={0xa, 0x9c, {"a01b97d20000b0f2810180d2220080d2c30180d2640180d2020000d460e49cd20040b0f2a10080d2c20080d2a30180d2640080d2020000d4007008d5c09191d200e0b0f2410180d2420180d2030180d2440080d2020000d4008008d5000008d5007008d5e05381d20040b8f2010080d2c20080d2030180d2640080d2020000d40048601e00e4a07e"}}, @mrs={0xbe, 0x18, {0x603000000013e661}}, @code={0xa, 0x84, {"000008d5404d9ad200c0b0f2210180d2c20080d2c30080d2040180d2020000d4000028d500a4004f008008d5000008d5604a8bd200e0b0f2810080d2a20080d2c30080d2640080d2020000d400b8315e008008d520dd98d200a0b0f2810080d2c20080d2030180d2e40180d2020000d4"}}, @code={0xa, 0x84, {"008008d5a07384d20000b0f2810180d2020180d2c30080d2640080d2020000d4e0e69cd200e0b8f2a10080d2a20080d2030080d2440180d2020000d4007008d5000040380034205e40018bd200e0b0f2810180d2620180d2e30180d2840080d2020000d40040000d0000c09b000c80b8"}}, @eret={0xe6, 0x18, 0x6}, @hvc={0x32, 0x40, {0x2000, [0x80, 0x5, 0x200, 0x74b, 0xf]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x2, 0xa}}, @msr={0x14, 0x20, {0x603000000013e6c0, 0x6}}, @smc={0x1e, 0x40, {0x3f000000, [0x6, 0x8, 0x2, 0x401]}}, @smc={0x1e, 0x40, {0xf700ffcb, [0x21c7dc390000, 0x9, 0x1, 0x0, 0x6]}}, @code={0xa, 0x54, {"00009f0c008008d5007008d500e4002f008008d5000008d5007008d5a06e90d20000b8f2810180d2620180d2a30080d2640080d2020000d4000028d5007008d5"}}, @smc={0x1e, 0x40, {0x31000000, [0x2, 0x2, 0xfffffffffffffff8, 0xffffffff, 0x1]}}, @mrs={0xbe, 0x18, {0x6030000000138005}}, @svc={0x122, 0x40, {0x84000011, [0x5, 0x6, 0x7, 0xc501, 0x10]}}], 0x500}, &(0x7f0000000080)=[@featur2], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x10, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1600, 0x6, &(0x7f00000001c0)})
openat$kvm(0x0, &(0x7f0000000280), 0x103080, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000280), 0x103080, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0xfffffefffffffffe) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0xfffffefffffffffe)
r6 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000240)=0x7})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x34) (async)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x34)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f00000002c0))
syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000ce7000/0x2000)=nil, 0x930, 0x280000d, 0x10, r3, 0x0) (async)
r14 = mmap$KVM_VCPU(&(0x7f0000ce7000/0x2000)=nil, 0x930, 0x280000d, 0x10, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000db5000/0x2000)=nil, 0x0, 0x7, 0x80010, r13, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000db5000/0x2000)=nil, 0x0, 0x7, 0x80010, r13, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2b)
r15 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1f40ba4abaa7c2c7, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0})
ioctl$KVM_CREATE_VM(r15, 0x401c5820, 0x20000006) (async)
ioctl$KVM_CREATE_VM(r15, 0x401c5820, 0x20000006)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)

6m7.790894421s ago: executing program 4 (id=55):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010001a, &(0x7f0000000000)=0x3ff})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000240)=@arm64_fp={0x60400000001000a3, 0x0})

5m18.448917396s ago: executing program 36 (id=55):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010001a, &(0x7f0000000000)=0x3ff})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000240)=@arm64_fp={0x60400000001000a3, 0x0})

48.44260768s ago: executing program 5 (id=76):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff, 0x1}})
openat$kvm(0x0, &(0x7f0000000040), 0x4a0c2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa8140, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x20)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x27)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r9, 0x4010ae68, 0xfffffffffffffffe)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6100, 0x4, 0xa}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

0s ago: executing program 37 (id=76):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff, 0x1}})
openat$kvm(0x0, &(0x7f0000000040), 0x4a0c2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa8140, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x20)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x27)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r9, 0x4010ae68, 0xfffffffffffffffe)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6100, 0x4, 0xa}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

[  396.570975][ T3169] 8021q: adding VLAN 0 to HW filter on device bond0
[  441.555121][ T3169] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:23469' (ED25519) to the list of known hosts.
[  609.121440][   T24] audit: type=1400 audit(608.300:60): avc:  denied  { name_bind } for  pid=3325 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  609.999166][   T24] audit: type=1400 audit(609.170:61): avc:  denied  { execute } for  pid=3326 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  610.015106][   T24] audit: type=1400 audit(609.180:62): avc:  denied  { execute_no_trans } for  pid=3326 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  633.143683][   T24] audit: type=1400 audit(632.330:63): avc:  denied  { mounton } for  pid=3326 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  633.185489][   T24] audit: type=1400 audit(632.370:64): avc:  denied  { mount } for  pid=3326 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  633.281765][ T3326] cgroup: Unknown subsys name 'net'
[  633.341894][   T24] audit: type=1400 audit(632.520:65): avc:  denied  { unmount } for  pid=3326 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  633.856415][ T3326] cgroup: Unknown subsys name 'cpuset'
[  634.100731][ T3326] cgroup: Unknown subsys name 'rlimit'
[  635.799997][   T24] audit: type=1400 audit(634.980:66): avc:  denied  { setattr } for  pid=3326 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  635.829606][   T24] audit: type=1400 audit(635.010:67): avc:  denied  { mounton } for  pid=3326 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  635.869447][   T24] audit: type=1400 audit(635.050:68): avc:  denied  { mount } for  pid=3326 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  638.122695][ T3329] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  638.168726][   T24] audit: type=1400 audit(637.340:69): avc:  denied  { relabelto } for  pid=3329 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  638.203139][   T24] audit: type=1400 audit(637.390:70): avc:  denied  { write } for  pid=3329 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  638.505938][   T24] audit: type=1400 audit(637.690:71): avc:  denied  { read } for  pid=3326 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  638.542908][   T24] audit: type=1400 audit(637.730:72): avc:  denied  { open } for  pid=3326 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  638.595891][ T3326] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  693.302221][   T24] audit: type=1400 audit(692.490:73): avc:  denied  { execmem } for  pid=3330 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  699.449450][   T24] audit: type=1400 audit(698.630:74): avc:  denied  { read } for  pid=3332 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  699.511991][   T24] audit: type=1400 audit(698.700:75): avc:  denied  { open } for  pid=3333 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  699.589789][   T24] audit: type=1400 audit(698.770:76): avc:  denied  { mounton } for  pid=3332 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  700.061095][   T24] audit: type=1400 audit(699.230:77): avc:  denied  { module_request } for  pid=3332 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  700.084267][   T24] audit: type=1400 audit(699.270:78): avc:  denied  { module_request } for  pid=3333 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  701.543396][   T24] audit: type=1400 audit(700.710:79): avc:  denied  { sys_module } for  pid=3333 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  725.149602][ T3333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  725.483472][ T3333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  725.840337][ T3332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  726.183735][ T3332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  738.145096][ T3333] hsr_slave_0: entered promiscuous mode
[  738.174244][ T3333] hsr_slave_1: entered promiscuous mode
[  739.382695][ T3332] hsr_slave_0: entered promiscuous mode
[  739.414768][ T3332] hsr_slave_1: entered promiscuous mode
[  739.459977][ T3332] debugfs: 'hsr0' already exists in 'hsr'
[  739.464301][ T3332] Cannot create hsr debugfs directory
[  745.366393][   T24] audit: type=1400 audit(744.550:80): avc:  denied  { create } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  745.420144][   T24] audit: type=1400 audit(744.600:81): avc:  denied  { write } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  745.493477][   T24] audit: type=1400 audit(744.630:82): avc:  denied  { read } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  745.632439][ T3333] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  745.993863][ T3333] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  746.323610][ T3333] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  746.683099][ T3333] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  748.295891][ T3332] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  748.462847][ T3332] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  748.640758][ T3332] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  748.834424][ T3332] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  763.752125][ T3333] 8021q: adding VLAN 0 to HW filter on device bond0
[  766.515871][ T3332] 8021q: adding VLAN 0 to HW filter on device bond0
[  817.630545][ T3333] veth0_vlan: entered promiscuous mode
[  818.124019][ T3333] veth1_vlan: entered promiscuous mode
[  821.085241][ T3332] veth0_vlan: entered promiscuous mode
[  821.501479][ T3333] veth0_macvtap: entered promiscuous mode
[  821.960341][ T3333] veth1_macvtap: entered promiscuous mode
[  822.213329][ T3332] veth1_vlan: entered promiscuous mode
[  825.592917][ T3422] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  825.762278][ T3422] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  825.916663][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  825.924113][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  826.639830][ T3332] veth0_macvtap: entered promiscuous mode
[  827.680211][ T3332] veth1_macvtap: entered promiscuous mode
[  829.339524][   T24] audit: type=1400 audit(828.520:83): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  829.728765][   T24] audit: type=1400 audit(828.910:84): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzkaller.JBuydN/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  830.072101][   T24] audit: type=1400 audit(829.250:85): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  830.514656][   T24] audit: type=1400 audit(829.700:86): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzkaller.JBuydN/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  830.779726][   T24] audit: type=1400 audit(829.900:87): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzkaller.JBuydN/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  831.226062][ T3336] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  831.232038][ T3336] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  831.244228][ T3336] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  831.282562][ T3341] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  831.808894][   T24] audit: type=1400 audit(830.920:88): avc:  denied  { unmount } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  832.249802][   T24] audit: type=1400 audit(831.420:89): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  832.483855][   T24] audit: type=1400 audit(831.670:90): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="gadgetfs" ino=3740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  832.902574][   T24] audit: type=1400 audit(832.090:91): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  833.049152][   T24] audit: type=1400 audit(832.200:92): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  835.161900][ T3333] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  836.761207][   T24] kauditd_printk_skb: 1 callbacks suppressed
[  836.773740][   T24] audit: type=1400 audit(835.930:94): avc:  denied  { read write } for  pid=3333 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  836.774907][   T24] audit: type=1400 audit(835.950:95): avc:  denied  { open } for  pid=3333 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  836.925338][   T24] audit: type=1400 audit(836.020:96): avc:  denied  { ioctl } for  pid=3333 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  846.458960][   T24] audit: type=1400 audit(845.570:97): avc:  denied  { read } for  pid=3485 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  846.465376][   T24] audit: type=1400 audit(845.640:98): avc:  denied  { open } for  pid=3485 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  846.880732][   T24] audit: type=1400 audit(846.060:99): avc:  denied  { ioctl } for  pid=3485 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  848.715840][   T24] audit: type=1400 audit(847.900:100): avc:  denied  { write } for  pid=3487 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  851.793981][   T24] audit: type=1400 audit(850.900:101): avc:  denied  { execute } for  pid=3485 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3947 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  950.765583][   T50] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.354576][   T50] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  953.921784][   T50] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  955.488837][   T50] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  973.083022][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  973.174106][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  973.223279][   T50] bond0 (unregistering): Released all slaves
[  974.866004][   T50] hsr_slave_0: left promiscuous mode
[  974.920805][   T50] hsr_slave_1: left promiscuous mode
[  975.229086][   T50] veth1_macvtap: left promiscuous mode
[  975.232592][   T50] veth0_macvtap: left promiscuous mode
[  975.249932][   T50] veth1_vlan: left promiscuous mode
[  975.271960][   T50] veth0_vlan: left promiscuous mode
[  993.402123][   T50] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  994.472632][   T50] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.746797][   T50] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  996.859565][   T50] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.521016][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1016.681889][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1016.765067][   T50] bond0 (unregistering): Released all slaves
[ 1017.896815][   T50] hsr_slave_0: left promiscuous mode
[ 1017.998295][   T50] hsr_slave_1: left promiscuous mode
[ 1018.383570][   T50] veth1_macvtap: left promiscuous mode
[ 1018.403760][   T50] veth0_macvtap: left promiscuous mode
[ 1018.413080][   T50] veth1_vlan: left promiscuous mode
[ 1018.429089][   T50] veth0_vlan: left promiscuous mode
[ 1040.942767][ T3523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1041.217152][ T3523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1056.041888][ T3531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1056.303900][ T3531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1061.403097][ T3523] hsr_slave_0: entered promiscuous mode
[ 1061.494604][ T3523] hsr_slave_1: entered promiscuous mode
[ 1078.077055][ T3523] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1078.483313][ T3523] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1078.735083][ T3523] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1079.035909][ T3523] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1082.094121][ T3531] hsr_slave_0: entered promiscuous mode
[ 1082.162606][ T3531] hsr_slave_1: entered promiscuous mode
[ 1082.219862][ T3531] debugfs: 'hsr0' already exists in 'hsr'
[ 1082.228298][ T3531] Cannot create hsr debugfs directory
[ 1095.634316][ T3531] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1095.947009][ T3531] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1096.259536][ T3531] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1096.610005][ T3531] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1101.973645][ T3523] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1120.585890][ T3531] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1198.304823][ T3523] veth0_vlan: entered promiscuous mode
[ 1199.781389][ T3523] veth1_vlan: entered promiscuous mode
[ 1204.020527][ T3523] veth0_macvtap: entered promiscuous mode
[ 1204.640344][ T3523] veth1_macvtap: entered promiscuous mode
[ 1208.196724][   T42] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.239011][   T42] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.249302][   T42] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.250179][   T42] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1221.740092][   T24] audit: type=1400 audit(1220.900:102): avc:  denied  { append } for  pid=3742 comm="syz.2.10" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1227.451611][ T3531] veth0_vlan: entered promiscuous mode
[ 1228.976385][ T3531] veth1_vlan: entered promiscuous mode
[ 1231.964541][ T3531] veth0_macvtap: entered promiscuous mode
[ 1232.790863][ T3531] veth1_macvtap: entered promiscuous mode
[ 1236.444374][ T3687] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1236.452290][ T3687] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1236.511032][ T3687] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1236.731927][   T42] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1496.717073][   T24] audit: type=1400 audit(1495.900:103): avc:  denied  { setattr } for  pid=3914 comm="syz.2.43" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1577.845407][ T3967] kvm [3967]: Failed to find VMA for hva 0x20c00000
[ 1633.510067][ T3341] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1635.278633][ T3341] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1636.819983][ T3341] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1638.013858][ T3341] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1657.865423][ T3341] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1658.290876][ T3341] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1658.552287][ T3341] bond0 (unregistering): Released all slaves
[ 1660.631923][ T3341] hsr_slave_0: left promiscuous mode
[ 1660.800617][ T3341] hsr_slave_1: left promiscuous mode
[ 1661.370978][ T3341] veth1_macvtap: left promiscuous mode
[ 1661.378118][ T3341] veth0_macvtap: left promiscuous mode
[ 1661.400734][ T3341] veth1_vlan: left promiscuous mode
[ 1661.429811][ T3341] veth0_vlan: left promiscuous mode
[ 1764.440606][ T3983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1764.959296][ T3983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1804.426389][ T3983] hsr_slave_0: entered promiscuous mode
[ 1804.602049][ T3983] hsr_slave_1: entered promiscuous mode
[ 1804.746046][ T3983] debugfs: 'hsr0' already exists in 'hsr'
[ 1804.758932][ T3983] Cannot create hsr debugfs directory
[ 1829.174991][ T3983] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1829.914996][ T3983] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1830.643483][ T3983] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1831.302363][ T3983] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1867.415003][ T3983] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2016.070841][ T3983] veth0_vlan: entered promiscuous mode
[ 2017.020681][ T3983] veth1_vlan: entered promiscuous mode
[ 2022.525937][ T3983] veth0_macvtap: entered promiscuous mode
[ 2023.529942][ T3983] veth1_macvtap: entered promiscuous mode
[ 2027.636759][   T42] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2027.674032][   T42] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2027.694438][ T3650] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2027.737082][ T3650] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2070.571334][ T4202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2070.937014][ T4202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2107.790929][ T4202] hsr_slave_0: entered promiscuous mode
[ 2107.893411][ T4202] hsr_slave_1: entered promiscuous mode
[ 2108.030296][ T4202] debugfs: 'hsr0' already exists in 'hsr'
[ 2108.040356][ T4202] Cannot create hsr debugfs directory
[ 2128.130142][ T4202] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2128.535862][ T4202] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2129.041120][ T4202] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2129.589391][ T4202] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2172.022667][ T4202] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2190.694790][ T4266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2191.035868][ T4266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2236.086833][ T4266] hsr_slave_0: entered promiscuous mode
[ 2236.319424][ T4266] hsr_slave_1: entered promiscuous mode
[ 2236.460976][ T4266] debugfs: 'hsr0' already exists in 'hsr'
[ 2236.492984][ T4266] Cannot create hsr debugfs directory
[ 2258.914323][ T4266] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2259.554064][ T4266] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2260.098986][ T4266] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2260.564766][ T4266] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2301.077093][ T4266] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2329.633076][ T4202] veth0_vlan: entered promiscuous mode
[ 2332.724035][ T4202] veth1_vlan: entered promiscuous mode
[ 2341.166496][ T4202] veth0_macvtap: entered promiscuous mode
[ 2342.010039][ T4202] veth1_macvtap: entered promiscuous mode
[ 2346.354940][ T4356] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2346.360497][ T4356] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2346.375769][ T4356] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2346.443462][ T4356] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2481.179685][ T4266] veth0_vlan: entered promiscuous mode
[ 2482.672681][ T4266] veth1_vlan: entered promiscuous mode
[ 2488.525378][ T4266] veth0_macvtap: entered promiscuous mode
[ 2489.399945][ T4266] veth1_macvtap: entered promiscuous mode
[ 2493.200924][ T3668] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2493.231164][ T3668] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2493.273046][ T3668] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2493.459234][ T3668] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2496.032416][   T26] INFO: task syz.4.55:4242 blocked for more than 430 seconds.
[ 2496.033705][   T26]       Not tainted syzkaller #0
[ 2496.050170][   T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 2496.050823][   T26] task:syz.4.55        state:D stack:0     pid:4242  tgid:4242  ppid:3983   task_flags:0x400040 flags:0x00000011
[ 2496.052297][   T26] Call trace:
[ 2496.052794][   T26]  __switch_to+0x584/0xb00 (T)
[ 2496.055066][   T26]  __schedule+0x1da4/0x3678
[ 2496.055670][   T26]  schedule+0xac/0x27c
[ 2496.056192][   T26]  schedule_timeout+0x68/0x1ec
[ 2496.056642][   T26]  do_wait_for_common+0x28c/0x440
[ 2496.057169][   T26]  wait_for_completion+0x44/0x5c
[ 2496.251579][   T26]  __synchronize_srcu+0x2a4/0x320
[ 2496.277245][   T26]  synchronize_srcu+0x3d0/0x4f8
[ 2496.299122][   T26]  mmu_notifier_unregister+0x320/0x428
[ 2496.299774][   T26]  kvm_put_kvm+0x698/0xbe0
[ 2496.300227][   T26]  kvm_vm_release+0x58/0x78
[ 2496.300716][   T26]  __fput+0x4ac/0x978
[ 2496.301201][   T26]  ____fput+0x20/0x58
[ 2496.301732][   T26]  task_work_run+0x1b8/0x250
[ 2496.302208][   T26]  exit_to_user_mode_loop+0x110/0x188
[ 2496.302713][   T26]  el0_svc+0x17c/0x238
[ 2496.303155][   T26]  el0t_64_sync_handler+0x84/0x12c
[ 2496.303588][   T26]  el0t_64_sync+0x198/0x19c
SYZFAIL: failed to recv rpc
[ 2496.394026][   T26] 
[ 2496.394026][   T26] Showing all locks held in the system:
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 2496.469490][   T26] 1 lock held by khungtaskd/26:
[ 2496.500544][   T26]  #0: ffff800087c86f38 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44
[ 2496.503341][   T26] 3 locks held by kworker/u4:3/42:
[ 2496.503860][   T26] 1 lock held by klogd/3132:
[ 2496.504215][   T26] 2 locks held by getty/3200:
[ 2496.504552][   T26]  #0: d5f00000127c68a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 2496.506259][   T26]  #1: f1ff80008ca1b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234
[ 2496.615139][   T26] 4 locks held by sshd-session/3325:
[ 2496.615485][   T26] 2 locks held by syz-executor/3326:
[ 2496.615818][   T26] 3 locks held by kworker/u4:4/3341:
[ 2496.616126][   T26] 2 locks held by kworker/u4:7/3422:
[ 2496.616414][   T26]  #0: a1f000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7cc/0x1d6c
[ 2496.715061][   T26]  #1: ffff80008fea7ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x858/0x1d6c
[ 2496.716940][   T26] 3 locks held by kworker/u4:10/3687:
[ 2496.761112][   T26] 3 locks held by kworker/u4:1/4005:
[ 2496.781756][   T26] 2 locks held by syz.2.75/4169:
[ 2496.806841][   T26] 3 locks held by kworker/u4:11/4217:
[ 2496.824329][   T26] 3 locks held by syz-executor/4266:
[ 2496.825125][   T26] 2 locks held by kworker/u4:13/4356:
[ 2496.825505][   T26] 1 lock held by modprobe/4421:
[ 2496.826017][   T26] 
[ 2496.826282][   T26] =============================================
[ 2496.826282][   T26] 
[ 2496.827253][   T26] Kernel panic - not syncing: hung_task: blocked tasks
[ 2496.833581][   T26] CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 2496.834913][   T26] Hardware name: linux,dummy-virt (DT)
[ 2496.835740][   T26] Call trace:
[ 2496.836479][   T26]  show_stack+0x2c/0x3c (C)
[ 2496.837450][   T26]  __dump_stack+0x30/0x40
[ 2496.838397][   T26]  dump_stack_lvl+0x30/0x12c
[ 2496.839308][   T26]  dump_stack+0x1c/0x28
[ 2496.840180][   T26]  vpanic+0x4d0/0x848
[ 2496.840965][   T26]  vpanic+0x0/0x848
[ 2496.841721][   T26]  hung_task_panic+0x0/0x2c
[ 2496.842578][   T26]  kthread+0x4d4/0x51c
[ 2496.843358][   T26]  ret_from_fork+0x10/0x20
[ 2496.845218][   T26] Kernel Offset: disabled
[ 2496.845919][   T26] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f
[ 2496.846917][   T26] Memory Limit: none
[ 2496.849162][   T26] Rebooting in 86400 seconds..