last executing test programs:

1h48m6.037686685s ago: executing program 0 (id=49):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x5000, 0x12000, 0x81})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x9b, 0xf, 0x0, 0x5, 0x8, 0x82, 0x42, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x100001, 0x129, 0x0, 0x3, 0xa, 0x8, '\x00', 0x1, 0x80000000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
write$eventfd(r5, &(0x7f00000001c0)=0x4000000001, 0x56)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xd)
r7 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000000080)={0x100000000, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION2(r6, 0x40a0ae49, &(0x7f0000000080)={0x1fd, 0x4, 0xeeee8000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x10000, r7})
r8 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r9 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000bfe000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000100)={0x0, &(0x7f0000000340)=[@smc={0x1e, 0x40, {0x86000000, [0x0, 0xfdab, 0x8, 0x6, 0x2]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
r14 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r15, 0xae04)
mmap$KVM_VCPU(&(0x7f0000cc0000/0x2000)=nil, r16, 0x1800000, 0x13, r14, 0x0)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r16, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)

1h48m5.071696845s ago: executing program 1 (id=50):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x2, 0x100)
close(r3)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r4)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x30)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

1h47m45.978859292s ago: executing program 0 (id=51):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x800000002000001c)
r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x3b)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r5 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, 0x0)
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x29)
syz_kvm_vgic_v3_setup(r7, 0x2, 0x40)
ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000000000)={0x9, 0x5})
r8 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000abf000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c})
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x4ac482, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000000)=@x86={0x0, 0x5f, 0x2, 0x0, 0xd, 0xa9, 0x2, 0xfc, 0x2, 0x9, 0x3, 0x9, 0x0, 0x1, 0x5bce, 0x8, 0x5, 0x4, 0x27, '\x00', 0x4, 0xffffffffffffffff})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80040, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8})

1h47m45.978321532s ago: executing program 1 (id=52):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000001c0)={0x8})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x26000, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x1fd, 0x1, 0xc000, 0x2000, &(0x7f000046e000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x12)
openat$kvm(0x0, 0x0, 0x180, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000073000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@mrs={0xbe, 0x18, {0x603000000013803c}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ff8000/0x8000)=nil, r7, 0x1000000, 0xe637a22295c143f8, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, r8, 0xf, 0x1010, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x3a)

1h47m38.062078229s ago: executing program 0 (id=53):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000ac8000/0x400000)=nil)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000100)={0x54000, 0x10000, 0x7f, 0x0, 0x9})
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@smc={0x1e, 0x40, {0xc4000053, [0x81, 0xfffffffffffffffe, 0x0, 0x1ff, 0xc1]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x8})
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a67000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000080)=@arm64_sys={0x603000000013c807})

1h47m35.368234344s ago: executing program 1 (id=54):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f00000001c0)=@arm64)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2e)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010001e, &(0x7f0000000000)=0x3})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
r11 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x2, 0x100)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1})
r12 = eventfd2(0x1, 0x801)
r13 = eventfd2(0xff, 0x80000)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f00000001c0)={r12, 0x3, 0x2, r13})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r14, 0xae03, 0x77)
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x31dc00, 0x0)
r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
ioctl$KVM_DIRTY_TLB(r3, 0x4010aeaa, &(0x7f0000000200)={0x120000000000000, 0x9})
ioctl$KVM_IRQFD(r16, 0x4020ae76, 0xffffffffffffffff)

1h47m27.840799346s ago: executing program 0 (id=55):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x408102, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

1h47m21.161339274s ago: executing program 0 (id=56):
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0xa, <r0=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000080)=@attr_riscv64=@attr_ctrl={0x0, 0x1, 0x1, &(0x7f0000000040)=0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8500, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xff)
close(r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x3f)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r7 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r5, 0xa, 0x13, r6, 0x0)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x16)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r8, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f00000001c0)={0x40})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x80240, 0x0)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r8, 0x4068aea3, &(0x7f0000000280))
r9 = eventfd2(0xa, 0x81801)
write$eventfd(r9, &(0x7f0000000300)=0xfffffffffffffff8, 0x8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000340)="7476fbe9affdf6ff54bc8b7cd0abcd94d12f013fc541e537562482519db75ba49003a5e3c533c8aefb10434ee64c6b2f7ad4cd741d1cd1d8ee3a37cfb1831bd8388d11b8e9e84e7f", 0x0, 0x48)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000003c0)={0x8, 0x60004, 0x1, r9, 0x4})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r10 = eventfd2(0xa, 0x80001)
write$eventfd(r10, &(0x7f0000000400)=0x2, 0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x80400, 0x0)
ioctl$KVM_SIGNAL_MSI(r8, 0x4020aea5, &(0x7f0000000480)={0x10000, 0x0, 0x6, 0x0, 0x8})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000500)=@arm64_extra={0x603000000013c03f, &(0x7f00000004c0)=0x8})
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000540)={0x2000, 0x4000, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000580)="67d7fee1d9f869f1cf5eb53030c83a6d9ea2b2cfafe7039876400ae75252ff77f8db489b4b4d458a2c099c0ec03702ca04b3735a07c7cfd23e408e085cc2e3490f92dabfa952cda5", 0x0, 0x48)

1h47m17.76855466s ago: executing program 1 (id=57):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x4, 0x9, 0x10000, 0x0, 0xa, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x4, 0x9, 0x10000, 0x0, 0xa, 0x2}}], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)

1h47m13.736208794s ago: executing program 0 (id=58):
mmap$KVM_VCPU(&(0x7f0000d39000/0x3000)=nil, 0x930, 0x4, 0x9032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000000)={0x800, 0xe695})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x180)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xc0001, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2000000002, 0x4, 0xa}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x33)
r10 = mmap$KVM_VCPU(&(0x7f0000dd4000/0x3000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r11, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0)
r12 = eventfd2(0x0, 0x0)
close(r12)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r12, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

1h47m8.282178751s ago: executing program 1 (id=59):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000140)={0x5, 0x11, [{0x3, 0x2, 0x0, 0x0, @adapter={0x8, 0x80000001, 0x8, 0xd, 0x7ff}}, {0xe, 0x2, 0x1, 0x0, @sint={0x4, 0xb264}}, {0x80, 0x3, 0x1, 0x0, @msi={0x63f, 0x992a, 0x60, 0xfff}}, {0x0, 0x2, 0x1, 0x0, @irqchip={0xd284, 0xf8ca}}, {0x2, 0x2, 0x0, 0x0, @msi={0x2, 0xb3f, 0x83e, 0x6}}]})

1h47m2.905340904s ago: executing program 1 (id=60):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r5, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r7 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r6, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000)
r10 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r11 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r9, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r14 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r13, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b8540003000000000000001ce16f8f1f449a7a8356732f2b54ebb2aa76c869d22627e700000600", 0x0, 0x48)

1h46m27.25834539s ago: executing program 32 (id=58):
mmap$KVM_VCPU(&(0x7f0000d39000/0x3000)=nil, 0x930, 0x4, 0x9032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000000)={0x800, 0xe695})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x180)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xc0001, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2000000002, 0x4, 0xa}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x33)
r10 = mmap$KVM_VCPU(&(0x7f0000dd4000/0x3000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r11, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0)
r12 = eventfd2(0x0, 0x0)
close(r12)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r12, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})

1h46m16.307924517s ago: executing program 33 (id=60):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r5, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r7 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r6, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000)
r10 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r11 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r9, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r14 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r13, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b8540003000000000000001ce16f8f1f449a7a8356732f2b54ebb2aa76c869d22627e700000600", 0x0, 0x48)

27m12.78070258s ago: executing program 2 (id=729):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(0xffffffffffffffff, 0x40a0ae49, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000000)={0x802})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f0000000080)={0x5, 0x8001})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000700)={0xc, <r4=>0xffffffffffffffff})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x2, 0xe0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_kvm_setup_cpu$arm64(r0, r8, &(0x7f0000b88000/0x400000)=nil, &(0x7f0000000c80)=[{0x0, &(0x7f0000000740)=[@uexit={0x0, 0x18, 0x8}, @hvc={0x32, 0x40, {0x5000000, [0x8, 0x7, 0xffff, 0xfffffffffffffffc, 0x8]}}, @code={0xa, 0xb4, {"0000c0680010c0da809089d20080b0f2e10180d2a20180d2c30180d2e40080d2020000d40000199e0020600d80d695d20080b8f2a10180d2e20180d2e30180d2440080d2020000d4e06d9cd20000b0f2a10080d2020080d2230080d2240080d2020000d4404b81d20040b0f2010180d2020180d2630180d2040180d2020000d4609f8ed200a0b8f2410180d2620080d2a30080d2640180d2020000d4007008d5"}}, @msr={0x14, 0x20, {0x603000000013de93, 0xfffffffffffff001}}, @memwrite={0x6e, 0x30, @generic={0xfec00000, 0xf5d, 0x97, 0xe}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x1, 0x7, 0x3, 0x7fffffff, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013df6d}}, @eret={0xe6, 0x18, 0x849}, @code={0xa, 0x3c, {"0000791e000008d5000008d50028000e0078202e00d4202e0080200e000008d5000008d5000028d5"}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x3da}}, @uexit={0x0, 0x18}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8, 0xa6e4, 0x2}}, @smc={0x1e, 0x40, {0x84000050, [0x100000000, 0x9, 0xaf03, 0x9fe, 0x5a]}}, @msr={0x14, 0x20, {0x603000000013e6c4, 0x5f1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x10, 0xf0f}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x3, 0x7, 0x31eb, 0x5, 0x2}}, @svc={0x122, 0x40, {0x84000011, [0x4, 0x4, 0x1, 0x0, 0x2]}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x105}}, @hvc={0x32, 0x40, {0xc400000c, [0x2, 0xffff, 0x1, 0x3, 0x1d4a]}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x61}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x3, 0x8, 0x7, 0x4, 0x2}}, @msr={0x14, 0x20, {0x26d1, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013c2a5}}, @smc={0x1e, 0x40, {0xc4000011, [0x3, 0x8, 0x4, 0x4, 0x4f5]}}, @eret={0xe6, 0x18, 0x1}, @eret={0xe6, 0x18, 0x7}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x7, 0x5}}, @smc={0x1e, 0x40, {0x1000, [0x100000001, 0x6, 0xffffffffffff4490, 0x2, 0x6]}}, @eret={0xe6, 0x18, 0x6}], 0x540}], 0x1, 0x0, &(0x7f0000000cc0)=[@featur2={0x1, 0x5}], 0x1)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x26)
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, 0x0)
r13 = ioctl$KVM_GET_STATS_FD_vm(r10, 0xaece)
ioctl$KVM_SET_USER_MEMORY_REGION2(r12, 0x40a0ae49, &(0x7f0000000140)={0x3, 0x4, 0xd000, 0x1000, &(0x7f0000fa8000/0x1000)=nil, 0x0, r13})
ioctl$KVM_GET_DEVICE_ATTR(r13, 0x4018aee2, &(0x7f0000000200)=@attr_other={0x0, 0x1, 0x41e, 0x0})
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x3, 0x0, 0x0})

27m1.655924779s ago: executing program 3 (id=730):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1e)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454d8, 0x110e22fffb)

26m55.405420315s ago: executing program 2 (id=731):
openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async, rerun: 32)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x501800, 0x0) (rerun: 32)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x4010aeb5, &(0x7f0000000100)={0x7, 0x779e}) (async)
r6 = eventfd2(0x0, 0x0)
write$eventfd(r6, &(0x7f0000000180)=0x5, 0xfffffde3)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000180)={0x400, 0xeeef0000, 0xd, r6, 0x1}) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, 0x0) (async)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r9, 0x4018aee3, 0xffffffffffffffff) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x0, 0x1000001, 0x11, r2, 0x0) (async, rerun: 64)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (rerun: 64)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@msr={0x14, 0x20, {0x603000000013803e, 0x8}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010000c, &(0x7f0000000000)=0x1}) (async)
r13 = eventfd2(0xd, 0x1)
close(r13)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
write$eventfd(r13, 0x0, 0x500) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x4000c0, 0x0) (async, rerun: 64)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) (rerun: 64)
ioctl$KVM_CREATE_VM(r14, 0xae01, 0x40)

26m52.870259132s ago: executing program 3 (id=732):
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0x0, &(0x7f0000000180), 0x400000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0x340)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000240)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000200)=0x16})
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000080)=0x11})
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2a)
mmap$KVM_VCPU(&(0x7f0000e88000/0x1000)=nil, 0x930, 0x300000e, 0x30, 0xffffffffffffffff, 0x0)
eventfd2(0x1000, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@hvc={0x32, 0x40, {0x86000001, [0x100000001, 0x8000000000000000, 0xffffffffffffffff, 0xee24, 0xfffffffffffeffff]}}], 0x40}, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x88000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27)
syz_kvm_vgic_v3_setup(r6, 0x2, 0x40)
r7 = eventfd2(0x10001, 0x80000)
r8 = eventfd2(0x10, 0x800)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f00000000c0)={r8, 0xa})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x30)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r10, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil})
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7, 0x8, 0x2, r7})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0x9)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ff8000/0x8000)=nil, r13, 0x1000000, 0xe637a22295c143f8, 0xffffffffffffffff, 0x0)

26m29.532499909s ago: executing program 2 (id=733):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bc2000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x2132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

26m27.28204691s ago: executing program 3 (id=734):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1e)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000939000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2900, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x26)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b7b000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, 0x0)
r8 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000240)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013d801, &(0x7f0000000000)=0x8005})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c021, &(0x7f0000000140)=0x9})

26m17.710166506s ago: executing program 2 (id=735):
r0 = openat$kvm(0x0, &(0x7f0000000280), 0x103080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x1, 0x408, &(0x7f0000000140)=0x200a88}) (async)
munmap(&(0x7f0000293000/0x1000)=nil, 0x1000) (async)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000280)=@arm64_sve={0x60800000001504f7, &(0x7f0000000140)=0x9}) (async)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) (async, rerun: 64)
openat$kvm(0xffffffffffffff9c, 0x0, 0x161642, 0x0) (async, rerun: 64)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000240)=@x86={0xe, 0x7, 0x8, 0x0, 0xd, 0x2, 0x2, 0xff, 0x78, 0x3, 0x10, 0xff, 0x0, 0x70, 0x0, 0xb, 0x2, 0xc2, 0x7f, '\x00', 0xa, 0x4}) (async)
r7 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f00000001c0)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async, rerun: 64)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bff000/0x400000)=nil) (async, rerun: 64)
close(0x4) (async)
close(0x5)

26m13.518589852s ago: executing program 3 (id=736):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
openat$kvm(0x0, 0x0, 0x501441, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f000021a000/0x400000)=nil)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x2, 0x100)
r7 = eventfd2(0x10000, 0x0)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7, 0x3})
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000100)={r2, 0x9, 0x2, r7})
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
write$eventfd(r2, &(0x7f0000000100)=0x8, 0x8)
r9 = ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x2})
ioctl$KVM_SET_USER_MEMORY_REGION2(r8, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0x1000000, r9})
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f0000000140)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x7fe, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1f8}}], 0x58}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x2, 0x100)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r11, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r11, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000240)={0x1, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r12 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x20000002)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r14, 0x4020aeae, &(0x7f0000000040)={0x5})

26m5.803668228s ago: executing program 2 (id=737):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x6, <r3=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) (async)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7) (async)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r12, 0xaead) (async)
r13 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) (async)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000140)=@arm64_fw={0x6030000000540002, 0x0}) (async)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f00000002c0)={0x2, 0x0, [{0x3, 0x1, 0x0, 0x0, @adapter={0x0, 0x6a, 0x8, 0x5, 0x3}}, {0x3, 0x1, 0x0, 0x0, @msi={0x0, 0xf, 0x9, 0xfffffff9}}]})
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0xe4)

25m55.761868089s ago: executing program 3 (id=738):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
r1 = openat$kvm(0x0, &(0x7f0000000100), 0x23c2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_GET_SREGS(r8, 0x8000ae83, 0x0)
ioctl$KVM_CREATE_VM(r5, 0x401c5820, 0x20000006)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000040)={0x40, 0x14000, 0x0, 0xffffffffffffffff, 0x9})

25m51.837492341s ago: executing program 2 (id=739):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r3, 0x4068aea3, &(0x7f0000000140))
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000380)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x240)

25m41.380759424s ago: executing program 3 (id=740):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x23)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x8003, 0x10000000004}}], 0x28}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0xffffffffffffffff)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
r7 = ioctl$KVM_CREATE_VM(r6, 0x894c, 0x2)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r10, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff})
ioctl$KVM_CREATE_VCPU(r7, 0x8008b70d, 0x1)

25m5.32929281s ago: executing program 34 (id=739):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r3, 0x4068aea3, &(0x7f0000000140))
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000380)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x240)

24m54.909701332s ago: executing program 35 (id=740):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x23)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x8003, 0x10000000004}}], 0x28}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0xffffffffffffffff)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
r7 = ioctl$KVM_CREATE_VM(r6, 0x894c, 0x2)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r10, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff})
ioctl$KVM_CREATE_VCPU(r7, 0x8008b70d, 0x1)

14m39.5629405s ago: executing program 5 (id=765):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
eventfd2(0x3, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r4 = eventfd2(0x0, 0x0)
close(r4)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0x40086602, 0x110ca32000)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
r9 = eventfd2(0x4, 0x80801)
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000000)={r9, 0x6, 0x2, r8})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)

14m36.658562658s ago: executing program 4 (id=766):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xb0, 0x0, 0x5}}], 0x30}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r8, 0x401054d6, 0x110c230020)
r9 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x1, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f00000001c0)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0})

14m21.875422542s ago: executing program 5 (id=767):
mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x930, 0x7, 0x13, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000240)=@arm64_core={0x6030000000100036, &(0x7f00000002c0)=0x1})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r8, 0x3, 0x40b2811, r7, 0x6000)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100028, 0x0})
ioctl$KVM_CREATE_VM(r11, 0x40086602, 0x20000000)
r12 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0xa}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000d82000/0x2000)=nil, r8, 0x8, 0x13, r13, 0x0)

14m7.630817752s ago: executing program 4 (id=768):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b88000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000240)={0x1fe, 0x3, 0xdddd1000, 0x1000, &(0x7f0000cc6000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f00000000c0)={0x2, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x4, 0x3, 0xcccc0000, 0x1000, &(0x7f0000d7d000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x0, 0xeeee0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r12, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000007c0)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000000800)=[@featur2={0x1, 0x9}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r9, 0x4010ae74, &(0x7f0000000000)={0xff, 0x8, 0x3})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x8900, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x24)
syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r16, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c801, &(0x7f0000000080)=0x800000000000})

14m2.999139548s ago: executing program 5 (id=769):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_GET_REGS(r3, 0x8360ae81, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_extra={0x603000000013c036})

13m45.183331049s ago: executing program 5 (id=770):
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100028, 0x0})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013df40, 0x8000}}], 0x20}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_GET_VCPU_EVENTS(r7, 0x8040ae9f, &(0x7f00000000c0)=@arm64)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, <r10=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x1, 0x5, 0xb, 0x0, 0x2, 0x6, 0x6, 0x9, 0x8, 0x8, 0x6, 0x2, 0x0, 0x1, 0x6, 0xe2, 0x1, 0x29, 0x7f, '\x00', 0x10, 0x200})
write$eventfd(r10, &(0x7f00000001c0)=0x9, 0x5d)
r11 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x9, 0x10000, 0x0, 0xa, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x8)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r11, 0xae80, 0x0)

13m44.82769011s ago: executing program 4 (id=771):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x5, 0xe, 0x0, 0x20000080, 0x4}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
munmap(&(0x7f00007ec000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r5, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r7, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

13m26.051762585s ago: executing program 4 (id=772):
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013801a, &(0x7f0000000000)=0xfff})
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000340)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000240)=0x4})

13m23.347727825s ago: executing program 5 (id=773):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2)
r1 = eventfd2(0x5, 0x80000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7})
r4 = eventfd2(0x3ff, 0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x5, 0x2, r4})
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000140)={r4, 0x5, 0x1})
ioctl$KVM_CAP_DIRTY_LOG_RING(r3, 0x4068aea3, &(0x7f0000000080)={0xc0, 0x0, 0x1d000})
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000000)={r1, 0x5, 0x3, r4})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0x80811501, 0x20000000)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r7, 0xc, 0x12, 0xffffffffffffffff, 0x20000000)

13m12.848787168s ago: executing program 4 (id=774):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000080)={0xb6, 0x0, 0x7f}) (async)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, 0xffffffffffffffff)

13m9.547344563s ago: executing program 5 (id=775):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @svc={0x122, 0x40, {0x80000002, [0x4, 0xd, 0x8000000000000001, 0x40, 0xfffffffffffffffb]}}], 0x68}, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @svc={0x122, 0x40, {0x80000002, [0x4, 0xd, 0x8000000000000001, 0x40, 0xfffffffffffffffb]}}], 0x68}, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x1, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r5, 0x800454cf, 0x80000110c230007) (async)
ioctl$KVM_CREATE_VM(r5, 0x800454cf, 0x80000110c230007)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xeeee0000, 0x1000, &(0x7f0000fd1000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000ec2000/0x1000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000000)={0x4000, 0x37d03030d7a9a616, 0xffffffff})
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r13, 0x4068aea3, &(0x7f00000000c0)={0xe1, 0x0, 0x3}) (async)
ioctl$KVM_CAP_HALT_POLL(r13, 0x4068aea3, &(0x7f00000000c0)={0xe1, 0x0, 0x3})
ioctl$KVM_GET_DIRTY_LOG(r13, 0x4010ae42, &(0x7f0000000140)={0x10003, 0x0, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_GET_DIRTY_LOG(r13, 0x4010ae42, &(0x7f0000000140)={0x10003, 0x0, &(0x7f0000ffe000/0x2000)=nil})

12m59.548835074s ago: executing program 4 (id=776):
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x42002, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd940000c2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c8ad3e5952305abf0", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x84000000000)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c41000/0x3000)=nil, 0x930, 0x280000b, 0x2010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x27)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@mrs={0xbe, 0x0, {0x6030000000138045}}, @hvc={0x32, 0x0, {0x20, [0x7, 0xb, 0x81, 0x80000001, 0x1ff]}}, @msr={0x14, 0x0, {0x603000000013f972, 0x9}}, @uexit={0x0, 0x0, 0x7}, @irq_setup={0x46, 0x0, {0x1, 0x361}}, @hvc={0x32, 0x0, {0x31008819, [0x10001, 0x1, 0x8, 0x8, 0x5]}}, @msr={0x14, 0x0, {0x603000000013dea2, 0x7fffffffffffffff}}, @svc={0x122, 0x0, {0x84000053, [0x3, 0x4a, 0x1, 0x5, 0x3]}}, @memwrite={0x6e, 0x0, @vgic_gicd={0x8000000, 0x3000, 0x2, 0xb}}, @msr={0x14, 0x0, {0x603000000013e288, 0xd796}}, @its_send_cmd={0xaa, 0x0, {0xc, 0x1, 0x1, 0x5, 0x6, 0xd, 0x1}}, @mrs={0xbe, 0x0, {0x603000000013c2a8}}, @mrs={0xbe, 0x0, {0x603000000013e6c0}}, @irq_setup={0x46, 0x0, {0x2, 0x166}}, @its_setup={0x82, 0x0, {0x1, 0x4, 0x226}}, @mrs={0xbe, 0x0, {0x603000000013e666}}, @hvc={0x32, 0x0, {0x84000003, [0x2, 0x3b, 0xbfa8, 0x7, 0x7094]}}, @mrs={0xbe, 0x0, {0x603000000013f529}}, @irq_setup={0x46, 0x0, {0x3, 0x1e6}}, @mrs={0xbe, 0x0, {0x6030000000138080}}, @smc={0x1e, 0x0, {0x84000008, [0x101, 0x1, 0x9, 0xff, 0xcaf0]}}, @uexit={0x0, 0x0, 0xa}, @uexit={0x0, 0x0, 0x39}, @eret={0xe6, 0x0, 0x2}], 0x64}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x72b801, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x20)

12m22.555180575s ago: executing program 36 (id=775):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @svc={0x122, 0x40, {0x80000002, [0x4, 0xd, 0x8000000000000001, 0x40, 0xfffffffffffffffb]}}], 0x68}, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @svc={0x122, 0x40, {0x80000002, [0x4, 0xd, 0x8000000000000001, 0x40, 0xfffffffffffffffb]}}], 0x68}, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x1, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r5, 0x800454cf, 0x80000110c230007) (async)
ioctl$KVM_CREATE_VM(r5, 0x800454cf, 0x80000110c230007)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xeeee0000, 0x1000, &(0x7f0000fd1000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000ec2000/0x1000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000000)={0x4000, 0x37d03030d7a9a616, 0xffffffff})
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r13, 0x4068aea3, &(0x7f00000000c0)={0xe1, 0x0, 0x3}) (async)
ioctl$KVM_CAP_HALT_POLL(r13, 0x4068aea3, &(0x7f00000000c0)={0xe1, 0x0, 0x3})
ioctl$KVM_GET_DIRTY_LOG(r13, 0x4010ae42, &(0x7f0000000140)={0x10003, 0x0, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_GET_DIRTY_LOG(r13, 0x4010ae42, &(0x7f0000000140)={0x10003, 0x0, &(0x7f0000ffe000/0x2000)=nil})

12m9.500870663s ago: executing program 37 (id=776):
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x42002, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd940000c2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c8ad3e5952305abf0", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x84000000000)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c41000/0x3000)=nil, 0x930, 0x280000b, 0x2010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x27)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@mrs={0xbe, 0x0, {0x6030000000138045}}, @hvc={0x32, 0x0, {0x20, [0x7, 0xb, 0x81, 0x80000001, 0x1ff]}}, @msr={0x14, 0x0, {0x603000000013f972, 0x9}}, @uexit={0x0, 0x0, 0x7}, @irq_setup={0x46, 0x0, {0x1, 0x361}}, @hvc={0x32, 0x0, {0x31008819, [0x10001, 0x1, 0x8, 0x8, 0x5]}}, @msr={0x14, 0x0, {0x603000000013dea2, 0x7fffffffffffffff}}, @svc={0x122, 0x0, {0x84000053, [0x3, 0x4a, 0x1, 0x5, 0x3]}}, @memwrite={0x6e, 0x0, @vgic_gicd={0x8000000, 0x3000, 0x2, 0xb}}, @msr={0x14, 0x0, {0x603000000013e288, 0xd796}}, @its_send_cmd={0xaa, 0x0, {0xc, 0x1, 0x1, 0x5, 0x6, 0xd, 0x1}}, @mrs={0xbe, 0x0, {0x603000000013c2a8}}, @mrs={0xbe, 0x0, {0x603000000013e6c0}}, @irq_setup={0x46, 0x0, {0x2, 0x166}}, @its_setup={0x82, 0x0, {0x1, 0x4, 0x226}}, @mrs={0xbe, 0x0, {0x603000000013e666}}, @hvc={0x32, 0x0, {0x84000003, [0x2, 0x3b, 0xbfa8, 0x7, 0x7094]}}, @mrs={0xbe, 0x0, {0x603000000013f529}}, @irq_setup={0x46, 0x0, {0x3, 0x1e6}}, @mrs={0xbe, 0x0, {0x6030000000138080}}, @smc={0x1e, 0x0, {0x84000008, [0x101, 0x1, 0x9, 0xff, 0xcaf0]}}, @uexit={0x0, 0x0, 0xa}, @uexit={0x0, 0x0, 0x39}, @eret={0xe6, 0x0, 0x2}], 0x64}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x72b801, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x20)

2m49.052386306s ago: executing program 7 (id=785):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bc2000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x23)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, 0xffffffffffffffff, 0x0)
close(0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close(0x5)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0)
r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

2m48.721453645s ago: executing program 6 (id=786):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0xfffffffffffffffa, 0x2, 0x4, 0xffffffffffffffff, 0x8a4fa382f1515d0b})
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, 0xfffffffffffffffe)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x28003, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000b5b000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[@hvc={0x32, 0x40, {0x84000007, [0x8, 0x10000, 0x7, 0x3, 0x8]}}], 0x40}, 0x0, 0x0)

2m22.127859902s ago: executing program 7 (id=787):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xc2881, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x21)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0xfffe)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000040)=@arm64_core={0x6030000000100022, &(0x7f0000000000)=0x3})
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xc0189436, 0x100000000000000)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
r14 = mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, 0x0, 0x8, 0x11, r13, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000000c0)="23ec0468f8ae464154587c1972534f7b93eee982dda051dfeda7fa746b9ec4094300fc909b611a09ea8929a1ca0b0192bf1e46c160ae83dd9889edccec8833b28104ea4b5659ad65", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r13, 0x0)
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
r17 = ioctl$KVM_CREATE_VCPU(r16, 0xae41, 0x0)
ioctl$KVM_GET_MP_STATE(r17, 0x8004ae98, 0xfffffffffffffffe)
r18 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r18, 0xae01, 0x0)

2m17.174905741s ago: executing program 6 (id=788):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0xfffffffffffffffd) (async)
ioctl$KVM_PPC_ALLOCATE_HTAB(r0, 0xc004aea7, &(0x7f0000000000)=0x7fff) (async, rerun: 32)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (rerun: 32)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, r2, 0x2000002, 0x4000010, r1, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f0000000040)={0xa8, 0x0, 0x1}) (async)
ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000100)=@riscv64_core={0x8030000000200020, &(0x7f00000000c0)=0xffffffff}) (async)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000140)={0x9}) (async)
ioctl$KVM_KVMCLOCK_CTRL(r1, 0xaead) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x10205, 0x0, 0xfec00000, 0x1000, &(0x7f0000ffb000/0x1000)=nil})
r3 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10000, 0x0)
ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0) (async)
ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000200)={0xeeee0000}) (async)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000240)=0x2)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r5, 0x4018aee2, &(0x7f00000002c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000280)=0x80000000}) (async)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2c)
ioctl$KVM_SET_SREGS(r3, 0x4000ae84, &(0x7f0000000300)={{0x50000, 0x10000, 0x4, 0x40, 0x7, 0x8b, 0x81, 0x0, 0x6, 0x0, 0x9, 0xf8}, {0x80a0000, 0x25000, 0xc, 0x2, 0x6, 0x9, 0xf0, 0x9, 0x52, 0x9, 0x2, 0xa6}, {0x40000, 0x4, 0x8, 0xbb, 0x3, 0x8, 0xa, 0x7, 0x6, 0xfd, 0x7, 0x3}, {0xeeee0000, 0x50000, 0xa, 0x6, 0x8, 0x4, 0x7, 0x8, 0x3, 0x3, 0x7}, {0x10000, 0xf000, 0xf, 0x10, 0x4, 0x4, 0x4d, 0x9, 0x5, 0xe, 0xf2, 0x9}, {0xe000, 0x7000, 0xc, 0x8, 0x5, 0x5, 0x55, 0x6, 0xc, 0xcf, 0x6, 0xfb}, {0x8080000, 0xd000, 0xb, 0x3, 0x1, 0xa, 0x70, 0xf6, 0x98, 0x3, 0x3, 0x7}, {0xfec00000, 0x4000, 0xa, 0x4, 0x80, 0x7f, 0x8, 0xe, 0x8, 0x6, 0x4, 0xfd}, {0x2, 0x2}, {0xdddd0000, 0x9}, 0x10, 0x0, 0xb000, 0x200, 0x6, 0x1900, 0x25000, [0x80000001, 0x1, 0x6, 0x6]}) (async)
ioctl$KVM_PPC_ALLOCATE_HTAB(r6, 0xc004aea7, &(0x7f0000000440)=0x1) (async)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r7, 0x2000009, 0x1010, r5, 0x0) (async, rerun: 64)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000880)={0x10004, 0xc0, 0x2c0, &(0x7f0000000480)=[0x0, 0x5, 0x1000, 0x1486, 0x3, 0x6, 0x4, 0x1, 0x3, 0x2507dcb3, 0x6, 0x8000000000000001, 0x0, 0x2, 0x0, 0x0, 0x43ef, 0x3, 0x2, 0x1, 0x2, 0x7, 0xe, 0x1, 0x6, 0x3ff, 0x8, 0xffffffffb532912a, 0x80, 0x6, 0x1ff, 0x9, 0x58da, 0x4c, 0x800, 0x8, 0x6, 0x4, 0x1, 0x0, 0x5, 0x4, 0x100000001, 0x8000000000000000, 0xd56, 0x4, 0x9, 0x6, 0x1, 0x2, 0x74, 0x0, 0x8, 0x4, 0x4, 0xffffffffffff8001, 0x81, 0x5, 0xb6, 0x10001, 0x0, 0x100000001, 0x4, 0xfffffffffffffffd, 0x3, 0x3, 0xfffffffffffffffb, 0xffffffffffffffff, 0x2a, 0xffffffffffff8000, 0xdb, 0xd719cf1, 0x9, 0x3, 0x2, 0x3, 0x2, 0x4, 0x0, 0x1, 0xb93b, 0xffffffffffffff2c, 0x5, 0x1000, 0x7, 0x8, 0xff6e, 0x8, 0x7fffffff, 0x4, 0x5, 0x8001, 0x3, 0x6, 0x3c6c, 0x3, 0x7, 0x8, 0x1, 0xe, 0x4, 0x4, 0x5, 0xffff, 0xb, 0x343, 0x4, 0x1ff, 0xffffffffffff7eab, 0x7, 0x5, 0x7, 0x9, 0x7, 0x7, 0x3, 0x9, 0x8000000000000000, 0x9, 0x74, 0x7, 0x9, 0x878, 0x1, 0x28, 0x0, 0x4, 0x1]}) (rerun: 64)
ioctl$KVM_SET_SREGS(r5, 0x4000ae84, &(0x7f00000008c0)={{0xeeee8000, 0x7000, 0xb, 0x7, 0x6, 0x0, 0x8, 0x3, 0x2, 0x0, 0x1, 0xd}, {0x10000, 0x40000, 0x4, 0x9, 0x3, 0x7, 0x3, 0x1, 0x40, 0x6, 0x8, 0x35}, {0xd000, 0xe000, 0x7, 0x4, 0x6, 0xf, 0x6, 0x3, 0x20, 0x0, 0x1, 0xa}, {0xffffffff, 0x4, 0xe, 0x4, 0x3, 0x54, 0x6, 0x5, 0xde, 0x3, 0x5d}, {0xf000, 0x58000, 0xf, 0x5, 0x40, 0xf, 0x5, 0x9, 0x2, 0x0, 0x18, 0x4}, {0x54000, 0x4000, 0x0, 0x8, 0x9, 0x6, 0x7f, 0xf8, 0x1, 0x0, 0x3, 0x3}, {0x2, 0x2, 0xe, 0x7, 0x0, 0xd, 0xd9, 0x60, 0x3, 0x5, 0xf5, 0xf4}, {0x10000, 0xd000, 0xd, 0xc, 0x5, 0x2, 0xc, 0xa8, 0x3, 0x1, 0x80, 0x2a}, {0xb000, 0xfffa}, {0x200000, 0x3}, 0x40001, 0x0, 0xc000, 0x10004, 0xe, 0xa100, 0x37b000, [0x4, 0xffffffffffffffff, 0xca, 0x40]})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, r2, 0x2, 0x2010, r1, 0x0) (async)
ioctl$KVM_GET_MP_STATE(r5, 0x8004ae98, &(0x7f0000000a00)) (async, rerun: 64)
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x3) (rerun: 64)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000a80)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000a40)=0x7}) (async)
ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, &(0x7f0000000ac0)={0x2000, 0xd000, 0x10, 0x1, 0x1ff})

2m3.822779892s ago: executing program 6 (id=789):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013df40, 0x8000}}], 0x20}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r7})
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000180)={0x5000})
r8 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)

1m51.115871766s ago: executing program 7 (id=790):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000002c0)={0x0, &(0x7f00000001c0)}, &(0x7f0000000300)=[@featur1={0x1, 0x40}], 0x1) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c0c000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x1a1100, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x930, 0x2000007, 0x1010, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x300000f, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000cd9000/0x2000)=nil, 0x930, 0x1000002, 0x100010, r1, 0x0) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x300000a, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f00000000c0)={0x3762, 0x3})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)

1m37.470455853s ago: executing program 6 (id=791):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x3})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xc0189436, 0x1ffffffc)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x2a040, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xd8) (async)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xd8)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
close(0xffffffffffffffff)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}})
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0x84000052, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @hvc={0x32, 0xfffffffffffffeae, {0xc4000053, [0xfffffffffffffffc, 0x1, 0x1, 0x3, 0x6]}}], 0x80}, 0x0, 0x0)
munmap(&(0x7f0000481000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000136000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)
munmap(&(0x7f00009f4000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f00009f4000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000e4c000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000967000/0x2000)=nil, 0x2000)
munmap(&(0x7f00007f5000/0xe000)=nil, 0xe000) (async)
munmap(&(0x7f00007f5000/0xe000)=nil, 0xe000)
munmap(&(0x7f0000d04000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000270000/0x1000)=nil, 0x1000)
munmap(&(0x7f00007fd000/0x800000)=nil, 0x800000) (async)
munmap(&(0x7f00007fd000/0x800000)=nil, 0x800000)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1m33.265515569s ago: executing program 7 (id=792):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x6, 0x6, 0xad, '\x00', 0x76})
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000000c0)=0xa)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m17.238570949s ago: executing program 6 (id=793):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8)
ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000000)={0x3, 0x0, [{0xac9c, 0x1, 0x0, 0x0, @irqchip={0xd2a, 0xc}}, {0x9, 0x3, 0x1, 0x0, @irqchip={0x7, 0x5}}, {0x99f, 0x1, 0x1, 0x0, @irqchip={0x40, 0x2000}}]}) (async)
ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f00000000c0)) (async)
r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bff000/0x400000)=nil)
r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[@eret={0xe6, 0x18}, @hvc={0x32, 0x40, {0x80000001, [0xf9, 0x80, 0x7, 0x5, 0x3e93]}}, @msr={0x14, 0x20, {0x603000000013df70, 0x27cd}}, @uexit={0x0, 0x18, 0x9}, @svc={0x122, 0x40, {0x84000008, [0x4, 0x4, 0x8001, 0x9, 0x1]}}, @eret={0xe6, 0x18, 0x10}, @eret={0xe6, 0x18, 0x4}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x156}}, @svc={0x122, 0x40, {0x40, [0x1800000000000, 0x1, 0x4, 0x3, 0x1ff]}}, @msr={0x14, 0x20, {0x603000000013c2a5, 0x9}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x32}}, @uexit={0x0, 0x18, 0x6}, @eret={0xe6, 0x18, 0xffffffffbd9003a2}, @uexit={0x0, 0x18, 0x1}, @code={0xa, 0xb4, {"40b89bd200c0b0f2e10180d2c20180d2830080d2640180d2020000d440a485d20020b8f2810080d2c20180d2a30180d2240180d2020000d4008008d5403f91d200e0b0f2810080d2420180d2430180d2440080d2020000d420559ad20080b0f2010080d2820180d2030180d2e40180d2020000d40010200e80b381d20040b8f2c10180d2e20180d2c30180d2240180d2020000d400a0004f007008d500008012"}}], 0x2ac}, &(0x7f0000000440)=[@featur2={0x1, 0x40}], 0x1) (async)
r3 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000008c0)={0x0, &(0x7f0000000480)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x3f5}}, @code={0xa, 0x9c, {"0070df0c400995d20060b8f2010180d2420080d2a30180d2240180d2020000d4a01196d200a0b0f2610180d2a20080d2c30180d2c40180d2020000d4000cc038007008d50060005e000028d5400881d20000b0f2410180d2420180d2e30180d2240180d2020000d400a09f0d608b90d20000b8f2210080d2420180d2c30080d2840080d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013c018}}, @irq_setup={0x46, 0x18, {0x4, 0x24c}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x113}}, @svc={0x122, 0x40, {0x500102b, [0x3, 0x0, 0xffffffff, 0x4, 0x800]}}, @uexit={0x0, 0x18}, @uexit={0x0, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x3, 0x6, 0x0, 0x2, 0x2}}, @svc={0x122, 0x40, {0x80, [0x4, 0x5, 0x281, 0x2, 0x100]}}, @smc={0x1e, 0x40, {0x70dd7a3dd94d6dbd, [0x10000, 0x4, 0x1ff, 0x3ff, 0xec9]}}, @svc={0x122, 0x40, {0x200, [0x7, 0x10001, 0x5, 0xfff, 0x4]}}, @hvc={0x32, 0x40, {0x2000000, [0x4, 0xffff, 0xef7c, 0x2]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x9, 0xb}}, @mrs={0xbe, 0x18, {0x603000000013e681}}, @hvc={0x32, 0x40, {0xffff, [0xf0, 0x10, 0x6, 0xfffffffffffff8c8, 0x4]}}, @hvc={0x32, 0x40, {0xc4000053, [0x1, 0x0, 0x1, 0x3, 0xc]}}, @uexit={0x0, 0x18, 0x6}, @svc={0x122, 0x40, {0x84000013, [0x9, 0x8000000000000000, 0x100, 0x67e94bcc, 0x6]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x3bb}}, @svc={0x122, 0x40, {0x3f000000, [0x9, 0xd15, 0x1, 0x7f, 0xfffffffffffffc01]}}], 0x43c}, &(0x7f0000000900)=[@featur2={0x1, 0x44}], 0x1)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x11)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r4, 0x4018aee3, &(0x7f0000000980)=@attr_other={0x0, 0x46b, 0xf6f5, &(0x7f0000000940)=0x10})
r5 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2e)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000009c0)={0x7}) (async)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r5, 0x4010ae74, &(0x7f0000000a00)={0x3e20, 0x9, 0xc9bf}) (async)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r5, 0x4018aee3, &(0x7f0000000a80)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000a40)={0x5, 0x5, 0x1}})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) (async)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x38)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000ac0)) (async)
ioctl$KVM_SET_SIGNAL_MASK(r5, 0x4004ae8b, &(0x7f0000000b00)={0x58, "552a84200cc058fc16243b58bf0716d86be9903895e49f3a1ed7c2262c5314b84bb8c1e52a3f6196fcc82ebb48c98077207591dff84d0cf311d7a3f4a9d3d5e3d7801345abe3ba5918226f274eb02d450cd090da12d6433d"}) (async)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x12)
ioctl$KVM_CAP_PTP_KVM(r8, 0x4068aea3, &(0x7f0000000b80)) (async)
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x15)
syz_kvm_setup_cpu$arm64(r9, r3, &(0x7f0000a79000/0x400000)=nil, &(0x7f0000001180)=[{0x0, &(0x7f0000000c00)=[@code={0xa, 0x84, {"008008d5806b8cd20000b0f2210080d2a20080d2830180d2640080d2020000d4008008d5c0e694d20000b8f2c10080d2820080d2c30080d2c40180d2020000d4205992d20060b8f2410080d2620080d2830080d2040080d2020000d4000028d5008008d5000008d5000000cb007c0013"}}, @code={0xa, 0x84, {"1f0000310068201e000000fc60cb86d200a0b0f2210180d2c20080d2e30180d2640180d2020000d4003b95d200e0b0f2210180d2620080d2c30180d2440180d2020000d4c0829ad20040b0f2410080d2820180d2030180d2c40080d2020000d4000008d50048217e0000c03d00000048"}}, @irq_setup={0x46, 0x18, {0x3, 0x362}}, @hvc={0x32, 0x40, {0x84000051, [0x2, 0x10, 0x3, 0x400, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x3, 0x3}}, @eret={0xe6, 0x18, 0x2}, @smc={0x1e, 0x40, {0x8400000b, [0x6, 0x1ff, 0x2, 0x1, 0x7]}}, @uexit={0x0, 0x18, 0x8000000000000001}, @smc={0x1e, 0x40, {0x84000006, [0x7, 0x7fffffffffffffff, 0xbaa, 0x6, 0x5]}}, @smc={0x1e, 0x40, {0x2000, [0x0, 0x9, 0x5, 0xfb3e, 0x144]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x2, 0x4, 0x24}}, @mrs={0xbe, 0x18, {0x603000000013c108}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0xd, 0x400, 0x7, 0x1}}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0x478, 0x8, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x300, 0x6, 0x8}}, @svc={0x122, 0x40, {0x84000005, [0x1, 0xa564, 0x100, 0xe6, 0x6]}}, @irq_setup={0x46, 0x18, {0x2, 0x334}}, @smc={0x1e, 0x40, {0x80, [0x0, 0x3, 0x80000000, 0x3, 0x3]}}, @irq_setup={0x46, 0x18, {0x1, 0x5a}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x8}}, @uexit={0x0, 0x18, 0x94a3}, @smc={0x1e, 0x40, {0x1, [0xb61, 0x2, 0x2, 0x34, 0x7aa]}}, @uexit={0x0, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x2, 0x8c}}, @svc={0x122, 0x40, {0x80007fff, [0x7ff, 0x1815, 0xd, 0xd, 0x1]}}, @uexit={0x0, 0x18, 0x20000000000000}, @svc={0x122, 0x40, {0xc4000053, [0x5, 0x8000000000000001, 0x1, 0x0, 0x8000000000000000]}}], 0x548}], 0x1, 0x0, &(0x7f00000011c0)=[@featur1={0x1, 0xa}], 0x1)
ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f0000001200)={0x7, 0xffffffff}) (async)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001280)={0x0, &(0x7f0000001240)=[@irq_setup={0x46, 0x18, {0x2, 0x139}}], 0x18}, &(0x7f00000012c0)=[@featur1={0x1, 0x4a}], 0x1)
ioctl$KVM_CAP_ARM_USER_IRQ(r5, 0x4068aea3, &(0x7f0000001300)) (async)
ioctl$KVM_CAP_ARM_USER_IRQ(r6, 0x4068aea3, &(0x7f0000001380))
ioctl$KVM_CAP_ARM_USER_IRQ(r0, 0x4068aea3, &(0x7f0000001400)) (async)
ioctl$KVM_ARM_PREFERRED_TARGET(r5, 0x8020aeaf, &(0x7f0000001480)) (async)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r9, 0x4018aee3, &(0x7f0000001500)=@attr_other={0x0, 0x7c, 0xea, &(0x7f00000014c0)=0x8}) (async)
ioctl$KVM_SET_SREGS(r2, 0x4000ae84, &(0x7f0000001540)={{0xffff3fff, 0xffefffff, 0xa, 0xde, 0x81, 0x0, 0xb, 0xed, 0x9, 0x80, 0xfe, 0x7}, {0xffffffff, 0xfec00000, 0x1, 0x7, 0x2, 0x3, 0xa5, 0x4a, 0x0, 0x1, 0x4, 0xd}, {0x58000, 0x3000, 0x8, 0xa8, 0x0, 0x2e, 0x0, 0x6, 0x7f, 0x8, 0x0, 0x7}, {0xdddd1000, 0x60000, 0xd, 0xe6, 0x7, 0x1, 0x9, 0xf9, 0xb8, 0x79, 0x8, 0x1}, {0x9000, 0xffffffff, 0xa, 0x16, 0x5, 0x0, 0x1, 0xfe, 0x4, 0x80, 0x12, 0x8}, {0x8000000, 0x80a0000, 0x10, 0x80, 0x0, 0x5, 0x5, 0x6, 0x8, 0xc, 0x8, 0xf7}, {0x7000, 0x26000, 0x0, 0xd, 0x8, 0x9a, 0xb, 0x9, 0xd, 0x2, 0xa, 0x8}, {0x70000, 0x60000, 0x8, 0x40, 0x9, 0x7, 0x3, 0x9, 0x9, 0xd, 0x4}, {0x4000, 0x10}, {0xd000, 0xf3}, 0xc0000018, 0x0, 0x0, 0x10206c, 0x8, 0x800, 0xeeef0000, [0xfffffffffffffffc, 0x1, 0x7f8000000000, 0x4]}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000001680)={0x10004, 0x7, 0xeeee8000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

1m15.844297308s ago: executing program 7 (id=794):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x80000, 0x10000, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000001c0)="fb0149dd833be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8faa767969d22627e700", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a97f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000000)=[@msr={0x14, 0x0, {0x603000000013df11, 0x3}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000007)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r11, 0x800454cf, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x8, 0x0, &(0x7f0000000200)=0x807fffe})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m3.021679707s ago: executing program 6 (id=795):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x208281, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34)
mmap$KVM_VCPU(&(0x7f0000011000/0x3000)=nil, 0x930, 0xe, 0x16831, r2, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fbf000/0x3000)=nil, r5, 0xb, 0x11, r2, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = mmap$KVM_VCPU(&(0x7f0000002000/0x4000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)

50.777640354s ago: executing program 7 (id=796):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_FINALIZE(r5, 0xc018ae85, 0x0)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000140), 0x28003, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000b5b000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xa5)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[@hvc={0x32, 0x40, {0x84000007, [0x8, 0x10000, 0x7, 0x3, 0x8]}}], 0x40}, 0x0, 0x0)

15.678284562s ago: executing program 38 (id=795):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000140), 0x208281, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34)
mmap$KVM_VCPU(&(0x7f0000011000/0x3000)=nil, 0x930, 0xe, 0x16831, r2, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fbf000/0x3000)=nil, r5, 0xb, 0x11, r2, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = mmap$KVM_VCPU(&(0x7f0000002000/0x4000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)

0s ago: executing program 39 (id=796):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_FINALIZE(r5, 0xc018ae85, 0x0)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000140), 0x28003, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000b5b000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xa5)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[@hvc={0x32, 0x40, {0x84000007, [0x8, 0x10000, 0x7, 0x3, 0x8]}}], 0x40}, 0x0, 0x0)

kernel console output (not intermixed with test programs):

[  394.207125][ T3172] 8021q: adding VLAN 0 to HW filter on device bond0
[  446.672570][ T3172] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:11082' (ED25519) to the list of known hosts.
[  619.547720][   T24] audit: type=1400 audit(618.700:61): avc:  denied  { name_bind } for  pid=3332 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  620.428088][   T24] audit: type=1400 audit(619.580:62): avc:  denied  { execute } for  pid=3333 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  620.452403][   T24] audit: type=1400 audit(619.610:63): avc:  denied  { execute_no_trans } for  pid=3333 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  646.617831][   T24] audit: type=1400 audit(645.780:64): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  646.657985][   T24] audit: type=1400 audit(645.820:65): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  646.749852][ T3333] cgroup: Unknown subsys name 'net'
[  646.808937][   T24] audit: type=1400 audit(645.970:66): avc:  denied  { unmount } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  647.245456][ T3333] cgroup: Unknown subsys name 'cpuset'
[  647.352761][ T3333] cgroup: Unknown subsys name 'rlimit'
[  648.244698][   T24] audit: type=1400 audit(647.400:67): avc:  denied  { setattr } for  pid=3333 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  648.269554][   T24] audit: type=1400 audit(647.430:68): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  648.288728][   T24] audit: type=1400 audit(647.440:69): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  649.338863][ T3336] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  649.360105][   T24] audit: type=1400 audit(648.520:70): avc:  denied  { relabelto } for  pid=3336 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  649.384787][   T24] audit: type=1400 audit(648.540:71): avc:  denied  { write } for  pid=3336 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  649.575372][   T24] audit: type=1400 audit(648.730:72): avc:  denied  { read } for  pid=3333 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  649.597733][   T24] audit: type=1400 audit(648.750:73): avc:  denied  { open } for  pid=3333 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  649.642383][ T3333] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  705.975836][   T24] audit: type=1400 audit(705.130:74): avc:  denied  { execmem } for  pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  710.014475][   T24] audit: type=1400 audit(709.170:76): avc:  denied  { open } for  pid=3340 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  710.036123][   T24] audit: type=1400 audit(709.160:75): avc:  denied  { read } for  pid=3339 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  710.107458][   T24] audit: type=1400 audit(709.250:77): avc:  denied  { mounton } for  pid=3340 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  710.351057][   T24] audit: type=1400 audit(709.510:78): avc:  denied  { module_request } for  pid=3340 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  710.395439][   T24] audit: type=1400 audit(709.550:79): avc:  denied  { module_request } for  pid=3339 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  711.456303][   T24] audit: type=1400 audit(710.610:80): avc:  denied  { sys_module } for  pid=3340 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  734.847689][ T3339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  735.226258][ T3339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  735.515817][ T3340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  735.852551][ T3340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  747.820499][ T3339] hsr_slave_0: entered promiscuous mode
[  747.850792][ T3339] hsr_slave_1: entered promiscuous mode
[  749.061435][ T3340] hsr_slave_0: entered promiscuous mode
[  749.106246][ T3340] hsr_slave_1: entered promiscuous mode
[  749.138897][ T3340] debugfs: 'hsr0' already exists in 'hsr'
[  749.148885][ T3340] Cannot create hsr debugfs directory
[  760.440888][   T24] audit: type=1400 audit(759.600:81): avc:  denied  { create } for  pid=3339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  760.510420][   T24] audit: type=1400 audit(759.670:82): avc:  denied  { write } for  pid=3339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  760.595905][   T24] audit: type=1400 audit(759.750:83): avc:  denied  { read } for  pid=3339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  760.789817][ T3339] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  761.400737][ T3339] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  761.897882][ T3339] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  762.129110][ T3339] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  765.637201][ T3340] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  765.989278][ T3340] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  766.350566][ T3340] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  766.918869][ T3340] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  779.951209][ T3339] 8021q: adding VLAN 0 to HW filter on device bond0
[  783.190293][ T3340] 8021q: adding VLAN 0 to HW filter on device bond0
[  837.277022][ T3339] veth0_vlan: entered promiscuous mode
[  837.866552][ T3339] veth1_vlan: entered promiscuous mode
[  839.929911][ T3339] veth0_macvtap: entered promiscuous mode
[  840.409698][ T3339] veth1_macvtap: entered promiscuous mode
[  840.522312][ T3340] veth0_vlan: entered promiscuous mode
[  841.357781][ T3340] veth1_vlan: entered promiscuous mode
[  842.929793][ T3426] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  842.974279][ T3426] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  842.978487][ T3426] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  842.979372][ T3426] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  844.718693][ T3340] veth0_macvtap: entered promiscuous mode
[  845.335945][ T3340] veth1_macvtap: entered promiscuous mode
[  845.582442][   T24] audit: type=1400 audit(844.690:84): avc:  denied  { mount } for  pid=3339 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  845.757523][   T24] audit: type=1400 audit(844.910:85): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/syzkaller.TLhIH0/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  846.097688][   T24] audit: type=1400 audit(845.260:86): avc:  denied  { mount } for  pid=3339 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  846.420200][   T24] audit: type=1400 audit(845.580:87): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/syzkaller.TLhIH0/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  846.568362][   T24] audit: type=1400 audit(845.670:88): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/syzkaller.TLhIH0/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  847.181493][   T24] audit: type=1400 audit(846.320:89): avc:  denied  { unmount } for  pid=3339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  847.536340][   T24] audit: type=1400 audit(846.590:90): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  847.706972][   T24] audit: type=1400 audit(846.810:91): avc:  denied  { mount } for  pid=3339 comm="syz-executor" name="/" dev="gadgetfs" ino=3752 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  847.847133][ T3392] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  847.851793][ T3392] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  847.897733][ T3392] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  847.901791][ T3392] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  848.082515][   T24] audit: type=1400 audit(847.240:92): avc:  denied  { mount } for  pid=3339 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  848.172106][   T24] audit: type=1400 audit(847.330:93): avc:  denied  { mounton } for  pid=3339 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  849.805764][ T3339] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  850.851780][   T24] kauditd_printk_skb: 1 callbacks suppressed
[  850.865486][   T24] audit: type=1400 audit(850.010:95): avc:  denied  { read write } for  pid=3339 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  850.917710][   T24] audit: type=1400 audit(850.070:96): avc:  denied  { open } for  pid=3339 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  850.989029][   T24] audit: type=1400 audit(850.150:97): avc:  denied  { ioctl } for  pid=3339 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  861.069678][   T24] audit: type=1400 audit(860.230:98): avc:  denied  { read } for  pid=3498 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  861.111248][   T24] audit: type=1400 audit(860.270:99): avc:  denied  { open } for  pid=3498 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  861.217586][   T24] audit: type=1400 audit(860.370:100): avc:  denied  { ioctl } for  pid=3498 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  872.894659][   T24] audit: type=1400 audit(872.040:101): avc:  denied  { write } for  pid=3506 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  881.943836][   T24] audit: type=1400 audit(881.010:102): avc:  denied  { setattr } for  pid=3510 comm="syz.1.4" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  891.848875][   T24] audit: type=1400 audit(890.970:103): avc:  denied  { append } for  pid=3516 comm="syz.1.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  984.127245][   T24] audit: type=1400 audit(983.250:104): avc:  denied  { ioctl } for  pid=3569 comm="syz.0.22" path="net:[4026531833]" dev="nsfs" ino=4026531833 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  994.230043][   T24] audit: type=1400 audit(993.390:105): avc:  denied  { read open } for  pid=3575 comm="syz.0.23" path="net:[4026532630]" dev="nsfs" ino=4026532630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1079.397569][   T24] audit: type=1400 audit(1078.470:106): avc:  denied  { execute } for  pid=3620 comm="syz.0.35" path="/sys/kernel/debug/kcov" dev="debugfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1
[ 1156.280769][ T3675] KVM: debugfs: duplicate directory 3675-6
[ 1156.622112][ T3675] KVM: debugfs: duplicate directory 3675-6
[ 1156.921931][   T24] audit: type=1400 audit(1156.080:107): avc:  denied  { execute } for  pid=3674 comm="syz.1.50" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=7090 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1256.074710][   T24] audit: type=1400 audit(1255.220:108): avc:  denied  { mounton } for  pid=3707 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 1291.958188][ T3230] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.086202][ T3230] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1294.069877][ T3230] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1295.205405][ T3230] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1311.887140][ T3230] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1312.107991][ T3230] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1312.245782][ T3230] bond0 (unregistering): Released all slaves
[ 1313.975256][ T3230] hsr_slave_0: left promiscuous mode
[ 1314.056211][ T3230] hsr_slave_1: left promiscuous mode
[ 1314.734801][ T3230] veth1_macvtap: left promiscuous mode
[ 1314.736400][ T3230] veth0_macvtap: left promiscuous mode
[ 1314.765241][ T3230] veth1_vlan: left promiscuous mode
[ 1314.776764][ T3230] veth0_vlan: left promiscuous mode
[ 1336.340102][ T3707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1336.786361][ T3707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1340.488940][ T3230] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1341.747042][ T3230] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1342.987532][ T3230] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1344.218125][ T3230] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1360.937487][ T3230] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1361.012383][ T3230] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1361.065553][ T3230] bond0 (unregistering): Released all slaves
[ 1362.155015][ T3230] hsr_slave_0: left promiscuous mode
[ 1362.225050][ T3230] hsr_slave_1: left promiscuous mode
[ 1362.602313][ T3230] veth1_macvtap: left promiscuous mode
[ 1362.644755][ T3230] veth0_macvtap: left promiscuous mode
[ 1362.646455][ T3230] veth1_vlan: left promiscuous mode
[ 1362.664636][ T3230] veth0_vlan: left promiscuous mode
[ 1382.540135][ T3707] hsr_slave_0: entered promiscuous mode
[ 1382.646393][ T3707] hsr_slave_1: entered promiscuous mode
[ 1386.602941][ T3715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1387.039566][ T3715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1395.792689][ T3707] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1396.118149][ T3707] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1396.389668][ T3707] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1396.677800][ T3707] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1410.198498][ T3715] hsr_slave_0: entered promiscuous mode
[ 1410.252433][ T3715] hsr_slave_1: entered promiscuous mode
[ 1410.346500][ T3715] debugfs: 'hsr0' already exists in 'hsr'
[ 1410.347452][ T3715] Cannot create hsr debugfs directory
[ 1420.780527][ T3707] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1424.467951][ T3715] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1424.911982][ T3715] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1425.291060][ T3715] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1425.672827][ T3715] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1453.969395][ T3715] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1519.722853][ T3707] veth0_vlan: entered promiscuous mode
[ 1520.522246][ T3707] veth1_vlan: entered promiscuous mode
[ 1523.497115][ T3707] veth0_macvtap: entered promiscuous mode
[ 1523.889780][ T3707] veth1_macvtap: entered promiscuous mode
[ 1526.765721][   T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.785555][   T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.886241][   T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.942363][   T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1555.948573][ T3715] veth0_vlan: entered promiscuous mode
[ 1557.100682][ T3715] veth1_vlan: entered promiscuous mode
[ 1561.521915][ T3715] veth0_macvtap: entered promiscuous mode
[ 1562.317291][ T3715] veth1_macvtap: entered promiscuous mode
[ 1566.731322][ T3393] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1566.737123][ T3393] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1566.806263][ T3729] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1566.828100][ T3729] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1783.589243][   T24] audit: type=1400 audit(1782.670:109): avc:  denied  { map } for  pid=4084 comm="syz.2.89" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1783.625045][   T24] audit: type=1400 audit(1782.780:110): avc:  denied  { execute } for  pid=4084 comm="syz.2.89" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1844.767326][   T24] audit: type=1400 audit(1843.920:111): avc:  denied  { map } for  pid=4125 comm="syz.2.96" path="pipe:[7561]" dev="pipefs" ino=7561 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 2062.385818][   T24] audit: type=1400 audit(2061.490:112): avc:  denied  { create } for  pid=4235 comm="syz.3.125" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2432.015515][   T24] audit: type=1400 audit(2431.160:113): avc:  denied  { map } for  pid=4412 comm="syz.2.176" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=15547 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2432.105426][   T24] audit: type=1400 audit(2431.260:114): avc:  denied  { read } for  pid=4412 comm="syz.2.176" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=15547 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 3339.309239][ T4885] kvm [4885]: Failed to find VMA for hva 0x20d63000
[ 3626.450108][ T5041] kvm [5041]: Failed to find VMA for hva 0x20c01000
[ 4809.724215][    C0] hrtimer: interrupt took 1383600 ns
[ 4972.894635][   T24] audit: type=1400 audit(4972.040:115): avc:  denied  { execute } for  pid=5770 comm="syz.2.568" path="/258/T" dev="tmpfs" ino=1318 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 5019.351943][ T5793] KVM: debugfs: duplicate directory 5793-5
[ 6212.300874][ T6383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6212.587354][ T6383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6223.810707][ T6391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6224.106224][ T6391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6242.340221][ T6383] hsr_slave_0: entered promiscuous mode
[ 6242.458845][ T6383] hsr_slave_1: entered promiscuous mode
[ 6242.557540][ T6383] debugfs: 'hsr0' already exists in 'hsr'
[ 6242.558499][ T6383] Cannot create hsr debugfs directory
[ 6258.278349][ T6391] hsr_slave_0: entered promiscuous mode
[ 6258.398304][ T6391] hsr_slave_1: entered promiscuous mode
[ 6258.504975][ T6391] debugfs: 'hsr0' already exists in 'hsr'
[ 6258.524679][ T6391] Cannot create hsr debugfs directory
[ 6272.056428][ T6383] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 6272.976188][ T6383] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 6274.084888][ T6383] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 6275.298145][ T6383] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 6284.118089][ T6391] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 6284.639040][ T6391] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 6285.132590][ T6391] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 6285.654989][ T6391] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 6308.377861][ T6383] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6319.218580][ T6391] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6362.176791][ T6416] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6364.231488][ T6416] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6366.420367][ T6416] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6368.402072][ T6416] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6393.345276][ T6416] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6393.695914][ T6416] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6394.006448][ T6416] bond0 (unregistering): Released all slaves
[ 6397.444737][ T6416] hsr_slave_0: left promiscuous mode
[ 6397.550531][ T6416] hsr_slave_1: left promiscuous mode
[ 6398.458189][ T6416] veth1_macvtap: left promiscuous mode
[ 6398.487247][ T6416] veth0_macvtap: left promiscuous mode
[ 6398.497598][ T6416] veth1_vlan: left promiscuous mode
[ 6398.498746][ T6416] veth0_vlan: left promiscuous mode
[ 6426.651320][ T6416] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6428.960011][ T6416] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6430.970914][ T6416] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6432.611823][ T6416] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6459.401989][ T6416] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6459.755968][ T6416] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6459.946332][ T6416] bond0 (unregistering): Released all slaves
[ 6463.637448][ T6416] hsr_slave_0: left promiscuous mode
[ 6463.945907][ T6416] hsr_slave_1: left promiscuous mode
[ 6464.559723][ T6416] veth1_macvtap: left promiscuous mode
[ 6464.570836][ T6416] veth0_macvtap: left promiscuous mode
[ 6464.621677][ T6416] veth1_vlan: left promiscuous mode
[ 6464.627121][ T6416] veth0_vlan: left promiscuous mode
[ 6529.172739][ T6383] veth0_vlan: entered promiscuous mode
[ 6530.208185][ T6383] veth1_vlan: entered promiscuous mode
[ 6533.346803][ T6383] veth0_macvtap: entered promiscuous mode
[ 6533.782381][ T6383] veth1_macvtap: entered promiscuous mode
[ 6537.134115][ T4140] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6537.135491][ T4140] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6537.168543][ T4140] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6537.207639][ T4140] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6543.920974][ T6391] veth0_vlan: entered promiscuous mode
[ 6545.292037][ T6391] veth1_vlan: entered promiscuous mode
[ 6549.558053][ T6391] veth0_macvtap: entered promiscuous mode
[ 6550.677226][ T6391] veth1_macvtap: entered promiscuous mode
[ 6555.630550][ T6346] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6555.779563][ T6346] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6555.790012][ T6346] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6555.929946][ T6478] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6919.769120][ T3393] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6922.477818][ T3393] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6924.935725][ T3393] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6927.398675][ T3393] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6951.620412][ T3393] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6951.760636][ T3393] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6951.878764][ T3393] bond0 (unregistering): Released all slaves
[ 6955.335452][ T3393] hsr_slave_0: left promiscuous mode
[ 6955.805952][ T3393] hsr_slave_1: left promiscuous mode
[ 6956.537966][ T3393] veth1_macvtap: left promiscuous mode
[ 6956.548057][ T3393] veth0_macvtap: left promiscuous mode
[ 6956.555037][ T3393] veth1_vlan: left promiscuous mode
[ 6956.579879][ T3393] veth0_vlan: left promiscuous mode
[ 6995.266191][ T3393] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6996.898957][ T3393] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6998.501945][ T3393] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6999.701326][ T3393] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7019.119162][ T3393] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 7019.320053][ T3393] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 7019.407030][ T3393] bond0 (unregistering): Released all slaves
[ 7020.730247][ T3393] hsr_slave_0: left promiscuous mode
[ 7020.766472][ T3393] hsr_slave_1: left promiscuous mode
[ 7020.960485][ T3393] veth1_macvtap: left promiscuous mode
[ 7020.969565][ T3393] veth0_macvtap: left promiscuous mode
[ 7020.980947][ T3393] veth1_vlan: left promiscuous mode
[ 7020.990436][ T3393] veth0_vlan: left promiscuous mode
[ 7079.450935][ T6785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7080.571867][ T6785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7081.467254][ T6793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7082.688895][ T6793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7115.551405][ T6785] hsr_slave_0: entered promiscuous mode
[ 7115.638971][ T6785] hsr_slave_1: entered promiscuous mode
[ 7118.289519][ T6793] hsr_slave_0: entered promiscuous mode
[ 7118.355299][ T6793] hsr_slave_1: entered promiscuous mode
[ 7118.396353][ T6793] debugfs: 'hsr0' already exists in 'hsr'
[ 7118.399490][ T6793] Cannot create hsr debugfs directory
[ 7137.550443][ T6785] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 7138.372778][ T6785] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 7138.956681][ T6785] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 7139.609797][ T6785] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 7145.276575][ T6793] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 7145.826085][ T6793] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 7146.541738][ T6793] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 7147.126911][ T6793] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 7177.131464][ T6785] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7186.469096][ T6793] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7340.962557][ T6785] veth0_vlan: entered promiscuous mode
[ 7342.460691][ T6785] veth1_vlan: entered promiscuous mode
[ 7347.126551][ T6785] veth0_macvtap: entered promiscuous mode
[ 7349.036683][ T6785] veth1_macvtap: entered promiscuous mode
[ 7351.119824][ T6793] veth0_vlan: entered promiscuous mode
[ 7353.999806][ T6793] veth1_vlan: entered promiscuous mode
[ 7357.325009][ T6416] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7357.348156][ T6416] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7357.388725][ T6416] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7357.440363][ T6007] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7363.247146][ T6793] veth0_macvtap: entered promiscuous mode
[ 7365.006172][ T6793] veth1_macvtap: entered promiscuous mode
[ 7370.777246][ T6478] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7370.780766][ T6478] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7370.955751][ T6478] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7371.124565][ T6416] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7779.701412][ T7154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7780.311889][ T7154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7798.918994][ T7162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7799.578023][ T7162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7842.416297][ T7154] hsr_slave_0: entered promiscuous mode
[ 7842.648980][ T7154] hsr_slave_1: entered promiscuous mode
[ 7842.847309][ T7154] debugfs: 'hsr0' already exists in 'hsr'
[ 7842.870649][ T7154] Cannot create hsr debugfs directory
[ 7864.048465][ T7162] hsr_slave_0: entered promiscuous mode
[ 7864.160496][ T7162] hsr_slave_1: entered promiscuous mode
[ 7864.331094][ T7162] debugfs: 'hsr0' already exists in 'hsr'
[ 7864.338007][ T7162] Cannot create hsr debugfs directory
[ 7901.008475][ T7154] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 7902.987129][ T7154] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 7904.146194][ T7154] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 7905.706780][ T7154] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 7918.768583][ T7162] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 7919.815972][ T7162] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 7920.859378][ T7162] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 7921.869134][ T7162] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 7967.689360][ T7154] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7982.306885][ T7162] 8021q: adding VLAN 0 to HW filter on device bond0
[ 8039.178615][   T26] INFO: task syz.7.796:7139 blocked for more than 430 seconds.
[ 8039.221539][   T26]       Not tainted syzkaller #0
[ 8039.279143][   T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 8039.295126][   T26] task:syz.7.796       state:D stack:0     pid:7139  tgid:7139  ppid:6793   task_flags:0x400040 flags:0x00000011
[ 8039.296843][   T26] Call trace:
[ 8039.297351][   T26]  __switch_to+0x584/0xb00 (T)
[ 8039.299664][   T26]  __schedule+0x1da4/0x3678
[ 8039.300777][   T26]  schedule+0xac/0x27c
[ 8039.301324][   T26]  schedule_timeout+0x68/0x1ec
[ 8039.301808][   T26]  do_wait_for_common+0x28c/0x440
[ 8039.302231][   T26]  wait_for_completion+0x44/0x5c
[ 8039.302763][   T26]  __synchronize_srcu+0x2a4/0x320
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 8039.515382][   T26]  synchronize_srcu+0x3d0/0x4f8
[ 8039.516055][   T26]  mmu_notifier_unregister+0x320/0x428
[ 8039.517039][   T26]  kvm_put_kvm+0x698/0xbe0
[ 8039.517518][   T26]  kvm_vm_release+0x58/0x78
[ 8039.518012][   T26]  __fput+0x4ac/0x978
[ 8039.518526][   T26]  ____fput+0x20/0x58
[ 8039.519040][   T26]  task_work_run+0x1b8/0x250
[ 8039.519597][   T26]  exit_to_user_mode_loop+0x110/0x188
[ 8039.520182][   T26]  el0_svc+0x17c/0x238
[ 8039.520652][   T26]  el0t_64_sync_handler+0x84/0x12c
[ 8039.521108][   T26]  el0t_64_sync+0x198/0x19c
[ 8039.522754][   T26] 
[ 8039.522754][   T26] Showing all locks held in the system:
[ 8039.688936][   T26] 1 lock held by khungtaskd/26:
[ 8039.689429][   T26]  #0: ffff800087c971f8 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44
[ 8039.692094][   T26] 1 lock held by syslogd/3131:
[ 8039.692491][   T26] 3 locks held by dhcpcd/3172:
[ 8039.692839][   T26] 2 locks held by getty/3200:
[ 8039.835757][   T26]  #0: 65f00000127ca8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 8039.837718][   T26]  #1: 41ff80008ca2b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234
[ 8039.839425][   T26] 2 locks held by syz-executor/3333:
[ 8039.839804][   T26] 3 locks held by kworker/u4:2/3348:
[ 8039.840123][   T26] 3 locks held by kworker/u4:3/3392:
[ 8039.840443][   T26] 2 locks held by kworker/u4:5/3393:
[ 8039.840743][   T26]  #0: 83f000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7f8/0x1d94
[ 8039.842707][   T26]  #1: ffff80008feb7ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x884/0x1d94
[ 8039.996514][   T26] 2 locks held by kworker/u4:9/4140:
[ 8039.996860][   T26] 3 locks held by kworker/u4:7/5193:
[ 8039.997169][   T26] 3 locks held by kworker/u4:8/6416:
[ 8039.997494][   T26] 2 locks held by kworker/u4:11/6478:
[ 8039.997797][   T26] 5 locks held by kworker/u4:12/6482:
[ 8039.998097][   T26] 3 locks held by kworker/u4:1/6784:
[ 8039.998446][   T26] 2 locks held by kworker/u4:13/6967:
[ 8039.998756][   T26]  #0: 83f000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7f8/0x1d94
[ 8040.001149][   T26]  #1: ffff80008ec17ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x884/0x1d94
[ 8040.002760][   T26] 2 locks held by syz.6.795/7135:
[ 8040.214731][   T26] 3 locks held by kworker/u4:10/7221:
[ 8040.215207][   T26] 1 lock held by modprobe/7318:
[ 8040.215562][   T26] 1 lock held by modprobe/7319:
[ 8040.216122][   T26] 
[ 8040.216853][   T26] =============================================
[ 8040.216853][   T26] 
[ 8040.217851][   T26] Kernel panic - not syncing: hung_task: blocked tasks
[ 8040.224809][   T26] CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT 
[ 8040.226311][   T26] Hardware name: linux,dummy-virt (DT)
[ 8040.227304][   T26] Call trace:
[ 8040.228153][   T26]  show_stack+0x2c/0x3c (C)
[ 8040.229219][   T26]  __dump_stack+0x30/0x40
[ 8040.230240][   T26]  dump_stack_lvl+0x30/0x12c
[ 8040.231303][   T26]  dump_stack+0x1c/0x28
[ 8040.232324][   T26]  vpanic+0x4d0/0x848
[ 8040.233208][   T26]  vpanic+0x0/0x848
[ 8040.234066][   T26]  hung_task_panic+0x0/0x2c
[ 8040.235013][   T26]  kthread+0x4d4/0x51c
[ 8040.235978][   T26]  ret_from_fork+0x10/0x20
[ 8040.237853][   T26] Kernel Offset: disabled
[ 8040.238660][   T26] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f
[ 8040.239864][   T26] Memory Limit: none
[ 8040.242100][   T26] Rebooting in 86400 seconds..