last executing test programs:

1m21.540288121s ago: executing program 1 (id=780):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000200)={0x7})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x5000, 0x0, 0x2, 0xffffffffffffffff, 0x1})
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x7fffffff)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000200)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x3, 0x1, 0x0})
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r5, 0x5000003, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000e5d000/0x3000)=nil, r5, 0x1, 0x4000010, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x4c00, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x4003831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x2, 0x4003831, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x3000007, 0x2012, r10, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x2000007, 0x2012, r10, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
ioctl$KVM_SET_GUEST_DEBUG(r13, 0x4208ae9b, 0xfffffffffffffffe)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)

1m16.454142996s ago: executing program 0 (id=781):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x7, 0x5e5, &(0x7f00000000c0)=0x7f})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000036000/0x4000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000025000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4020ae46, &(0x7f0000000000)=ANY=[@ANYRES64=r0])

1m3.739744624s ago: executing program 0 (id=782):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x2000)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, r1, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
ioctl$KVM_CREATE_VM(r8, 0x4030582a, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x59)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xe6)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r11, 0x100000c, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0)

1m3.172914508s ago: executing program 1 (id=783):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
r1 = syz_kvm_add_vcpu(0x0, &(0x7f0000000400)={0x0, &(0x7f0000000000)=[@its_setup={0x7, 0x28, {0x0, 0x0, 0x1b4}}, @code={0x1, 0x6c, {"0030005f407f88d20040b8f2c10080d2c20180d2030080d2c40080d2020000d4000028d5208b84d200a0b8f2010180d2a20080d2630180d2840180d2020000d40048216e007008d5000000b4008008d5000080d2000000b4"}}, @irq_setup={0x5, 0x18, {0x1, 0x327}}, @its_setup={0x7, 0x28, {0x0, 0x3, 0x50}}, @hvc={0x4, 0x40, {0x4, [0xcee, 0xca, 0x8, 0x3, 0x8000000000000000]}}, @msr={0x2, 0x20, {0x603000000013da16, 0x2}}, @irq_setup={0x5, 0x18, {0x0, 0x329}}, @uexit={0x0, 0x18, 0xffffffffffffff7f}, @hvc={0x4, 0x40, {0x30000000, [0x270, 0x4, 0x0, 0x915d, 0x6]}}, @irq_setup={0x5, 0x18, {0x0, 0x13b}}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0x8, 0x28, {0x3, 0x0, 0x1, 0xe, 0x2, 0x81, 0x1}}, @its_send_cmd={0x8, 0x28, {0x4, 0x1, 0x2, 0x8, 0x6, 0x8, 0x3}}, @uexit={0x0, 0x18, 0x8}, @its_send_cmd={0x8, 0x28, {0xd, 0x1, 0x4, 0xc, 0x3f1, 0x3, 0x1}}, @irq_setup={0x5, 0x18, {0x1, 0x2d0}}, @smc={0x3, 0x40, {0xc5000021, [0x0, 0x2, 0x9, 0xffffffff, 0x800]}}, @uexit={0x0, 0x18, 0x100000001}, @memwrite={0x6, 0x30, @generic={0x1000, 0x404, 0x3, 0xb}}, @msr={0x2, 0x20, {0x603000000013e21a, 0x6}}, @uexit={0x0, 0x18}, @msr={0x2, 0x20, {0x603000000013c2a9, 0x8000000000000000}}, @msr={0x2, 0x20, {0x603000000013c288}}, @memwrite={0x6, 0x30, @vgic_gits={0x8080000, 0x20020, 0x0, 0x5}}, @its_setup={0x7, 0x28, {0x1, 0x1, 0x2b5}}], 0x3d4}, &(0x7f0000000440)=[@featur2={0x1, 0x43}], 0x1)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000580)=[{0x0, &(0x7f0000000480)=[@msr={0x2, 0x20, {0x603000000013803f, 0x6}}, @hvc={0x4, 0x40, {0x84000002, [0x8001, 0x2, 0xffffffffffffa082, 0x8, 0x1]}}, @hvc={0x4, 0x40, {0x3f000000, [0x5, 0x4, 0x3, 0x8000, 0x5]}}, @smc={0x3, 0x40, {0xc4000053, [0x80000001, 0xffffffffffffffff, 0xab7, 0x3, 0x1ff]}}], 0xe0}], 0x1, 0x0, &(0x7f00000005c0)=[@featur1={0x1, 0x45}], 0x1) (async)
r2 = eventfd2(0x200, 0x80001)
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000600)={r2})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x44440, 0x0) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f0000000680))
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000d40000/0x1000)=nil, r5, 0x4, 0x30, r1, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
ioctl$KVM_CAP_PMU_CAPABILITY(r0, 0x4068aea3, &(0x7f0000000700)={0xd4, 0x0, 0x9}) (async)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000780)={0x8, 0x0, 0x2, r2, 0x8})
ioctl$KVM_CAP_X86_GUEST_MODE(r6, 0x4068aea3, &(0x7f00000007c0))
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r0, 0x4068aea3, &(0x7f0000000840)={0xed, 0x0, 0xe3})
openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x8600, 0x0)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000900)={r2, 0x2, 0x0, r2}) (async)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r0, 0x4020aed2, &(0x7f0000000940)={0x5000, 0x100000, 0x8}) (async)
r7 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) (async)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r6, 0x4068aea3, &(0x7f0000000980)={0xe4, 0x0, 0x7200}) (async)
r8 = syz_kvm_add_vcpu(0x0, &(0x7f0000000b40)={0x0, &(0x7f0000000a00)=[@irq_setup={0x5, 0x18, {0x1, 0x327}}, @code={0x1, 0xb4, {"007008d5005e92d20020b0f2610180d2620080d2630080d2840080d2020000d460d682d20020b0f2c10080d2020180d2630180d2e40080d2020000d4e0ee93d200c0b8f2210180d2820080d2830180d2e40080d2020000d4007008d5000028d50048212e00c0204e406e94d20060b0f2a10180d2020080d2a30180d2a40080d2020000d4c07095d20000b8f2010180d2a20180d2630180d2a40180d2020000d4"}}, @its_send_cmd={0x8, 0x28, {0xa, 0x0, 0x1, 0x2, 0x2c31, 0x200, 0x1}}, @its_send_cmd={0x8, 0x28, {0x1, 0x0, 0x1, 0xf, 0x7fff, 0x0, 0x4}}], 0x11c}, &(0x7f0000000b80)=[@featur1={0x1, 0x23}], 0x1)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000bc0)={0x3, 0x42})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c00), 0x8000, 0x0) (async)
syz_kvm_setup_cpu$arm64(r6, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000001000)=[{0x0, &(0x7f0000000c40)=[@hvc={0x4, 0x40, {0x84000052, [0x1c000, 0xd00000000000, 0x9, 0x9, 0xda3]}}, @msr={0x2, 0x20, {0x603000000013df57}}, @uexit={0x0, 0x18, 0xffffffffffffff7f}, @uexit={0x0, 0x18, 0x7fffffff}, @msr={0x2, 0x20, {0x603000000013df58, 0xfffffffffffffffc}}, @smc={0x3, 0x40, {0xc400000e, [0x1, 0x5, 0x100000000, 0x9, 0x6ca7ab90]}}, @code={0x1, 0xb4, {"0000029e20fb86d20080b0f2a10080d2a20180d2230080d2e40180d2020000d440cf97d200a0b0f2810080d2a20180d2230180d2840080d2020000d40000209e007008d5a03494d20000b0f2610180d2e20080d2630180d2840180d2020000d4000008d540e696d20000b0f2e10080d2c20180d2230180d2a40080d2020000d4e0a588d200e0b0f2210180d2620080d2030180d2040080d2020000d4000028d5"}}, @its_send_cmd={0x8, 0x28, {0x9, 0x1, 0x0, 0xc, 0x0, 0x4b}}, @smc={0x3, 0x40, {0x4000000, [0x3, 0x8000000000000001, 0x3, 0x9, 0x4]}}, @msr={0x2, 0x20, {0x6030000000138036, 0x33}}, @msr={0x2, 0x20, {0x603000000013e6c4, 0xfffffffffffffff9}}, @uexit={0x0, 0x18, 0x3f6}, @its_send_cmd={0x8, 0x28, {0xe, 0x0, 0x4, 0xd, 0x0, 0x2, 0x3}}, @its_setup={0x7, 0x28, {0x2, 0x0, 0xa2}}, @irq_setup={0x5, 0x18, {0x1, 0x2fe}}, @code={0x1, 0x6c, {"0000251e205092d200a0b8f2610080d2020180d2430180d2240180d2020000d4007008d50030200e0000689e000c407c0000009a405995d20000b8f2a10180d2e20180d2030080d2040080d2020000d41020601e008008d5"}}, @its_setup={0x7, 0x28, {0x2, 0x0, 0x2bf}}, @uexit={0x0, 0x18, 0x3}, @smc={0x3, 0x40, {0x2, [0x8, 0x5, 0x2, 0xb, 0x800]}}], 0x3b8}], 0x1, 0x0, &(0x7f0000001040)=[@featur1={0x1, 0x8}], 0x1) (async)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r0, 0x4010aeb5, &(0x7f0000001080)={0x0, 0x7fff}) (async)
ioctl$KVM_RUN(r1, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000d3d000/0x2000)=nil, r5, 0x2, 0x4000010, r7, 0x0)
syz_kvm_add_vcpu(0x0, &(0x7f0000001500)={0x0, &(0x7f00000010c0)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80e0000, 0xd00, 0xd}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x3000, 0x5ad7, 0x2}}, @hvc={0x4, 0x40, {0x84000002, [0xd3, 0x4, 0x32, 0x782b, 0x80000000]}}, @irq_setup={0x5, 0x18, {0x1, 0x3b}}, @memwrite={0x6, 0x30, @vgic_gicr={0x80c0000, 0x40, 0x9, 0x2}}, @irq_setup={0x5, 0x18, {0x4, 0x5e}}, @smc={0x3, 0x40, {0x8400000f, [0x5, 0x7fff, 0x7, 0x3, 0x2]}}, @its_send_cmd={0x8, 0x28, {0x0, 0x0, 0x0, 0x6, 0x4, 0x1ff, 0x2}}, @code={0x1, 0x84, {"000028d5e08485d200c0b0f2e10080d2020180d2e30180d2840180d2020000d4007008d50024000f0034002f00000054008008d50060e00d400e9ed200a0b8f2c10080d2c20180d2a30080d2c40080d2020000d460c195d200a0b0f2e10180d2e20080d2c30080d2a40180d2020000d4"}}, @msr={0x2, 0x20, {0x603000000013e6c1, 0x6}}, @msr={0x2, 0x20, {0x603000000013e710, 0x180000000000}}, @irq_setup={0x5, 0x18, {0x4, 0x1a0}}, @smc={0x3, 0x40, {0xc4000012, [0x7fffffffffffffff, 0xfffffffffffffff9, 0x5, 0x800, 0x3]}}, @smc={0x3, 0x40, {0xc5000020, [0xb40, 0x0, 0x0, 0x0, 0x80000000]}}, @uexit={0x0, 0x18, 0xfffffffffffffff8}, @its_setup={0x7, 0x28, {0x0, 0x0, 0x10a}}, @code={0x1, 0x6c, {"80208ad200a0b0f2810180d2e20080d2630080d2e40180d2020000d40020202e000820380020ff0d0000391e000000c8000028d5007008d560258bd20040b0f2010180d2e20180d2c30080d2040180d2020000d40004007c"}}, @its_send_cmd={0x8, 0x28, {0x1, 0x1, 0x4, 0xe, 0x1ff}}, @code={0x1, 0x6c, {"40c197d200c0b0f2210180d2e20080d2830080d2040180d2020000d400c0200ee06189d20060b0f2010080d2620180d2630180d2e40080d2020000d4008008d5000028d50000004a00d4202e0000002f0048210e000008d5"}}], 0x404}, &(0x7f0000001540)=[@featur2={0x1, 0x19}], 0x1)

55.034032581s ago: executing program 1 (id=784):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_kvm_vgic_v3_setup(r1, 0x10001, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000040)=@attr_other={0x0, 0x5, 0x8, &(0x7f0000000180)=0x6c03})
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r4 = eventfd2(0x0, 0x80000)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, 0x930, 0x0, 0x110, r4, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
r7 = syz_kvm_add_vcpu(0x0, &(0x7f0000000900)={0x0, &(0x7f0000000bc0)=[@uexit={0x0, 0x18, 0x9}, @memwrite={0x6, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x4, 0x5}}, @its_send_cmd={0x8, 0x28, {0x5, 0x1, 0x2, 0xb, 0x100, 0x3, 0x1}}, @code={0x1, 0xb4, {"000028d5007008d500e0e00d60ca9bd20040b8f2c10080d2020080d2c30180d2040080d2020000d400d683d20020b8f2410180d2c20180d2a30180d2a40180d2020000d4e0bf8ad20040b8f2c10080d2020080d2030180d2840080d2020000d4007008d5a03197d20000b8f2c10180d2c20180d2230180d2040180d2020000d400c0631ee07087d20020b8f2a10080d2220080d2830080d2440080d2020000d4"}}, @irq_setup={0x5, 0x18, {0x2, 0x15e}}, @its_setup={0x7, 0x28, {0x1, 0x4, 0x19a}}, @smc={0x3, 0x40, {0xc5000021, [0x1, 0x4, 0x5000000, 0x8000000000000001, 0xbe]}}, @smc={0x3, 0x40, {0x32000000, [0x7, 0xde96, 0x9, 0xfffffffffffffff8, 0x1]}}, @code={0x1, 0xb4, {"c02a8dd20040b8f2a10080d2a20080d2630180d2640180d2020000d40090204e00040078007008d5808085d200a0b0f2210080d2a20180d2e30080d2a40180d2020000d4a03f90d200c0b8f2210080d2220180d2630080d2e40080d2020000d40000208b000028d540218dd20000b8f2210180d2820180d2830180d2840180d2020000d4c0d685d200e0b0f2010180d2820180d2830180d2840080d2020000d4"}}, @smc={0x3, 0x40, {0x400, [0x8, 0x5, 0x2, 0x4, 0x9]}}, @its_send_cmd={0x8, 0x28, {0x1, 0x1, 0x2, 0x8, 0x7, 0x7, 0x1}}, @code={0x1, 0x6c, {"000028d50010202e40ed83d20080b0f2610180d2220180d2830180d2c40180d2020000d4007008d50004000f00008013000040fd007008d50000609e600e9ad20060b8f2c10180d2a20080d2830080d2040180d2020000d4"}}, @irq_setup={0x5, 0x18, {0x2, 0x52}}, @code={0x1, 0x9c, {"000008d500569dd200a0b8f2610180d2220080d2830080d2c40080d2020000d4a05e94d200e0b8f2c10080d2420180d2a30180d2040180d2020000d4007008d560789bd200c0b8f2210180d2e20180d2e30180d2c40180d2020000d4c0d897d200c0b0f2e10180d2a20180d2c30180d2040080d2020000d4007008d5007008d5000008d5008008d5"}}, @irq_setup={0x5, 0x18, {0x4, 0x97}}, @hvc={0x4, 0x40, {0x84000004, [0x6, 0x9, 0x6, 0x4, 0x100000001]}}, @hvc={0x4, 0x40, {0xc4000003, [0xffffffff, 0x8, 0x9, 0xffffffffffffa405, 0x5]}}, @its_setup={0x7, 0x28, {0x0, 0x4, 0xf}}, @hvc={0x4, 0x40, {0x84000012, [0x8, 0x3, 0x74a81486, 0x401, 0x800]}}, @uexit={0x0, 0x18, 0x401}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x100, 0x4, 0xa}}], 0x568}, &(0x7f0000000940)=[@featur2], 0x1)
mmap$KVM_VCPU(&(0x7f0000de6000/0x3000)=nil, r6, 0x3000008, 0x1010, r7, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000fe9000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000f3d000/0x4000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x100010, 0xffffffffffffffff, 0x0)
r8 = syz_kvm_add_vcpu(0x0, &(0x7f0000000300)={0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="060000000000000030000000000000000000000800000000000d0000000000000400000000000000040000000000000004000000000000004000000000000000100000000000000000100000000000000600000000000000fdffffffffffffff070000000000000007000000000000000400000000000000400000000000000000000000000040000000000000000400000000000000080000000000000008000000000000000600000000000000300000000000000000000008000000000800000000000000044af20000000000000000000000000000000200000000000000200000000000000080c01300000030600300000000000000040000000000000040000000000000000000000400000000af7b00000000000007000000000000003805000000000000ffff0000000000004700000000000000080000000000000028000000000000000a010300000000000000000800000010000000000000000001000000000000009c00000000000000000400bc000c80380000409b20ef9bd200a0b0f2610080d2420180d2830080d2440080d2020000d400b08ad27572b0f2810180d2620180d2430180d2440180d2020000d420bb9dd20000b8f221000400000080d2230180d2040180d2020000d4a0dc9cd20080b0f2610080d2a20080d2c30180d2c40080d2020000d40000409b00e4002f0000681ec0035fd60000000000000000180000000000000006000000000000000300000000000000400000000000000040000000000000000f0000000000000000000000000000000600000000000000ffffffffffffff7f08000000000000000200000000000000200000000000000030c2130000003060f7ffffffffffffff01000000000000008400000000000000000040ad00a98cd20020b8f2010180d2a20080d2e30180d2c40180d2020000d4000000f8008008d50070005f007008d540cb8ed200e0b0f2610180d2220180d2830080d2e40180d2020000d4008008d50000af9e402994d20000b0f2c10180d2420080d2e30080d2040180d2020000d4c00300"/768], 0x300}, &(0x7f0000000340)=[@featur1={0x1, 0x20}], 0x1)
ioctl$KVM_S390_VCPU_FAULT(r8, 0x4008ae52, &(0x7f0000000380)=0x80000000)
ioctl$KVM_SET_FPU(r7, 0x4000ae8d, &(0x7f0000000980)={'\x00', 0xfff, 0xf9eb, 0x8, 0x0, 0x5, 0x8080000, 0xf000, '\x00', 0x3})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000b80)=@other={0x71c, &(0x7f0000000b40)=0xf})
munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000647000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)

49.544784889s ago: executing program 0 (id=785):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x88000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r1, 0x29c, 0x3}) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0) (async)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x40}], 0x1, 0x0, 0x0, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000180)=ANY=[], 0xfd84}], 0x1, 0x0, 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000d0e000/0x13000)=nil, r2, 0x3, 0x40010, r6, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_IRQCHIP(r8, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @ioapic={0x3000, 0x377, 0x8, 0xaa, 0x0, [{0x3, 0x95, 0x4, '\x00', 0xcf}, {0x2b, 0xb0, 0x5, '\x00', 0x1}, {0x7, 0x6, 0xe, '\x00', 0x2}, {0xc3, 0x7, 0x8, '\x00', 0xda}, {0x3, 0xe, 0x8, '\x00', 0x5}, {0x8, 0x7, 0x9, '\x00', 0x7}, {0xb, 0x6, 0x8, '\x00', 0x69}, {0x38, 0x40, 0x10, '\x00', 0x4}, {0xff, 0x4, 0x5, '\x00', 0x2}, {0x7, 0x4, 0x11, '\x00', 0x7}, {0x3, 0x5, 0x0, '\x00', 0x3}, {0x9, 0xfc, 0x5, '\x00', 0xd8}, {0x5, 0x1, 0x5d}, {0x0, 0x19, 0x80, '\x00', 0x3}, {0x7, 0x3, 0xfa, '\x00', 0x5}, {0xa5, 0x3, 0x1, '\x00', 0x10}, {0x2, 0x2, 0xb9, '\x00', 0x3}, {0xfb, 0xfa, 0x1e, '\x00', 0x9}, {0x2, 0x5, 0x4, '\x00', 0x1}, {0x40, 0x9, 0x0, '\x00', 0x7}, {0x9, 0x7, 0x34, '\x00', 0x2}, {0x5, 0x9, 0xcf, '\x00', 0x7}, {0x4, 0x2, 0x18, '\x00', 0xf2}, {0x6, 0x93, 0x3}]}}) (async)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000340)={0x5}) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x1ff, 0x0, 0x0, 0x2000, &(0x7f0000c22000/0x2000)=nil})

41.818005171s ago: executing program 1 (id=786):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000240)={0x5, 0x4000000, 0x2}})
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x5) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f00000002c0)={0xa8, 0x0, 0x2})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5}) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013c028, &(0x7f0000000000)=0x7fff})
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000001c0)=[{0x0, &(0x7f0000000380)=[@irq_setup={0x5, 0x18, {0x4, 0x3b9}}, @its_send_cmd={0x8, 0x28, {0xe, 0x0, 0x4, 0xe, 0xd, 0x7, 0x1}}, @memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0x380, 0x0, 0xc}}, @smc={0x3, 0x40, {0x32000000, [0x10000, 0xf5, 0x1, 0x0, 0x8]}}, @msr={0x2, 0x20, {0x603000000013e66a, 0x9}}, @irq_setup={0x5, 0x18, {0x0, 0x34e}}, @its_send_cmd={0x8, 0x28, {0x4, 0x0, 0x1, 0x5, 0x2, 0x5, 0x1}}, @uexit={0x0, 0x18}, @its_setup={0x7, 0x28, {0x1, 0x0, 0x3b}}, @hvc={0x4, 0x40, {0x84000007, [0x70, 0x9, 0x5, 0x7fff, 0x8000000000000001]}}, @irq_setup={0x5, 0x18, {0x4, 0xea}}, @its_setup={0x7, 0x28, {0x2, 0x3, 0x335}}, @its_send_cmd={0x8, 0x28, {0x3, 0x1, 0x1, 0x0, 0x3, 0x9, 0x3}}, @its_send_cmd={0x8, 0x28, {0xb, 0x5, 0x0, 0x2, 0x2, 0x5, 0x3}}, @irq_setup={0x5, 0x18, {0x3, 0x3b2}}, @its_setup={0x7, 0x28, {0x4, 0x0, 0x213}}, @irq_setup={0x5, 0x18, {0x3, 0x11c}}, @its_setup={0x7, 0x28, {0x4, 0x4, 0xe6}}, @memwrite={0x6, 0x30, @vgic_gits={0x8080000, 0xffe0, 0x0, 0x8}}, @smc={0x3, 0x40, {0x84004008, [0x4, 0x0, 0xffffffffffffff7f, 0x3, 0x7]}}, @code={0x1, 0x9c, {"007008d5000c803c007008d50060200d20e69fd20000b8f2c10180d2220080d2a30080d2a40180d2020000d4000028d50000805280ef99d20040b8f2410080d2a20180d2030080d2c40080d2020000d4609583d200a0b0f2010180d2c20180d2830180d2240080d2020000d4400083d200e0b8f2c10180d2620080d2a30080d2a40180d2020000d4"}}, @smc={0x3, 0x40, {0x8200ff54, [0x6c, 0x6, 0x4a, 0xa2, 0x76]}}], 0x3ec}], 0x1, 0x0, &(0x7f0000000200), 0x1) (async, rerun: 32)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000080)=@arm64_core={0x6030000000100048, &(0x7f0000000040)=0x5}) (rerun: 32)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) (async)
r8 = syz_kvm_setup_syzos_vm(r7, &(0x7f000015f000/0x400000)=nil)
r9 = syz_kvm_add_vcpu(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000000)=0x1000000000000})
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xf343, 0x7f}})

34.390519991s ago: executing program 0 (id=787):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x20000000)
write$eventfd(r3, &(0x7f0000000000), 0xfffffdef)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000)
write$eventfd(r5, &(0x7f0000000000), 0xfffffdef)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x300000e, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x181fc, 0x0, 0x100000, 0x1000, &(0x7f0000858000/0x1000)=nil})

28.37328622s ago: executing program 1 (id=788):
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0x4, 0x1, 0x0, 0x0, @msi={0x3, 0x7, 0x5, 0xb64c}}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
syz_kvm_add_vcpu(0x0, &(0x7f0000000600)={0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="020000000000000020000000000000004f8013000000306000000000000000000400000000000000400000000000000010000084000000000001000000000000060000000000000006000000000000000800000000000000000000009000000001004000000000006c00000000000000000008d5007008d5000028d5007008d5007008d560048ed20080b0f2410080d2020080d2a30180d2e40080d2020000d40058202e000028d5008d9ad20020b0f2410080d2220080d2430180d2a40180d2020000d4000028d5c0035fd6040000000000000040000000000000000e00008400000000020000000000000003000000000000000600000000000000ffffffffffffff7f10000000000000000700000000000000280000000000000001000000000000000300000000000000aa02000000000000030000000000000040000000000000000008000000000000000000000000000008000000000000000300000000000000050000000000edff02000000000000000700000000000000280000000000000000000000000000000200000000000000c200000000000000000000000000000018000000000000000600000000000000000000000000000018000000000000000010000000000000080000000000000028000000000000000e01030000000d00000005000000010000000300000000000200000000000000200000000000000064c6130000003060010000000000000004000000000000004000000000000000000000010000000000020000000000000000000000000000010000000000000007000000000000000200000000000000010000000000000054000000000000000020600d00f8a00e008008d5007008d500a4200d00000028000040f8008c202e609094d20000b8f2610080d2e20080d2e30080d2040080d2020000d4005b2e1654003dd6f800000000000000280000000000000001000000000000000400000000000000e50300000000000002000000000000002000000000000000e3dc13000000306005000000000000000300000000000000400000000000000000000031000000009900000000000000040000000000000026fe000000000000fcffffffffffffff070000000000000006000000000000003000000000000000000000080000000000160000000000000700000000000000080000000000000002000000cb48000020000000000000000000000000000000000000000000000001000000000000009c00000000000000c00a98d20000b0f2410080d2220180d2a30080d2440180d2020000d4409b96d200e0b8f2810180d2820180d2e30180d2240180d2020000d4007008d5007008d5402484d200c0b0f2610180d2820080d2030080d2240180d2020000d4007008d50068212e000028d5007008a03f0a2dcefd5607b4be4890d5a04f8dd20040b8f2810080d2c20180d2230080d2c40080d2020000d4c0035fd6000000000000000018000000000000000d04000000000000050000000000000018000000000000000200000099000000040000000000000040000000000000000d0000c400000000060000000000000008000000000000000000000000000000000000000000000006000000000000000700000000000000280000000000000004000000000000000200000000000000fd010000000000000100000000000000b400000000000000008008d50000791ec0bb81d200e0b8f2010180d2c20080d2230180d2e40180d2020000d400fc002f007008d5007008d5e09897d20020b0f2c10080d2a20080d2a30180d2a40180d2020000d4201688d200c0b8f2610180d2820080d2030100d2040080d2020000d400d495d20040b0f2610080d2e20080d2830180d2e40080d2020000d4007f98d20020b0f2c10180d2020080d2e30080d2e40180d2020000d4c0035fd63220c52ffa44b67fa5953cebb3ed37b14f46e56f0ba941529d77bb6bb51ea71e2723e49d685450abc3fa17adb357293c2e8374ae74804391cca1287f8541f481f45cfb43cf80c6c4b25eae58b833b3fbbeadbc36cc09e056332712ddc06f8ed2f777228a0bec18b39b55ecdaed5d60052ff74b693d1638b03d9f56b15df53b8d8c03cd4b9d33a3ae43b690"], 0x568}, &(0x7f0000000640)=[@featur1={0x1, 0x13}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
munmap(&(0x7f0000738000/0x3000)=nil, 0x3000)
syz_kvm_add_vcpu(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="05000000000000001800000000000000040000007b000000060000000000000030000000000000000000100800000000400d000000000000030c00000000000000000000000000000300000000000000400000000000000000000031000000002600000000000000000800000000000002000000000000000800000000000000ffffffffffffffff020000000000000020000000000000004ac61300000030600800000000000000040000000000000040000000000000000e000084000000000400000000000000b80d000000000000000000000054090000000000000600000000000000300000000000000004000000000000003f0a00000000000008000000000000000a00000000000000000000000000000018000000000000000600000000000000060000000000000030000000000000000000000800000000001400000000000006000000000000000000000000000000000000000000000018000000000000000900000000000000050000000000000018000000000000000400000044010000030000000000000040000000000000000c0000c40000000005000000000000000a000000000000190500000000000000020000000000000009000000000000000000000000000000180000000000000007000000000000000400000000000000400000000000000000000005000000006b7a94700000000094540000000000002abd6c6e000000000300000000000000e00000000000000006000000000000003000000000000000000000080000000088f000000000000001000080000000000200000000000000030000000000000040000000000000000b000084000000000e00000000000000020000000000000006000000000000000400000000000000ff00000000000000040000000000000040000000000000001200008400000000ffffffffffffffff09000000000000008911000000000000000000000900000006000000000000000500000000000000180000000000000000000000f3000000000000000000000018000000000000008000"/776], 0x308}, &(0x7f0000000180)=[@featur1={0x1, 0x3}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x700000f, 0x100011, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xab)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000340)={0x5, 0x2})
r7 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x4003831, 0xffffffffffffffff, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x2000005, 0x2012, r9, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r11, 0x5000003, 0x80031, 0xffffffffffffffff, 0x0)

17.203359054s ago: executing program 0 (id=789):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x1ef240, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x7e)
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x4003831, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, r6, 0x2000003, 0x2012, r5, 0x0)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm(r9, &(0x7f0000c00000/0x400000)=nil)
eventfd2(0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
r12 = syz_kvm_add_vcpu(r11, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000005, 0x11, r13, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000100)={0xf000, 0x1d000, 0x1})

4.98553669s ago: executing program 1 (id=790):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x7, 0x28, {0x0, 0x1, 0x17}}, @memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x58}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000180)=@arm64_sys={0x603000000013c801, &(0x7f00000000c0)=0xfffffffffffffffa})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000)
mmap$KVM_VCPU(&(0x7f00008c9000/0x1000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r8 = syz_kvm_add_vcpu(0x0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="06000000000000003000000000000000000008080000000070ff000000000000ff010000000000000400000000000000080000000000000028000000000000000101000000000a00000063d210667a0000000100000000000500000000000000180000000000000002000000800200000200000000000000200000000000000034e513000000306009000000000000000500000000000000180000000000000000000000b6030000060000000000000030000000000000000000080800000000fcff000000000000040000000000000006000000000000000100000000000000b40000000000000000c0206e40548ed200a0b0f2410180d2420080d2030080d2e40080d2020000d4a0048bd20040b8f2410180d2c20080d2c30180d2c40180d2020000d4407286d20000b8f2210080d2820080d2430080d2840180d2020000d4000008d500c4200e000028d540a386d200e0b8f2610180d2c20180d2c30080d2e40080d2020000d460f898d200c0b0f2010180d2e20080d2030180d2040080d2020000d4007008d5c0035fd607000000000000002800000000000000040000000000000004000000000000002a010000000000000200000000000000200000000000000075801300000030608271000000000000020000000000000020000000000000009c801300000030600a00000000000000080000000000000028000000000000000b00030000000f00000001010000800000001800000000000000030000000000000000000000000000001800000000000000010000000000000001000000000000009c00000000000000a07683d20080b0f2c10180d2620080d2e30180d2e40180d2020000d40008203ca03b9fd20060b0f2e10180d2420180d2430080d2c40180d2020000d4c07297d20000b0f2a10180d2020180d2630080d2440180d2020000d4000080f9000008d520ff9cd20040b0f2610080d2c20180d2030180d2c40080d2020000d40020c01a007008d50054007fc0035fd603000000000000004000000000000000ff7f008000000000d60f000000000000080000000000000009000000000000000100000000000000eff80000000000000600000000000000300000000000000000000808000000000000000000000000010000000000000000000000000000000600000000000000300000000000000000000e0800000000d0ff0000000000000b0000000000000002000000000000000200000000000000200000000000000063df130000003060080000000000000007000000000000002800000000000000040000000000000001000000000000006800000000000000040000000000000040000000000000000180000000000000010000000000000000000000000000000700000000000000010000000000008003000000000000000600000000000000300000000000000000000c0800000000000d000000000000ff000000000000000900000000000000060000000000000030000000000000000000080800000000080000000000000000020000000000000200000000000000010000000000000084000000000000000008e078000028d5e08594d20060b8f2410080d2620180d2030180d2c40080d2020000d4007008d5007008d5000008d500fc007f60e18bd20040b0f2e10080d2e20080d2630180d2440080d2020000d4403d90d20040b0f2210080d2620080d2830080d2440180d2020000d4007008d5c0035fd600000000000000001800000000000000080000000000000007000000000000002800000000000000020000000000000003000000000000003003000000000000040000000000000040000000000000000900008400000000ffffff7f0000000005000000000000000a00000000000000feffffffffffffff040000000000000004000000000000004000000000000000000400000000000008000000000000000000000000000000090000000000000004000000000000000300000000000000030000000000000040000000000000000e0000c4000000000400000000000000010000000000000004000000000000000800000000000000070000000000000008000000000000002800000000000000010104000000040000000100008009000000070000000000050000000000000018000000000000000400000088010000"], 0x634}, &(0x7f0000000100)=[@featur2={0x1, 0x20}], 0x1)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000140)={0x4, 0x8})

0s ago: executing program 0 (id=791):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000140)={0x8000000}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000140)={0x8000000})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x401054d6, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x401054d6, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000000000000180000a580cf3de51675dd30fc000000"], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000100)={0x1fd, 0x3, 0xffff1000, 0x1000, &(0x7f0000e91000/0x1000)=nil})
syz_kvm_setup_cpu$arm64(r11, 0xffffffffffffffff, &(0x7f0000e90000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000180)=ANY=[], 0x130}], 0x1, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x0, 0x100000f, 0x1010, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:40170' (ED25519) to the list of known hosts.
[  723.810861][   T24] audit: type=1400 audit(722.660:69): avc:  denied  { name_bind } for  pid=3280 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  725.141934][   T24] audit: type=1400 audit(724.000:70): avc:  denied  { execute } for  pid=3282 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  725.184337][   T24] audit: type=1400 audit(724.030:71): avc:  denied  { execute_no_trans } for  pid=3282 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  753.078285][   T24] audit: type=1400 audit(751.930:72): avc:  denied  { mounton } for  pid=3282 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  753.142084][   T24] audit: type=1400 audit(751.990:73): avc:  denied  { mount } for  pid=3282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  753.266104][ T3282] cgroup: Unknown subsys name 'net'
[  753.331267][   T24] audit: type=1400 audit(752.190:74): avc:  denied  { unmount } for  pid=3282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  753.934164][ T3282] cgroup: Unknown subsys name 'cpuset'
[  754.123510][ T3282] cgroup: Unknown subsys name 'rlimit'
[  755.440538][   T24] audit: type=1400 audit(754.290:75): avc:  denied  { setattr } for  pid=3282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  755.465675][   T24] audit: type=1400 audit(754.320:76): avc:  denied  { mounton } for  pid=3282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  755.518726][   T24] audit: type=1400 audit(754.340:77): avc:  denied  { mount } for  pid=3282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  756.943515][ T3285] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  756.993614][   T24] audit: type=1400 audit(755.830:78): avc:  denied  { relabelto } for  pid=3285 comm="mkswap" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  757.015549][   T24] audit: type=1400 audit(755.860:79): avc:  denied  { write } for  pid=3285 comm="mkswap" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  757.262931][   T24] audit: type=1400 audit(756.120:80): avc:  denied  { read } for  pid=3282 comm="syz-executor" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  757.281148][   T24] audit: type=1400 audit(756.130:81): avc:  denied  { open } for  pid=3282 comm="syz-executor" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  757.355744][ T3282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  819.215669][   T24] audit: type=1400 audit(818.070:82): avc:  denied  { execmem } for  pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  826.309751][   T24] audit: type=1400 audit(825.160:83): avc:  denied  { read } for  pid=3293 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  826.370078][   T24] audit: type=1400 audit(825.160:84): avc:  denied  { open } for  pid=3293 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  826.518749][   T24] audit: type=1400 audit(825.360:85): avc:  denied  { mounton } for  pid=3293 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  827.278164][   T24] audit: type=1400 audit(826.070:86): avc:  denied  { module_request } for  pid=3293 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  829.450732][   T24] audit: type=1400 audit(828.300:87): avc:  denied  { sys_module } for  pid=3293 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  862.488315][ T3293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  862.914187][ T3293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  863.355755][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  863.684454][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  878.894520][ T3293] hsr_slave_0: entered promiscuous mode
[  878.954666][ T3293] hsr_slave_1: entered promiscuous mode
[  879.714013][ T3295] hsr_slave_0: entered promiscuous mode
[  879.782720][ T3295] hsr_slave_1: entered promiscuous mode
[  879.829364][ T3295] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  879.834248][ T3295] Cannot create hsr debugfs directory
[  888.271427][   T24] audit: type=1400 audit(887.040:88): avc:  denied  { create } for  pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  888.380140][   T24] audit: type=1400 audit(887.110:89): avc:  denied  { write } for  pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  888.469978][   T24] audit: type=1400 audit(887.310:90): avc:  denied  { read } for  pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  888.763612][ T3293] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  889.743223][ T3293] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  890.083910][ T3293] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  890.523634][ T3293] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  894.421632][ T3295] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  894.825907][ T3295] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  895.484336][ T3295] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  895.811893][ T3295] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  917.823169][ T3293] 8021q: adding VLAN 0 to HW filter on device bond0
[  920.753277][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1002.014577][ T3293] veth0_vlan: entered promiscuous mode
[ 1002.881914][ T3293] veth1_vlan: entered promiscuous mode
[ 1006.270520][ T3295] veth0_vlan: entered promiscuous mode
[ 1006.530385][ T3293] veth0_macvtap: entered promiscuous mode
[ 1007.521015][ T3293] veth1_macvtap: entered promiscuous mode
[ 1008.385160][ T3295] veth1_vlan: entered promiscuous mode
[ 1012.123835][ T3293] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1012.158661][ T3293] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1012.160937][ T3293] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1012.163003][ T3293] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1013.812239][ T3295] veth0_macvtap: entered promiscuous mode
[ 1014.972650][ T3295] veth1_macvtap: entered promiscuous mode
[ 1017.649562][   T24] audit: type=1400 audit(1016.490:91): avc:  denied  { mount } for  pid=3293 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1017.890307][   T24] audit: type=1400 audit(1016.730:92): avc:  denied  { mounton } for  pid=3293 comm="syz-executor" path="/syzkaller.IBAmCY/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1018.438468][   T24] audit: type=1400 audit(1017.230:93): avc:  denied  { mount } for  pid=3293 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1019.099240][   T24] audit: type=1400 audit(1017.930:94): avc:  denied  { mounton } for  pid=3293 comm="syz-executor" path="/syzkaller.IBAmCY/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1019.423484][   T24] audit: type=1400 audit(1018.270:95): avc:  denied  { mounton } for  pid=3293 comm="syz-executor" path="/syzkaller.IBAmCY/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 1019.814216][ T3295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1019.865343][ T3295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1019.883222][ T3295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1019.885531][ T3295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1020.354138][   T24] audit: type=1400 audit(1019.210:96): avc:  denied  { unmount } for  pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1021.019343][   T24] audit: type=1400 audit(1019.790:97): avc:  denied  { mounton } for  pid=3293 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=1512 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 1021.834145][   T24] audit: type=1400 audit(1020.670:98): avc:  denied  { mount } for  pid=3293 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1022.100707][   T24] audit: type=1400 audit(1020.860:99): avc:  denied  { mounton } for  pid=3293 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 1022.249196][   T24] audit: type=1400 audit(1021.070:100): avc:  denied  { mount } for  pid=3293 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1025.423757][ T3293] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 1025.689631][   T24] audit: type=1400 audit(1024.530:101): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1028.118293][   T24] audit: type=1400 audit(1026.960:102): avc:  denied  { read write } for  pid=3293 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1028.203165][   T24] audit: type=1400 audit(1026.980:103): avc:  denied  { open } for  pid=3293 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1028.421982][   T24] audit: type=1400 audit(1027.280:104): avc:  denied  { ioctl } for  pid=3293 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1035.529991][   T24] audit: type=1400 audit(1034.370:105): avc:  denied  { read } for  pid=3434 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1035.553309][   T24] audit: type=1400 audit(1034.410:106): avc:  denied  { open } for  pid=3434 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1036.108336][   T24] audit: type=1400 audit(1034.950:107): avc:  denied  { ioctl } for  pid=3435 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1061.129319][   T24] audit: type=1400 audit(1059.950:108): avc:  denied  { append } for  pid=3449 comm="syz.1.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1062.790202][   T24] audit: type=1400 audit(1061.570:109): avc:  denied  { execute } for  pid=3448 comm="syz.0.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3835 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1119.740860][   T24] audit: type=1400 audit(1118.580:110): avc:  denied  { write } for  pid=3472 comm="syz.0.11" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1120.509929][   T24] audit: type=1400 audit(1119.350:111): avc:  denied  { map } for  pid=3472 comm="syz.0.11" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1283.178732][   T24] audit: type=1400 audit(1282.020:112): avc:  denied  { setattr } for  pid=3550 comm="syz.0.29" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 3339.042631][ T4548] kvm [4548]: Failed to find VMA for hva 0x20e8a000
[ 3346.205303][ T4551] KVM: debugfs: duplicate directory 4551-4
[ 3817.401902][ T4788] kvm [4788]: Failed to find VMA for hva 0x21016000
[ 4092.095460][ T4918] kvm [4918]: Failed to find VMA for hva 0x21016000
[ 4270.639328][   T24] audit: type=1400 audit(4269.460:113): avc:  denied  { ioctl } for  pid=5003 comm="syz.0.389" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 4418.874481][ T5072] kvm [5072]: Failed to find VMA for hva 0x21174000
[ 4511.233381][ T5118] KVM: debugfs: duplicate directory 5118-4
[ 4532.059577][ T5123] kvm [5123]: Failed to find VMA for hva 0x21016000
[ 4732.872116][ T5221] kvm [5221]: Failed to find VMA for hva 0x21016000
[ 4945.895950][ T5328] kvm [5328]: Failed to find VMA for hva 0x21016000
[ 5077.931386][ T5392] kvm [5392]: Failed to find VMA for hva 0x21016000
[ 5147.354916][ T5428] kvm [5428]: Failed to find VMA for hva 0x21016000
[ 5148.489890][ T5425] kvm [5425]: Failed to find VMA for hva 0x21016000
[ 5251.835112][ T5477] KVM: debugfs: duplicate directory 5477-5
[ 5539.240117][ T5616] kvm [5616]: Failed to find VMA for hva 0x21174000
[ 5605.345237][ T5646] kvm [5646]: Failed to find VMA for hva 0x21174000
[ 5680.568757][ T5689] kvm [5689]: Failed to find VMA for hva 0x21174000
[ 6060.125201][ T5885] kvm [5885]: Failed to find VMA for hva 0x21174000
[ 6224.666086][ T5965] kvm [5965]: Failed to find VMA for hva 0x21174000
[ 6825.423561][ T6264] kvm [6264]: Failed to find VMA for hva 0x20fcc000
[ 7023.123291][ T6358] kvm [6358]: Failed to find VMA for hva 0x21016000
[ 7255.465652][ T6467] kvm [6467]: Failed to find VMA for hva 0x21016000
[ 7255.549541][ T6465] kvm [6465]: Failed to find VMA for hva 0x21016000
[ 7404.795636][ T6539] kvm [6539]: Failed to find VMA for hva 0x21174000
[ 7550.562744][ T6610] Unable to handle kernel paging request at virtual address efff800000000137
[ 7550.669069][ T6610] KASAN: probably user-memory-access in range [0x0000000000001370-0x000000000000137f]
[ 7550.770565][ T6610] Mem abort info:
[ 7550.772267][ T6610]   ESR = 0x0000000096000005
[ 7550.773880][ T6610]   EC = 0x25: DABT (current EL), IL = 32 bits
[ 7550.775530][ T6610]   SET = 0, FnV = 0
[ 7550.884547][ T6610]   EA = 0, S1PTW = 0
[ 7550.970580][ T6610]   FSC = 0x05: level 1 translation fault
[ 7550.972573][ T6610] Data abort info:
[ 7550.973968][ T6610]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 7551.172610][ T6610]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 7551.174615][ T6610]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 7551.363616][ T6610] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000044a53000
[ 7551.365869][ T6610] [efff800000000137] pgd=1000000049992003, p4d=1000000049993003, pud=0000000000000000
[ 7551.494966][ T6610] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 7551.496914][ T6610] Modules linked in:
[ 7551.498655][ T6610] CPU: 0 UID: 0 PID: 6610 Comm: syz.1.790 Not tainted 6.12.0-rc7-syzkaller-g5db899a34f75 #0
[ 7551.500900][ T6610] Hardware name: linux,dummy-virt (DT)
[ 7551.502514][ T6610] pstate: 80402009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 7551.504291][ T6610] pc : __hwasan_check_x0_67043363+0x4/0x30
[ 7551.506800][ T6610] lr : vgic_get_irq+0x7c/0x3d4
[ 7551.508154][ T6610] sp : ffff8000a1947650
[ 7551.509284][ T6610] x29: ffff8000a1947660 x28: 00000000000000e0 x27: 0000000000000004
[ 7551.511611][ T6610] x26: 0000000000000002 x25: ffff800083a7fe20 x24: 34f00000197330c0
[ 7551.513662][ T6610] x23: 34f0000019731cd0 x22: 0000000000000000 x21: 06ff80008c018000
[ 7551.515790][ T6610] x20: 0000000000000001 x19: efff800000000000 x18: 00000000000000bc
[ 7551.517873][ T6610] x17: 0000000000000000 x16: 0000000000000137 x15: 0000000000000000
[ 7551.519826][ T6610] x14: 0000000000000002 x13: 0000000000000003 x12: e7f000000fed1d40
[ 7551.521895][ T6610] x11: 0000000000080000 x10: 0000000000001378 x9 : efff800000000000
[ 7551.524148][ T6610] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000001
[ 7551.526199][ T6610] x5 : ffff8000a1947858 x4 : ffff8000800f2b38 x3 : ffff8000800f7a00
[ 7551.528254][ T6610] x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000001378
[ 7551.530371][ T6610] Call trace:
[ 7551.531357][ T6610]  __hwasan_check_x0_67043363+0x4/0x30
[ 7551.532814][ T6610]  vgic_mmio_write_invlpi+0xb0/0x174
[ 7551.534310][ T6610]  dispatch_mmio_write+0x2a4/0x308
[ 7551.535705][ T6610]  __kvm_io_bus_write+0x290/0x340
[ 7551.537174][ T6610]  kvm_io_bus_write+0x100/0x1bc
[ 7551.538565][ T6610]  io_mem_abort+0x4b8/0x7a0
[ 7551.539806][ T6610]  kvm_handle_guest_abort+0xb4c/0x1c64
[ 7551.541236][ T6610]  handle_exit+0x1a0/0x274
[ 7551.542572][ T6610]  kvm_arch_vcpu_ioctl_run+0xbc0/0x15b0
[ 7551.543919][ T6610]  kvm_vcpu_ioctl+0x660/0xf78
[ 7551.545237][ T6610]  __arm64_sys_ioctl+0x108/0x184
[ 7551.546396][ T6610]  invoke_syscall+0x78/0x1b8
[ 7551.547709][ T6610]  el0_svc_common+0xe8/0x1b0
[ 7551.549044][ T6610]  do_el0_svc+0x40/0x50
[ 7551.550394][ T6610]  el0_svc+0x54/0x14c
[ 7551.551609][ T6610]  el0t_64_sync_handler+0x84/0xfc
[ 7551.552991][ T6610]  el0t_64_sync+0x190/0x194
[ 7551.554841][ T6610] Code: a90efbfd d2800441 143a3ed3 9344dc10 (38706930) 
[ 7551.557132][ T6610] ---[ end trace 0000000000000000 ]---
[ 7551.559111][ T6610] Kernel panic - not syncing: Oops: Fatal exception
[ 7551.561934][ T6610] Kernel Offset: disabled
[ 7551.563094][ T6610] CPU features: 0x00,00000034,003f797c,437ffe1f
[ 7551.564543][ T6610] Memory Limit: none
[ 7551.566343][ T6610] Rebooting in 86400 seconds..

VM DIAGNOSIS:
12:57:38  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800080014bc0 X00=ffff800080007780 X01=ffff800080747790
X02=ffff800080007790 X03=ffff800080007788 X04=ffff80008000778c
X05=0000000000000040 X06=000000000000003f X07=0000000000000000
X08=ffff800080007f8f X09=efff800000000000 X10=000000000000000f
X11=ffff8000800077b0 X12=00000000073a45b8 X13=0000000000000028
X14=e7f000000fed2838 X15=e7f000000fed27c0 X16=00000000000000ff
X17=fff07fffee5d3000 X18=00000000000000bc X19=e7f000000fed1d40
X20=ffff800080007780 X21=ffff8000802dce30 X22=ffff8000a19473e0
X23=0000000000007fe0 X24=ffff8000800076d8 X25=ffff8000a1947640
X26=ffff8000a1948000 X27=ffff8000a19476a0 X28=0000000000005400
X29=ffff800080007720 X30=ffff8000802dce4c  SP=ffff8000800076d0
PSTATE=60402009 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=65732f636f72702f:0000000030303031
Z02=0000000000000017:0000000000000000 Z03=0000000000000000:ffffffff00000000
Z04=0000000000000000:00000000ffff0000 Z05=0000000000000017:0000000000000002
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffee7f5340:0000ffffee7f5340 Z17=ffffff80ffffffd0:0000ffffee7f5310
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000