last executing test programs:

53.065707993s ago: executing program 0 (id=302):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r1 = mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r2 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async, rerun: 32)
r4 = openat$kvm(0x0, &(0x7f0000000000), 0x2002, 0x0) (rerun: 32)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f00000008c0)=[{0x0, &(0x7f0000001940)=ANY=[@ANYRES8=r1, @ANYRES8=r2, @ANYBLOB="f3bbb8f6b2bb776969aad71b6b2cb6f82799400e42cef51128469f08cc058bdccac9fdbfbc0758e92466a454d8d7105b393f5eb7a82b4edaab2ac91f34036b68fc0810a566f878ba6ec75f932de63844b38a4228c896751682b1aa13d02623d9427a50c0acca12efae8cdb82906f205ce317d7d798cbe14dfa5bde80bc37dcb05ddd87cf2c0ee555bd55bb4e73279067a0a853ed9f3e1d67af8b9fb5e8ceadf1074f1d2ea17505d4f857ab9b497c5e78bfeeec39e4e2e51a79b5a4079ec0345b180ad86ed2b4a3e1d5c43c5eb3d6ba127e2375a54441413f57b5f05da61a22b63958ce3c972e236732d5bd6bc450d98180621394a8d3865cae4aa99afed0a321b447d6ccece46251001bfd548ea8187ddf3a5b17c29d13566181abbd69c30313534329293590316da7fbe739d33f702ea4541dca0035d3276e2d241e00b6b0fb259264d2f01e6a57bfd282d377fc6a490c72f26dc4a01592473f5ad091636b4536c4b7365c6c1bd622c1ec82124218474b7157b3ef63026273e85e4d89f5b60c7ae28d59739d879ec3ecbc7e98f4ae03a08df790839b1e6919af35a9449cf78f83d5bbc3a38f3926f69d581a11710af36c79842d4ce8f7c87a97809adbce0f0bbb08bb2e344122d51902e92ca0a4f3fb074687f5bd1f5a37bd7afc3adb85a6b81a5a0c03c291db3b07bb570b1aef37ab99eca660903122958e31cdc9fcf95fd0fc1ab412031cf49906eae1283f52aebbcfe974d08c4f1e9f883231920f0c0c89f8ebe7584952e50978dd00d14f62aa3bf304d3d35f8f8b9046dc2652a76bff44cd1611b0ce3066a8a30fe646aa9b63beeb7d019ba5b07082bd6e6b9f33134c5e04c469a5293c097f3d1f5ac6fd475b92df76d2fa05517e441cc2cab9889d1ee310483113ba474d27c9173d37249a50ef4cd89a3684c27732c98d0cf082035cab0cb1325d89fc558d317942628f7ce0aa1ac6fd835a19a5bcd8a1b12840344b4d6dbd3a30f75ed7a655561a1009fc2bf32293df54f9158f1c30f782a6647c5450d98f15b304a375188d78c970626cec47606d47ac41e0f88bc6a67140dac7e13ffab61a48d695051aec3acc17455a721ebfe95499f5e8366d4faaf17fe973adc7c6a85847852f31f363c490e569ca1e8aad6e902b998b913dbf683ba7eb7118e394c2416b0282f6be660448eba381ec80a7e0abba83558c14f24caae4174ebc1706c149ed7f0801719ebac2fa474b902b9960dc2b433d926b00e8dcc48a015aafd608a0078a36be254004fb9ef8f8ccc3372e1232488e6fbb55ed363eedd5957681b0ab8b55ee1937054b6083ecec4d681dff1ef7fe9e8e9dcc8c4ad4c6fac2166ed2fc59f076f0c87ec424c36b587c96bec4702994fac14a8fb4a3a406bf08a5d6b0ec52f280b35209ed761b9a1380f5ded01f994e220c8fc8c2210d0c59fc6f1c1c31eb3b7b06ef291fc183b2e5ba4eb97fe46630ce5e80b26dd4a8e655662d267a1788da17be4f6f39d79124dc6fb50e4d9e1567e067ee6e60ff6c6a0f8339e5ba7153bd75c699f817745597231cb1cf3a22d19c241785f034cd45e50251e89a5bf3afd677ee93fed375e936c5098c007b92d63d9da78aa3cf4cd20654d5881780b8257e29470b4900ba2c26343c4eb4a9dcff9716c705026657a309f83d99da48dee063af3612cb3b34e1d9509480f3834b503bc671d6a571ea9396394b512d86a44833081dcbbc2752471b218da18d41cc02aa6eba0c8a487dac61893b8ddff0d82b71e1218b62ccecc83e56af547e70e771156ab37de016ddf81ef7be8ca6112ea995a4af3d080a24b18aed03173519a08b05e138de90da4801b8fd32270bf3afdbc50874b4d6cd7edda4114989c105cf109d6934ee47f2df3c0e782d48442301a2b8ddf8f46737d061d95656e4a72d66b333b5018d406a574e1c78621768e983f967a23f04bfbc4b13a0572010d1eef4e9970ce53d3eef535f5de48dcf3558c217056e910a4e34b4b69d25df82f7a7ab52b01066067384a8a59d3f18d111f515de828ed42e094a52fa24f578e47a85026136efc3285f751f4b2f96679a423d71cb583d370f91686b32df2765e4b209b2e785c6741db498ecdc4876d163aa2d4856386994fa1186e676a42e4d73bbf12221b9e19c7779980ad99ed4cd310529fb3c602ea1b9c84099cae56b60db8bc5082c4723417cc953deebab4d0472e932729101f5a9b7a3b49db35a3494f1ec7c1d43d6875303697a71849dadb71f3aad58c19151bc3edcbd0d794f8e6e0b1964bd4fc5c56cc0b78845dcbad5c57201d819a22f3aa42aac01ed0934d6c71c964c50b3c7c622f272936532680685468be976cf01565c55761681773bcc999c1dd36e2af76d5cff6a4ea11ec5205ec43d68fb68c776aa5f1de7d93fc9baf1e80b33c7b1039a13c462d79037fc75de12406e34d9d82483c1fcd45f561138226815d413ae69ffc7dbdfde3b7287b4b07c646b2e3011cdd1bd1e6ec5131185c5860c862de06d006f96616829f06ee1c827bb99d285d0eff467b2ae7ae42a3255c0b4517a3702d105472ab3d4300430bd8d62300e3c3564effda41c9afa0d39ef91b3b5341dffbc0234002161ff3d96c273e1c5a78e25f712b6d05543b0db4c013590211f6d2b44ce9c54bab62c700d1b151d470d52f3750275cbdb39d0cabeedfb8ca1641e8468183404f403a50766fed30f462815bc3b7af9c0f1710a44b190464c5af914393545a347555290f06914ddbf1e762707f062c3373aaf7a751b0505f2a31c2f1ec803eac97536f5b82cd25ad18e2d2e54439fd381adea308f1c86b0013457cce5be62c1b15033bc3b9f0858c1d8ec191dfa0916109394d8976637a72410bdde4177d34541c71463522956d67b2164b06e422e78e1b4624ee5e6c643acbefb0875931853ddd2faa97a91cc97fd261cd2753ae097b095e6b35769156f9614189302a982a49690f9e271de9c99bffc0c6d8793b713bae697052d8a097e6404e66070c16f8b4fdb2ee184a87d075f8c5e7f9ccdfd97ddee849b98d1e9a7db2574547634f1ccc8aac7e51dce30d62dfe3365142d1fbce9a2a75eda9b58eb4f2c8afe9c103ee37332750eb7fbd1cbf3a41b8a66f574216155cfa21f5e752d417d6e3bec74b1194c7d1769503a8e06de0c464b69c2f3afecb77e6bcc7f4868a72242f4f477361166e7e0523714631199770458224213d9d833c76f88d53b262b3003e3867afa7464b1b259f9f62b74101f798555ebd6f12d1a06dd1d4411620a42d3674a8207914f71eb5ec3c3f906b1e197d32df85514283c290be19cfae26b10d486d23d15bf75eb086d6807e57adac5442960d466a1125ba30a683664a91feddc7a6ef62a197be4d605e7f5b2c518378ab75064292239c9bf5813d9693258d9c36050a214274ab21e88cc555e4cd7e962a9b9653295e863a4d41e0c60e48c621c322216621fdd4aa1e4f49d0e39b0f6bbaff6afc60f38b6e2515bb93061ed121246cf3492c9db178140af3a7492754fcf61b0eeea7cf5864de1283d361aa8422bcab382f7f8a4ef5c85d2ca5257afcf37fe2f6f70f602d8f12404c75aaf6b928c3d8e67e55a2e2ac3b8d89db3fb44a2570ad4e93e32ae132c2775fefb1d172c4e974e58d5a0666410be09f09ee3f0377128abea55883f3aa17a7b4973fa3b09ad7d918fba06645cf864abeaf4bcbb572af281dc5325530ac4a0d39faf098a98a486a03419a76827bef634be0de0cb839e4bbc9d6f0bcddd32bcecad385e831340004b68b806f4337239eae071665875ac399a3139c5bd306575f2e2c5f560f07c64523b09c926e24616b2baa520e199d0a3c6d92a1c067550cf6ffe1b723e97572b70653a15ea679866fad9c08fed4c92af14cccc70b760b3191199e14fb8e9a34596a2bbb227bc6c6ab058146419dba73ff8d33ee19a4c4d37202ab6a28439ced40e6e53e42878e6a81fd5934e54871df233038947affecce2164dcbf478b3de437f85028bafc67d7d620404d92a5e78b75a4108c257e5cfdc3e51584506332b669fe1fbbb701f8dd88fde5b0d723f62cfbfa568923a2ccc8139e71020ecbe3bb06c7c50b8d70664bd96fe13bf29041df971772546c26e04dc3a462118229febe9cdc32ebf7db93cf680e5b4ea401be76ef9a07de0421e3f53d6e5c2dd772dfc7e76b0f1afb1c59dce7dd75ca0bba519dd38b9dd1c25c9edae4d1764c50ebd133e9af0f3a501dd7a38c421c434aac84ea78f998873dea9c0ab40630c1968b1ace25128f41622d5e9806f70e5b9381a935cabc938a415cb908a77103da0c7360eca565af21c2c3c3042d52f6366993fe8c583d47d8c9b0aca42625037816166ceec27c6cc655f313e7c1d8be0404348148e326902f711fca8a6ba991eac1c55282c3a5139adb1b46ba1a791a908143d325bd60fd7fe93614391a0e98dc6a0fe7df037a50097bdfde4a41eece255c343c91099aaaeffcc042edabc921c2beb779c6b5247178caad32d0eccd82a115094c796d3224c6df91f34b73ff4dfeff3ed9879feb3a7e23c3b83ea3ecba27d35a11f7d5bcad644b97565706d2ce1e7385f2bba1252604544e4c0226d5af72f49ac09d0dc09fcc083339a67e5fd804847ebc89a1047a07ca750e3ab8bb1ca648f15ea47148aeeb147884bdb63346546a9b57ee598b5935e865be243451d311e3a97dad4a48076f9917c0ca041f0a2a2fef06b592bbeea68f43371c51c22df24cdf315e2b9f33683c5134a4f16ffda9829e78eab31ed1c29b47d6758fecefd3888c49420ff7833d4f9ffeb8ccb5d332d41e31240c929f4ff777a0a63673438e14ebdf1b0f3c1ecaf958ae0fbf2e9e15b08a18748959c355ec54a8191dec06c468a642ff6ac5b096e717ab06c60251d30457bfa6677cedebc8c86f7c3959a01522e56bd581e6746e10e09bdbdd24eec8e3b70528cf9ac82ad4b1e33fc6f81ec0aeb56599c31389923b448c0fa688e731ace3595d6930ac87a7abf291a4c99e7c0632f59c13a8d28e39be7a4b9904e8e42928b9361f8053a9f77e456c9b2bfd520ebc392b79e75d2b828730a2f5aa9e23fdc4dd674c5972677d60bb4d1c105254c6a4d98fbf3b332c811b4dfb128283c48d57ad6660bad0a5959ae94babffcb812b2bc433975699131f54408de693c6fc46e968eeb7af2945f112a42c0bb2fc4cc6d2aa8961547b68f0a41bd6cb39eb599481caa1876c0264ce1d406fd87d32a25a31d30b9b29793475a6df03b2afd6d889bb2906948e608ba23dd1b57fd0a2d326e77d7d1764fcd721ed01898ad2261a150ac46f5fd1efe03dff3addca9b4a4afd20480ec37a8ac4fb179f8ef8e8badd78187c1abe349c444f7e2578dd293a0c3af95cb68f9e077c299ae76690f2c89dbadfca85775e26f651f1ed2e28532ccc3e4b208ef2bce4af414dd55c4f693a60e80177da50affbb169ce895778a52d92cebe51eb27ec258a9ab70729ace414d6d3833e7a8439430d918f5606a63f38ccb5dc0c1eaf1f95f51e1a489f7ef254262c731a2dcef08c8188dd7874efc9a5aa95b496b326cf1eb25dc1dca83b15dd1c2bdd884d35400afaac37b06d98f93c2828d5dfe630cad43eb5f2c231dfc616b530d31c861a7cec148c5c2c6ef0a2736f64c30d28fe27bba02ba0f69e7b531376f1581b8a1fa6a4e44ed29337fcce504af5f425c3ab6eace948ebfefa0c58b0fac505a4d16886d067299320ad7b0fad1373cb17e6e07edb836bea74eb8b3f0c4e53ea9fc4337d79d044891720c04107eb8", @ANYRES8=r0, @ANYRESOCT, @ANYRESOCT=r2], 0x248}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 32)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (rerun: 32)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0) (async, rerun: 32)
syz_kvm_vgic_v3_setup(r5, 0x2, 0x120) (async, rerun: 32)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000080)={0x5, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x5f7, 0x7, 0x0}) (async, rerun: 32)
close(0xffffffffffffffff) (rerun: 32)
r9 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r11, 0x4008ae6a, &(0x7f0000000180)=ANY=[@ANYBLOB="003030d40000"]) (async)
r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9) (async)
mmap$KVM_VCPU(&(0x7f0000f0a000/0x3000)=nil, 0x0, 0x0, 0x4000010, 0xffffffffffffffff, 0x0) (async, rerun: 64)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64)
syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)

45.738219283s ago: executing program 1 (id=303):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x18})
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x6030000000138077, &(0x7f00000000c0)=0x8})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0xeeef0000, 0x2000, &(0x7f0000239000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
write$eventfd(0xffffffffffffffff, &(0x7f0000000000)=0x7351, 0x8)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x4, 0x4, &(0x7f0000000080)=0x9})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, 0x0, 0xd, 0x11, r7, 0x0)
r8 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="b79c3ab5033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff7752f9e10d8f6b69d22627e700", 0x0, 0x48)

44.144631017s ago: executing program 0 (id=304):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x580, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f00008a0000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000e00)=ANY=[], 0x630}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x2, 0x0, &(0x7f0000000000)=0x80})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x4, 0x300)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

35.32498622s ago: executing program 1 (id=305):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, 0xfffffffffffffffe)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000040)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000140)=0x7})
r5 = openat$kvm(0x0, &(0x7f0000000000), 0x16b381, 0x0)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r9, 0x5000003, 0x80031, 0xffffffffffffffff, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000e8e000/0x2000)=nil, r9, 0x80000a, 0x8010, r0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x4)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x3000002, 0x11, r7, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x401, 0x0)

34.531083706s ago: executing program 0 (id=306):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x0, 0x1000002, 0x11, r1, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000000), 0x40, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_ARM_VCPU_FINALIZE(r8, 0x4004aec2, &(0x7f00000000c0)=0x4)
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r10, 0x4004ae8b, 0x0)
ioctl$KVM_S390_VCPU_FAULT(r10, 0x4008ae52, &(0x7f0000000000))
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000)

24.592248722s ago: executing program 1 (id=307):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="220100000000000040000000000000000100000000000000fcffffffffffffff0100000000000000090000000000000000800000000000000a00000000000000aa0000000000000028000000000000000400010000000d000000030000007c0b000003000000000082000000000000002800000000000000020000000000000003000000000000009e020000000000006e000000000000003000000000000000003000000000000078010000000000000200000000000000485b6f1759b841964600000000000000180000000000000003000000ba000000be00000000000000180000000000000015da1300000030600a000000000000009c00000000000000002192d20040b0f2e10180d2a20080d2030080d2240180d2020000d4e003006b0000a09b007008d5007008d5e0d48dd20020b8f2a10080d2e20180d2a30080d2c40080d2020000d40000211ea04a91d200e0b0f2e10180d2620080d2a30080d204"], 0x534}, 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x0, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000300)="fb4149dd033b8986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67525673312b01040000000000002627e7000000000000000200", 0x0, 0xfffffffffffffe73)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, r3, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4)
r7 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x5, 0x3, &(0x7f0000000200)=0xf})
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000000000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x92040, 0x0)
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013def8}}, @irq_setup={0x46, 0x18, {0x0, 0x23}}, @mrs={0xbe, 0x18, {0x603000000013df59}}], 0x48}, &(0x7f0000000140)=[@featur2={0x1, 0x55}], 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r8, 0x4004ae8b, &(0x7f0000000180)={0xf1, "f614c47327a5e2edbb2860f0a9799215ad96e2802c210d461e563835e0c90007b4f706a333b4fb87a08b0fbccb6225a6bd0b5dc29311ea16eed22cfc5278c112d1d356aec365a6ad5276e095c34edc30b17723e9055c8957b71f9f2224488902c6fdcfeaa6eae4b8d877dbc38fd8fc54c51c633216c444f00dd102cf3c95f5804d7151345e741619e8c3519149e76380419d14f32ad34d473a5db5f93e8c1f5a13ce7026f8e84db4f1e23cf774626f702ba14e9d8de5b4013d26fbf5e2fc2923b79f672e8db49647dfca756792beb2e085099af278ca21f8db6360034bdb5913c4ba544fd7e30b3bdf8870203fffb94501"})

19.008502565s ago: executing program 0 (id=308):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000000)={0x5, 0x44})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x1, 0xffffffffffffffff, 0x1})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="820000000000000028000000000000000100000000000000040000000000000002000000000000008200000000000000280000000000000004"], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000038000/0x1000)=nil, 0x930, 0x1, 0x30, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x80)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x5452, &(0x7f0000000080)={0xfdfdffff, 0x8016000, 0x1, 0xffffffffffffffff, 0x5})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

18.15216274s ago: executing program 1 (id=309):
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x5, <r0=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x6, 0x4, &(0x7f0000000040)=0x2}) (async)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil}) (async)
ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000140)=@attr_arm64={0x0, 0x7, 0x4, &(0x7f0000000100)=0x80000000})
r2 = eventfd2(0x2, 0x800)
write$eventfd(r2, &(0x7f0000000180)=0x9, 0x8) (async)
r3 = eventfd2(0x2, 0x800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000001c0)={0xffffffff00000001, 0x6000, 0x1, r3, 0x10})
r4 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x0, 0x2000000, 0x810, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000200)="56f555c094f33fde750d3069cb72d1bc9b0af502bcb3fe8404b95ad72b559aab2a028fa035a480a3959c0750673f3eab685a3776bb368833c54187e7743b1670c5158b9ff038773a", 0x0, 0x48) (async, rerun: 64)
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000280)=[@svc={0x122, 0x40, {0x86000000, [0x48, 0x8, 0x48, 0xf, 0x200]}}, @msr={0x14, 0x20, {0x603000000013de94, 0x7f}}, @eret={0xe6, 0x18, 0x8}, @svc={0x122, 0x40, {0x3007fb7, [0x4, 0xfffffffffffffff8, 0x8, 0x4, 0x8]}}, @hvc={0x32, 0x40, {0x200, [0x1000, 0xffffffffffffffff, 0x9cac, 0x1, 0xffffffff]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x76}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0xcd7, 0x2, 0xc}}, @hvc={0x32, 0x40, {0x400800d, [0x4, 0x10, 0x7, 0xd, 0x7]}}, @smc={0x1e, 0x40, {0x2000000, [0x2, 0x1, 0xcd3, 0x2b]}}, @msr={0x14, 0x20, {0x603000000013e6c0, 0x3}}, @code={0xa, 0x6c, {"000028d5008008d50000003de06f91d200e0b8f2610080d2620080d2230080d2040080d2020000d440b49bd20080b0f2610180d2a20080d2830080d2640080d2020000d40098a12e008008d5007008d50060800d007008d5"}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x181}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x2ef}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x2fb}}, @smc={0x1e, 0x40, {0x84000006, [0x2, 0x0, 0x0, 0x8000000000000000]}}, @eret={0xe6, 0x18, 0x3}], 0x32c}, &(0x7f0000000600)=[@featur1={0x1, 0x80}], 0x1) (rerun: 64)
ioctl$KVM_SET_SREGS(r5, 0x4000ae84, &(0x7f0000000640)={{0x1, 0x10000, 0x0, 0x21, 0x2, 0xa, 0xd7, 0x2, 0x0, 0x0, 0x8, 0x36}, {0x10000, 0xffff1000, 0xf, 0x3b, 0x0, 0x8, 0x7, 0xc, 0x7, 0x5, 0x9}, {0x2, 0x6000, 0xe, 0x2, 0x3, 0x6, 0x5, 0x80, 0x2, 0x8, 0xc, 0x3}, {0x3000, 0x10000, 0xb, 0x0, 0x6, 0x3, 0x33, 0x7, 0x76, 0x7, 0x6, 0x83}, {0xdddd0000, 0x8080000, 0xe, 0x5, 0x0, 0x9, 0x6, 0x5, 0x6, 0x6, 0x3, 0x6}, {0xeeee0000, 0x2, 0xc, 0xf8, 0x2, 0x2, 0x6, 0x0, 0xfb, 0xff, 0x7}, {0xd000, 0x3000, 0x4, 0xfe, 0xc6, 0xff, 0x2, 0xed, 0x7f, 0x6, 0x9, 0x3}, {0xffff1000, 0x8000000, 0xf, 0xf, 0xfe, 0x2, 0x4, 0x8c, 0x6, 0x55, 0xb, 0x2}, {0x0, 0x9}, {0x4, 0x6}, 0x0, 0x0, 0x100000, 0x4204, 0xc, 0x1001, 0x10000, [0x1000, 0x10001, 0x4, 0x1]})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, 0x0, 0x3000007, 0x4010, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x7)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000800)=@attr_other={0x0, 0x0, 0x260, &(0x7f00000007c0)=0x7}) (async, rerun: 32)
syz_kvm_vgic_v3_setup(r7, 0x4, 0x40) (async, rerun: 32)
eventfd2(0x3, 0x180802)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
eventfd2(0x4, 0x1) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f0000000880)="1eda904161dd79dc46306ea6d4dadb6a0dfd566235f1dcc5", 0x0, 0x18) (async)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f00000008c0)={0x4000, 0x10c000}) (async)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000900)={0xfff, 0x1, 0x18, r2, 0x4})
ioctl$KVM_CHECK_EXTENSION_VM(r7, 0xae03, 0x7a7d0)

12.13292613s ago: executing program 1 (id=310):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r4, 0xc008ae67, &(0x7f0000000040)={0x0, 0x9})
r5 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f00000000c0)={0xdf, 0x0, 0x10000})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0xd000, 0x10000, 0x0, r2})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000000c0)={0x5000, 0x5000})
close(0x4)

9.674989718s ago: executing program 0 (id=311):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_GET_ONE_REG(r3, 0x8000ae8c, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
close(r6)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10001, 0x4, 0x10000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
r8 = eventfd2(0x0, 0x80000)
write$eventfd(r8, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4020940d, &(0x7f00000000c0)={0x4, 0x0, 0x1, r8, 0x5})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async)
ioctl$KVM_GET_ONE_REG(r3, 0x8000ae8c, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
close(r6) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10001, 0x4, 0x10000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async)
eventfd2(0x0, 0x80000) (async)
write$eventfd(r8, 0x0, 0x0) (async)
ioctl$KVM_IOEVENTFD(r4, 0x4020940d, &(0x7f00000000c0)={0x4, 0x0, 0x1, r8, 0x5}) (async)

3.673625302s ago: executing program 1 (id=312):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
r0 = eventfd2(0x1, 0x1)
write$eventfd(r0, &(0x7f0000000000)=0x400002, 0x8) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f0000000380)=ANY=[], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000000c0)={0x8}) (async)
syz_kvm_vgic_v3_setup(r2, 0x4, 0x100) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000200)={0x8000000, 0x0, 0x0, 0x1, 0x5}) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd9}) (async)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x8, <r7=>0xffffffffffffffff, 0x1}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x3000003, 0x30, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x40305839, &(0x7f0000000100)=@attr_other={0x0, 0x3, 0x7fffffffffffffff, &(0x7f0000000300)=0x1a}) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

0s ago: executing program 0 (id=313):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000dd3000/0x4000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
r4 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0x6, 0x9, 0x4, '\x00', 0x1}) (async, rerun: 32)
ioctl$KVM_CREATE_VM(r4, 0x401c5820, 0x20000000)

kernel console output (not intermixed with test programs):

[  378.627861][ T3133] 8021q: adding VLAN 0 to HW filter on device bond0
[  431.830544][ T3133] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:31650' (ED25519) to the list of known hosts.
[  590.790553][   T25] audit: type=1400 audit(589.940:61): avc:  denied  { name_bind } for  pid=3287 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  592.014372][   T25] audit: type=1400 audit(591.150:62): avc:  denied  { execute } for  pid=3288 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  592.037474][   T25] audit: type=1400 audit(591.180:63): avc:  denied  { execute_no_trans } for  pid=3288 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  612.411917][   T25] audit: type=1400 audit(611.570:64): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  612.447923][   T25] audit: type=1400 audit(611.610:65): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  612.532052][ T3288] cgroup: Unknown subsys name 'net'
[  612.579894][   T25] audit: type=1400 audit(611.740:66): avc:  denied  { unmount } for  pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  613.012494][ T3288] cgroup: Unknown subsys name 'cpuset'
[  613.110959][ T3288] cgroup: Unknown subsys name 'rlimit'
[  614.415626][   T25] audit: type=1400 audit(613.560:67): avc:  denied  { setattr } for  pid=3288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  614.428133][   T25] audit: type=1400 audit(613.570:68): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  614.452559][   T25] audit: type=1400 audit(613.610:69): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  615.637679][ T3291] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  615.658422][   T25] audit: type=1400 audit(614.810:70): avc:  denied  { relabelto } for  pid=3291 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  615.679155][   T25] audit: type=1400 audit(614.840:71): avc:  denied  { write } for  pid=3291 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  615.858044][   T25] audit: type=1400 audit(615.020:72): avc:  denied  { read } for  pid=3288 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  615.881164][   T25] audit: type=1400 audit(615.030:73): avc:  denied  { open } for  pid=3288 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  615.926658][ T3288] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  663.057015][   T25] audit: type=1400 audit(662.220:74): avc:  denied  { execmem } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  666.628907][   T25] audit: type=1400 audit(665.790:75): avc:  denied  { read } for  pid=3294 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  666.654195][   T25] audit: type=1400 audit(665.810:77): avc:  denied  { read } for  pid=3295 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  666.671838][   T25] audit: type=1400 audit(665.830:78): avc:  denied  { open } for  pid=3295 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  666.691034][   T25] audit: type=1400 audit(665.800:76): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  666.759797][   T25] audit: type=1400 audit(665.920:79): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  667.016143][   T25] audit: type=1400 audit(666.170:80): avc:  denied  { module_request } for  pid=3294 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  667.044464][   T25] audit: type=1400 audit(666.200:81): avc:  denied  { module_request } for  pid=3295 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  668.161398][   T25] audit: type=1400 audit(667.310:82): avc:  denied  { sys_module } for  pid=3295 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  691.787827][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  692.022194][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  692.082051][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  692.466434][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  709.391190][ T3295] hsr_slave_0: entered promiscuous mode
[  709.440617][ T3295] hsr_slave_1: entered promiscuous mode
[  710.569437][ T3294] hsr_slave_0: entered promiscuous mode
[  710.597877][ T3294] hsr_slave_1: entered promiscuous mode
[  710.628328][ T3294] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  710.639963][ T3294] Cannot create hsr debugfs directory
[  716.075061][   T25] audit: type=1400 audit(715.230:83): avc:  denied  { create } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  716.136949][   T25] audit: type=1400 audit(715.290:84): avc:  denied  { write } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  716.181245][   T25] audit: type=1400 audit(715.340:85): avc:  denied  { read } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  716.312353][ T3295] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  716.651898][ T3295] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  716.881043][ T3295] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  717.297605][ T3295] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  718.705417][ T3294] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  718.881837][ T3294] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  719.078838][ T3294] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  719.246199][ T3294] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  731.481902][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0
[  733.938216][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0
[  789.311197][ T3295] veth0_vlan: entered promiscuous mode
[  789.806026][ T3295] veth1_vlan: entered promiscuous mode
[  791.799579][ T3294] veth0_vlan: entered promiscuous mode
[  792.061021][ T3295] veth0_macvtap: entered promiscuous mode
[  792.451411][ T3295] veth1_macvtap: entered promiscuous mode
[  792.650786][ T3294] veth1_vlan: entered promiscuous mode
[  794.429278][ T3295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  794.451951][ T3295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  794.457603][ T3295] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  794.471661][ T3295] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  795.146549][ T3294] veth0_macvtap: entered promiscuous mode
[  795.723658][ T3294] veth1_macvtap: entered promiscuous mode
[  797.326787][   T25] audit: type=1400 audit(796.450:86): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  797.551014][   T25] audit: type=1400 audit(796.710:87): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/syzkaller.nz6KwC/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  797.896842][   T25] audit: type=1400 audit(797.040:88): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  798.328166][ T3294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  798.337535][   T25] audit: type=1400 audit(797.500:89): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/syzkaller.nz6KwC/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  798.390456][ T3294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  798.401953][ T3294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  798.414371][ T3294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  798.564480][   T25] audit: type=1400 audit(797.650:90): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/syzkaller.nz6KwC/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  799.058131][   T25] audit: type=1400 audit(798.200:91): avc:  denied  { unmount } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  799.295630][   T25] audit: type=1400 audit(798.440:92): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  799.390227][   T25] audit: type=1400 audit(798.550:93): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="gadgetfs" ino=3283 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  799.725159][   T25] audit: type=1400 audit(798.880:94): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  799.879985][   T25] audit: type=1400 audit(799.030:95): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  801.147647][ T3295] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  805.179510][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  805.186118][   T25] audit: type=1400 audit(804.280:100): avc:  denied  { read } for  pid=3446 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  805.245586][   T25] audit: type=1400 audit(804.380:101): avc:  denied  { open } for  pid=3446 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  805.948800][   T25] audit: type=1400 audit(805.100:102): avc:  denied  { ioctl } for  pid=3446 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  809.991931][   T25] audit: type=1400 audit(809.120:103): avc:  denied  { append } for  pid=3447 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  831.951994][   T25] audit: type=1400 audit(831.050:104): avc:  denied  { execute } for  pid=3467 comm="syz.1.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3636 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  840.906801][   T25] audit: type=1400 audit(840.050:105): avc:  denied  { write } for  pid=3473 comm="syz.1.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  881.798586][ T3497] FAULT_INJECTION: forcing a failure.
[  881.798586][ T3497] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  881.845390][ T3497] CPU: 0 UID: 0 PID: 3497 Comm: syz.1.14 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[  881.846037][ T3497] Hardware name: linux,dummy-virt (DT)
[  881.846528][ T3497] Call trace:
[  881.846958][ T3497]  show_stack+0x2c/0x3c (C)
[  881.848866][ T3497]  __dump_stack+0x30/0x40
[  881.849145][ T3497]  dump_stack_lvl+0xd8/0x12c
[  881.849374][ T3497]  dump_stack+0x1c/0x28
[  881.849591][ T3497]  should_fail_ex+0x570/0x6e0
[  881.849832][ T3497]  should_fail+0x14/0x24
[  881.850056][ T3497]  should_fail_usercopy+0x20/0x30
[  881.850311][ T3497]  strncpy_from_user+0x48/0x3c0
[  881.850604][ T3497]  getname_flags+0x120/0x460
[  881.850873][ T3497]  do_sys_openat2+0x68/0x158
[  881.851108][ T3497]  __arm64_sys_openat+0x154/0x1b8
[  881.851363][ T3497]  invoke_syscall+0x90/0x2b4
[  881.851666][ T3497]  el0_svc_common+0x180/0x2f4
[  881.851947][ T3497]  do_el0_svc+0x58/0x74
[  881.852265][ T3497]  el0_svc+0x58/0x160
[  881.852526][ T3497]  el0t_64_sync_handler+0x78/0x108
[  881.852771][ T3497]  el0t_64_sync+0x198/0x19c
[  979.556810][ T3571] debugfs: File 'vgic-its-state@8080000' in directory '3570-9' already present!
[ 1158.380142][ T3695] kvm [3695]: Failed to find VMA for hva 0x20d00000
[ 1332.225635][ T3808] kvm [3808]: Failed to find VMA for hva 0x20c01000
[ 1337.840553][ T3812] kvm [3812]: Failed to find VMA for hva 0x208a1000
[ 1354.327348][ T3823] kvm [3823]: Failed to find VMA for hva 0x21016000
[ 1356.240891][   T25] audit: type=1400 audit(1355.400:106): avc:  denied  { ioctl } for  pid=3826 comm="syz.0.111" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1369.005756][ T3833] kvm [3833]: Failed to find VMA for hva 0x20d8d000
[ 1391.957175][ T3850] kvm [3850]: Failed to find VMA for hva 0x20d8d000
[ 1437.669380][ T3876] kvm [3876]: Failed to find VMA for hva 0x20c01000
[ 1820.680296][ T4166] kvm [4165]: Unsupported guest access at: eeef0000
[ 1820.680296][ T4166]  { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write },
[ 1938.707130][   T25] audit: type=1400 audit(1937.820:107): avc:  denied  { map } for  pid=4250 comm="syz.1.232" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2088.491822][ T4352] kvm [4352]: Failed to find VMA for hva 0x2101a000
[ 2139.421907][   T25] audit: type=1400 audit(2138.570:108): avc:  denied  { setattr } for  pid=4377 comm="syz.0.275" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2198.791141][ T4416] kvm [4416]: Failed to find VMA for hva 0x21016000
[ 2258.519309][ T4462] kvm [4462]: Failed to find VMA for hva 0x20c01000
[ 2318.739629][ T4510] ------------[ cut here ]------------
[ 2318.740534][ T4510] WARNING: CPU: 0 PID: 4510 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac
[ 2318.742951][ T4510] Modules linked in:
[ 2318.745051][ T4510] CPU: 0 UID: 0 PID: 4510 Comm: syz.0.313 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 2318.746481][ T4510] Hardware name: linux,dummy-virt (DT)
[ 2318.747512][ T4510] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 2318.748950][ T4510] pc : pend_sync_exception+0x198/0x5ac
[ 2318.749877][ T4510] lr : pend_sync_exception+0x198/0x5ac
[ 2318.750842][ T4510] sp : ffff80008e5478c0
[ 2318.751641][ T4510] x29: ffff80008e5478c0 x28: 0000000000000013 x27: 13f000001d6b02a8
[ 2318.753455][ T4510] x26: 0000000000000013 x25: 0000000000000000 x24: 0000000000000000
[ 2318.754935][ T4510] x23: 0000000000000000 x22: 0000000000000013 x21: 13f000001d6b0e81
[ 2318.756463][ T4510] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 2318.757914][ T4510] x17: 0000000000000004 x16: ffff800080011d9c x15: 0000000020000000
[ 2318.759397][ T4510] x14: ffffffffffffffff x13: 0000000000000028 x12: 000000000000002f
[ 2318.761096][ T4510] x11: 2ff000001d6ad064 x10: 0000000000ff0100 x9 : 0000000000000000
[ 2318.763003][ T4510] x8 : 2ff000001d6abb00 x7 : ffff800080b08704 x6 : ffff80008e547a88
[ 2318.764740][ T4510] x5 : ffff80008e547a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 2318.766415][ T4510] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 2318.768214][ T4510] Call trace:
[ 2318.769037][ T4510]  pend_sync_exception+0x198/0x5ac (P)
[ 2318.770330][ T4510]  __kvm_inject_sea+0x268/0x96c
[ 2318.771332][ T4510]  kvm_inject_sea+0x98/0x72c
[ 2318.772303][ T4510]  __kvm_arm_vcpu_set_events+0x134/0x238
[ 2318.773575][ T4510]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 2318.774505][ T4510]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 2318.775442][ T4510]  __arm64_sys_ioctl+0x18c/0x244
[ 2318.776383][ T4510]  invoke_syscall+0x90/0x2b4
[ 2318.777343][ T4510]  el0_svc_common+0x180/0x2f4
[ 2318.778287][ T4510]  do_el0_svc+0x58/0x74
[ 2318.779194][ T4510]  el0_svc+0x58/0x160
[ 2318.780081][ T4510]  el0t_64_sync_handler+0x78/0x108
[ 2318.781005][ T4510]  el0t_64_sync+0x198/0x19c
[ 2318.782254][ T4510] irq event stamp: 200
[ 2318.782992][ T4510] hardirqs last  enabled at (199): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 2318.784388][ T4510] hardirqs last disabled at (200): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 2318.785481][ T4510] softirqs last  enabled at (166): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 2318.786615][ T4510] softirqs last disabled at (164): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 2318.787941][ T4510] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 2327.565924][ T4230] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2328.610601][ T4230] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2329.959618][ T4230] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2331.300264][ T4230] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2345.491266][ T4230] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2345.679438][ T4230] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2345.786772][ T4230] bond0 (unregistering): Released all slaves
[ 2347.664166][ T4230] hsr_slave_0: left promiscuous mode
[ 2347.729996][ T4230] hsr_slave_1: left promiscuous mode
[ 2348.038673][ T4230] veth1_macvtap: left promiscuous mode
[ 2348.071046][ T4230] veth0_macvtap: left promiscuous mode
[ 2348.080163][ T4230] veth1_vlan: left promiscuous mode
[ 2348.099419][ T4230] veth0_vlan: left promiscuous mode

VM DIAGNOSIS:
22:15:48  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000804516b8 X00=0000000000000000 X01=ffff8000872b1fa2
X02=ffff8000804580e0 X03=0000000000000000 X04=ffff80008e546f20
X05=0000000000000020 X06=0000000000000000 X07=ffff80008047db18
X08=00000000000003c0 X09=0000000000000000 X10=000000000000002f
X11=0000000000000144 X12=0000000000000044 X13=0000000000000002
X14=00000000000000c8 X15=ffff800087f39a30 X16=ffff800080011d9c
X17=0000000000000004 X18=0000000000000000 X19=0000000000000000
X20=0000000000000000 X21=ffff80008047db18 X22=ffff8000877e6618
X23=0000000000000000 X24=0000000000000001 X25=0000000000000000
X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000
X29=ffff80008e5470e0 X30=ffff800080451698  SP=ffff80008e547090
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000000 Z01=0000ffffda49baa0:f8af0c56d0785500
Z02=0000ffffda49ba80:ffffff80ffffffd8 Z03=0000ffffda49bb30:0000ffffda49bb30
Z04=0000ffffda49bb30:0000ffff82b36d08 Z05=0000ffffda49bb00:0000ffffda49bb30
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffda49bd50:0000ffffda49bd50 Z17=ffffff80ffffffd0:0000ffffda49bd20
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000