last executing test programs:

54.737189695s ago: executing program 1 (id=736):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = eventfd2(0xee, 0xc0801)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000000)={0xbfa2, 0xdddd1000, 0x0, r1, 0x2})
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000004c0)={0x0, &(0x7f0000000040)=[@its_setup={0x82, 0x28, {0x4, 0x3, 0xe8}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0x5, 0x1, 0xe, 0x2}}, @irq_setup={0x46, 0x18, {0x1, 0x3d4}}, @smc={0x1e, 0x40, {0x84000008, [0x200, 0x5, 0xffff, 0x9, 0x7]}}, @eret={0xe6, 0x18, 0x7}, @code={0xa, 0x84, {"007008d5007008d5804696d200e0b0f2010080d2220180d2e30180d2440080d2020000d4000440f8000c201e007008d5007008d5007008d560d699d20040b0f2a10080d2420080d2630180d2a40080d2020000d480a898d20060b8f2e10180d2820080d2030080d2440080d2020000d4"}}, @eret={0xe6, 0x18, 0x10001}, @eret={0xe6, 0x18, 0x9c8}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x80000000, [0x2, 0x1, 0x2, 0x6, 0x401]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x626e, 0xf}}, @eret={0xe6, 0x18, 0xfffffffffffffffa}, @irq_setup={0x46, 0x18, {0x0, 0xfd}}, @smc={0x1e, 0x40, {0xc400000e, [0x9b85, 0xe0000, 0x10000, 0x5, 0x9]}}, @irq_setup={0x46, 0x18, {0x3, 0x2a9}}, @irq_setup={0x46, 0x18, {0x2, 0x196}}, @hvc={0x32, 0x40, {0x80007fff, [0x0, 0x7, 0xcd7, 0xffff, 0x661]}}, @mrs={0xbe, 0x18, {0x603000000013dead}}, @eret={0xe6, 0x18, 0xb}, @mrs={0xbe, 0x18, {0x603000000013f665}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xd00, 0x0, 0x2}}, @msr={0x14, 0x20, {0x603000000013c030}}, @irq_setup={0x46, 0x18, {0x3, 0x132}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x78, 0x81, 0x4}}, @svc={0x122, 0x40, {0x4000000, [0x6643, 0x81, 0x40, 0x100]}}, @svc={0x122, 0x40, {0x80000001, [0x5, 0x5, 0x1000, 0x32, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xe00, 0xfd, 0xc}}], 0x46c}, &(0x7f0000000500)=[@featur1={0x1, 0x80}], 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000540)={0x3, 0x40})
syz_kvm_vgic_v3_setup(r0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000580)=@arm64={0x0, 0xe7, 0x3a, '\x00', 0x8000000000000001})
ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, &(0x7f00000005c0)=0x5)
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x0, 0x2000000, 0x110, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000600)="a0d2a081b7359ea678b6616bcbba564ddc04529ed0c86e9007dfd60f8be7e12c31afca6800afc00c789e6c36d53f8323d5ba54075c91cd5c21e9832cd86535e06f5e6372ce3b934b", 0x0, 0x48)
ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000680)={0x3, [0x4, 0x4, 0xff]})
munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f00000006c0)={0x4, 0x102000, 0x1})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000700)="7573ddfa1469224dab6a2c43b494b96d9ab552394d8b49749644de71d4989009c79b621d58fd799d0d26da0b28719caecb84ba87cc14efc5ebae908f7bf8f07370e95d928e2dd668", 0x0, 0x48)
ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, &(0x7f0000000780))
munmap(&(0x7f0000c80000/0x1000)=nil, 0x1000)
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000007c0)={0x5, 0x0, [{0x9, 0x3, 0x1, 0x0, @sint={0x7f, 0x3935}}, {0x8, 0x3, 0x0, 0x0, @msi={0x100, 0x4, 0x4, 0x1}}, {0x2, 0x1, 0x0, 0x0, @adapter={0x8d, 0x78ced1e7, 0x0, 0x1, 0x6}}, {0x5, 0x1, 0x1, 0x0, @irqchip={0x4, 0x800}}, {0x80000001, 0x5, 0x0, 0x0, @msi={0x2, 0xf1d, 0x6, 0x9}}]})
openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x11d904, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000900), 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000940)={0xd000, 0x202000, 0x1})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000980), 0x40000, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000a00)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f00000009c0)=0x1a})
munmap(&(0x7f0000cea000/0x4000)=nil, 0x4000)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4208ae9b, &(0x7f0000000a40)={0x10002, 0x0, [0x0, 0x0, 0xd, 0x7, 0xd2b, 0x6, 0x6, 0x1d3]})
close(r5)

49.056924557s ago: executing program 0 (id=737):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x19)
eventfd2(0x800057f, 0x800)
r4 = eventfd2(0x2, 0x801)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000180)={r4, 0x44004938, 0x2})
r5 = eventfd2(0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x18b400, 0x0)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2041, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000100)={0x2010040, 0x1000})
syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0)
openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, r8, 0x3000011, 0x12, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
syz_memcpy_off$KVM_EXIT_MMIO(r7, 0x20, 0xfffffffffffffffe, 0x0, 0x0)
close(0x4)
munmap(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mmap$KVM_VCPU(&(0x7f0000dd3000/0xa000)=nil, r8, 0x100000e, 0x10, 0xffffffffffffffff, 0x0)
r9 = eventfd2(0xffff, 0x80801)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r5, 0x40fff, 0x3, r9})

47.860628017s ago: executing program 1 (id=738):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x18b080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, &(0x7f0000000280)=ANY=[], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2, 0x4102932, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x4, 0x4, 0x0})

40.080594364s ago: executing program 0 (id=739):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x6020000000110005, &(0x7f00000000c0)=0x7}) (async)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5}) (async)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000080)=@arm64_sys={0x603000000013c807, &(0x7f0000000280)=0x1})

39.231017264s ago: executing program 1 (id=740):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = mmap$KVM_VCPU(&(0x7f0000dee000/0x3000)=nil, r1, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r6, 0x300000f, 0x32, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="820000"], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f00000000c0)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
syz_kvm_vgic_v3_setup(r8, 0x4, 0x100)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_SIGNAL_MSI(r8, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1, 0x5})
r13 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r14 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r13, 0x4020ae46, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000000000001000000000010", @ANYRES64=r14])
ioctl$KVM_SET_DEVICE_ATTR_vm(r13, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x1, 0x2c, &(0x7f0000000000)=0x4})
r15 = ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r15, 0x40049409, 0x10000000000000)
r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_GET_API_VERSION(r16, 0xae03, 0x42)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="e51b9ce9a032a1ca7079bce9b3cf3ba9c7fbc2e7ab457eacc044b677d9d49c274b8d12fb382e0520cadbc6763409ffdb41911831b85a42b40c1689a8bf14be81eda4bae2d8c28ef8", 0x0, 0x48)
r17 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r17, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)

33.680571951s ago: executing program 0 (id=741):
r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = mmap$KVM_VCPU(&(0x7f00005de000/0x4000)=nil, 0x930, 0x0, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0xc02, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb})
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f00000000c0)=@arm64_fp={0x60400000001000d4, 0x0})
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xa2)
munmap(&(0x7f00007c2000/0x3000)=nil, 0x3000)
ioctl$KVM_CAP_HALT_POLL(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r6, 0x4068aea3, &(0x7f00000001c0)={0xa8, 0x0, 0x2})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
openat$kvm(0xffffffffffffff9c, 0x0, 0x208080, 0x0)
r8 = openat$kvm(0x0, 0x0, 0x30a802, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r9 = eventfd2(0x6, 0x801)
write$eventfd(r9, &(0x7f0000000000)=0x6, 0x8)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

25.682643564s ago: executing program 0 (id=742):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000001000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x101000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x9, 0x1000, &(0x7f0000000140)=0x6})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000340), 0x240140, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000000)={0x2, 0x18})
syz_kvm_vgic_v3_setup(r7, 0x1, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000080)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000680)={0x7, 0x5, 0x1}})
r9 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000480)={0x0, &(0x7f0000000380)=ANY=[], 0x50}, 0x0, 0xfffffffffffffcd6)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000038000/0x1000)=nil, 0x930, 0x1, 0x30, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000122000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="8200000000000000280000000000000001000000000000000400000000000000c8030000000000001400000000000000200000000000000010e51300000030600600000000000000be00000000000000180000000000000081f01300000030600000000000000000187a0dff301e6a0add581533000000000000000200000000000000be000000000000001800000000000000cfe6130000003060be0000000000000018000000000000002d801300000030601400000000000000200000000000000080f013000000306002000000000000006e0000000000000030000000000000000000000800000000800300000000000000000000010000000e00000000000000320000000000000040000000000000000000008600000000000000000000041200ffffffffffffff000000000000000058ffffffffffffff0100000000000000220100000000000040000000000000000e00008400000000f8ffffffffffffff43040000000000000104000000000000000000000000000002000000000000001e000000000000004000000000000000000000800000000062040000000000000800000000000000ff0700000000000004000000001cbb5b7147cd4e462f0b20683495dabf81b7a0693f25d876d216c333ddebd0991ab09d9f3a9535faa72ef6d131ac2ff9934d371aae4d50d8da1a12c8aff7ca816a13563775ed0e36c00622962d3eb3e9633962e84d04e5fbf56b5defc9973e7a31aa42401f3df166bda58f233078acf93b8e59ce71cfcbdc6eaa95726093d25d77e9538cdfbe5c578aecd255b1f623e4f28770d69bb3a9f7af0f7c96bd79b9a7efd68b1772f46c6ecbdca3d43b34f84353711bb97b787fcb4d45cf2db96cb8cf59ad348888e286b08cf1e7cc91889a7c09a4cf99cb1627f783e01864294138f01488aae544a0d25be2af0615ed625eaf4324f7f0"], 0x1b8}], 0x1, 0x0, &(0x7f0000000640)=[@featur2={0x1, 0x40}], 0x1)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000002c0)="a22fb108602960a42af1037d808304e7a9feacad3005ea9ccdb0facb38a8e65f0c514bc272c50b0bdf2b713585d25779cf2af528b4940361d1bdae3b9ab0e25486824a3d974858b7", 0x0, 0x48)
ioctl$KVM_CAP_ARM_USER_IRQ(r4, 0x4068aea3, &(0x7f00000001c0))
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
close(0x4)

16.640602939s ago: executing program 1 (id=743):
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r0, 0x8, 0x30, r1, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(0xffffffffffffffff, 0x40a0ae49, &(0x7f0000000000)={0x3, 0x6, 0xeeef0000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x8, r1})
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000000c0)={0x6, 0x0, [{0x7, 0x1, 0x1, 0x0, @msi={0xa, 0x8000, 0x5, 0x4}}, {0x1, 0x2, 0x1, 0x0, @irqchip={0x5, 0x6}}, {0xf, 0x5, 0x0, 0x0, @irqchip={0x1, 0x2}}, {0x1, 0x3, 0x0, 0x0, @msi={0x9e, 0xffff, 0x1}}, {0x2, 0x2, 0x0, 0x0, @irqchip={0x8}}, {0x275, 0x5, 0x1, 0x0, @sint={0x1, 0x9}}]})
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000540)={0x0, &(0x7f0000000200)=[@code={0xa, 0x6c, {"000c803c008008d5000028d580ca99d200e0b8f2010180d2820080d2830080d2440080d2020000d4007008d51f0000b10020000f204289d20060b0f2e10180d2620180d2030080d2640080d2020000d4000028d5007008d5"}}, @svc={0x122, 0x40, {0xc4000012, [0x7, 0x7fffffffffffffff, 0x6, 0x6, 0xa]}}, @svc={0x122, 0x40, {0x8000, [0x8, 0x8, 0x1, 0x6, 0x9]}}, @hvc={0x32, 0x40, {0x84000001, [0xaf, 0x8df3, 0x4, 0x4, 0x2]}}, @msr={0x14, 0x20, {0x603000000013e721, 0x644}}, @uexit={0x0, 0x18, 0x10000}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x165}}, @svc={0x122, 0x40, {0xc4000012, [0xff51, 0x149, 0x4, 0x3, 0x2]}}, @code={0xa, 0x84, {"200690d20000b0f2010180d2620080d2a30080d2640180d2020000d4000008d500c0641e000008d50010601e007008d50000407c80639cd20020b8f2810180d2a20080d2e30080d2640180d2020000d4000028d5e0e984d20040b0f2410080d2420180d2030080d2e40080d2020000d4"}}, @code={0xa, 0x84, {"000c80b80028210e808a93d20040b8f2a10180d2c20080d2c30180d2840080d2020000d4004cc09a806083d20020b8f2a10180d2c20180d2c30080d2240080d2020000d40040002f007008d5008008d500b8a10ea0869dd20040b8f2410080d2a20080d2030180d2440080d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013805f, 0xb}}, @hvc={0x32, 0x40, {0xc4000007, [0x1, 0x5, 0xff, 0x53, 0x3]}}], 0x334}, &(0x7f0000000580)=[@featur2={0x1, 0x40}], 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000005c0), 0x10001, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
ioctl$KVM_GET_DEVICE_ATTR_vm(r4, 0x4018aee2, &(0x7f0000000640)=@attr_other={0x0, 0x1000, 0x8, &(0x7f0000000600)=0x9f6})
r5 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x3, 0x190)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f00000006c0)=@attr_other={0x0, 0x5, 0x5a49f72c, &(0x7f0000000680)=0x6})
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000d40)={0x0, &(0x7f0000000700)=[@hvc={0x32, 0x40, {0xc400000c, [0x1, 0x5, 0x7, 0xfffffffffffffff8, 0x4]}}, @irq_setup={0x46, 0x18, {0x1, 0x213}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x2, 0x1, 0x2, 0xac87, 0x1}}, @memwrite={0x6e, 0x30, @generic={0x8000000, 0xf4a, 0x82ba}}, @svc={0x122, 0x40, {0x8400000f, [0x4f3, 0x1, 0x1, 0x95d0]}}, @mrs={0xbe, 0x18, {0x603000000013e666}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x2f5}}, @uexit={0x0, 0x18, 0x5}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x28}}, @eret={0xe6, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x2, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x4, 0xa, 0x8, 0xfffffffb}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x9, 0x80000001, 0x5}}, @its_send_cmd={0xaa, 0x28, {0x7, 0x0, 0x4, 0x5, 0x1, 0x61e, 0x2}}, @uexit={0x0, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x0, 0x11a}}, @eret={0xe6, 0x18}, @uexit={0x0, 0x18, 0x9}, @smc={0x1e, 0x40, {0x100000d, [0x1, 0xfffffffffffffffd, 0x5604, 0x4, 0x9]}}, @code={0xa, 0x84, {"007008d5a05e98d20060b8f2410180d2820180d2030080d2640080d2020000d4000860f8801b8cd20040b0f2610080d2820080d2a30080d2e40080d2020000d4007008d5000028d5209097d20020b8f2c10080d2220180d2630180d2640180d2020000d4000008d50028c01a000028d5"}}, @msr={0x14, 0x20, {0x603000000013e091, 0x7}}, @uexit={0x0, 0x18, 0x55e}, @uexit={0x0, 0x18, 0x40000}, @hvc={0x32, 0x40, {0xbf008000, [0x7fff, 0x5, 0x3, 0x7, 0x5]}}, @code={0xa, 0x9c, {"000020d40020200e40ed90d20040b8f2610180d2620180d2830180d2a40180d2020000d40060800ca0f890d20020b0f2210080d2020180d2c30080d2440080d2020000d4000008d50040000c003793d200c0b0f2c10080d2e20080d2030080d2640080d2020000d4000008d5e0b295d200c0b0f2610080d2020180d2830080d2440080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0x5, 0x5}}, @smc={0x1e, 0x40, {0x0, [0xfffffffffffffff7, 0x8, 0x4, 0x6, 0x2]}}, @code={0xa, 0xb4, {"000028d50068202e000008d5000008d540a79dd20020b8f2010080d2020080d2430180d2840180d2020000d4000028d500e597d200c0b8f2010080d2820080d2830080d2440180d2020000d4205098d200a0b8f2810180d2c20180d2830180d2e40180d2020000d4409085d200e0b8f2410180d2820080d2630080d2040080d2020000d400578cd200c0b0f2410080d2c20180d2430180d2040180d2020000d4"}}, @hvc={0x32, 0x40, {0xc400000c, [0x37a, 0x8b3, 0x1, 0x7, 0x4]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x32, 0x3}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x23a}}], 0x624}, &(0x7f0000000d80)=[@featur2={0x1, 0x28}], 0x1)
r9 = eventfd2(0x7fff, 0x0)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000dc0)={0xffffffffffffffff, 0x7, 0x3, r9})
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000e00)={0x1, 0x106000, 0x1})
ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f0000000e40)={0xb6, 0x0, 0x3})
r10 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r11 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000014c0)={0x0, &(0x7f0000000ec0)=[@its_setup={0x82, 0x28, {0x2, 0x3, 0x307}}, @hvc={0x32, 0x40, {0xc4000010, [0x9, 0x0, 0x7, 0x1, 0xfffffffffffffff2]}}, @uexit={0x0, 0x18, 0x1}, @its_setup={0x82, 0x28, {0x1, 0x8, 0x355}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0xd6}}, @code={0xa, 0x9c, {"000008d500e699d20040b8f2e10180d2820180d2030180d2040080d2020000d4000c207e808685d200e0b0f2210180d2820080d2630080d2c40080d2020000d40000c0290000806d000cc0da008008d560ef8cd20080b8f2c10080d2220080d2e30080d2640080d2020000d480b699d20060b0f2810180d2820180d2630080d2a40080d2020000d4"}}, @svc={0x122, 0x40, {0x4, [0x8, 0xca8, 0xa508, 0xff, 0x2]}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x32}}, @eret={0xe6, 0x18, 0x5}, @mrs={0xbe, 0x18, {0x603000000013c662}}, @smc={0x1e, 0x40, {0x8400000d, [0x8, 0x6, 0x100000001, 0x5, 0x5]}}, @msr={0x14, 0x20, {0x603000000013da28, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x7fff}}, @irq_setup={0x46, 0x18, {0x3, 0xce}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x4f}}, @msr={0x14, 0x20, {0x603000000013c522, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x70, 0xe3, 0xa}}, @hvc={0x32, 0x40, {0xc4000005, [0x5, 0x6, 0x7fff, 0x649, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x4, 0x10, 0x4, 0x8000}}, @mrs={0xbe, 0x18, {0x3d4a}}, @code={0xa, 0x9c, {"008008d5007008d5008008d5401397d200a0b8f2010180d2820080d2230180d2e40080d2020000d4a0a29dd20040b8f2210080d2420180d2c30180d2440180d2020000d4000020eb007008d5000028d520da87d200c0b0f2c10180d2420180d2c30180d2e40180d2020000d420968ad200c0b8f2410180d2820180d2a30180d2c40080d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013df5e, 0x8000000000000000}}, @mrs={0xbe, 0x18, {0x603000000013c2a1}}, @code={0xa, 0xb4, {"e06095d20080b0f2c10080d2620080d2a30180d2c40080d2020000d4000008d5205882d20000b0f2810080d2e20180d2830180d2c40180d2020000d4c09795d200c0b0f2e10180d2820080d2230180d2040180d2020000d400da8ed200e0b0f2610180d2a20180d2630180d2640080d2020000d4007008d5000008d5005781d200e0b0f2a10180d2420080d2c30180d2e40080d2020000d40020c01a0000679e"}}, @mrs={0xbe, 0x18, {0x603000000013df47}}, @memwrite={0x6e, 0x30, @generic={0x3000, 0xb6b, 0x8, 0x2}}, @code={0xa, 0x54, {"000860bc0080c00800b0004f000008d5008008d50050202ec09091d20080b0f2c10180d2820180d2630080d2040180d2020000d4007008d50068216e007008d5"}}], 0x5d0}, &(0x7f0000001500)=[@featur2={0x1, 0x37}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000001540)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x7})
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000001580)={r9, 0x0, 0x0, r9})
mmap$KVM_VCPU(&(0x7f0000cc2000/0x4000)=nil, r0, 0x0, 0x810, r11, 0x0)
r12 = eventfd2(0x2, 0x0)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f00000015c0)={0x9, 0xeeee8000, 0x2, r12, 0xc})

11.593147607s ago: executing program 1 (id=744):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r3, 0x4018aee3, &(0x7f0000000040)=@attr_other={0x0, 0x5, 0xfffffffffffeffff, &(0x7f0000000000)=0x30712c36})
r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000003000000000000000200000000000000aa0000000000000028000000000000000e"], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x120)
r5 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000140)={0x6, 0x9, 0x1}})
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000001c0)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r7, 0x4018aee3, &(0x7f0000000080)=@attr_other={0x0, 0x8, 0x8, &(0x7f0000000040)})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x4, 0x1, &(0x7f0000000200)=0x200000008080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)

11.279211404s ago: executing program 0 (id=745):
r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
openat$kvm(0x0, &(0x7f00000001c0), 0xc40, 0x0)
r4 = eventfd2(0x1, 0x1)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x20200, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f00000000c0)={r4, 0x3, 0x0, r4}) (async)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000300000002"]) (async)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfd000/0x400000)=nil) (async)
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000200)={0x5})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f00000001c0)={0x8}) (async)
ioctl$KVM_SET_SIGNAL_MASK(r7, 0x4004ae8b, &(0x7f00000001c0)=ANY=[]) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)

2.558930821s ago: executing program 0 (id=746):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100028, &(0x7f0000000280)=0x7}) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100028, &(0x7f0000000280)=0x7})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000080)=@arm64={0x91, 0x6, 0x5, '\x00', 0x1e0}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000080)=@arm64={0x91, 0x6, 0x5, '\x00', 0x1e0})
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

0s ago: executing program 1 (id=747):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x200, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0xf3)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000240)={0x5, 0x11}) (async)
ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000000040)=0x4) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xaa) (async)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) (async)
close(0x5)
close(0x4)

kernel console output (not intermixed with test programs):

[  380.773383][ T3133] 8021q: adding VLAN 0 to HW filter on device bond0
[  431.087377][ T3133] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:27015' (ED25519) to the list of known hosts.
[  592.571335][   T25] audit: type=1400 audit(591.630:61): avc:  denied  { name_bind } for  pid=3287 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  594.693016][   T25] audit: type=1400 audit(593.750:62): avc:  denied  { execute } for  pid=3288 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  594.733192][   T25] audit: type=1400 audit(593.780:63): avc:  denied  { execute_no_trans } for  pid=3288 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  616.373173][   T25] audit: type=1400 audit(615.440:64): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  616.407787][   T25] audit: type=1400 audit(615.480:65): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  616.494404][ T3288] cgroup: Unknown subsys name 'net'
[  616.543977][   T25] audit: type=1400 audit(615.620:66): avc:  denied  { unmount } for  pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  616.918329][ T3288] cgroup: Unknown subsys name 'cpuset'
[  617.022279][ T3288] cgroup: Unknown subsys name 'rlimit'
[  617.923216][   T25] audit: type=1400 audit(616.990:67): avc:  denied  { setattr } for  pid=3288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  617.947792][   T25] audit: type=1400 audit(617.010:68): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  617.965557][   T25] audit: type=1400 audit(617.040:69): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  619.152968][ T3291] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  619.174771][   T25] audit: type=1400 audit(618.240:70): avc:  denied  { relabelto } for  pid=3291 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  619.210878][   T25] audit: type=1400 audit(618.270:71): avc:  denied  { write } for  pid=3291 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  619.377763][   T25] audit: type=1400 audit(618.450:72): avc:  denied  { read } for  pid=3288 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  619.405505][   T25] audit: type=1400 audit(618.480:73): avc:  denied  { open } for  pid=3288 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  619.445889][ T3288] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  666.876847][   T25] audit: type=1400 audit(665.950:74): avc:  denied  { execmem } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  670.476081][   T25] audit: type=1400 audit(669.530:75): avc:  denied  { read } for  pid=3295 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  670.485108][   T25] audit: type=1400 audit(669.550:76): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  670.555262][   T25] audit: type=1400 audit(669.610:77): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  670.796387][   T25] audit: type=1400 audit(669.860:78): avc:  denied  { module_request } for  pid=3294 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  670.815859][   T25] audit: type=1400 audit(669.880:79): avc:  denied  { module_request } for  pid=3295 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  671.967122][   T25] audit: type=1400 audit(671.040:80): avc:  denied  { sys_module } for  pid=3295 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  696.463797][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  696.965369][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  697.691076][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  698.342498][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  714.212284][ T3294] hsr_slave_0: entered promiscuous mode
[  714.261472][ T3294] hsr_slave_1: entered promiscuous mode
[  715.268806][ T3295] hsr_slave_0: entered promiscuous mode
[  715.305322][ T3295] hsr_slave_1: entered promiscuous mode
[  715.332566][ T3295] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  715.342552][ T3295] Cannot create hsr debugfs directory
[  720.685617][   T25] audit: type=1400 audit(719.760:81): avc:  denied  { create } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  720.735517][   T25] audit: type=1400 audit(719.770:82): avc:  denied  { write } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  720.781286][   T25] audit: type=1400 audit(719.850:83): avc:  denied  { read } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  720.905724][ T3294] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  721.307684][ T3294] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  721.628681][ T3294] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  721.823187][ T3294] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  723.624665][ T3295] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  723.798909][ T3295] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  724.017868][ T3295] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  724.193433][ T3295] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  735.978925][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0
[  739.315382][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0
[  794.740373][ T3294] veth0_vlan: entered promiscuous mode
[  795.197350][ T3294] veth1_vlan: entered promiscuous mode
[  797.026478][ T3294] veth0_macvtap: entered promiscuous mode
[  797.311901][ T3294] veth1_macvtap: entered promiscuous mode
[  798.704415][ T3295] veth0_vlan: entered promiscuous mode
[  799.513988][ T3294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  799.518871][ T3294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  799.533737][ T3294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  799.542948][ T3294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  799.816991][ T3295] veth1_vlan: entered promiscuous mode
[  802.054686][   T25] audit: type=1400 audit(801.090:84): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  802.174251][   T25] audit: type=1400 audit(801.250:85): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.8I3OdM/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  802.391526][   T25] audit: type=1400 audit(801.460:86): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  802.774675][   T25] audit: type=1400 audit(801.820:87): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.8I3OdM/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  802.832031][ T3295] veth0_macvtap: entered promiscuous mode
[  802.887152][   T25] audit: type=1400 audit(801.960:88): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.8I3OdM/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3225 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  803.077791][ T3295] veth1_macvtap: entered promiscuous mode
[  803.337292][   T25] audit: type=1400 audit(802.410:89): avc:  denied  { unmount } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  803.565872][   T25] audit: type=1400 audit(802.590:90): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  803.656427][   T25] audit: type=1400 audit(802.690:91): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="gadgetfs" ino=3234 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  803.972230][   T25] audit: type=1400 audit(802.990:92): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  804.075236][   T25] audit: type=1400 audit(803.090:93): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  804.836289][ T3295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  804.852176][ T3295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  804.867881][ T3295] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  804.892995][ T3295] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  805.976038][ T3294] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  807.491629][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  807.500347][   T25] audit: type=1400 audit(806.550:95): avc:  denied  { read write } for  pid=3294 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  807.558090][   T25] audit: type=1400 audit(806.630:96): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  807.622242][   T25] audit: type=1400 audit(806.680:97): avc:  denied  { ioctl } for  pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  810.642142][   T25] audit: type=1400 audit(809.710:98): avc:  denied  { read } for  pid=3447 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  810.658684][   T25] audit: type=1400 audit(809.730:99): avc:  denied  { open } for  pid=3447 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  810.951782][   T25] audit: type=1400 audit(810.010:100): avc:  denied  { ioctl } for  pid=3447 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  825.886331][   T25] audit: type=1400 audit(824.960:101): avc:  denied  { write } for  pid=3458 comm="syz.1.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  830.891023][   T25] audit: type=1400 audit(829.950:102): avc:  denied  { execute } for  pid=3458 comm="syz.1.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3640 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  835.841391][   T25] audit: type=1400 audit(834.910:103): avc:  denied  { append } for  pid=3464 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  950.844099][   T25] audit: type=1400 audit(949.910:104): avc:  denied  { map } for  pid=3538 comm="syz.1.25" path="pipe:[2401]" dev="pipefs" ino=2401 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  996.548390][ T3571] kvm [3571]: Failed to find VMA for hva 0x21016000
[ 1042.180486][   T25] audit: type=1400 audit(1041.210:105): avc:  denied  { setattr } for  pid=3602 comm="syz.0.45" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1073.784414][ T3625] kvm [3625]: Failed to find VMA for hva 0x20d8d000
[ 1113.840566][   T25] audit: type=1400 audit(1112.910:106): avc:  denied  { execute } for  pid=3656 comm="syz.1.61" path="/sys/kernel/debug/kcov" dev="debugfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1
[ 1216.312973][   T25] audit: type=1400 audit(1215.360:107): avc:  denied  { ioctl } for  pid=3732 comm="syz.0.83" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1241.576762][   T25] audit: type=1400 audit(1240.650:108): avc:  denied  { map } for  pid=3756 comm="syz.1.90" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1241.700449][   T25] audit: type=1400 audit(1240.730:109): avc:  denied  { execute } for  pid=3756 comm="syz.1.90" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1348.044335][ T3826] debugfs: File 'vgic-its-state@0' in directory '3826-4' already present!
[ 1560.272803][ T3979] kvm [3979]: Failed to find VMA for hva 0x20d8d000
[ 1776.225092][ T4130] kvm [4130]: Failed to find VMA for hva 0x20c01000
[ 1852.595018][ T4183] kvm [4183]: Failed to find VMA for hva 0x208a1000
[ 1870.703301][ T4195] kvm [4195]: Failed to find VMA for hva 0x21016000
[ 1870.803246][ T4195] kvm [4195]: Failed to find VMA for hva 0x21016000
[ 2005.723902][ T4295] kvm [4295]: Failed to find VMA for hva 0x21016000
[ 2063.117552][ T4331] kvm [4331]: Failed to find VMA for hva 0x21016000
[ 2594.261764][ T4701] kvm [4701]: Failed to find VMA for hva 0x21016000
[ 2812.096789][ T4849] kvm [4847]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 2812.096789][ T4849]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2812.182015][ T4849] kvm [4847]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2812.182015][ T4849]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2812.203218][ T4849] kvm [4847]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2812.203218][ T4849]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2812.256349][ T4849] kvm [4847]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2812.256349][ T4849]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2812.295472][ T4849] kvm [4847]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2812.295472][ T4849]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2812.352776][ T4849] kvm [4847]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2812.352776][ T4849]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2812.462173][ T4849] kvm [4847]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2812.462173][ T4849]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2837.874411][ T4862] kvm [4862]: Failed to find VMA for hva 0x2101a000
[ 2900.863515][ T4899] kvm [4899]: Failed to find VMA for hva 0x20d8d000
[ 3054.577011][ T4997] KVM: debugfs: duplicate directory 4997-5
[ 3197.042761][ T5105] kvm [5105]: Failed to find VMA for hva 0x21016000
[ 3421.162781][ T5253] kvm [5253]: Failed to find VMA for hva 0x20c01000
[ 3455.898948][ T5284] kvm [5284]: Failed to find VMA for hva 0x2101a000
[ 3455.963167][ T5283] kvm [5283]: Failed to find VMA for hva 0x2101a000
[ 3803.213102][ T5509] kvm [5509]: Failed to find VMA for hva 0x2036f000
[ 3864.685620][ T5553] kvm [5553]: Failed to find VMA for hva 0x21016000
[ 4104.687241][ T5720] kvm [5720]: Failed to find VMA for hva 0x21016000
[ 4173.018683][ T5767] kvm [5767]: Failed to find VMA for hva 0x21016000
[ 4232.346021][ T5805] kvm [5805]: Failed to find VMA for hva 0x208a1000
[ 4232.446940][ T5805] kvm [5805]: Failed to find VMA for hva 0x208a1000
[ 4350.481065][   T25] audit: type=1400 audit(4349.540:110): avc:  denied  { execute } for  pid=5882 comm="syz.0.714" path=2F3335322F10FBFF67525673312B0104 dev="tmpfs" ino=1790 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 4476.431271][ T5967] debugfs: File 'vgic-its-state@8080000' in directory '5967-8' already present!
[ 4511.656353][ T5988] ------------[ cut here ]------------
[ 4511.657275][ T5988] WARNING: CPU: 0 PID: 5988 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac
[ 4511.661767][ T5988] Modules linked in:
[ 4511.664686][ T5988] CPU: 0 UID: 0 PID: 5988 Comm: syz.0.746 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 4511.666937][ T5988] Hardware name: linux,dummy-virt (DT)
[ 4511.668421][ T5988] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 4511.670121][ T5988] pc : pend_sync_exception+0x198/0x5ac
[ 4511.671310][ T5988] lr : pend_sync_exception+0x198/0x5ac
[ 4511.672571][ T5988] sp : ffff8000a88578c0
[ 4511.673614][ T5988] x29: ffff8000a88578c0 x28: 00000000000000cc x27: ccf000001d76db28
[ 4511.675988][ T5988] x26: 00000000000000cc x25: 0000000000000000 x24: 0000000000000000
[ 4511.677967][ T5988] x23: 0000000000000000 x22: 00000000000000cc x21: ccf000001d76e701
[ 4511.679935][ T5988] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 4511.681889][ T5988] x17: 000000000000002d x16: ffff800080011d9c x15: 0000000020000080
[ 4511.683919][ T5988] x14: ffffffffffffffff x13: 0000000000000028 x12: 000000000000004c
[ 4511.685667][ T5988] x11: 4cf000001d765064 x10: 0000000000ff0100 x9 : 0000000000000000
[ 4511.687781][ T5988] x8 : 4cf000001d763b00 x7 : ffff800080b08704 x6 : ffff8000a8857a88
[ 4511.689664][ T5988] x5 : ffff8000a8857a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 4511.691534][ T5988] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 4511.693527][ T5988] Call trace:
[ 4511.694756][ T5988]  pend_sync_exception+0x198/0x5ac (P)
[ 4511.696294][ T5988]  __kvm_inject_sea+0x268/0x96c
[ 4511.697734][ T5988]  kvm_inject_sea+0x98/0x72c
[ 4511.698925][ T5988]  __kvm_arm_vcpu_set_events+0x134/0x238
[ 4511.700186][ T5988]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 4511.701185][ T5988]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 4511.702400][ T5988]  __arm64_sys_ioctl+0x18c/0x244
[ 4511.703652][ T5988]  invoke_syscall+0x90/0x2b4
[ 4511.704919][ T5988]  el0_svc_common+0x180/0x2f4
[ 4511.706205][ T5988]  do_el0_svc+0x58/0x74
[ 4511.707390][ T5988]  el0_svc+0x58/0x160
[ 4511.708571][ T5988]  el0t_64_sync_handler+0x78/0x108
[ 4511.709611][ T5988]  el0t_64_sync+0x198/0x19c
[ 4511.711099][ T5988] irq event stamp: 2110
[ 4511.712151][ T5988] hardirqs last  enabled at (2109): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 4511.714037][ T5988] hardirqs last disabled at (2110): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 4511.715413][ T5988] softirqs last  enabled at (2092): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 4511.717184][ T5988] softirqs last disabled at (2090): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 4511.719023][ T5988] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 4527.755819][ T3972] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4528.133785][ T3972] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4528.558920][ T3972] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4529.046792][ T3972] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4536.827855][ T3972] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4536.947933][ T3972] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4537.034212][ T3972] bond0 (unregistering): Released all slaves
[ 4538.120587][ T3972] hsr_slave_0: left promiscuous mode
[ 4538.176850][ T3972] hsr_slave_1: left promiscuous mode
[ 4538.492071][ T3972] veth1_macvtap: left promiscuous mode
[ 4538.506454][ T3972] veth0_macvtap: left promiscuous mode
[ 4538.522527][ T3972] veth1_vlan: left promiscuous mode
[ 4538.527337][ T3972] veth0_vlan: left promiscuous mode

VM DIAGNOSIS:
13:49:55  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800080453900 X00=0000000000000001 X01=ffff80008707cf3b
X02=ffff8000804580e0 X03=0000000000000000 X04=ffff8000a8857000
X05=0000000000000020 X06=0000000000000000 X07=ffff80008652e834
X08=00000000000003c0 X09=0000000000000000 X10=000000000000004c
X11=0000000000000144 X12=0000000000000044 X13=0000000000000002
X14=00000000000000c8 X15=ffff800087f39a30 X16=ffff800080011d9c
X17=000000000000002d X18=0000000000000000 X19=0000000000000000
X20=0000000000000000 X21=ffff80008652e834 X22=ffff8000877e66a8
X23=0000000000000000 X24=0000000000000001 X25=0000000000000000
X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000
X29=ffff8000a88571c0 X30=ffff800080451698  SP=ffff8000a8857170
PSTATE=204023c9 --C- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000000 Z01=0000fffff03783a0:10db924c178ea400
Z02=0000fffff0378380:ffffff80ffffffd8 Z03=0000fffff0378430:0000fffff0378430
Z04=0000fffff0378430:0000ffff80136d08 Z05=0000fffff0378400:0000fffff0378430
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000fffff0378650:0000fffff0378650 Z17=ffffff80ffffffd0:0000fffff0378620
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000