last executing test programs:

1m2.704740489s ago: executing program 0 (id=223):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x7})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5, 0x8}) (async)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0xffffffffffff692c}) (async)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=ANY=[], 0x28}, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4208ae9b, &(0x7f0000000200)={0x10003, 0x0, [0x0, 0x0, 0xc3cb, 0x7, 0x80000000, 0x81, 0xa4, 0xb]})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

55.335863645s ago: executing program 1 (id=225):
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000) (async, rerun: 32)
munmap(&(0x7f0000973000/0x2000)=nil, 0x2000) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000480)={0x0, &(0x7f0000000500)=ANY=[@ANYRES32], 0x454}, &(0x7f00000004c0)=[@featur1={0x1, 0xf}], 0x1)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x0, 0x1000005, 0x80010, r0, 0x0) (async)
munmap(&(0x7f0000e0c000/0x2000)=nil, 0x2000) (async, rerun: 64)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (rerun: 64)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000240)={0x8080000}) (async, rerun: 64)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (rerun: 64)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="82000000000000002800000000002d7b9f4327cab800000000001a01000000000000000100000000000000000000000000005dea25155c2459a33749a2e3d00a00732477596be0363d6ccbfb447390e99668d59b3982e62cb1212feb35cf65eee2bda5c761b36997457a163a906ddf42dc81f4981a6ffc877e6db87950dd434cae0d5dcbcef1211650306af07432f0d4080da0b8553d77c802af717d75629c4ef63f9006529b240ca9abbea3d9828cf9942f6a9b986d7ed3553223f572b91159c15d6da62735ddfe4ef83e430a434169e8339219e39fd2ae1339582756c2d0b61502272fb3c14b37e66d77fd1c11d043870e765e523459913316f345de3b957c00787ae9632c19249a7b074c8d932e6383143e150dfb305630ee75dad76088a2660e3d3ecd5f726c6a47988f19a4649021a190f39950da5432134fece1a881ce9c0f9f0fba510662b6ea4e18a664662166abb577dc75554c763c43b2a15b0cf3947cb81fb7aaa8628194c7eb6d8e85661fa1dae22d722b1c9bc32c825056ce6e4ab5dc6226ffb410739bac00e4ef701e5d7d5c4be5be4c1dae0c7a65027e0ba75347c14b266eb9a017132b0d9400"/445], 0xfffffffffffffd7a}, 0x0, 0x0) (async)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000d48000/0x3000)=nil, r5, 0x2000002, 0x110, r4, 0x0)
mmap$KVM_VCPU(&(0x7f0000e37000/0x3000)=nil, r5, 0x9, 0x10, r0, 0x0) (async)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000e0b000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000c00000/0x400000)=nil, 0x400000)

54.817970395s ago: executing program 0 (id=226):
mmap$KVM_VCPU(&(0x7f0000daf000/0x3000)=nil, 0x930, 0x3000007, 0x8a031, 0xffffffffffffffff, 0x0)
r0 = mmap$KVM_VCPU(&(0x7f0000f82000/0x3000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000005c0), 0x20000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeab, &(0x7f0000001280)={0x6, 0x1000})
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000f82000/0x1000)=nil, r4, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000040)=0x6})
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000180), 0x140, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f00000000c0)={0x5, 0x9})
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c028, &(0x7f0000000140)=0x6})
r11 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

47.131837434s ago: executing program 1 (id=227):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x0, 0x973, &(0x7f0000000100)=0x10001})
r5 = mmap$KVM_VCPU(&(0x7f0000dee000/0x3000)=nil, r1, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="e51b9ce9a032a1ca7079bce9b3cf3ba9c7fbc2e7ab457eacc044b677d9d49c274b8d12fb382e0520cadbc6763409ffdb41911831b85a42b40c1689a8bf14be81eda4bae2d8c28ef8", 0x0, 0x48)
r6 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000000)={0x2, 0x8000, 0x2})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r1, 0x2000002, 0x4f832, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x40) (async)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x0, 0x973, &(0x7f0000000100)=0x10001}) (async)
mmap$KVM_VCPU(&(0x7f0000dee000/0x3000)=nil, r1, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="e51b9ce9a032a1ca7079bce9b3cf3ba9c7fbc2e7ab457eacc044b677d9d49c274b8d12fb382e0520cadbc6763409ffdb41911831b85a42b40c1689a8bf14be81eda4bae2d8c28ef8", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000000)={0x2, 0x8000, 0x2}) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r1, 0x2000002, 0x4f832, 0xffffffffffffffff, 0x0) (async)

39.502961145s ago: executing program 0 (id=228):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = mmap$KVM_VCPU(&(0x7f000083d000/0x3000)=nil, r1, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="e51b9ce9a032a1ca7079bce9b3cf3ba9c7fbc2e7ab457eacc044b677d9d49c274b8d12fb382e0520cadbc6763409ffdb41911831b85a42b40c1689a8bf14be81eda4bae2d8c28ef8", 0x0, 0x48)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc0402, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x6, 0x0, &(0x7f0000000180)=0xfffffffffffffbf8})
openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x18b080, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f00000000c0)={0x5, 0x10})
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000300)={0x0, &(0x7f0000000280)=ANY=[@ANYRES16=r9], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x1, 0x100)
r12 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000000000028000000000000000100000000000c0001200000000000000100000000000000"], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r14, 0x4, 0x100)

38.481761083s ago: executing program 1 (id=229):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000080)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000000)=0x1f})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_GET_ONE_REG(r6, 0x4000ae8d, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f0000000080)={0x1000, "53735a9624aead5cc6186606bdf3c047254ccb34b95ef279789f0089b59e5e890d223bf548d849ddad80febea217ed6c37566f0d4d93d38cd93a47f687f1386f8210ceacbbc0abe379f88ba054b3a33f66bff47a3f1a81023c1338c73fbfb6242be5090936ca5da0a55e1d66849f9296f7634825463a095a88ba3dc3b273ce20e460177ea8e6333ce77d92a11c01a48b01e3cb8c937556e91191378f7f4f48d4e6160010c7a27892a0f6a7fd49ec1986dbddc2091195830022df778c53f7143ec8aa7ea67184afc1b4290c51780334886c43183b4f7ff418bde0d0eac02133decb9145352ec6a3d4538d56a2902db05f7117cc685b538ff378478fd26234cff42646df546583a4bab43f18c68c93de8797ec7509af74d3019c99635f315acc620a6d88e62ffaeed2784d21299152e8cd4cd7ac93a6ca3636a9d0ebbe616f94cbfa4d6fa9debdc683b350787899ad885288b3c56c6d87faab2e8969bf3397f966d1c1b0bcf0450527f4ab9e8c6ffd874a265c677b2f72c0d1c184c93a45c4eb8c55e4d01f9ea07d76c5f67a54d76dbc082e0529c8b0541ab50fb929c84144eccc22955f578116d3c6dff563fe630564c86bd61d5a00054c3e17f44684c539f26bcbef992f4a22458ad27f70d22b53dbe193fbbbc0a77cf2d7fd05b35791745957af616f761be26bce20bde0336fa11ca42a605af69c69f29d961161e2eb396a045828123f2049f96767c9eaeedfcb4759e66c6acac43efb7a0a68cd924eb96af5d08438971c347cafbb9b99f39ecb6708c782f8bc1ac95f314dad36ebea417536cada3a4bc1224d9d1b35aed0d3a6b0e9ab01e76511eb643cb78988526b9b6fdbc6e349e91b1be3c1c4948f26b2f3de1eb29cf56a1be3bf7dc6f534532acd87946d6151af53784f6e51bf436b51323122e3c5f11db2712c57b10dec014610dc3f18fcb2e4885c3894ad9b5a7e7ce483528c16109e7203180fd917bca3bd1a2a8fad75df53255da6f29d355bca2357d0eace1314df6a547ccd440f422245fa73bf41ab7963a6dbb9d9558fa7d05936ff5a3b7aee03ec71cc7d60574c6083b87603ba2b71219814fb92933e0eabcf04c045e21b3223d4a3491b47df553de5f30910046413dc4f73ffb0a417ba46958342d639e8c08816114d398f8b855a15d1aa33990cb82782bd9db2bea450c6189aa0e64e9643969f5116c5e5ab071005a29ad7308a564ce9b5a5197bd05014e5492307c73cecf95eee1d7f5a28f3c1817f56e98c3b8325640ab537cae71ec6a5139bd36c19f5f87a89aef93e3c7da4dbe6fe2b70536fd0db78f4e0a72a8585afce6264f2de69206b8307661d175a8d15754a54143dd301e3772a0dba77a42ca1446550eb14f10ec6e62e6876666fa08f0fe426ce9f32b380e7ca42c4bf641a8f0202a2c56b7329b8c190c9937f57e814460321f09ad26f19bf38ac72c356b066e780e1d9d7857127e5531387d9c2d4e5c16f8b357b4a7c451a2d1b9ab7b18191c1d49d0bbf25bb59414bfcb5586f4cbaeedbf138a95fdb6a82e06df770bff5fb3175d494f4035490745b34c420863b00829ff90f60d564df98b87d8ecf99e6db4dfc81439b541a8ae530b08249629ece4f3ff38b00d3092edb9dd81af31b918de9871d6c84f79deec43b03e400d308081b4965aea765b71bc727c92eed0d514a8bd0a92c57b880bb40b5ac6a2f7cf1211eaa29473cc7843b4f44ccfaad3d0d81f494fdf109a7eee4a2f4f003efcbcef928d9d2b23dc4448615547f28bad2c1d3c031c8ecbfbde525ad3e7c50b0c1aa2a6b411b9e7750fc85f0553e65edfdd3cd98998f380039447232cf12c32f6714ca90772e57b92babceced7f048e3a3e62cb5ab3e9f4a5bb4d0c2e8722bddd9f77b058116488423cc96121ba08c5c28c882b949166c26ac4b4d370040c544d142ae71352fff05159c698c07ee72d3cb5540c0c881154183aa0829b4005ce30d7fd9e55d00e65777a38e8a95d4c83c8ff821102679db4c88ea1a7b152d64a04d3062381c212925ab7a5b8b76f9a734c7eba3a80297fbf13d0408318d0c7536fd12f4e562003383a3a1356059307cba43613a442672653435267359ce9ff4ee6fbf8dd7dd2038752e0cf999dabfd821b671e194fb46eca7353ece350f93bca65eada8d1eba11b5b8f995e198ee6a6d63670788dd034f90798bc808d577255bf7b124918edadcc0b011dbc9c408989675c085930e1634348c7f192fd364e57b88433f511dc7aded1fddc9c9b05ac3290f769f97ea74782bcaddb8d27dbae1fe3453c0f85db39b13e96c50b85e373041bf437292e530e0685773d81bda08fc835a7b117af4cfefd60bec9c535454fb70e659e41ae8268bf0b12d0e5da864a2c37894ae7fc015e223b27f36dfae90c9d23954962d80cb1152d7a3cefb7c03a1a2d6fc76e42a212f7d1561d9cc1af1bdc0f1cd95ff066a69b889e2e866511dc7adf5912b17a38b172393d63011132e9921080fca815f44aa430131cd0349cbebfab2abe8d2bfaa9ed515e5006f5ff3d80c9f7a939787a18f9d4db4ad913c6f81522c7588f22b61870c18cd40bc459521f93cdfc06dd15deb674fae6bfb18d437955365530330293a0078d4e06e77c5e08297957f327d9c8399bb72289da17555df33a22d53b9946bfd2b833cce265419c1cb712d5a815133aea8308f8da97a7a36b30bfc7a05dabc73131450b58aee8726c1cd367c3eeeb4858148f8cada8712c9105e0a4c3c4cbece2d7a9e3007a12a755000b0430136d84cf87742a6d3baf506e6543ba98070cb72bc9e3c8f6a5330ee683af8837c4b7547b7c5e4650c10bffe98ef6bebdf14cfe132b2db81c3ad9190ad77a22d7f413fefa2357df163e968ae041e335c5361e6f50aa6ea8462e43f28797cd678fc3f69b2b566782930274737edbec8f9c79ad9b9c7611ab334443b35984029cb5941b4ca5e7ff2dda634e408f525ad3e4fd4e53e580f37f9a70666430c618ea2b79ef3bd6465b83157a390567d72128dec9f523c935153c17c0be2b9364b3b0a56f934d578f38c02355bb00172f012ac255e21f3c0740a53864210fff7389efa803a0f48f22c34241a705a1f69f11e5433dccbc4534b12a915ada0124faff5f4b0a46879abe65d0bfaf9af6ec920f91df6ac4ac1a9592f90de03fca45a68f720ea60e922e684ba168856e69b5979a5fd435c118124541948ca0791a6488d0a44125b15811e410073f676711a254bf772335174f25ed9152c923dcb91f29a3bb42764c4be98c9a2668814871624e06100aa2bac8f249f22831afdf8390573bdcf54215353acafd76bc0fbe220c6b357dd56707558a09e8105fc4f65ec18bfb6fc72ea27e660150281c5830118eee5444e5d567419a274c518353fb02fd11109aa2f7c2c9ff140f280210d6e1f3ecf3d666bde054da2b9bfd1a75744fce1336de40a10c561922c7f1337cde764554a3bcf23ca4a881dd29aabfa0af2e1b4d9238be0b77687367be8b42e7b7ce3b47d03bf891ca193fce8a4736004bb7aefe67b8a6f2a4ae2f238d6d91b583aafb046d30cfb96e40c37473a44f51f8da8589fe5e4ebf7d1a2ca1d1ee3cfdcd0a1f452c93680c129430bac71182520ebc11ad58ef8b91bae6d69a17fe8d78734b1f63e43bc34e2d7715cd5590cb9b8f2ff512d73ed5c1f63644508f43e93daec8128615f9ce42402861678319b19628c9f9878d0d71e9650178e1e9ff4ff54ed79fa4c1c0a6e59ef329d5aa9757604ab7a95c56e307db71929701a9e053f7c779dee9a0ac1350925f3f10bf426d45c32f65f589a86b820a863cd958756168b603a228e71bdc8ef4f1d60da2616299e00f3d5e3fcf36e1777beedc613f25f8a516053c767102b42f409d89a4d64c00124b32eff775aa8cdf21a8788eae9cf20163e7af29290d8911e1b56fc9c6d2b2c4831e84f3163470aefe6387b6b44b55f3ee79966e429b1a7cc34eddcc624817fef2051ea4779eaf93ad52958b86c01c48fb4e213f385a4f3dd57b699425dfcd43b8f1afd6f3e2d1e15be0606ebe16390445c69071ab7396da087b85e41ce462571350e22b571e7f9a510c726ec28019a7cb1eb8ffb14288388aee0934b2222baf6e0143600336f2318780c3fb1318a0d2ad06b06c6086c2a363db8a2adb8f327a57d11ac696ef2886cd2a3d877c522c67d09b9b725e0f72d7949025eab83a57c7788f9d98ae4a7f0d5bf32635bfb992ab6ffe91a224a59d2312a23b2de49321fba22716d71968c47d2e54acb2a6e622e1063726c55e338be1ba4d4375a9241142cf761d8e6aca1adf2b047d61fc42b1290ad7c141e552d9182fdc8d327655fa830e3c0bcf2d4e1283ef2b0d690f4900e63a39d5599d0968c9d37bdddcc2860cd4f7fab6d9e62afffe6df808d725da63773ebd5fdfa6ad5112a5cf5304be100f148acfc5eec06af1b107aa4c742119b16d76587c7594633113cb0cd383f0148fd5b97877a88a43fc6e0e250608c22b9677cfd2e57f2351646a4754d554c7afa8cfc7bfddee41227cf8e7b46bce14183dfb8cdee71394d83051e734ad5638127bf5615729a8e3477473507679243aae892e671d505d3f94e87237319dbd8d1f044a54cc5475a9001730bb144c1b81dc5a9bd98bc8c2ea6afb23bd3e14ef1fecaa5247fbc0ce30e13e111d94a6b9d612db15e4f85d396af8bf0bb539a6dec39523c06768179177c7ca54070c3dcd576ffb11894bb37dd1e17d532179cfe3b5105c4c1929314b0429e989714b0a8c79b4876fbba723dfe76f3ce0b4ddc2cfa9d89fe696c2b17513165b4f752c86084f1303fd8d203d0789dbe6b500e476afbc3917a37395fdf41443f7df6660975a440d5d8b24dbb7af02da81d1e978b92ce88f6e4f687ea8d962f433bf4aa7c3936b01b4ed9557318962d8fc84746d9987b2766f514b6e093e321373825d5aa26fd751ba46141a57dbeb6c7fff625aab2c47665df82faa7d549431c66ff2fb2cb1d62df2b1510438b4fb6ba37b0c453e28aab456b26cf3515eb113f0c84dfac691424b547aede36d1fdea3b9d2a1437e5ef32eda53a581910c83e9061bfedc6f6698564093bef90b3b3715ebddf7423a2260796b9d39a022cce5965faca8ce2b75c9d7f262833fef907f900ba3d6b5c1b4b08af657e5d9358daa014e68e4313ebe115a02a9be570497c8ed2f8a2b025efd5d4a96113a99f06b559c5ed6e00d4e86f9bd2051dd49ef9afe7c0dca5a443c59e150e15485dab49eda02d8eecaf24fde064c07ac0cc75d4e86b306d88f9eac81a37a153ebc5a45f1f3538a032fc1e1bba164e4e6a9c8e49ea263273e8e31de9383672774bf8bc3e11ee8db8e2469636d57dddd2dcb152aa0a6f89c0dc4c84ff4607efcb9712ef27ad777648b2f78145240e8afe3915406e636e265d8fcfa51fea4be41b6d2178c5166531709491b67b90c7d5d4170f6dfd0a16b5c3e4c9c9afc859ca0955f126fb43c4e45a6f1445ebcffbb14442901620d36e0b91debbcbe4a62742a395d440e2071bda129377c6e98c68b9fdb504312a0866a0c04a18b0f0254351b6912d5e97b5f9341369769cfb66d595b205ced16c24cd2ef804faff004965509397b0e94f4c4e8057e1665d0b50e69bf9dfca9ba9c0d17e28dcc8cc2f9b7a5329d6fbd3d7165e1037c0516a6fc94a678a25ffa61cfccda088ae8a5709ef4b807577ca6bdf8e299428e9e268c22a0e0f24c4f773ac6bb9fbac506dd954bfdc52c46ab73ee8c95d9b8e7b5875bbbf6146c9111a2b85553d3fcd8"})

27.964852864s ago: executing program 1 (id=230):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="820000000000000600000000000000000100000000000000010000000000000001000000005d0000aa0000000000000028000000000000000c00000000000e0000000e00080002000000000000000000339e3369b5aca03037b13c36d7093445c5859c9ab65412dd09c66fa1"], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r4=>0xffffffffffffffff})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000040)={0x3, 0xeeee8000, 0x0, r7, 0x2})
r8 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000080)={0x2, 0x0, 0x1, r8})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x2c00, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x7, <r11=>0xffffffffffffffff, 0x1})
r12 = ioctl$KVM_CREATE_VM(r11, 0x894c, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xb701, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r16, 0x0)
ioctl$KVM_CREATE_VCPU(r13, 0xb704, 0x20000002)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000001a40)={0x8, 0x0, 0x0, r8})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

25.614394422s ago: executing program 0 (id=231):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x109901, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000140)={0x6, 0x800003a, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000004c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x20}})
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000500)=[@uexit={0x0, 0x18, 0x4}, @smc={0x1e, 0x40, {0x200, [0x7b0, 0xdaa, 0x8, 0x200, 0x7]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0xab}}, @irq_setup={0x46, 0x18, {0x0, 0xcc}}, @memwrite={0x6e, 0x30, @generic={0xffff1000, 0x4e8, 0x5, 0xf}}, @smc={0x1e, 0x40, {0x3000000, [0x8, 0x4, 0x80, 0x7, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x1, 0x10, 0x10001, 0x5, 0x3}}, @hvc={0x32, 0x40, {0x84000014, [0x7f, 0x9, 0x7fff, 0x2, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013df42}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0xf}}, @svc={0x122, 0x40, {0x400, [0xe, 0x2, 0x121, 0x9, 0x4]}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x3a2}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x2, 0x6, 0x0, 0x6, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x1, 0xac3a, 0x4, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013e663}}, @msr={0x14, 0x20, {0x603000000013def2, 0x62d}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x8d}}, @irq_setup={0x46, 0x18, {0x1, 0x12f}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0x7, 0x5, 0x6, 0x4}}, @eret={0xe6, 0x18, 0x6}, @uexit={0x0, 0x18, 0x10000}, @code={0xa, 0x6c, {"0080c04800000010008008d5007008d50000005e008008d50040601e007008d520ef94d20000b0f2810080d2820180d2630180d2a40180d2020000d4e06988d200e0b8f2a10080d2220180d2830080d2440180d2020000d4"}}, @code={0xa, 0xcc, {"007008d5000028d560699ad200e0b0f2810180d2c20180d2030180d2440080d2020000d4a05f80d200c0b8f2410080d2c20080d2630180d2040080d2020000d4007008d5e07594d20080b0f2010180d2c20180d2030180d2040080d2020000d4c09586d200e0b0f2010080d2220180d2630180d2840080d2020000d4a0d69bd20080b0f2410180d2220180d2e30180d2440080d2020000d4008008d520c89ed20040b0f2410080d2420080d2430080d2a40080d2020000d4"}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x1a1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x0, 0xe, 0xff, 0x9, 0x2}}, @svc={0x122, 0x40, {0xc5000021, [0x6, 0x7, 0x3, 0x5, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x40, 0xfffffffffffffff4, 0x3}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0xa6d, 0xfffffffffffffb04, 0x3}}, @svc={0x122, 0x40, {0x188000002, [0x7ff, 0xffffffff00000001, 0x3, 0x3]}}, @irq_setup={0x46, 0x18, {0x4, 0x40}}, @uexit={0x0, 0x18, 0x1}, @svc={0x122, 0x40, {0xc4000004, [0xff3, 0x800000000, 0xffffffffffffffff, 0xffff, 0x10000]}}], 0x620}, &(0x7f00000000c0)=[@featur2={0x1, 0x80}], 0x1)
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="820000000000000028000000000000000200000000002200040000000000000001"], 0x28}, 0x0, 0x0)
r10 = syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x3, 0x0})
syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x13)
r12 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x401, 0x3c0)

14.772142206s ago: executing program 1 (id=232):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000180)=@arm64_fp={0x6040000000100086, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000200)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013ff11, 0x1}}], 0x20}, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f0000000000)=ANY=[], 0x40}, 0x0, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x2082, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x3, 0x80)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0a0000000000000018000000000000007f2003d5"], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x3)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r16, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18})
ioctl$KVM_ARM_VCPU_FINALIZE(r16, 0x4004aec2, &(0x7f0000000180)=0x4)

11.008122594s ago: executing program 0 (id=233):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x109000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb52456008000010000000008100cd30f00715f86636545744c404000000006abf47d90000000000000000000000000000000000000000fff900", 0x0, 0x48)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
write$eventfd(r8, &(0x7f00000001c0), 0xff3c)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
r11 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r10, 0x100000a, 0x12, r11, 0x100000)
r12 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r3, 0x0, 0x12, r12, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r3, 0x0, 0x2012, r12, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)

1.448323404s ago: executing program 0 (id=234):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x400080, 0x0)
r1 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async, rerun: 32)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1}) (rerun: 32)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x800454e1, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f00000000c0)={0x1fd, 0x0, &(0x7f0000ffd000/0x3000)=nil}) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x20001)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0xe})
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c03f, &(0x7f00000001c0)=0x10001}) (async)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000000)={0xf, "c5d6b6096d531ec5b63f8b6691ea83"})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
ioctl$KVM_CAP_ARM_MTE(r6, 0x4068aea3, &(0x7f0000000140)) (rerun: 64)

0s ago: executing program 1 (id=235):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)=@arm64={0x72, 0x0, 0xc, '\x00', 0x8}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)=@arm64={0x72, 0x0, 0xc, '\x00', 0x8})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000440)=@arm64_core={0x6030000000100042, &(0x7f00000000c0)=0x3fd}) (async)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000440)=@arm64_core={0x6030000000100042, &(0x7f00000000c0)=0x3fd})
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x0, 0x8}) (async)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x0, 0x8})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x9, 0x2}})
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@msr={0x14, 0x20, {0x6030000000139828, 0x8}}, @smc={0x1e, 0x40, {0x84000050, [0x4, 0x7, 0x7, 0x2, 0xff]}}, @msr={0x14, 0x20, {0x603000000013e6d2, 0x2}}, @uexit={0x0, 0x18, 0xfffffffffffffffe}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x1c0}}, @irq_setup={0x46, 0x18, {0x4, 0x1df}}, @eret={0xe6, 0x18, 0x80}, @mrs={0xbe, 0x18, {0x603000000013803c}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0xd8}}, @hvc={0x32, 0x40, {0xc5000021, [0x3b, 0x1, 0x400, 0x1, 0x1]}}, @msr={0x14, 0x20, {0x603000000013c685, 0x1565}}, @uexit={0x0, 0x18, 0x4941}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x1, 0x6, 0x80000001, 0x7, 0xf}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1000, 0x3, 0x4}}, @mrs={0xbe, 0x18}, @hvc={0x32, 0x40, {0xc400000e, [0x3ff, 0x313a3688, 0x0, 0x7, 0x3]}}, @irq_setup={0x46, 0x18, {0x4, 0x2ee}}, @code={0xa, 0x6c, {"00c899d200a0b0f2610080d2c20180d2c30080d2240080d2020000d4000008d500fc4093000c003c007008d500c8a10e000008d50040621e0020202e40419bd200e0b0f2e10180d2220180d2630080d2240080d2020000d4"}}, @msr={0x14, 0x20, {0x301800000009f675, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x200, 0x8, 0xc}}, @irq_setup={0x46, 0x18, {0x2, 0x201}}], 0x344}, &(0x7f00000001c0)=[@featur1={0x1, 0x30}], 0x1)
ioctl$KVM_ARM_VCPU_FINALIZE(r8, 0x4004aec2, &(0x7f00000005c0)) (async)
ioctl$KVM_ARM_VCPU_FINALIZE(r8, 0x4004aec2, &(0x7f00000005c0))
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r9, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0x86000000, [0x3, 0x8, 0x6, 0x0, 0xfffffffffffff509]}}], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

[  378.188928][   T25] audit: type=1400 audit(377.300:60): avc:  denied  { read } for  pid=3132 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  394.417617][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0
[  429.862219][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:33044' (ED25519) to the list of known hosts.
[  611.271251][   T25] audit: type=1400 audit(610.390:61): avc:  denied  { name_bind } for  pid=3284 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  613.545775][   T25] audit: type=1400 audit(612.640:62): avc:  denied  { execute } for  pid=3285 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  613.572544][   T25] audit: type=1400 audit(612.680:63): avc:  denied  { execute_no_trans } for  pid=3285 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  639.002804][   T25] audit: type=1400 audit(638.110:64): avc:  denied  { mounton } for  pid=3285 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  639.073093][   T25] audit: type=1400 audit(638.190:65): avc:  denied  { mount } for  pid=3285 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  639.249314][ T3285] cgroup: Unknown subsys name 'net'
[  639.358317][   T25] audit: type=1400 audit(638.470:66): avc:  denied  { unmount } for  pid=3285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  640.036196][ T3285] cgroup: Unknown subsys name 'cpuset'
[  640.242718][ T3285] cgroup: Unknown subsys name 'rlimit'
[  641.989436][   T25] audit: type=1400 audit(641.110:67): avc:  denied  { setattr } for  pid=3285 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  642.032517][   T25] audit: type=1400 audit(641.130:68): avc:  denied  { mounton } for  pid=3285 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  642.058733][   T25] audit: type=1400 audit(641.170:69): avc:  denied  { mount } for  pid=3285 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  643.597099][ T3288] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  643.617421][   T25] audit: type=1400 audit(642.730:70): avc:  denied  { relabelto } for  pid=3288 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  643.639358][   T25] audit: type=1400 audit(642.750:71): avc:  denied  { write } for  pid=3288 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  643.823457][   T25] audit: type=1400 audit(642.940:72): avc:  denied  { read } for  pid=3285 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  643.842581][   T25] audit: type=1400 audit(642.960:73): avc:  denied  { open } for  pid=3285 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  643.890250][ T3285] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  689.638674][   T25] audit: type=1400 audit(688.760:74): avc:  denied  { execmem } for  pid=3289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  693.366889][   T25] audit: type=1400 audit(692.470:75): avc:  denied  { read } for  pid=3291 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  693.373653][   T25] audit: type=1400 audit(692.480:76): avc:  denied  { open } for  pid=3292 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  693.453578][   T25] audit: type=1400 audit(692.550:77): avc:  denied  { mounton } for  pid=3292 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  693.720816][   T25] audit: type=1400 audit(692.830:78): avc:  denied  { module_request } for  pid=3291 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  694.883450][   T25] audit: type=1400 audit(694.000:79): avc:  denied  { sys_module } for  pid=3292 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  725.138718][ T3291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  725.433105][ T3291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  725.496944][ T3292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  725.737427][ T3292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  738.252575][ T3291] hsr_slave_0: entered promiscuous mode
[  738.282637][ T3291] hsr_slave_1: entered promiscuous mode
[  739.187893][ T3292] hsr_slave_0: entered promiscuous mode
[  739.219888][ T3292] hsr_slave_1: entered promiscuous mode
[  739.245907][ T3292] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  739.250519][ T3292] Cannot create hsr debugfs directory
[  744.941659][   T25] audit: type=1400 audit(744.060:80): avc:  denied  { create } for  pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  745.006482][   T25] audit: type=1400 audit(744.120:81): avc:  denied  { write } for  pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  745.056745][   T25] audit: type=1400 audit(744.170:82): avc:  denied  { read } for  pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  745.203026][ T3291] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  745.539813][ T3291] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  745.909374][ T3291] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  746.248442][ T3291] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  747.620801][ T3292] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  747.792930][ T3292] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  747.981469][ T3292] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  748.170786][ T3292] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  764.218008][ T3291] 8021q: adding VLAN 0 to HW filter on device bond0
[  766.548536][ T3292] 8021q: adding VLAN 0 to HW filter on device bond0
[  830.620912][ T3291] veth0_vlan: entered promiscuous mode
[  831.189081][ T3291] veth1_vlan: entered promiscuous mode
[  834.171874][ T3292] veth0_vlan: entered promiscuous mode
[  834.548185][ T3291] veth0_macvtap: entered promiscuous mode
[  835.087660][ T3291] veth1_macvtap: entered promiscuous mode
[  835.273729][ T3292] veth1_vlan: entered promiscuous mode
[  838.262105][ T3291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  838.279590][ T3291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  838.291856][ T3291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  838.302715][ T3291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  838.550862][ T3292] veth0_macvtap: entered promiscuous mode
[  838.967266][ T3292] veth1_macvtap: entered promiscuous mode
[  841.075111][   T25] audit: type=1400 audit(840.190:83): avc:  denied  { mount } for  pid=3291 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  841.333739][   T25] audit: type=1400 audit(840.450:84): avc:  denied  { mounton } for  pid=3291 comm="syz-executor" path="/syzkaller.2JasAH/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  841.553421][   T25] audit: type=1400 audit(840.670:85): avc:  denied  { mount } for  pid=3291 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  841.835898][ T3292] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  841.840011][ T3292] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  841.859405][ T3292] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  841.869554][ T3292] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  841.985763][   T25] audit: type=1400 audit(841.070:86): avc:  denied  { mounton } for  pid=3291 comm="syz-executor" path="/syzkaller.2JasAH/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  842.132358][   T25] audit: type=1400 audit(841.250:87): avc:  denied  { mounton } for  pid=3291 comm="syz-executor" path="/syzkaller.2JasAH/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3231 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  842.811921][   T25] audit: type=1400 audit(841.860:88): avc:  denied  { unmount } for  pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  843.102433][   T25] audit: type=1400 audit(842.220:89): avc:  denied  { mounton } for  pid=3291 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  843.177774][   T25] audit: type=1400 audit(842.290:90): avc:  denied  { mount } for  pid=3291 comm="syz-executor" name="/" dev="gadgetfs" ino=3242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  843.512578][   T25] audit: type=1400 audit(842.630:91): avc:  denied  { mount } for  pid=3291 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  843.633312][   T25] audit: type=1400 audit(842.750:92): avc:  denied  { mounton } for  pid=3291 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  844.936434][ T3291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  846.115674][   T25] kauditd_printk_skb: 3 callbacks suppressed
[  846.128115][   T25] audit: type=1400 audit(845.220:96): avc:  denied  { ioctl } for  pid=3291 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  849.300603][   T25] audit: type=1400 audit(848.410:97): avc:  denied  { read } for  pid=3449 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  849.335898][   T25] audit: type=1400 audit(848.450:98): avc:  denied  { open } for  pid=3449 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  849.820344][   T25] audit: type=1400 audit(848.930:99): avc:  denied  { ioctl } for  pid=3450 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  853.766848][   T25] audit: type=1400 audit(852.880:100): avc:  denied  { append } for  pid=3450 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  870.842281][   T25] audit: type=1400 audit(869.960:101): avc:  denied  { write } for  pid=3465 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  873.420418][   T25] audit: type=1400 audit(872.510:102): avc:  denied  { execute } for  pid=3465 comm="syz.0.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3706 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  884.970555][ T3474] kvm [3474]: Failed to find VMA for hva 0x208a1000
[  934.725916][   T25] audit: type=1400 audit(933.820:103): avc:  denied  { setattr } for  pid=3506 comm="syz.1.16" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  985.949473][ T3537] kvm [3537]: Failed to find VMA for hva 0x21016000
[ 1066.312773][   T25] audit: type=1400 audit(1065.430:104): avc:  denied  { map } for  pid=3594 comm="syz.0.41" path="pipe:[2383]" dev="pipefs" ino=2383 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1105.530247][ T3621] debugfs: File 'vgic-its-state@0' in directory '3621-4' already present!
[ 1442.818007][   T25] audit: type=1400 audit(1441.900:105): avc:  denied  { execute } for  pid=3854 comm="syz.0.114" path="/sys/kernel/debug/kcov" dev="debugfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1
[ 1587.412841][   T25] audit: type=1400 audit(1586.530:106): avc:  denied  { ioctl } for  pid=3945 comm="syz.1.141" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1662.759965][ T3994] debugfs: File 'vgic-its-state@0' in directory '3994-4' already present!
[ 1836.387129][ T4110] kvm [4110]: Failed to find VMA for hva 0x20c01000
[ 1882.747601][ T4144] kvm [4144]: Failed to find VMA for hva 0x20c01000
[ 1989.592743][   T25] audit: type=1400 audit(1988.620:107): avc:  denied  { map } for  pid=4210 comm="syz.0.215" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1989.605997][   T25] audit: type=1400 audit(1988.710:108): avc:  denied  { execute } for  pid=4210 comm="syz.0.215" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2062.459966][ T4267] kvm [4267]: Failed to find VMA for hva 0x20c01000
[ 2084.529798][ T4282] ------------[ cut here ]------------
[ 2084.531196][ T4282] WARNING: CPU: 0 PID: 4282 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac
[ 2084.535460][ T4282] Modules linked in:
[ 2084.538251][ T4282] CPU: 0 UID: 0 PID: 4282 Comm: syz.1.235 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 2084.540229][ T4282] Hardware name: linux,dummy-virt (DT)
[ 2084.541707][ T4282] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 2084.543286][ T4282] pc : pend_sync_exception+0x198/0x5ac
[ 2084.544429][ T4282] lr : pend_sync_exception+0x198/0x5ac
[ 2084.545526][ T4282] sp : ffff8000a3ce78c0
[ 2084.546471][ T4282] x29: ffff8000a3ce78c0 x28: 0000000000000040 x27: 40f000001d645b28
[ 2084.548791][ T4282] x26: 0000000000000040 x25: 0000000000000001 x24: 0000000000000000
[ 2084.550661][ T4282] x23: 0000000000000000 x22: 0000000000000040 x21: 40f000001d646701
[ 2084.552678][ T4282] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 2084.554607][ T4282] x17: 000000000000009f x16: ffff800080011d9c x15: 0000000020000040
[ 2084.556498][ T4282] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000a3
[ 2084.558313][ T4282] x11: a3f000001d63d064 x10: 0000000000ff0100 x9 : 0000000000000000
[ 2084.560298][ T4282] x8 : a3f000001d63bb00 x7 : ffff800080b08704 x6 : ffff8000a3ce7a88
[ 2084.562081][ T4282] x5 : ffff8000a3ce7a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 2084.563931][ T4282] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 2084.565991][ T4282] Call trace:
[ 2084.567176][ T4282]  pend_sync_exception+0x198/0x5ac (P)
[ 2084.568671][ T4282]  __kvm_inject_sea+0x268/0x96c
[ 2084.569922][ T4282]  kvm_inject_sea+0x98/0x72c
[ 2084.571054][ T4282]  __kvm_arm_vcpu_set_events+0x134/0x238
[ 2084.572193][ T4282]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 2084.573299][ T4282]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 2084.574443][ T4282]  __arm64_sys_ioctl+0x18c/0x244
[ 2084.575570][ T4282]  invoke_syscall+0x90/0x2b4
[ 2084.576630][ T4282]  el0_svc_common+0x180/0x2f4
[ 2084.577810][ T4282]  do_el0_svc+0x58/0x74
[ 2084.579006][ T4282]  el0_svc+0x58/0x160
[ 2084.580072][ T4282]  el0t_64_sync_handler+0x78/0x108
[ 2084.581232][ T4282]  el0t_64_sync+0x198/0x19c
[ 2084.582523][ T4282] irq event stamp: 56
[ 2084.583476][ T4282] hardirqs last  enabled at (55): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 2084.585151][ T4282] hardirqs last disabled at (56): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 2084.586628][ T4282] softirqs last  enabled at (38): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 2084.588168][ T4282] softirqs last disabled at (36): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 2084.589723][ T4282] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 2105.308935][   T21] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2106.448944][   T21] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2106.981716][   T21] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2107.408962][   T21] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

VM DIAGNOSIS:
06:38:11  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008044f8c8 X00=00000000000003c0 X01=ffff8000872b1fa2
X02=0000000000000000 X03=ffff80008047b3ec X04=0000000000000000
X05=0000000000000001 X06=0000000000000000 X07=ffff800081ebe428
X08=00000000000003c0 X09=00000000000000a3 X10=00000000000000a3
X11=a3f000001d63bb00 X12=0000000000ff0100 X13=00000000ffffffff
X14=0000000000000000 X15=ffff800087f39a30 X16=0000000000000000
X17=000000000000009f X18=0000000000000000 X19=00000000000003c0
X20=0000000000000001 X21=ffff800087706128 X22=a3f000001d63c5e0
X23=ffff800087666580 X24=a3f000001d63bb00 X25=0000000000000002
X26=a3f000001d63bb10 X27=00000000000003c0 X28=ffff800087705000
X29=ffff8000a3ce71d0 X30=ffff80008651b408  SP=ffff8000a3ce71d0
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000000 Z01=0000ffffdc455120:38a5d99c9f34ac00
Z02=0000ffffdc455100:ffffff80ffffffd8 Z03=0000ffffdc4551b0:0000ffffdc4551b0
Z04=0000ffffdc4551b0:0000ffff80d36d08 Z05=0000ffffdc455180:0000ffffdc4551b0
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffdc4553d0:0000ffffdc4553d0 Z17=ffffff80ffffffd0:0000ffffdc4553a0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000