last executing test programs:

59.434550216s ago: executing program 1 (id=1005):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40800, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100042, &(0x7f0000000200)})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x101000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b60000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=ANY=[], 0x18}, 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r10, 0x100000a, 0x11, r7, 0x100000)
ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x8020aeaf, &(0x7f0000000180)=@attr_other={0x0, 0xfffffff0, 0x777c, 0x0})
r11 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, r14, 0x3000011, 0x2012, r13, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x1000)=nil, r14, 0x2000007, 0x30, r2, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r15 = syz_kvm_vgic_v3_setup(r3, 0x4, 0x80)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x5, 0x1, 0x13002, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_GET_DEVICE_ATTR(r15, 0x4018aee2, &(0x7f0000000840)=@attr_other={0x0, 0x1, 0xc, &(0x7f0000000040)=0x4002})

48.383635485s ago: executing program 1 (id=1007):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x20281, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r3 = syz_kvm_vgic_v3_setup(r2, 0x9, 0x140)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x100)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x1, 0xfff, &(0x7f0000000000)=0x7ff})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r8 = syz_kvm_vgic_v3_setup(r7, 0x200003, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x6, 0x382bc665, &(0x7f0000000280)=0xfffffffffffffff8})

41.502184377s ago: executing program 0 (id=1008):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, 0x0, 0x240000, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f0000000440)=[@mrs={0xbe, 0x18, {0x603000000013c006}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000400)=ANY=[], 0x28}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000580)=[{0x0, &(0x7f0000000140)}], 0x1, 0x0, 0x0, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000780)={0x0, &(0x7f0000000680)=[@code={0xa, 0x84, {"00fc209b000008d5e0888dd20060b8f2c10080d2620080d2a30180d2440080d2020000d4000000130000002b000008d50084202ea0a483d20000b8f2010080d2020080d2630180d2040180d2020000d4004d8fd200c0b0f2e10080d2e20080d2030180d2040180d2020000d4007008d5"}}], 0x84}, &(0x7f00000007c0)=[@featur2={0x1, 0x4}], 0x1)
syz_kvm_vgic_v3_setup(r5, 0x2, 0xc0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

37.002099637s ago: executing program 1 (id=1009):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2901, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x20000, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x80)
r6 = eventfd2(0x5, 0x80800)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000180)={r6, 0x27, 0x2, r6})
r7 = eventfd2(0x0, 0x0)
r8 = eventfd2(0xffff, 0x80801)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f00000002c0)={r7, 0x40fff, 0x2, r8})
close(0x4)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x20080, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, 0x0, 0x100000a, 0x1010, r10, 0x100000)
ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x8020aeaf, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000300)={0x9, 0x2}})
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(r11, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000080)=ANY=[@ANYRESDEC=r3], 0x40}], 0x1, 0x0, 0x0, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f00000001c0)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000200)={0x1fe, 0x3, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})

29.320505043s ago: executing program 0 (id=1010):
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x608002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000200)={0xb})
r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="9b6c7ab24d1a17da39e5d980e34830bab752902af9fd6ef7e6a0a126d20f79f986bf90428beb454eb338d8ede37a4e758b4c3025bcd27715b9803b343823d547e6718040f325e88d7519d0bbc64e51a13398318b0c53c5778d33bceeb2f239bcdd385418aeec24abffc982eeab936ecbe00f1a8f4f135532730598395288a6d5ef8773448487ada8d4d1b4d1adb4ccf4dafc9a6a8549024c5b8a2ee161c0d8de764dbcd5e38ddca8fd833d13ebbcc877681d9a23467bd49484", @ANYRESHEX, @ANYRES8=r3, @ANYRESHEX=r1, @ANYRESOCT], 0xfffffffffffffe3f}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x2, 0x0, &(0x7f0000000000)=0x5})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)

23.743493539s ago: executing program 0 (id=1011):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
munmap(&(0x7f0000ed8000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x4, 0x40a8012, 0xffffffffffffffff, 0x2000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0)
write$eventfd(0xffffffffffffffff, &(0x7f0000000000)=0x5, 0x8)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x10})

19.688128572s ago: executing program 1 (id=1012):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x603000000010000c, &(0x7f0000000000)=0x400000000000008})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

17.64392895s ago: executing program 0 (id=1013):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd7)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r4, 0x40a0ae49, &(0x7f00000000c0)={0x1fd, 0x0, 0xdddda000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x6})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000000000/0x400000)=nil)
r5 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xffffffffffffffff)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0xd000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
syz_kvm_setup_cpu$arm64(r8, 0xffffffffffffffff, &(0x7f00002cd000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2000009, 0x4102932, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r4, 0x40a0ae49, &(0x7f00000001c0)={0x1fd, 0x3, 0x4000, 0x1000, &(0x7f000054a000/0x1000)=nil, 0x3, r6})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = eventfd2(0x9, 0x0)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000040)={0x3, 0xeeee8000, 0x0, r11, 0x2})
r12 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000080)={0x2, 0x0, 0x0, r12})
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000001a40)={0x8, 0x0, 0x0, r12})

10.700156483s ago: executing program 1 (id=1014):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000001c0)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x1000, &(0x7f000000d000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r4, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="e51b9ce9a032a1ca7079bce9b3cf3ba9c7fbc2e7ab457eacc044b677d9d49c274b8d12fb382e0520cadbc6763409ffdb41911831b85a42b40c1689a8bf14be81eda4bae2d8c28ef8", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x1, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x7, 0x2, &(0x7f0000000080)=0x8000000000000000})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r8, 0x4068aea3, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bfd000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e00000000000000400000000000000008000084"], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

6.679175429s ago: executing program 0 (id=1015):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x3, 0x801)
close(r2)
write$eventfd(r2, &(0x7f0000000000), 0xfffffe1e) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0x800, 0x10000, 0x4, r2, 0x9}) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
write$eventfd(0xffffffffffffffff, &(0x7f0000000000)=0xe9c5, 0x8)
ioctl$KVM_CREATE_VM(r3, 0x40086602, 0x20000000) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x80000001, 0x1, 0x2, r2, 0x2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc9}) (async, rerun: 64)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1}) (rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x8004b707, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

3.420558303s ago: executing program 1 (id=1016):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000dd3000/0x4000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5})
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x603000000010004c, &(0x7f0000000280)=0x7})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r7 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0x6, 0x9, 0x4, '\x00', 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0x6, 0x9, 0x4, '\x00', 0x1})
ioctl$KVM_CREATE_VM(r7, 0x401c5820, 0x20000000) (async)
ioctl$KVM_CREATE_VM(r7, 0x401c5820, 0x20000000)

0s ago: executing program 0 (id=1017):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x502, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x8080000}) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x1, 0x1, 0x5000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000936000/0x400000)=nil) (async)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19}) (async)
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000300)=@arm64_sve={0x60800000001501aa, 0x0}) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x2a0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

[  383.287639][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0
[  433.780766][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:34743' (ED25519) to the list of known hosts.
[  593.485609][   T25] audit: type=1400 audit(592.610:60): avc:  denied  { name_bind } for  pid=3284 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  594.862284][   T25] audit: type=1400 audit(594.010:61): avc:  denied  { execute } for  pid=3285 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  594.889637][   T25] audit: type=1400 audit(594.040:62): avc:  denied  { execute_no_trans } for  pid=3285 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  615.750794][   T25] audit: type=1400 audit(614.900:63): avc:  denied  { mounton } for  pid=3285 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  615.794785][   T25] audit: type=1400 audit(614.930:64): avc:  denied  { mount } for  pid=3285 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  615.867665][ T3285] cgroup: Unknown subsys name 'net'
[  615.917068][   T25] audit: type=1400 audit(615.060:65): avc:  denied  { unmount } for  pid=3285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  616.275922][ T3285] cgroup: Unknown subsys name 'cpuset'
[  616.379807][ T3285] cgroup: Unknown subsys name 'rlimit'
[  617.300341][   T25] audit: type=1400 audit(616.450:66): avc:  denied  { setattr } for  pid=3285 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  617.320015][   T25] audit: type=1400 audit(616.470:67): avc:  denied  { mounton } for  pid=3285 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  617.349607][   T25] audit: type=1400 audit(616.500:68): avc:  denied  { mount } for  pid=3285 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  618.547459][ T3288] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  618.568387][   T25] audit: type=1400 audit(617.710:69): avc:  denied  { relabelto } for  pid=3288 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  618.605054][   T25] audit: type=1400 audit(617.740:70): avc:  denied  { write } for  pid=3288 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  618.775482][   T25] audit: type=1400 audit(617.920:71): avc:  denied  { read } for  pid=3285 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  618.798890][   T25] audit: type=1400 audit(617.940:72): avc:  denied  { open } for  pid=3285 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  618.839718][ T3285] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  670.118672][   T25] audit: type=1400 audit(669.240:73): avc:  denied  { execmem } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  673.775261][   T25] audit: type=1400 audit(672.920:74): avc:  denied  { read } for  pid=3296 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  673.804792][   T25] audit: type=1400 audit(672.950:75): avc:  denied  { open } for  pid=3296 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  673.874836][   T25] audit: type=1400 audit(673.020:76): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  674.120848][   T25] audit: type=1400 audit(673.270:78): avc:  denied  { module_request } for  pid=3296 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  674.131910][   T25] audit: type=1400 audit(673.260:77): avc:  denied  { module_request } for  pid=3297 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  675.246998][   T25] audit: type=1400 audit(674.390:79): avc:  denied  { sys_module } for  pid=3296 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  700.720092][ T3297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  700.867385][ T3297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  702.399794][ T3296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  702.691987][ T3296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  717.114546][ T3297] hsr_slave_0: entered promiscuous mode
[  717.144178][ T3297] hsr_slave_1: entered promiscuous mode
[  718.226788][ T3296] hsr_slave_0: entered promiscuous mode
[  718.258869][ T3296] hsr_slave_1: entered promiscuous mode
[  718.286631][ T3296] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  718.296867][ T3296] Cannot create hsr debugfs directory
[  723.591289][   T25] audit: type=1400 audit(722.740:80): avc:  denied  { create } for  pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  723.629237][   T25] audit: type=1400 audit(722.780:81): avc:  denied  { write } for  pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  723.698856][   T25] audit: type=1400 audit(722.850:82): avc:  denied  { read } for  pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  723.836238][ T3297] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  724.120844][ T3297] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  724.482479][ T3297] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  724.837008][ T3297] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  726.327311][ T3296] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  726.483050][ T3296] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  726.708212][ T3296] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  726.842887][ T3296] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  739.390676][ T3297] 8021q: adding VLAN 0 to HW filter on device bond0
[  741.717714][ T3296] 8021q: adding VLAN 0 to HW filter on device bond0
[  797.886677][ T3297] veth0_vlan: entered promiscuous mode
[  798.280011][ T3297] veth1_vlan: entered promiscuous mode
[  799.980515][ T3296] veth0_vlan: entered promiscuous mode
[  800.566907][ T3297] veth0_macvtap: entered promiscuous mode
[  800.875296][ T3296] veth1_vlan: entered promiscuous mode
[  801.129867][ T3297] veth1_macvtap: entered promiscuous mode
[  803.158075][ T3296] veth0_macvtap: entered promiscuous mode
[  803.259049][ T3297] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  803.270405][ T3297] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  803.282961][ T3297] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  803.293118][ T3297] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  803.749484][ T3296] veth1_macvtap: entered promiscuous mode
[  805.948991][   T25] audit: type=1400 audit(805.090:83): avc:  denied  { mount } for  pid=3297 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  806.248166][   T25] audit: type=1400 audit(805.380:84): avc:  denied  { mounton } for  pid=3297 comm="syz-executor" path="/syzkaller.Pnzowo/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  806.437101][   T25] audit: type=1400 audit(805.580:85): avc:  denied  { mount } for  pid=3297 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  806.568950][ T3296] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  806.573025][ T3296] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  806.595595][ T3296] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  806.606758][ T3296] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  806.792186][   T25] audit: type=1400 audit(805.900:86): avc:  denied  { mounton } for  pid=3297 comm="syz-executor" path="/syzkaller.Pnzowo/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  806.908774][   T25] audit: type=1400 audit(806.060:87): avc:  denied  { mounton } for  pid=3297 comm="syz-executor" path="/syzkaller.Pnzowo/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3261 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  807.539339][   T25] audit: type=1400 audit(806.690:88): avc:  denied  { unmount } for  pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  807.796654][   T25] audit: type=1400 audit(806.940:89): avc:  denied  { mounton } for  pid=3297 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  807.942668][   T25] audit: type=1400 audit(807.090:90): avc:  denied  { mount } for  pid=3297 comm="syz-executor" name="/" dev="gadgetfs" ino=3274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  808.237408][   T25] audit: type=1400 audit(807.380:91): avc:  denied  { mount } for  pid=3297 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  808.449124][   T25] audit: type=1400 audit(807.550:92): avc:  denied  { mounton } for  pid=3297 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  809.638221][ T3297] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  813.825984][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  813.856656][   T25] audit: type=1400 audit(812.910:97): avc:  denied  { read } for  pid=3448 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  813.873070][   T25] audit: type=1400 audit(812.970:98): avc:  denied  { open } for  pid=3448 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  814.186112][   T25] audit: type=1400 audit(813.310:99): avc:  denied  { ioctl } for  pid=3449 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  815.194743][   T25] audit: type=1400 audit(814.310:100): avc:  denied  { write } for  pid=3449 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  816.635137][   T25] audit: type=1400 audit(815.770:101): avc:  denied  { map } for  pid=3448 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  847.356156][   T25] audit: type=1400 audit(846.490:102): avc:  denied  { append } for  pid=3476 comm="syz.1.8" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  900.575617][   T25] audit: type=1400 audit(899.720:103): avc:  denied  { execute } for  pid=3516 comm="syz.0.19" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4396 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  906.690464][ T3522] KVM: debugfs: duplicate directory 3522-4
[  996.098651][ T3587] kvm [3587]: Failed to find VMA for hva 0x20d8d000
[ 1282.431035][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 1282.431035][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1282.452202][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 1282.452202][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1282.492107][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 1282.492107][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1282.511113][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 1282.511113][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1282.575839][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 1282.575839][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1282.592828][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 1282.592828][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1282.632713][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 1282.632713][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1282.707698][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 1282.707698][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1282.738781][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 1282.738781][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1282.767627][ T3776] kvm [3775]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 1282.767627][ T3776]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1418.248095][   T25] audit: type=1400 audit(1417.390:104): avc:  denied  { ioctl } for  pid=3869 comm="syz.1.123" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1530.371077][ T3954] kvm [3954]: Failed to find VMA for hva 0x20c01000
[ 1600.045868][   T25] audit: type=1400 audit(1599.180:105): avc:  denied  { setattr } for  pid=3998 comm="syz.1.160" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1670.660288][ T4044] kvm [4044]: Failed to find VMA for hva 0x2101a000
[ 1899.408900][ T4200] kvm [4200]: Failed to find VMA for hva 0x20c01000
[ 2218.436524][ T4401] kvm [4401]: Failed to find VMA for hva 0x21016000
[ 2375.699877][ T4494] kvm [4494]: Failed to find VMA for hva 0x208a1000
[ 2380.425461][ T4491] kvm [4491]: Failed to find VMA for hva 0x20d8d000
[ 2380.427459][ T4493] kvm [4493]: Failed to find VMA for hva 0x20d8d000
[ 2589.743086][ T4636] kvm [4636]: Failed to find VMA for hva 0x21016000
[ 2589.820756][ T4635] kvm [4635]: Failed to find VMA for hva 0x21016000
[ 2614.491448][ T4648] print_sys_reg_msg: 350 callbacks suppressed
[ 2614.552966][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 2614.552966][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2614.597899][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2614.597899][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2614.632590][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2614.632590][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2614.667170][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2614.667170][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2614.729422][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2614.729422][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2614.767195][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2614.767195][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2614.802782][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2614.802782][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2614.850438][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2614.850438][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2614.920092][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2614.920092][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2614.941617][ T4648] kvm [4647]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2614.941617][ T4648]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2743.526021][ T4714] kvm [4714]: Failed to find VMA for hva 0x2018d000
[ 3091.125784][   T25] audit: type=1400 audit(3090.260:106): avc:  denied  { map } for  pid=4964 comm="syz.1.444" path="pipe:[2416]" dev="pipefs" ino=2416 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 3101.285618][ T4972] kvm [4972]: Failed to find VMA for hva 0x20d8d000
[ 3353.262761][ T5158] kvm [5158]: Failed to find VMA for hva 0x21016000
[ 3450.091820][ T5218] kvm [5218]: Failed to find VMA for hva 0x21016000
[ 3798.676005][ T5449] kvm [5449]: Failed to find VMA for hva 0x20c01000
[ 3830.587762][ T5470] kvm [5470]: Failed to find VMA for hva 0x20c01000
[ 4401.338225][ T5838] kvm [5838]: Failed to find VMA for hva 0x21016000
[ 4401.532193][ T5838] kvm [5838]: Failed to find VMA for hva 0x21016000
[ 4547.119307][ T5933] kvm [5932]: Unsupported guest access at: eeef0000
[ 4547.119307][ T5933]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4657.982592][ T6013] kvm [6013]: Failed to find VMA for hva 0x20d8d000
[ 4826.477306][ T6131] print_sys_reg_msg: 27 callbacks suppressed
[ 4826.503058][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 4826.503058][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4826.548183][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4826.548183][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4826.576274][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4826.576274][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4826.627851][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4826.627851][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4826.668820][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4826.668820][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4826.681610][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4826.681610][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4826.741223][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4826.741223][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4826.767819][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4826.767819][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4826.837017][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4826.837017][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4826.871808][ T6131] kvm [6130]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4826.871808][ T6131]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 4966.471725][ T6231] kvm [6231]: Failed to find VMA for hva 0x208a1000
[ 5020.297935][ T6263] kvm [6263]: Failed to find VMA for hva 0x20c01000
[ 5121.287342][ T6333] kvm [6333]: Failed to find VMA for hva 0x20c01000
[ 5724.497203][ T6684] kvm [6684]: Failed to find VMA for hva 0x20d8d000
[ 5985.633101][ T6853] ------------[ cut here ]------------
[ 5985.633721][ T6853] WARNING: CPU: 0 PID: 6853 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac
[ 5985.637562][ T6853] Modules linked in:
[ 5985.639907][ T6853] CPU: 0 UID: 0 PID: 6853 Comm: syz.1.1016 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 5985.641642][ T6853] Hardware name: linux,dummy-virt (DT)
[ 5985.642924][ T6853] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 5985.644163][ T6853] pc : pend_sync_exception+0x198/0x5ac
[ 5985.645080][ T6853] lr : pend_sync_exception+0x198/0x5ac
[ 5985.645909][ T6853] sp : ffff80008cde78c0
[ 5985.646670][ T6853] x29: ffff80008cde78c0 x28: 0000000000000083 x27: 83f00000185e3da8
[ 5985.648421][ T6853] x26: 0000000000000083 x25: 0000000000000000 x24: 0000000000000000
[ 5985.649846][ T6853] x23: 0000000000000000 x22: 0000000000000083 x21: 83f00000185e4981
[ 5985.651307][ T6853] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 5985.652700][ T6853] x17: 00000000000000c4 x16: ffff800080011d9c x15: 0000000020000000
[ 5985.654015][ T6853] x14: ffffffffffffffff x13: 0000000000000028 x12: 000000000000004e
[ 5985.655464][ T6853] x11: 4ef00000185a1564 x10: 0000000000ff0100 x9 : 0000000000000000
[ 5985.656937][ T6853] x8 : 4ef00000185a0000 x7 : ffff800080b08704 x6 : ffff80008cde7a88
[ 5985.658392][ T6853] x5 : ffff80008cde7a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 5985.659754][ T6853] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 5985.661272][ T6853] Call trace:
[ 5985.662183][ T6853]  pend_sync_exception+0x198/0x5ac (P)
[ 5985.663431][ T6853]  __kvm_inject_sea+0x268/0x96c
[ 5985.664473][ T6853]  kvm_inject_sea+0x98/0x72c
[ 5985.665411][ T6853]  __kvm_arm_vcpu_set_events+0x134/0x238
[ 5985.666329][ T6853]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 5985.667200][ T6853]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 5985.668069][ T6853]  __arm64_sys_ioctl+0x18c/0x244
[ 5985.668940][ T6853]  invoke_syscall+0x90/0x2b4
[ 5985.669831][ T6853]  el0_svc_common+0x180/0x2f4
[ 5985.670737][ T6853]  do_el0_svc+0x58/0x74
[ 5985.671593][ T6853]  el0_svc+0x58/0x160
[ 5985.672390][ T6853]  el0t_64_sync_handler+0x78/0x108
[ 5985.673268][ T6853]  el0t_64_sync+0x198/0x19c
[ 5985.674413][ T6853] irq event stamp: 2672
[ 5985.675084][ T6853] hardirqs last  enabled at (2671): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 5985.676503][ T6853] hardirqs last disabled at (2672): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 5985.677705][ T6853] softirqs last  enabled at (2654): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 5985.678969][ T6853] softirqs last disabled at (2652): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 5985.680350][ T6853] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 6004.518450][ T5075] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6005.852001][ T5075] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6006.821163][ T5075] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6007.511765][ T5075] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

VM DIAGNOSIS:
05:32:00  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000800150d4 X00=0000000000000010 X01=0000000000000009
X02=0000000000000001 X03=ffff80008073ed78 X04=ffff80008cde7070
X05=0000000000000020 X06=0000000000000000 X07=ffff80008047fe38
X08=ffff80008cde7860 X09=00000000000000ff X10=ffff80008cde7868
X11=00000000000000f8 X12=0000000000000068 X13=000000000000001d
X14=000000000000000c X15=ffff800087f39a30 X16=ffff800080011d9c
X17=00000000000000c4 X18=0000000000000000 X19=ffff80008cde7770
X20=efff800000000000 X21=000000000000001d X22=ffff80008cde7770
X23=ffff8000876bd000 X24=ffff80008cde7878 X25=00000000000000ff
X26=0000000000000000 X27=0000000000001ac5 X28=00000000000000ff
X29=ffff80008cde74b0 X30=ffff800080015084  SP=ffff80008cde74b0
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000000 Z01=0000ffffe2f19d20:422b73fca59d7f00
Z02=0000ffffe2f19d00:ffffff80ffffffd8 Z03=0000ffffe2f19db0:0000ffffe2f19db0
Z04=0000ffffe2f19db0:0000ffff89b36d08 Z05=0000ffffe2f19d80:0000ffffe2f19db0
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffe2f19fd0:0000ffffe2f19fd0 Z17=ffffff80ffffffd0:0000ffffe2f19fa0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000