last executing test programs:

1m6.346195222s ago: executing program 1 (id=1677):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000200)={0x5})
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000040)=0x1})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
r7 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, r6, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x480400, 0x0)
munmap(&(0x7f0000f59000/0x3000)=nil, 0x3000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000400)=ANY=[], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x3e0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x8})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r11, 0x4018aee3, &(0x7f0000000080)=@attr_other={0x0, 0x4, 0x100, 0x0})

43.324715515s ago: executing program 1 (id=1681):
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000000)={0x9, 0x0, [{0xa64000, 0x2f10589b0b468ef0, 0x1, 0x0, @msi={0xffffffff, 0x1, 0x2, 0x2}}, {0x3, 0x3, 0x1, 0x0, @msi={0x6, 0x9, 0x0, 0x4}}, {0x92ed, 0x4, 0x0, 0x0, @msi={0x2, 0x1, 0x7, 0x3ff}}, {0x5, 0x2, 0x1, 0x0, @sint={0x6, 0x4}}, {0x4, 0x3, 0x0, 0x0, @msi={0x1, 0x1, 0x7}}, {0x7fff, 0x4, 0x1, 0x0, @adapter={0x9eb, 0x8, 0x153c, 0xe, 0x9}}, {0xb, 0x1, 0x0, 0x0, @msi={0x8, 0x0, 0x5, 0x80000001}}, {0x5, 0x3, 0x1, 0x0, @msi={0x7, 0x400, 0xffffffef, 0xfffffff9}}, {0x0, 0x2, 0x0, 0x0, @msi={0xa4, 0x3, 0x8, 0x1}}]})
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000001c0)={0x8, <r1=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0x7, 0x8, &(0x7f0000000200)=0x6})
r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000280)=@attr_pmu_init)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000002c0)={0x0, <r3=>0xffffffffffffffff, 0x1})
r4 = mmap$KVM_VCPU(&(0x7f0000fee000/0xf000)=nil, 0x0, 0x100000c, 0x40010, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000300)="96614e543bcaf52049c56fddaf94e5c6b279fd56bf1a51285c86a78f545afcedcee03f82d1075188b56316e4385ab69e222debe533bc2fcb196d63b2e7b7f3550e3fcab079d80964", 0x0, 0x48)
r5 = syz_kvm_vgic_v3_setup(r0, 0x4, 0x0)
close(r1)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000003c0)=@attr_other={0x0, 0x4, 0xf, &(0x7f0000000380)=0x1})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f0000000400)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f00000004c0)=@arm64_fw={0x6030000000140000, &(0x7f0000000480)=0x1})
r6 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000500)={0xffff1000, 0xd000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xd3)
r7 = eventfd2(0x3, 0x800)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000540)={0x2, 0x2, 0x8, r7, 0x2})
close(r0)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000005c0)=@attr_other={0x0, 0x7, 0xa0fa, &(0x7f0000000580)=0x1ff})
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ff4000/0x3000)=nil, r8, 0x3, 0x10, r6, 0x0)
r9 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x2, 0x40)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f0000000600)={0xa8, 0x0, 0x2})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000006c0)=@attr_arm64={0x0, 0x6, 0x3, &(0x7f0000000680)=0x3})
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000700)={0x8})
mmap$KVM_VCPU(&(0x7f0000ff9000/0x2000)=nil, r8, 0x200000c, 0x20010, r6, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x400000, 0x0)

38.205875718s ago: executing program 1 (id=1682):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40480, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) (async)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r4, 0x4010aeb5, &(0x7f0000000280)={0xec, 0x10001})
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0xee2, 0x2}}) (async)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100028, &(0x7f0000000680)=0xfffffffffffffff9}) (async)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000200)="fb014401ac2cc4a2c0a6000000faff00bfff02000000ffffff00000d00e6ffea000000002000", 0x0, 0xffffffffffffff98)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2) (async)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="8200000000fe275800008d3c2d1d00000000000000000000facc9bd510c5ce54a5519eb524c3927880a8a66721f3ff0eeebf293a4dba38d47b6d8c049d8dcff233aa7d48c14f79593926d6693b0bbd6b75b1c8cbac5bfe59a429ed29f18c84d40f94e89a2e74e8dae066d207e4c76d19f80776604292bf4bd2dbdc4f93be311bc6db565ced8e4a53749dfe21ee700a4a543a38bd74f336e694cfb6fd6da63241428677a804db9dc5f3939f6ca299218848532d0606da4c4bb3ae309e94e1ec6e529bb63fabd1913cecb2582c70b732000fcdbc7425b7d4ced5df9c5a"], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x2, 0x120) (async)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000100)={0xa8, 0x0, 0x1})
r14 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f0000000300)=@arm64_fw={0x6030000000140002, &(0x7f00000002c0)=0x8000000000000001}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r14, 0x4040aea0, &(0x7f0000000040)=@x86={0x2e, 0x3b, 0x2, 0x0, 0x2, 0x9e, 0x5, 0x0, 0x4, 0xc, 0x8, 0xf8, 0x0, 0x0, 0x9e, 0x1, 0x5, 0x1, 0x1, '\x00', 0xf, 0x200})

37.677089225s ago: executing program 0 (id=1683):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x5, <r0=>0xffffffffffffffff, 0x1})
ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f00000000c0)=@attr_arm64={0x0, 0x8, 0x5, &(0x7f0000000080)=0x617})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, r2, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) (async)
munmap(&(0x7f0000008000/0x4000)=nil, 0x4000) (async, rerun: 32)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) (async, rerun: 32)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async, rerun: 32)
munmap(&(0x7f0000c8f000/0x4000)=nil, 0x4000) (async, rerun: 32)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4000010, 0xffffffffffffffff, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x52)
openat$kvm(0x0, &(0x7f0000000180), 0xcc3, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="cfd589f46c597945b5a5074263bcb4f10e2f9419d690ac1c53be4bec8b529135783816c48a673916fc7d6ec77f0eae1c5f5140880eedf99393eb1764158dd0b178b76c5c6162b6a7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) (async)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000200)={0x7, <r10=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x3, 0x7, &(0x7f00000001c0)=0x1}) (async, rerun: 64)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (rerun: 64)

32.156296638s ago: executing program 0 (id=1684):
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000000))
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000040)={0xdf, 0x0, 0x8000})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4000ae84, &(0x7f00000000c0)={{0x0, 0xeeef0000, 0x0, 0x2, 0xff, 0x5, 0x40, 0x7, 0x2, 0x0, 0x4, 0x1}, {0x100000, 0x4, 0x10, 0x0, 0x8, 0xfb, 0xa, 0x5, 0x3, 0x1, 0x3, 0x9}, {0x2000, 0xdddc1000, 0xd, 0xee, 0xf, 0x7, 0xff, 0x8, 0x7f, 0xd5, 0xd7, 0xf}, {0xeeee8000, 0x10000, 0x10, 0x5, 0x1, 0xd, 0x0, 0x6, 0x10, 0x1c, 0x2, 0x7}, {0x8080000, 0x2000, 0xf, 0x1, 0x55, 0xf, 0xfe, 0x0, 0x8, 0x3, 0x2, 0x8}, {0xdddd1000, 0x4, 0x9, 0x40, 0x1b, 0xfd, 0x2, 0x6, 0x9, 0x6, 0x4, 0x81}, {0x3000, 0xeeef0000, 0x9, 0xb, 0xf, 0x8, 0x4, 0x81, 0x4, 0x9, 0xf8}, {0x1000, 0xeeefe000, 0xf, 0xa, 0x5, 0x2, 0xe, 0x9, 0x2, 0xf, 0x80}, {0x8080000, 0x40}, {0x1000, 0xff}, 0x20000001, 0x0, 0x0, 0x10, 0x7, 0x401, 0x4, [0x81, 0x401, 0x2, 0x1]}) (async)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f0000000200)=@attr_pmu_init) (async)
r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000240)={0xdf, 0x0, 0x8000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f00000002c0)) (async)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000400)=[{0x0, &(0x7f0000000340)=[@its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x2, 0xb, 0x41e3, 0xc, 0x1}}, @hvc={0x32, 0x40, {0xffff, [0x100, 0x7fffffffffffffff, 0x7fff, 0x6, 0x1]}}, @irq_setup={0x46, 0x18, {0x2, 0x139}}, @smc={0x1e, 0x40, {0xc4000001, [0x3, 0xffff, 0x1, 0x6, 0x3]}}], 0xc0}], 0x1, 0x0, &(0x7f0000000440)=[@featur2={0x1, 0x2}], 0x1)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000aef000/0x400000)=nil, &(0x7f0000000940)=[{0x0, &(0x7f0000000480)=[@msr={0x14, 0x20, {0x603000000013debb, 0x24e}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x5, 0x5}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xe00, 0x7, 0xd}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0x4, 0x6, 0x5800, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0x9, 0x7, 0x5, 0x1}}, @svc={0x122, 0x40, {0xc400000c, [0x200, 0x100000001, 0x8, 0x3c, 0x8]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x10a}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x0, 0xc, 0x9, 0x2, 0x4}}, @hvc={0x32, 0x40, {0xc4000014, [0x6, 0xfffffffffffffff9, 0x4, 0x200, 0x12]}}, @msr={0x14, 0x20, {0x603000000013def4, 0x2}}, @irq_setup={0x46, 0x18, {0x3, 0x251}}, @code={0xa, 0x9c, {"0034207e000028d5c0ed83d200a0b8f2610080d2820180d2030080d2c40180d2020000d400b8a12e001e81d20040b0f2410180d2a20180d2430180d2040080d2020000d4008008d5c05f96d200e0b0f2c10080d2420180d2830080d2e40180d2020000d480809dd20000b8f2810080d2020080d2630080d2240080d2020000d4000000b80000008a"}}, @smc={0x1e, 0x40, {0x80003fff, [0x5, 0x5, 0x1, 0x40, 0x1]}}, @msr={0x14, 0x20, {0x6030000000138037}}, @eret={0xe6, 0x18, 0x7f}, @mrs={0xbe, 0x18, {0x603000000013df56}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x4, 0x8, 0x0, 0x4, 0x1}}, @hvc={0x32, 0x40, {0xc400000d, [0xb6, 0x1, 0x1, 0x8000000000000000, 0x100]}}, @smc={0x1e, 0x40, {0x10, [0x6, 0x4, 0x8, 0xffffffffffffff74, 0x8]}}, @svc={0x122, 0x40, {0xc6007fd6, [0xe, 0xfffffffffffffff2, 0x1, 0x8, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x4, 0x4, 0x9}}, @uexit={0x0, 0x18, 0x360a}, @msr={0x14, 0x20, {0x603000000013c4d1, 0x400}}, @irq_setup={0x46, 0x18, {0x0, 0x1ed}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x3, 0x0, 0x2, 0xc9, 0x4}}], 0x494}], 0x1, 0x0, &(0x7f0000000980)=[@featur1={0x1, 0x80}], 0x1) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
r3 = eventfd2(0x6, 0x80000)
write$eventfd(r3, &(0x7f00000009c0)=0x9, 0x8) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000a00)={0xdf, 0x0, 0xc000}) (async)
ioctl$KVM_ARM_VCPU_INIT(r1, 0x4020aeae, &(0x7f0000000a80)={0x2, 0x48})
r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) (async)
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000ac0)={r3, 0x4, 0x2, r3}) (async)
r5 = syz_kvm_vgic_v3_setup(r0, 0x1, 0x40)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000b00)={0xdf, 0x0, 0x3000})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000b80)={0x7, 0xeeee0000}) (async)
ioctl$KVM_ARM_VCPU_INIT(r1, 0x4020aeae, &(0x7f0000000bc0)={0x3, 0x21}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000c40)=@attr_other={0x0, 0x1, 0xda, &(0x7f0000000c00)=0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80), 0x200, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000cc0)={0x10201, 0x0, 0xeeee0000, 0x2000, &(0x7f0000ccf000/0x2000)=nil})
ioctl$KVM_ARM_SET_DEVICE_ADDR(r4, 0x4010aeab, &(0x7f0000000d00)) (async)
ioctl$KVM_SIGNAL_MSI(r0, 0x4020aea5, &(0x7f0000000d40)={0x8080000, 0x5000, 0x5, 0x1, 0x7}) (async)
ioctl$KVM_GET_SREGS(r2, 0x8000ae83, &(0x7f0000000d80)) (async)
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000ec0)={0x10000, 0x0, &(0x7f0000ed8000/0x4000)=nil}) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000f00)={0x7f})

29.018069913s ago: executing program 1 (id=1685):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000840)=ANY=[], 0x36c}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
close(r3)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000180)={0x1, 0x0, [{0x3, 0x3, 0x0, 0x0, @sint={0x8, 0x80000001}}]})
r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0)
r12 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x200b0, 0x49ea, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013c000}}, @hvc={0x32, 0x40, {0xc4000053, [0x8, 0x1, 0x942, 0x4, 0xa]}}, @irq_setup={0x46, 0x18, {0x4, 0x1a2}}, @mrs={0xbe, 0x18, {0x603000000013e108}}, @uexit={0x0, 0x18, 0x466d}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x3c3}}, @code={0xa, 0xb4, {"805380d20060b8f2e10080d2820180d2c30180d2840080d2020000d4000008d5607695d200a0b0f2a10080d2220180d2a30180d2440180d2020000d4007008d50078207e008008d5c0e79ed20020b0f2610180d2820180d2c30080d2040180d2020000d400000039c00a82d200a0b8f2c10180d2620080d2c30180d2a40080d2020000d4400780d20040b0f2010180d2220180d2830180d2240080d2020000d4"}}, @smc={0x1e, 0x40, {0x84000012, [0x5, 0x9255, 0xff, 0x4, 0x9]}}], 0x1ec}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x2, 0x3c0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x401c5820, 0x20000000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000080)={0xfc, "cb0f3e6fd6dd6a265ec52951ef880fe38c8102c7ab9cfbab45b92ce86794adfd64fbcb0aa640b560c896cb41c027b823b9001f8b9bbb9a020f9e1d05482e8abc34d31d61bd1df06ab59d08a1f33461ca5c3d4288baf95ddbff7c571a5bbc7878d1dfe033db1e9e78559f69783b20e2df52b1d0b39756d566a760d323a3c5d26af7cd007028669f4504118d32f8ee13afb3bb973a19397fda22b9abbe0982e0539f181be9ff309dff43f52cf9679202531714858b8b2cbb59365067d8c2216c99aab0af62c9f696c3725fe41a6e998deaf8af0846140ecedc717fefb6d484136c3fdb008f1f349b2356eea6356e83df06a6a8915d36fce99b965102ac"})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

26.753070997s ago: executing program 0 (id=1686):
r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000000)="5d0292e63f6566dc873de200850bbe343e9d376fcd679c44", 0x0, 0x18) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x1, 0x0})

18.37479193s ago: executing program 0 (id=1687):
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000782000/0x3000)=nil, r0, 0x1000000, 0x80010, r1, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000867000/0x1000)=nil, 0x930, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r3, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0x18)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x882500, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000100)="fb4149dd033be3ac3bc4a22332fdaa8de0518df242008031d1dfd92f0000000001fff9ffdc9610fbff77521ce30d8f000000af00498e000000000000000000000000000000001000", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6579d2f4, 0xffffffffffffffff, 0x0)
r6 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000300)=ANY=[@ANYRES16=r6, @ANYBLOB="b5d6381646d3e6b4f2fe0ed76c797cb5cf240ad901b02371d4256a7360494a26b460093dcd8fa2052278460dbd8144ae949321db6dd014d5181074f4d1a7ff87bcff2e8169fe1e84202de0db2e3045d144383a1774cf55cfba08f9a5b97a066fb622c73434f29148a271b3f8c09993d97a9e8cfa2fb6ad78264be98a00274a19ed680abeb94c2dec089ffe4a40aa2b98210c201849f89b8a09580f78cc207d4a1375173cd38582d3b9a9d1a13a721dc4e18106c7cde001e724c1749f0d31518018358cff02bf8adea6103208f62077804c036fa4b7a09d058b1535be53c5cf9d720507167d67dcf9858b72250cab3bed4d4ca88857a929db24c711b258b18c24be9cefc94dbbedf97f1d1c325aae8b1ddcace85084223b5bd30fa09792e58ab160d379f9b7ede8b1f3c4c0f6968e9aa4578d93ecf704e86a48f349add010af4c3a56b7d07c511525c2a897502c705e991cf86d23bb30cee8003913937fabd27dda630e95f63ff6cc1db822bf39255c6c1b3f284f2f6868d92fabe34afe05a6fc738015387168938415eacf251d877627fa74f09acc1f17cfdeda2c2bf9d6973acf2fffaf7f69284e8fd5c987efe2e5f225cb35dd5329b1da3c143a218198bbc48c1fd2bb662d2e51ceb002f8853c87ffadc92279c4cd11cd7c210ec90c508484242e61a55570c459b527384b432add410451110fc682bc1a734922ad552e2d64d44fbb8cb38acdf4d0e8d8c691f09f51b8ced73386175aafd3c63d6f7aee8e5ea7b66151822b52088cfe983631f676107437fb843c593a6b32d099430af14b0672b66b435b3d40784deeb328c4fa8baa30a99f36bf764e8b74ec0b0a71816f1370550fb3f6a1e4c0e70f107f0cfb61a1a1e43d0f4619b1cbf1872b8208834c10cd247cf6ded26d8a5275b8a0cb42b33b90955b8308853dac9589dfa1cc1d0f322629f55999eba438fdbfb55b5c3fa7dc720946747ed538e356897a8202f5529b14ecff6acfe471534cef0cfbbb14723662191a017213a5559cb83a0320d0567567b788dcc5f2b9196c7a6b4e7437e8a5914547ab9df1facdb2c59f056bc174f1b61c8ee495495575c345eb5d1f73f30fe6da17886cb472f2b54487e6f7e371b78744cedaf211f601c005cf338ff16fdb61175b19f22031de1dc1bdecfb0193e8157b4d78ec1952bff6a4f6a5ee46de99521b3ec3ec851864405fa10bd9511e4a471f73ecf1ac70cda8901f65b9fd9f4cc059a694d632fdb8cf87a6a26597acc1751adef4fd2ecba590b27ec211a228a39e611173fac73cb67e9c2289b17a8eed924765d8d51dabff552dda0b112bb72c2b944cb18a67d4a471115335072ebc813f819e3db475a2569b7948b3a85e626eda3d3c2fd237bea0ff2f3a0a006211e6b678518b6a0598bb406cdd578b96f850e9575154fcddc298f399a665250c72b7d491f4c715c63f89a37c4d8fe850b39abdecf9e20d46239289fe666cf6db387f2eb9957db69b0541a2b83d0d227ee21e81aabe92a704de7222cecfdb8413769309c3bcb089b67ae705560d0116d942983a278b13faa833c60919514cd41babb2e80ea7f14eba79e94d192533fc79a2d7181e52f9034c5c4394e6ff9954475b460322aa29bf283b8ab768bed898dba721f8709f1b4e3799fd7529f589b35da99a5a09a46cb13a408aa531c5e7833c25be97317e244f23a920ec60374c8c813f27823a4843526f28bbb381905f3068d05e667d90e557654193ddc7fc5036f46e309256331b0140c21115b8d0054db39da17b12fb5a11a7b22d451f0da9759ac91e7adfb1eb40a015c057a9f502a4cde8e5c11b05739c4ea995131dff4f853aecc886bd56c8c77f9a708195f9218168119a9949ba08915cf1a2f9dcbb5dde78f449d50a868485601d4bed8e1d44136cb907d8516e59a183842caca55b78c28bcbf8b5c90b205c501df70bf47671c0c72b918c009614a6c0ad2e2dd5ff1c166d312a1be6f9450afa4d1c49631a8f8bc322bc5d5e3b9c49f006594c7454bad92cc4bd9d46e88b34a1f690a16ccee4cf91f6fcb698cc91f1ca9f81e9463d9f38a1876dde0a1d6fd1bff151b00bc6f1492ccdff8028ce1e765027f8435a23f6f7dd2a457845728d13220ad1455c890ef35f980c91a4ca2de33ef640ae38418180dca12fe9e1ebd178bda7085a202a1ed42cc7f4b3c7903b53144586d1aadffc30614f28666059bae83fa4440f5bd1a8ade7a9c606c3ec2900861f9a9fbba0f984924ec812ebd5240d2918310ed63446f4d6c9dda0275e836147f811e493f3425085248e98cc18841fe10d27a9fa3543c9762588e5aeab196780e2a7f572616c4df846594a227e4db0ab024fe66ae2229bf88cb3d4da79a049e96c70eb193f9ea201562c7f1a0fc553c3d80caf59766a931cc5fee4285ae234686800a9f3b8a2007a44df0a5d8a1a4c6ab3ec9a0e7a3918db789f8c310421bc2e038538afa51a38a472d0212b518e47b1dade600132bcd19eff23b51861c0c5ad1f80fb3be53c6b9cfaf21536107c6823c89c72731fc4bea69b396067063bf421dd9368926cb7a01353492ffb0ae3ab7bcff807620a106500bfb5a5f645b0202ad2820b0bac089d1b173c1d39deee69c39735526fc1edad2134c9db0e45e6ccc0575d511b80a9e0bdf543bd52129e2376074fbbda96980f386ae6a99e3fb5d2c9762045a849ba7eb53eac453c77729802f0633dee94e3d55e92e0a3052a0fa9a14efc2ca1c8c19b8f4261bd5b5efe00673559fe085d530b5c092f7dee73b148d7f085b10ad239f55f157ac8f049b633526073f52065786a2b0bd1e0a07230dbf999e1c19a2b91a74a05948685760f1b0a4b4de9523e30dd5b61d02e5dc89a7f4d0b2653b4bb0ce9965c9c699ea39562bc3ec1ecca1fb5ce6298b08be2c7024607a4b1e3af125866451379437ed6d8fbe5738e9f2e83b5e36d13d371fe198133d27312532b5801ed8f4638fb178459d32afc18de95199f673528a9e0e867c22c6004456d93f142c94e501dabc6dfbda473c8b17e7c3a54d5a8b2a80a4e8d66b369fcd8fa9ad6c6fa5e60d147025928f4760d867c1650f7a2277c446f326578f8b89c901fdde818762427a5cb782a3838c1d35cd260e8bc97656de3891cdebf46f97819edf24aadd830eaa2fc9673939256fe997fe74e9caf1be7fa29730ab03715f955e6578db270b18556f45eee22dcde487f4ba4bdc78a33fdd96eff25c0f9887a366629f1e1313488e1ea3e221b5e5759ba80ca1f4f28ae9540c4c481d8fecabce8b5a46d1f2f1242a20e15fd136dfaf33fc05de82b33dee59faa48a09306fe6bab3d4449bc5a563d35fec38c61330eb1d41486e72aa0ecb3fb505cd84907f2abf754c4d1853b61283edff064d0e5f4fd76b98c58afe86487b184b102d4de82073144ea33da6829f1e1a3153138e18261033b04aa3bc7b91406c78cb37952c7f81991281fed13b963997e4e20cf3c90edef00e1cb9539aaed02b4105ff7f9901f2578530ac97a8ca92b359cba02354e4933f3838b59e6431794403c4b455c09764442c9a1cc51eec72d36a1e6a3b3277936447b3a62110391285c1f6d97c32ada752114655957cc94ba35cdfe26282ee1793ec47cfd3d3b6306d05eef6bf24fdc0bc4520314ae3d285d310d7ab42a5e3eb1081b1dd74b3be322438046d90c06dbb5daecef8f7638736b252157bb9e514b54fe7c752618bc276c92c75e0bae3e340588cf92d0c0fc881d9af4f23b0545b498c1737a9fe8d411b320a7f3abd78aa6e025cbe4bef5fcdecb305b89fdba5210a760c8a017477bfc63dfbd97650b5595b52f930697cb0df20f1e4ce686a34fe0d7aeabc786233b634381e6104d3040d65b83f12394e48ac799c994ce036bc2419da1b2a7e0712d35b479c3026e6b322743cdca4a85b847155e97996440bb6a8ff25a92c043f4ce3236609b19df5b50b899132d93b18638a95ca08657a6599787add609d0fdbec4af1ed6148c451fa048cf6c8872552e27dd5f9c43f281c1f1e95bf212eeb330963852d03bbeb2c923b4250995cd8e88d092d78131a222b75586275a97b379c27312e16b4ae250441887b27ef05ea75aa09d11aab5e2bc6308f8b5cfa71fbb7e553d4de11bccf006c22d6a3d2e93a9b12a7720c91ebb60a5cac9673e0df7189dda9b8814d0ee8ffb25fd4eeca985fb6d85b0fb276c1ecb73bc29a93b16bea6847e09426cf695ed794f46349c803103e84b7a4334e6b6f6412db78fe7dba10bf96c3c4c4acb68ad8573f38688d48d1009630ed9caabfce3f0cd3662487805123fcc4ddceb4a12b707b483201a7980d4fd5768b185806b566f493fb87adfc2cd5c743b5d6dff7e513678bcff00e0d34b8a67efe5ba9116c29368d43c53f7e2589946bc1e9be8894f8a38352b2594df40a1f7c46ef3b6df72da4359f9a044f8df9119f8eef6efc9664d91cba73bc0f00a46572e48ae69700a7e2692c576faee9be2bda66e709920d50c3f14bd07d3bccef8a7b26f5b5ccff64f447435855a06dfe5954dbaa00ff7c8668180a4532d9d6d511045c0a96b8c8ce0477afccb61cf9db794f143c28578cd09a8c2b279cde77ea30d9ba3365e329b322ee708a8161f19d8f9fe9aea27918d80e80ddc5acc9a9707d7376da7d3c823ff961a544f29ecd48b06c6ee9661100739858265f64e10d02031dc6b29d1d0b606e78c32cce200a30f609bea9796cd9b9645a4c2aa9d74a658240d04f13b03e91378165db1a8c14478bf1b69a8bcff82f4baaca2069e7c9b9faea453b8002845b9192b90bee5d7d30fd42e240a0c953ac292dc6d2634f57e173a7699754e9622fdd43ea1b10cbdafcff676055c3bae8fabc7f5fe4ee8501dc3bf1d43b1631be2c6f59b06d0f686ec6431f983aa1a0e991904697dcb53e88eaf776dcfec4232ae1deca8da3b07a660e163f2b00b8bbcd0a568faf8ec29092a3d55a69cf8a542dbd5025d9159988966d3e05b7dbf024f385e609824373cc0d1444f19c7b8a58837584a4f4bea52e53871a3604b3d9663c448fce407fdd424595a3c02ed5bb52c83c4622fbe7cb4f5944f29734862bebe4a064d1b28b2fee6e8ee89a4d0d04e8c0fc84dd48c9e4ba96d12957057cf5ae8895c07ff9e323eb8caa78798e614a4a0f04f2a1df41a0cb1bc67ed8b8f9dcbb82ff93d3a460a3eb9d52b7785b3a575620584014a564ce80151f35298e398f3a0cc9ab9d33e8284574717bfdb309772fe42f87f0349f63141e9637fddb92b3bb2a51bfc21c19baf3727e4299fec3a898ce8dd73fd09c2c3327aa7a76563beb5a8803fe994e49a2c11edb810aba11a7b953bf6382e70f3dbc5ebe8e4c31736197a4e1beac064641666810e864fb6d98ff99f7cd2961e7f3d1ba567920abad7b06defb8d8eea37887bf3648b76409b7ca23440bc2f8af69cd71dcee4c7fc473d383362b8614a88c633298a2ebcdaaa7945af178ee56c43ed217bee2ec248ef862db0df8d62a2f5939e2b0454a02182b987de71f775b4ec81e1343d06e762f4725acd976d29013432adcd1ed4459b4606e82bf17857007280ae1c935c7611d497311f94a28c4f4f4c18f5a7500578a1e9cddb445b11785e743c8d007332883ed97f5f2fca42209e773cce19707d395ba53806cbf468ddfa6738346fb124daaf9cfc44e7bb9e1233db7424ab41e41dab254d7a6547e8a46f057dce1e32e1608ddc90b4002ec377d5943f889ab0528757a51fc4144b7f1915bea03cbb20709fad0e82813a3e650617168cbca1cd461f6", @ANYRES64=r5, @ANYRES32=r2], 0x568}, &(0x7f00000000c0)=[@featur2], 0x1)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r9, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r9, 0x0)
close(r8)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a3ef2, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x3000002, 0x11, r8, 0x0)

11.865743629s ago: executing program 1 (id=1688):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="375ae04fceeb298d3b07d73b3e9aac00", 0x0, 0x18)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = eventfd2(0xfffffffb, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000002c0)={0x6, 0xeeef0000, 0x4, r4, 0x6})
ioctl$KVM_CREATE_VM(r3, 0x40086602, 0x20000000)
r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="14000000000000002000000000000000e3dc"], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000d93000/0x4000)=nil, 0x930, 0x4, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x12, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x3800003, 0x11, r8, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
r12 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, r11, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b8540000429610fbff67521ce16f8f1f447d69835673312b54ebb20176c869d22627e700000000000000000000000000000900", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
r13 = eventfd2(0x0, 0x0)
close(r13)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)

8.770794898s ago: executing program 0 (id=1689):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r4 = eventfd2(0x0, 0x0)
close(r4)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
write$eventfd(r4, &(0x7f0000000140)=0x1, 0x8)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000004000/0x4000)=nil, r5, 0x467af21e7e8bde02, 0x11, r4, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100016, &(0x7f00000000c0)=0xfffffffffffffff8})
write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xc0e00, 0x2000)

1.144921416s ago: executing program 1 (id=1690):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xe3)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = eventfd2(0xc1, 0x80000)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f00000000c0)={r7, 0x4, 0x1})
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000240)=@arm64_core={0x6030000000100048, &(0x7f0000000180)=0xb99b})

0s ago: executing program 0 (id=1691):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x121e82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5})
r3 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x40) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x9, 0x200ff, &(0x7f0000000180)=0x2}) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000) (async)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000000100000000000000aa0000000000000028000000000000000b000000000004000c"], 0x50}, 0x0, 0x0) (async)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0xe)

kernel console output (not intermixed with test programs):

[  384.548171][ T3129] 8021q: adding VLAN 0 to HW filter on device bond0
[  417.911316][ T3129] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:59332' (ED25519) to the list of known hosts.
[  603.919927][   T25] audit: type=1400 audit(603.090:61): avc:  denied  { name_bind } for  pid=3293 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  604.851951][   T25] audit: type=1400 audit(604.020:62): avc:  denied  { execute } for  pid=3294 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  604.880656][   T25] audit: type=1400 audit(604.040:63): avc:  denied  { execute_no_trans } for  pid=3294 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  623.869118][   T25] audit: type=1400 audit(623.040:64): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  623.906293][   T25] audit: type=1400 audit(623.070:65): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  623.994022][ T3294] cgroup: Unknown subsys name 'net'
[  624.040096][   T25] audit: type=1400 audit(623.210:66): avc:  denied  { unmount } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  624.481411][ T3294] cgroup: Unknown subsys name 'cpuset'
[  624.586973][ T3294] cgroup: Unknown subsys name 'rlimit'
[  625.563981][   T25] audit: type=1400 audit(624.720:67): avc:  denied  { setattr } for  pid=3294 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  625.581408][   T25] audit: type=1400 audit(624.730:68): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  625.605562][   T25] audit: type=1400 audit(624.770:69): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  626.786512][ T3297] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  626.807151][   T25] audit: type=1400 audit(625.970:70): avc:  denied  { relabelto } for  pid=3297 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.827989][   T25] audit: type=1400 audit(625.990:71): avc:  denied  { write } for  pid=3297 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  627.098879][   T25] audit: type=1400 audit(626.270:72): avc:  denied  { read } for  pid=3294 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  627.126940][   T25] audit: type=1400 audit(626.280:73): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  627.189304][ T3294] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  675.107353][   T25] audit: type=1400 audit(674.250:74): avc:  denied  { execmem } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  678.563693][   T25] audit: type=1400 audit(677.730:75): avc:  denied  { read } for  pid=3300 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  678.589653][   T25] audit: type=1400 audit(677.760:76): avc:  denied  { open } for  pid=3300 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  678.667590][   T25] audit: type=1400 audit(677.840:77): avc:  denied  { mounton } for  pid=3300 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  678.936855][   T25] audit: type=1400 audit(678.110:78): avc:  denied  { module_request } for  pid=3300 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  680.121785][   T25] audit: type=1400 audit(679.290:79): avc:  denied  { sys_module } for  pid=3300 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  709.417937][ T3301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  709.586103][ T3300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  709.731643][ T3301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  710.231231][ T3300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  722.730155][ T3301] hsr_slave_0: entered promiscuous mode
[  722.758003][ T3301] hsr_slave_1: entered promiscuous mode
[  723.551355][ T3300] hsr_slave_0: entered promiscuous mode
[  723.607076][ T3300] hsr_slave_1: entered promiscuous mode
[  723.645251][ T3300] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  723.650175][ T3300] Cannot create hsr debugfs directory
[  729.093517][   T25] audit: type=1400 audit(728.250:80): avc:  denied  { create } for  pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.183778][   T25] audit: type=1400 audit(728.350:81): avc:  denied  { write } for  pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.243511][   T25] audit: type=1400 audit(728.350:82): avc:  denied  { read } for  pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.453593][ T3301] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  729.769442][ T3301] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  730.025515][ T3301] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  730.288539][ T3301] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  731.750125][ T3300] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  731.910904][ T3300] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  732.100882][ T3300] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  732.359836][ T3300] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  745.078001][ T3301] 8021q: adding VLAN 0 to HW filter on device bond0
[  748.019213][ T3300] 8021q: adding VLAN 0 to HW filter on device bond0
[  804.325770][ T3301] veth0_vlan: entered promiscuous mode
[  804.875595][ T3301] veth1_vlan: entered promiscuous mode
[  806.910587][ T3301] veth0_macvtap: entered promiscuous mode
[  807.178820][ T3300] veth0_vlan: entered promiscuous mode
[  807.408046][ T3301] veth1_macvtap: entered promiscuous mode
[  807.940990][ T3300] veth1_vlan: entered promiscuous mode
[  809.408521][ T3301] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  809.415562][ T3301] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  809.426392][ T3301] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  809.437309][ T3301] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  810.919557][ T3300] veth0_macvtap: entered promiscuous mode
[  811.427128][ T3300] veth1_macvtap: entered promiscuous mode
[  812.213773][   T25] audit: type=1400 audit(811.370:83): avc:  denied  { mount } for  pid=3301 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  812.488972][   T25] audit: type=1400 audit(811.660:84): avc:  denied  { mounton } for  pid=3301 comm="syz-executor" path="/syzkaller.NcYs4h/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  812.659716][   T25] audit: type=1400 audit(811.830:85): avc:  denied  { mount } for  pid=3301 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  813.040470][   T25] audit: type=1400 audit(812.160:86): avc:  denied  { mounton } for  pid=3301 comm="syz-executor" path="/syzkaller.NcYs4h/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  813.166911][   T25] audit: type=1400 audit(812.300:87): avc:  denied  { mounton } for  pid=3301 comm="syz-executor" path="/syzkaller.NcYs4h/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  813.648246][ T3300] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  813.683780][ T3300] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  813.693868][ T3300] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  813.701472][ T3300] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  813.935012][   T25] audit: type=1400 audit(813.070:88): avc:  denied  { unmount } for  pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  814.146013][   T25] audit: type=1400 audit(813.290:89): avc:  denied  { mounton } for  pid=3301 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  814.220932][   T25] audit: type=1400 audit(813.390:90): avc:  denied  { mount } for  pid=3301 comm="syz-executor" name="/" dev="gadgetfs" ino=3276 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  814.465466][   T25] audit: type=1400 audit(813.620:91): avc:  denied  { mount } for  pid=3301 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  814.556536][   T25] audit: type=1400 audit(813.710:92): avc:  denied  { mounton } for  pid=3301 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  816.145659][ T3301] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  817.465472][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  817.495554][   T25] audit: type=1400 audit(816.620:94): avc:  denied  { read write } for  pid=3301 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  817.526309][   T25] audit: type=1400 audit(816.690:95): avc:  denied  { open } for  pid=3301 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  817.627588][   T25] audit: type=1400 audit(816.690:96): avc:  denied  { ioctl } for  pid=3301 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  822.408089][   T25] audit: type=1400 audit(821.550:97): avc:  denied  { read } for  pid=3440 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  822.486232][   T25] audit: type=1400 audit(821.650:98): avc:  denied  { open } for  pid=3440 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  822.671134][   T25] audit: type=1400 audit(821.840:99): avc:  denied  { ioctl } for  pid=3440 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  835.439955][   T25] audit: type=1400 audit(834.570:100): avc:  denied  { write } for  pid=3447 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  844.294660][   T25] audit: type=1400 audit(843.380:101): avc:  denied  { append } for  pid=3455 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  847.020025][   T25] audit: type=1400 audit(846.120:102): avc:  denied  { execute } for  pid=3455 comm="syz.0.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3659 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  873.934764][   T25] audit: type=1400 audit(873.080:103): avc:  denied  { ioctl } for  pid=3472 comm="syz.1.10" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1046.176204][ T3591] KVM: debugfs: duplicate directory 3591-4
[ 1354.295175][   T25] audit: type=1400 audit(1353.410:104): avc:  denied  { setattr } for  pid=3801 comm="syz.1.103" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1459.638043][   T25] audit: type=1400 audit(1458.790:105): avc:  denied  { execute } for  pid=3875 comm="syz.0.123" path=2F35382FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=315 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1635.376988][ T3993] kvm [3993]: Failed to find VMA for hva 0x20c01000
[ 2057.668877][ T4290] kvm [4289]: Unsupported guest access at: eeef0000
[ 2057.668877][ T4290]  { Op0( 2), Op1( 6), CRn(15), CRm( 0), Op2( 1), func_read },
[ 2093.767143][ T4315] kvm [4315]: Failed to find VMA for hva 0x20c01000
[ 2093.851802][ T4314] kvm [4314]: Failed to find VMA for hva 0x20c01000
[ 2124.999676][ T4333] kvm [4333]: Failed to find VMA for hva 0x21016000
[ 2325.875807][   T25] audit: type=1400 audit(2325.020:106): avc:  denied  { map } for  pid=4466 comm="syz.1.290" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2438.995300][ T4540] kvm [4540]: Failed to find VMA for hva 0x20d8d000
[ 2490.774649][ T4582] debugfs: File 'vgic-its-state@8080000' in directory '4582-4' already present!
[ 2808.088356][ T4788] kvm [4788]: Failed to find VMA for hva 0x21016000
[ 2846.461191][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 2846.461191][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2846.518512][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2846.518512][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2846.571277][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2846.571277][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2846.617601][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2846.617601][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2846.640386][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2846.640386][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2846.691654][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2846.691654][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2846.751344][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2846.751344][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2846.788371][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2846.788371][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2846.831853][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2846.831853][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2846.928119][ T4814] kvm [4813]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2846.928119][ T4814]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 3564.939174][   T25] audit: type=1400 audit(3564.100:107): avc:  denied  { execute } for  pid=5331 comm="syz.1.537" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 3615.887534][ T5368] kvm [5368]: Failed to find VMA for hva 0x20c01000
[ 3893.176850][   T25] audit: type=1400 audit(3892.340:108): avc:  denied  { map } for  pid=5573 comm="syz.0.604" path="pipe:[2425]" dev="pipefs" ino=2425 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 3966.589762][ T5616] kvm [5616]: Failed to find VMA for hva 0x208a1000
[ 4956.134082][ T6339] kvm [6339]: Failed to find VMA for hva 0x208a1000
[ 5169.049535][ T6493] KVM: debugfs: duplicate directory 6493-5
[ 5386.308344][ T6651] kvm [6651]: Failed to find VMA for hva 0x20c01000
[ 5386.439621][ T6651] kvm [6651]: Failed to find VMA for hva 0x20c01000
[ 5529.651111][ T6762] kvm [6762]: Failed to find VMA for hva 0x21016000
[ 5726.107114][ T6894] kvm [6894]: Failed to find VMA for hva 0x20c01000
[ 5843.926310][ T6972] kvm [6972]: Failed to find VMA for hva 0x20c01000
[ 5889.056094][ T7001] kvm [7001]: Failed to find VMA for hva 0x20000000
[ 6388.924969][ T7377] kvm [7377]: Failed to find VMA for hva 0x21016000
[ 6444.330143][ T7416] kvm [7416]: Failed to find VMA for hva 0x20bfe000
[ 6674.477640][ T7562] kvm [7562]: Failed to find VMA for hva 0x20c01000
[ 6853.139149][ T4442] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6854.531843][ T4442] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6856.105921][ T4442] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6857.361890][ T4442] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6876.374970][ T4442] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6876.688105][ T4442] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6876.896460][ T4442] bond0 (unregistering): Released all slaves
[ 6879.305749][ T4442] hsr_slave_0: left promiscuous mode
[ 6879.382046][ T4442] hsr_slave_1: left promiscuous mode
[ 6880.021112][ T4442] veth1_macvtap: left promiscuous mode
[ 6880.099821][ T4442] veth0_macvtap: left promiscuous mode
[ 6880.126761][ T4442] veth1_vlan: left promiscuous mode
[ 6880.141804][ T4442] veth0_vlan: left promiscuous mode
[ 6948.037992][ T7675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6948.375605][ T7675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6980.855530][ T7675] hsr_slave_0: entered promiscuous mode
[ 6980.938851][ T7675] hsr_slave_1: entered promiscuous mode
[ 7002.370960][ T7675] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 7002.674171][ T7675] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 7002.986180][ T7675] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 7003.428412][ T7675] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 7030.521035][ T7675] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7121.647432][ T7675] veth0_vlan: entered promiscuous mode
[ 7122.365760][ T7675] veth1_vlan: entered promiscuous mode
[ 7124.569283][ T7675] veth0_macvtap: entered promiscuous mode
[ 7124.838307][ T7675] veth1_macvtap: entered promiscuous mode
[ 7126.587950][ T7675] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7126.603765][ T7675] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7126.616170][ T7675] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7126.628984][ T7675] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7166.675891][ T6399] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7167.961591][ T6399] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7169.041722][ T6399] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7170.176168][ T6399] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 7186.885793][ T6399] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 7187.120905][ T6399] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 7187.346052][ T6399] bond0 (unregistering): Released all slaves
[ 7189.271269][ T6399] hsr_slave_0: left promiscuous mode
[ 7189.385550][ T6399] hsr_slave_1: left promiscuous mode
[ 7189.858229][ T6399] veth1_macvtap: left promiscuous mode
[ 7189.865730][ T6399] veth0_macvtap: left promiscuous mode
[ 7189.887893][ T6399] veth1_vlan: left promiscuous mode
[ 7189.919969][ T6399] veth0_vlan: left promiscuous mode
[ 7267.610410][ T7919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 7267.956751][ T7919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 7297.175721][ T7919] hsr_slave_0: entered promiscuous mode
[ 7297.257785][ T7919] hsr_slave_1: entered promiscuous mode
[ 7297.386556][ T7919] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 7297.413885][ T7919] Cannot create hsr debugfs directory
[ 7318.430229][ T7919] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 7318.915712][ T7919] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 7319.290712][ T7919] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 7319.749714][ T7919] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 7348.078403][ T7919] 8021q: adding VLAN 0 to HW filter on device bond0
[ 7369.996822][ T8080] debugfs: File 'vgic-its-state@8080000' in directory '8078-4' already present!
[ 7440.116128][ T7919] veth0_vlan: entered promiscuous mode
[ 7440.915062][ T7919] veth1_vlan: entered promiscuous mode
[ 7443.748780][ T7919] veth0_macvtap: entered promiscuous mode
[ 7444.125474][ T7919] veth1_macvtap: entered promiscuous mode
[ 7447.061168][ T7919] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7447.074453][ T7919] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7447.094744][ T7919] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7447.114938][ T7919] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7707.546784][ T8320] kvm [8320]: Failed to find VMA for hva 0x20c01000
[ 8168.107086][ T8651] kvm [8651]: Failed to find VMA for hva 0x20c01000
[ 8190.761866][ T8662] kvm [8662]: Failed to find VMA for hva 0x20d8d000
[ 8198.909792][ T8669] print_sys_reg_msg: 432 callbacks suppressed
[ 8198.938171][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 8198.938171][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8198.955068][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 8198.955068][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8199.006808][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 8199.006808][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8199.048213][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 8199.048213][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8199.105997][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 8199.105997][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8199.155166][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 8199.155166][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8199.180077][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 8199.180077][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8199.217160][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 8199.217160][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8199.276877][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 8199.276877][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8199.297574][ T8669] kvm [8668]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 8199.297574][ T8669]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 8593.859253][ T8942] KVM: debugfs: duplicate directory 8942-5
[ 8748.017245][ T9054] debugfs: File 'vgic-its-state@8080000' in directory '9054-4' already present!
[ 9633.413953][ T9667] ==================================================================
[ 9633.414781][ T9667] BUG: KASAN: invalid-access in _raw_spin_lock_irqsave+0x5c/0x7c
[ 9633.416633][ T9667] Read of size 1 at addr 00000000000013c8 by task syz.0.1691/9667
[ 9633.417048][ T9667] 
[ 9633.418148][ T9667] CPU: 0 UID: 0 PID: 9667 Comm: syz.0.1691 Not tainted 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT 
[ 9633.418653][ T9667] Hardware name: linux,dummy-virt (DT)
[ 9633.419112][ T9667] Call trace:
[ 9633.419483][ T9667]  show_stack+0x2c/0x3c (C)
[ 9633.420070][ T9667]  __dump_stack+0x30/0x40
[ 9633.420318][ T9667]  dump_stack_lvl+0xd8/0x12c
[ 9633.420627][ T9667]  print_report+0x5c/0xa0
[ 9633.420896][ T9667]  kasan_report+0xb0/0x110
[ 9633.421143][ T9667]  __kasan_check_byte+0x3c/0x54
[ 9633.421375][ T9667]  lock_acquire+0xb0/0x2e0
[ 9633.421628][ T9667]  _raw_spin_lock_irqsave+0x5c/0x7c
[ 9633.421876][ T9667]  kvm_vgic_set_owner+0x18c/0x294
[ 9633.422137][ T9667]  kvm_timer_enable+0x1c4/0x794
[ 9633.422338][ T9667]  kvm_arch_vcpu_run_pid_change+0x1f0/0x484
[ 9633.422552][ T9667]  kvm_vcpu_ioctl+0xae8/0xc24
[ 9633.422796][ T9667]  __arm64_sys_ioctl+0x18c/0x244
[ 9633.423073][ T9667]  invoke_syscall+0x90/0x2b4
[ 9633.423322][ T9667]  el0_svc_common+0x180/0x2f4
[ 9633.423567][ T9667]  do_el0_svc+0x58/0x74
[ 9633.423827][ T9667]  el0_svc+0x58/0x134
[ 9633.424030][ T9667]  el0t_64_sync_handler+0x78/0x108
[ 9633.424247][ T9667]  el0t_64_sync+0x198/0x19c
[ 9633.424806][ T9667] ==================================================================
[ 9633.427026][ T9667] Disabling lock debugging due to kernel taint
[ 9633.428310][ T9667] Unable to handle kernel paging request at virtual address ffef80000000013b
[ 9633.428872][ T9667] KASAN: maybe wild-memory-access in range [0xff000000000013b0-0xff000000000013bf]
[ 9633.429200][ T9667] Mem abort info:
[ 9633.429402][ T9667]   ESR = 0x0000000096000004
[ 9633.429705][ T9667]   EC = 0x25: DABT (current EL), IL = 32 bits
[ 9633.430002][ T9667]   SET = 0, FnV = 0
[ 9633.430235][ T9667]   EA = 0, S1PTW = 0
[ 9633.430465][ T9667]   FSC = 0x04: level 0 translation fault
[ 9633.430767][ T9667] Data abort info:
[ 9633.431011][ T9667]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 9633.431258][ T9667]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 9633.431524][ T9667]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 9633.431943][ T9667] [ffef80000000013b] address between user and kernel address ranges
[ 9633.432834][ T9667] Internal error: Oops: 0000000096000004 [#1]  SMP
[ 9633.449137][ T9667] Modules linked in:
[ 9633.451016][ T9667] CPU: 0 UID: 0 PID: 9667 Comm: syz.0.1691 Tainted: G    B               6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT 
[ 9633.452278][ T9667] Tainted: [B]=BAD_PAGE
[ 9633.452927][ T9667] Hardware name: linux,dummy-virt (DT)
[ 9633.453798][ T9667] pstate: 604020c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 9633.454818][ T9667] pc : do_raw_spin_lock+0x4c/0x2b4
[ 9633.455586][ T9667] lr : _raw_spin_lock_irqsave+0x64/0x7c
[ 9633.456415][ T9667] sp : ffff80008edc7930
[ 9633.457116][ T9667] x29: ffff80008edc7940 x28: 43f000001d5857c0 x27: 43f000001d586c30
[ 9633.458579][ T9667] x26: 0000000000000001 x25: 43f000001d586e10 x24: 0000000000000010
[ 9633.459854][ T9667] x23: efff80008edac000 x22: 43f000001d5857c0 x21: ffff800080208ab8
[ 9633.461071][ T9667] x20: 00000000000013b0 x19: efff800000000000 x18: 00000000070422ec
[ 9633.462260][ T9667] x17: 0000000003c9c6ec x16: 00000000000000fe x15: 0000000000000000
[ 9633.463465][ T9667] x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000000002
[ 9633.464736][ T9667] x11: 0000000000000001 x10: 0ff000000000013b x9 : 0000000000000000
[ 9633.466072][ T9667] x8 : 00000000000013b4 x7 : ffff8000870d1e20 x6 : ffff800086599264
[ 9633.467250][ T9667] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802afe9c
[ 9633.468441][ T9667] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000013b0
[ 9633.469773][ T9667] Call trace:
[ 9633.470417][ T9667]  do_raw_spin_lock+0x4c/0x2b4 (P)
[ 9633.471230][ T9667]  _raw_spin_lock_irqsave+0x64/0x7c
[ 9633.472043][ T9667]  kvm_vgic_set_owner+0x18c/0x294
[ 9633.472870][ T9667]  kvm_timer_enable+0x1c4/0x794
[ 9633.473621][ T9667]  kvm_arch_vcpu_run_pid_change+0x1f0/0x484
[ 9633.474472][ T9667]  kvm_vcpu_ioctl+0xae8/0xc24
[ 9633.475272][ T9667]  __arm64_sys_ioctl+0x18c/0x244
[ 9633.476124][ T9667]  invoke_syscall+0x90/0x2b4
[ 9633.476946][ T9667]  el0_svc_common+0x180/0x2f4
[ 9633.477747][ T9667]  do_el0_svc+0x58/0x74
[ 9633.478511][ T9667]  el0_svc+0x58/0x134
[ 9633.479245][ T9667]  el0t_64_sync_handler+0x78/0x108
[ 9633.480064][ T9667]  el0t_64_sync+0x198/0x19c
[ 9633.481301][ T9667] Code: d344fd4a aa0003f4 f90007e9 d378fd09 (386a6a6a) 
[ 9633.482839][ T9667] ---[ end trace 0000000000000000 ]---
[ 9633.484342][ T9667] Kernel panic - not syncing: Oops: Fatal exception
[ 9633.486631][ T9667] Kernel Offset: disabled
[ 9633.487448][ T9667] CPU features: 0x0000,00000340,02fbcdf1,057ffe1f
[ 9633.488583][ T9667] Memory Limit: none
[ 9633.490005][ T9667] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:48:37  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000865a6ed4 X00=0000000000000001 X01=0000000000000001
X02=0000000000000001 X03=ffff800080453bc8 X04=0000000000000001
X05=0000000000000000 X06=ffff800081e7b000 X07=ffff8000870d1e20
X08=00000000000000c0 X09=ffffffffffffffff X10=0000000000000000
X11=00000000000000f1 X12=0ffff80008794088 X13=0000000000000007
X14=0000000000000000 X15=0000000000000000 X16=00000000000000fe
X17=0000000003c9c6ec X18=00000000070422ec X19=efff800000000000
X20=00000000000000c0 X21=ffff800087940878 X22=ffff80008c3b9000
X23=ffff80008c3b9000 X24=ffff800087951e78 X25=000000000000003c
X26=00000000000000ff X27=ffff800087951e78 X28=ffff80008edc72c0
X29=ffff80008edc70d0 X30=ffff8000865a6ec0  SP=ffff80008edc70d0
PSTATE=604020c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000000 Z01=0000ff0000ff0000:ffff00000000706d
Z02=c0fc00fcc000c0fc:0000c0fcc0fc0000 Z03=0000000000000000:0000000000000000
Z04=3303330333033303:3303330333033303 Z05=bcfcc0bc00bcbc00:bcfcc0bc00bcbc00
Z06=0000000000000073:0000aaaacba3a3e0 Z07=0000000000000074:0000aaaacba37620
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffc93cc2c0:0000ffffc93cc2c0 Z17=ffffff80ffffffd0:0000ffffc93cc290
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000