last executing test programs:

48.434159991s ago: executing program 0 (id=1744):
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000004c0)={0x0, &(0x7f0000000000)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x7, 0x5}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x2, 0xd, 0xe, 0x2, 0x3}}, @msr={0x14, 0x20, {0x603000000013c4d1, 0x6}}, @mrs={0xbe, 0x18, {0x603000000013c101}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x31}}, @code={0xa, 0x84, {"007008d5001c202e0074007fe0dc92d200e0b8f2810080d2820080d2830080d2e40080d2020000d40040000c00f190d200c0b0f2810080d2420080d2430180d2040080d2020000d4000008d5000000ace00886d200a0b0f2810180d2c20180d2e30180d2840080d2020000d400c0601e"}}, @hvc={0x32, 0x40, {0x84000051, [0xe7c2, 0x8, 0x7fffffffffffffff, 0xfea6, 0x6]}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x25a}}, @eret={0xe6, 0x18, 0x6}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0x8e2, 0x0, 0x1}}, @smc={0x1e, 0x40, {0xc4000007, [0x81, 0x89, 0x5d86a07f, 0x49, 0x1]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x2a1}}, @eret={0xe6, 0x18, 0x81}, @mrs={0xbe, 0x18, {0x272d}}, @irq_setup={0x46, 0x18, {0x2, 0x2c8}}, @hvc={0x32, 0x40, {0xc4000010, [0x100000001, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0x2, 0x1, 0x0, 0xf, 0xffff37f6, 0x8001, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e662}}, @svc={0x122, 0x40, {0x84000006, [0x6, 0xfffffffffffffff8, 0x1, 0x8, 0x8000000000000000]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x3, 0x9, 0x800, 0x2109, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x4, 0x5, 0x3, 0x8001, 0x3}}, @msr={0x14, 0x20, {0x603000000013807f, 0x6}}, @smc={0x1e, 0x40, {0x84000003, [0x7ff, 0x6, 0x3, 0x1, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x8, 0x9, 0x2}}, @msr={0x14, 0x20, {0x603000000013e663, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x2, 0x1}}], 0x48c}, &(0x7f0000000500)=[@featur2={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, 0xffffffffffffffff, 0x0)

44.364157296s ago: executing program 1 (id=1745):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={0xffffffffffffffff, 0x3, 0x2})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f00000001c0)=0xffffff7f, 0xff25)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

41.594799228s ago: executing program 0 (id=1746):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x80)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x1, 0x2001, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x4, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, 0x0})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, &(0x7f0000000180)=ANY=[], 0xe0}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_REG_LIST(r13, 0xc008aeb0, &(0x7f0000000000))
ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x128, &(0x7f0000000340)=0x8000000000000000})
close(0x4)
close(0x5)
r14 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r15, 0xae80, 0x0)

37.161694942s ago: executing program 1 (id=1747):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x110, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c029, &(0x7f00000000c0)=0x8})
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000d88000/0x3000)=nil, r6, 0x0, 0x2010, r2, 0x0)
mmap$KVM_VCPU(&(0x7f00004f0000/0x2000)=nil, 0x930, 0x0, 0x11, r2, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4000ae84, &(0x7f00000000c0)={{0xd000, 0x3000, 0xa, 0x7, 0x2a, 0x5b, 0x4, 0x9, 0x1, 0x7, 0x4, 0x4}, {0x1000, 0x4000, 0xc, 0x6, 0xfb, 0x7, 0x66, 0x9f, 0x4, 0x8, 0x1, 0xcf}, {0x6000, 0x1bbba0000, 0xe, 0x3, 0x2, 0x2, 0x0, 0xca, 0x6, 0x40, 0x2, 0x7}, {0x8080000, 0x8000000, 0x8, 0x1, 0x2, 0x8c, 0x6, 0x80, 0xa, 0x5d, 0x8, 0x3}, {0xdddd0000, 0xffff1000, 0xf, 0x3, 0x6, 0x2, 0x7, 0x7, 0xe6, 0x5, 0x5e, 0x2}, {0x1000, 0xeeef0000, 0x9, 0x43, 0x8, 0x3, 0x1, 0x0, 0x7, 0x5, 0xfa, 0x2f}, {0x3000, 0x1000, 0x7, 0x9, 0xf, 0x4, 0x2, 0x2, 0x6, 0x7, 0x92, 0x3}, {0x2000, 0x3000, 0x9, 0x8, 0x8, 0x0, 0x46, 0xc, 0x8e, 0xfa, 0x2, 0xb}, {0xeeee8000, 0x3}, {0x2000, 0x526}, 0x1, 0x0, 0x5000, 0x40000, 0x2, 0x2c00, 0x8080000, [0xf6d, 0xffffffff, 0x8, 0xfea7]})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@arm64={0x50, 0xc0, 0x7, '\x00', 0xd})
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0x80000001, [0x3, 0x8, 0x6, 0x0, 0xfffffffffffff509]}}], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000dee000/0x3000)=nil, r8, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r8, 0x2000002, 0x4f832, 0xffffffffffffffff, 0x0)

29.613640753s ago: executing program 0 (id=1748):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000580)=[{0x0, &(0x7f0000000140)=[@smc={0x1e, 0x40, {0x84000009, [0x38000000000, 0x9, 0x4, 0x8004, 0x6]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa}) (async, rerun: 32)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100020, &(0x7f0000000180)=0x4}) (async, rerun: 32)
r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000780)={0x0, &(0x7f0000000680)=[@code={0xa, 0x84, {"00fc209b000008d5e0888dd20060b8f2c10080d2620080d2a30180d2440080d2020000d4000000130000002b000008d50084202ea0a483d20000b8f2010080d2020080d2630180d2040180d2020000d4004d8fd200c0b0f2e10080d2e20080d2030180d2040180d2020000d4007008d5"}}], 0x84}, &(0x7f00000007c0)=[@featur2={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

28.155415988s ago: executing program 1 (id=1749):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb4000/0x3000)=nil, 0x930, 0x200000c, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f00000002c0)=@arm64_sve_vls)

22.519938543s ago: executing program 1 (id=1750):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x1c1040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f0000f48000/0x3000)=nil, r3, 0x1000003, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0xfffffffffffffffe, 0x0, 0xfffffffffffffee9)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000180)="d4ece25438ac761d768f5c3f54d9506333a3efeda6b20c676f2c855f9505e66570fef4c314d949f94d16402868c2c64a1e54a0541230b4183257337f2ffb4f655500672bee04cb71", 0x0, 0x48)
ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000080))
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x109901, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r6, 0xae03, 0xbb)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x7f)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x18b080, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xc0189436, 0x20004000)
r10 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r2, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x7})
r12 = eventfd2(0x0, 0x0)
close(r12)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
write$eventfd(r12, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x8, <r13=>0xffffffffffffffff})
r14 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r3, 0x200000a, 0x10, r2, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0xb, 0x810, r14, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x2f46b2, 0x0)

20.588680802s ago: executing program 0 (id=1751):
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000000)=0x5)
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000040)=[@hvc={0x32, 0x40, {0x80000000, [0x2, 0x3d, 0x52, 0x101, 0x34e]}}, @uexit={0x0, 0x18, 0x10}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x2bc}}, @uexit={0x0, 0x18, 0x1}], 0x98}, &(0x7f0000000140)=[@featur2={0x1, 0x41}], 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000180)=@arm64={0xe0, 0x4, 0xc0, '\x00', 0x8})
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f00000001c0)=@x86={0x2, 0x10, 0x1, 0x0, 0x101, 0x4, 0x0, 0x4, 0x65, 0x1, 0x9, 0x4, 0x0, 0x3, 0x9, 0x4, 0x8, 0x6, 0xc, '\x00', 0x4, 0x3ff})
ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000200)=0x6)
ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000000240)={0x1000, "edae6eba0d64e7e00758ffc811b87cdab744e161231bc5c8ced433bda6ee56495cb96b2da67bed1d343985e01a62e4c035af341ed0734948effa0b373534459180482ec7f0755478c77236f3212c39544a1feb639fae20809ab1102ebd42e4fd63f92fac3808402ae40a6b9a006b47122bfeadd634dc2a1d6e4f98b41c922e03b0afb3a61b8ff766433a4e7bf1373f27966bff6eeecffb0810f3170ae1a025fc8e008064ec73256204c1bec7c74d71a132a50f8090bb08299cf5de6aaca0a540ec690c42fe66f8d8f8195c09ee3edf368e1c66a5bec3567915afa663da999ce85e50e198e3a94fcdfa15ec9f74d02f9484d562674de180a3f858863bfcefc8f748db476635898beedeca04eae0c8a33d1eba25f3155ff5511f938f05a687890ffc89e9d506b69623aea05ddd93422545c69e5d1699a5459b35671a8344adbc0f8d4ce76c4bbe85695b4102a8c6a581ebf1d29caf72459c44fc7cf6d7c9c68424d8d2825039ef5c8fb98b950e3ef485ae8ab61f795743c62d76a7dfb6bcb644ee57c57bfad943fde90e41ac8f5a378d0f6bca28b77caf726c0fde0ebaefd6f0c9a320ccebd23d3711013879b1c4d21cb169cd4d969f0b809f539a737edcd476f30876b55893776c43f6cb2e62da6c1127702ef4185eb262646c177028ac2661f1ec51c1e51fe4a824230e495d38612743246d21077d32508352a453b4dc8ae5f070517f4619a5be5c97ca733462b787ba32e4edaf68c70a1a9fdf96ec9362995bc1297d4011b0635491d437364f315d2c6ec9f2293a0baddbdae3e6e97f2d4f87fcf754a912860e95d46e95649a28e3f4447b3e9ac648ed10adb4c5328561b36e9a608caa145a25a39dfc45088f46a13b68ba34a66bfeb82a63ed493bfd943ee268f5e3c6f54461fa66fb88f918a0777a9e8be34c6e228cece41a79e2c39fc80d589991182cd02739df46d22fe6282a3be88e846b99f3bed2c3126636f4a9d080ab997a859fdf3564a9be3474ea24e6a2f2b64ce934be94da938f7f4af5096fc1d723d510a75518a59ebb926160eb4df75decbfb0b51aedb8183a192afe5e5db543a4d20d7ba2955444116c1b024e2c17957fd10f0122cf5b5176351fd407f774243f26ec15619f0333fce8852b7299277728ce3b03672a7904383811d0ec19bb7c5061d5d28ad9a7f1c7835bbaaec2d35c5e5ea18a932a06ee5aaa925463202ccf8ce273245137cbdab29fa6fa299fd129bf53a10a09ab45372d01ec9018569dc5518f3b5c022266cbc1cadd7e23da0480c60b7d6b3be09762807fcda6d5af05c685f82f0bf48ce82ee6c23f87458bbae0f448045dc81524b6d51d9bf66a4c030e6bdebd5bf682775e5821a42b7a585a36ca13d1c9650dab0c8875f02a2e123e686db0262d32a7a31c401fd9818318db8bffda51bf19c22884ac75823850b5f11729d792eeec2ceff091ecdefd1a0fc783913b7118fb42e8eeb78f49ef7941348d4ad865876d66c5267fd9108ce52e68a31958859e78c50c1aa42495ab8c648578390ded20ac8c4d884d957173f72f3e299e58df08230d2c4c447b60e69f9f3324dca4784649efc2d1618f0c49db1e5310bd3b4a3a2f6cd6ab719f3209948461faa7ff65526e5e3d196e64501ded44c466b77bc9470addfd4ab2aa490acdabd6fcd4701e0479d1b506f8e51af58ac9f3800420be78f804399df41848a13bb3251a6d9f5d5e836cb320fcdeace297a6b4bd42114abc1421e565a7931f39695dc150199008152b6073a694828d90a2a8b0c94cba1f49b91e8bbd9522e3794a9170751d180722e753a16e56dc5caa628c9e7f9c957185acbeef0157c8e187ce9abb60fd17da514d5feca6222b796dd61c33eada340d231c47f955a6c9cf19fca7068b7829ffdbb71d63c7ad068481f984c17238eac3080d64a488a27894cfd0ac73e2fbabd3829d77513db85f7dae12b635b3f6eba59a15a5403807816414414f439337aa51abda32a0d293f6caa5a2bbfc89c8e303cd7ce762755180343d37a9c115c88d4d5320b1cec4cd0d65f8cda108345a76fbb12e80bf10b08a397d16b799806277450fafc4dfec3c9a1371400cdde56d0ea9660ac8a4e022e86ec438356b064c7d6e4cde7beca62f841242136edd875b97fc43f6c2c3f42662296340a76e36c27bc513d5a24d7280d5aa2805047265bd2176d0370c0a778bf2d3c7f7669a0a5e59f16707241c4822fbf35ce029d18673cfe1405ef86c751b1256a77f1484a19b01613fcabf6439747f4b5232d8330566c9e9199ddfa1103d2f3ed536ea9ceb49cbd8af35fc5436758076aedf972f051e6dc3cec4856609cd014ff7f04744808b5b731300dbcbbf11170d4a42aaf25cebbd49c971e64d44f629a2570928333697b603af59ca6fb00bc2f32b6c75d25f6da89571614cfe133f2df4049800c6e4d9d3bd44a0f052209fbdd4149b69c857bbadb2747c856f508b6ea4a8f6a20684e5d36117c447e2134472065b08fd9c238116c4782adbc59f51798fe0edea6ab2f7799b7614abc8bbda4057b42c3327725680f3be180f3f418bc877e5dc2a1edf051b80f93deb2c065538d46a6dac23dc1ba8150588ed89c3db42355db9a179ea177be40ca0d29f01f7a9a3f85030ded05bbb4a1a5e567cfa5c57f995e4a34d501e6eecd06c3f4ef8ed99d9a161d56a3880ba50846e25feacfe570845499af72d1cf8be102eb02c8835466f251324321fb4997f8f5bf9307189e0300af249366a85ea9800e7d5aefa4b7baa9cdccb9a6c205abe1114fe5311289f91c4d7e058cd0a412a32e8b289b673bddb06bbcdb4bcd07e6dd3e9e02959a204d11664dffc00010d598da71c57034756144663f32ccf67e9a0ddff27bc339378af3d04ca1265b0cf6ae42af99f92adb6725c81f61fc529f22acaf6d4bb794513bd6e6bc5b38aea9b90a282f7fb7bdc9f39b8f1b9108ceeae818ac1e2cc4eeec4fd0ca0d9b2705a8af4f4807593b848ee8449cb9728d48213bfdbcf63c6c563200ce3a0be66a04c21cf1fbcacc9fccf0680fe9a56080b72943f23dc77b7daeac060d107fbdfc891722158a88b6d21a7f2b4e86e1a206bfcfd381c099a25489b8ceeee3997c5ce2015d94a4ebf33a5f1d53362e2254f9d346e0436e089e5eb298a50e18778b7e337f90af40e6935c8929f4e715c07e5763bcd0fefb74fbc56b8c2b4cb4e004d401843926daeb5a03b70b04f14c0563be8bd4ad6ca73f4614e2de9ae1d6f9729c3856b98faa76fd7c8f687a41cb3d729800d4640cb31280cdfbfa1bb0a5d47daf898e637cbbb49f55b37192859d7331c6f379d100c27f24887ea8047305af83ef55f4fc646d1a3f510c1f520060a3cfc33861e021ecf4515e432d7ce7233364a204e1d89d386981fa005bbd53917c830bd213fdfe72ffcee54c447ec5c29b8350e26f28d7c0f097d0d12bf2bce7d2bd8fb70a777aa45314e4963dd506d89e70538e6e10ad9eea89b1df13f853f1f1868218a6a3037a0cab98ffdeb6b17052f756d0b203f71762e81d285032bb1b6f1b1389d887d78190c1533209ae4970c5435026ff9de3ea0e4d8f19d27e8c7ef812002d997d2ed67df272a1ba1ba415df6c1c1d2564abd9f21eeacc9d7858be909034a1e447cacf9fa810067884b7cfd0ca533c13878297dbadf7f9d9ba877d71204ab7605b921abe4a2976008308c38d4341e7c902ab8297ff68fdefec7aa2386c7a6de002cc56d8ed78989713225d01ca2ad03f1032d176fd8c29ba434506852fb731379e880a7421164b4c32940ffcb521b58b1e161df2a78caf3feffde16394523bca77d4f5edb586cd10fcccba7309b3385659bf720d9ea9737e8261b05b2bc874ba5bcd93db56efe3efe2325fd85b8b442598aede369c789967de9056d0e3ae7014a441ce82d086c93e6d433ad96b943aabfe12603872dbd26d48253b22cbf3100a816e7d9c62c747d8c16225fb54f4117b2e221ac9a8519ff4f049d67ac93f52fd78c2b47850d18371ab80c03a0ed3a4328398b152ec3139fb6f9a884e382e001d12730783a1197425266f67825521cee087368d64c1f1347af1df0e274bcf168535b9eac8ace23788d1c36414d4a4d1177fad4354456ce102d8ee6fcf99daff343bc3455244f986356af9298434a94594a44a3ca9d9d497edc1d00741c3a8ab869be095428b2624b3b2e5ad6542fa57383ee4ff354ec1a61f115d608a363225188846b3d35bd1d6f065a5a524fd30ba5d57943715c5674b913373aed2e42d9f32241b9e9d1be8cd082da13bea31c60da8fc75326663a1b2bbeb4515e86912aea216a265852d0919a76420c3ab765a5130a81049075e31eb302cb353ac8d7daab48ea83ec652a82046b6609ccdc1a9f166f480259c858931b62cb6ffeb4d88bc3c1a153972b62e4ad844d05fcb9e6f2d9df0fc814502bafbf2b1a567798272cb4c1f5da47fe773bb401f17be7a3358f47b311fac09b3797fafe180640459769928e24f3cfb644be565ca98cf2a12d5ee86c6c3aef35a4ec330bce87a49ceec199126cf0886c34fe52ae6956d5a83ab71be221e7894ab7906113e552e19efb0ea5a0495bdecbdd758b9416e5f3aa51671355b59bda15f759c2a356c3ad4ec2e6848e56218583c10a38e354360640499b8bd58421e4629cb28acf60f04d04c7d90858de262f7ed20b2af78a5b82fab9169086198b0042ea0879c19247bff73fb04bd0e4bfbafe73221dd628c9bbf37c19333635ceedb3eec000ee70d41807c41bea5a8b312f6235eb79ef967905b8f8824ba4e7a5dac5e888b930d70032bbebe69aefc7e88e41c4a93bd54d790cc7d93fde96e3a275cc17768ab89e58287b996566d4de587fcdb36eb2b30a1ba72d80db92cb193a2293c9e47450042d6f75812e2f109ce57400cde63f9a0146acf7b9ddca0d7b433da7807bae6f9f4bca919aa20a7681ce71576e301e7e49279f2beb0c86a0747ea03499eea31a7b13df905a45aacf8a0bc02aad5baf7136ee07f8e21b30c93120be23cc3fe755e4c95240ca010449dfd84996c5e8edb92a36457da93a5cf6a7d17a1b9834fd40cd92ffe51d0b9e14f156c0bd5f590ed31be5969203e586c513561c10722d36541115f7fdcd703c75ef1f9fab3fbe43da022f7835679fabb1aeb1976a7d60a92d41f5ff96e2e2a4b5cb40f8ab5682fffb3d12b79761fef11cf4575d725f78ac070b8841e3a18587c91acf079f4f1ce2f1c26b35421aafd4afd63820d760ced17e2208d080b9439c331eb16584777768c25600e755675b0e3fd8b136a0b08c1259f179ded4236e9fc0e8c341b4e2347d9feb86ef0020e1561b714169a8ee692e36858a6c36957e9baa944334e5f3f04a4da66db40cee42b1170a7a406417e0667df8db8af6b97c2e9cb9b98df2211fed50abb9728df8e6e426306823012727fbd30b0bd5408b4edaa652859d589024c91426c13d504c316054afcc6cb81722fd6497c93359788773dce698d9dd1bab118a8b175540995846c096d4823c5dca8ea3cb4f333f0e70f789d8dd306976a8573488c3f0b8ad7268bd40cb82e2b3cf449242fc0af748accfd5dbaf55d1957c4fd4d0c67bbefdd5bbbd970782f6604f0b52c5db72fa5e040960e0069a55c3dabe67f728c0c80204e784d9f9774d0d30a83fc289bcd23c014bd52767f2fb49eb625fd3fd41b713020582625d90592b6ded1cf81301896587b53573f00f1d17a11c39522cb8ec122749b5e5b6d6fec967404f7b15e2363b1e524dfd7e7b0d4b567b68c3a5d244d4"})
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f00000012c0)=@other={0x3, &(0x7f0000001280)=0x5})
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000001300)=@arm64={0x4, 0x9d, 0x6, '\x00', 0x6})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000001380)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000001340)={0x1, 0x3, 0x1}})
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f00000013c0)=@x86={0x16, 0xe, 0x3, 0x0, 0x0, 0x9, 0x8, 0x5, 0x6, 0x4f, 0x4, 0xba, 0x0, 0x8, 0x1, 0x9, 0x6, 0x8, 0x8, '\x00', 0x3, 0x1})
r1 = mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, 0x0, 0x1000005, 0x4000010, r0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000001400)="8c6d94c870ebe81f3f4223ac7130ae5b68674a3a4e7532299650626b4a91495d2bff331f2b9a5daf6ce1a27af6b27344716d21ab4442ec6f7a138b766bee861ecea65d4baefa607c", 0x0, 0x48)
munmap(&(0x7f0000fec000/0x14000)=nil, 0x14000)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000001480)={0xdddd1000, 0x100000, 0x7, 0x1, 0x7ff})
syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f00000014c0)="500625c4d38ebce1926e201e90c3af51582b5411ba25f9aa", 0x0, 0x18)
ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000001500)={0x7fffffff, 0x200})
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001bc0)={0x0, &(0x7f0000001540)=[@smc={0x1e, 0x40, {0x1, [0x5, 0x8b93, 0xda5, 0x1, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0xe, 0x1, 0x9}}, @irq_setup={0x46, 0x18, {0x2, 0x19b}}, @eret={0xe6, 0x18, 0x8}, @memwrite={0x6e, 0x30, @generic={0x4000, 0x49, 0x2}}, @code={0xa, 0x9c, {"c08599d20020b0f2010180d2e20080d2830180d2a40180d2020000d4000020c80000431ee0148bd200a0b8f2e10180d2a20180d2430180d2c40080d2020000d4007008d5e003bfd6607e8ed20080b8f2610080d2620180d2430080d2c40180d2020000d4e0c29bd200e0b0f2410180d2c20180d2030180d2e40080d2020000d4008008d50038601e"}}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x30000000, [0x8ef3, 0x10000, 0xffffffffffffff01, 0x8, 0x8]}}, @eret={0xe6, 0x18, 0x800}, @hvc={0x32, 0x40, {0x8400000e, [0xfffffffffffffff9, 0x2, 0xfffffffffffff8fb, 0x81, 0x1]}}, @smc={0x1e, 0x40, {0xc4000053, [0xffffffffffffff67, 0x1000000020000000, 0x82, 0x1, 0x1]}}, @smc={0x1e, 0x40, {0x20, [0x8, 0x7, 0x3, 0x3, 0x71682515]}}, @irq_setup={0x46, 0x18, {0x3, 0x289}}, @svc={0x122, 0x40, {0x84000007, [0x1ff, 0x7fffffffffffffff, 0xb0, 0x70958cc5, 0x5]}}, @irq_setup={0x46, 0x18, {0x0, 0x2e9}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0xa, 0x5, 0xf7, 0x4}}, @msr={0x14, 0x20, {0x603000000013ff11, 0x6a}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xe00, 0xda, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x2, 0x3, 0xf}}, @memwrite={0x6e, 0x30, @generic={0x4, 0xdcf, 0x100000000, 0x8}}, @code={0xa, 0x9c, {"0040611e000008d5201a9dd200e0b8f2c10080d2220080d2a30180d2840180d2020000d4607196d20000b8f2e10080d2420180d2030180d2440080d2020000d4007008d5007008d5008008d5201f92d200a0b8f2e10080d2e20080d2e30180d2040180d2020000d4608f91d20020b0f2e10080d2c20180d2a30180d2840080d2020000d400eca02e"}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x46}}, @svc={0x122, 0x40, {0xc400000d, [0x1, 0x54b, 0xe40, 0x80000000, 0x5]}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x23e}}, @msr={0x14, 0x20, {0x603000000013e648, 0x200}}, @hvc={0x32, 0x40, {0x84000011, [0x3, 0x20ed, 0x1, 0xffffffffffff1fd4, 0x8]}}, @eret={0xe6, 0x18, 0x400}, @smc={0x1e, 0x40, {0x10, [0x2, 0x9, 0xffff, 0x401, 0xffffffffffffffff]}}, @smc={0x1e, 0x40, {0xc4000005, [0xfffffffffffeffff, 0xc, 0x81, 0x6, 0x9]}}, @svc={0x122, 0x40, {0x20, [0xb10, 0xfffffffffffffffe, 0x7, 0x10000, 0x7]}}, @irq_setup={0x46, 0x18, {0x1, 0xeb}}, @uexit={0x0, 0x18, 0x83bf}], 0x668}, &(0x7f0000001c00)=[@featur1={0x1, 0x20}], 0x1)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000001c40)=@attr_pmu_init)
ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000001c80)={0x3a, "396c52dc519413a2a90d3da54534546952152ad745d38840451efdf2458be202fada55314d5c1a35275069a97789f20a62568925e32e2b0654bc"})
r3 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000001d00)=@attr_other={0x0, 0x1, 0x3, &(0x7f0000001cc0)=0x7})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000001d40)="014b56c80f702dafdf3095ee9a6495631afe2995b368c5eb8d1a3fefdd8d8394072a780df76ebab7ec159cb659b2082c2cb34b59b5fde3bb939a73d1440b92fcdf497d629617a4ec", 0x0, 0x48)
r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000001fc0)={0x0, &(0x7f0000001dc0)=[@code={0xa, 0x84, {"60de80d20000b0f2a10180d2420080d2c30080d2040180d2020000d4007008d50004407c008008d5407996d20080b8f2e10180d2020180d2e30180d2640080d2020000d40020bf0d007008d5e0c186d20080b0f2e10180d2820080d2e30180d2a40080d2020000d400a0400c000c601e"}}, @mrs={0xbe, 0x18, {0x603000000013deeb}}, @irq_setup={0x46, 0x18, {0x0, 0xe8}}, @svc={0x122, 0x40, {0x80007fff, [0x5, 0x6, 0x9, 0x0, 0x50]}}, @svc={0x122, 0x40, {0x20, [0x4, 0x8, 0x4, 0x73]}}, @irq_setup={0x46, 0x18, {0x3, 0x1b7}}, @uexit={0x0, 0x18, 0x100000000}, @msr={0x14, 0x20, {0x603000000013df40, 0x1ff}}, @mrs={0xbe, 0x18, {0x603000000013df49}}, @irq_setup={0x46, 0x18, {0x2, 0x126}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x33c}}, @uexit={0x0, 0x18, 0x6}], 0x1f4}, &(0x7f0000002000)=[@featur1={0x1, 0x1}], 0x1)
munmap(&(0x7f0000efa000/0x2000)=nil, 0x2000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002040), 0x40000, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
openat$kvm(0xffffffffffffff9c, &(0x7f0000002080), 0x40, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f00000020c0)={0xa})

14.574290408s ago: executing program 0 (id=1752):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x8080000})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_vgic_v3_setup(r5, 0x4, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bfd000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000b80)={0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1e000000000000004000000000000000040001c4", @ANYRESHEX=r9], 0x40}, &(0x7f0000000240)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12.99370494s ago: executing program 1 (id=1753):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd9})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x8, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x40305839, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x100000000000000, &(0x7f0000000180)=0x10001})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, r4, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r9 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
r10 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r11 = eventfd2(0x1, 0x1)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r11, 0x0, 0x2, r11})
r12 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000001c0)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
r15 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x2)
r17 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
r18 = mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r17, 0x2800002, 0x12, r16, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r18, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0x48)

3.51298261s ago: executing program 0 (id=1754):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x20)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x4, &(0x7f0000000100)=0x6}) (async)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x2, 0x1}) (async, rerun: 32)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000040)=@arm64={0x72, 0x0, 0xc, '\x00', 0x8}) (async, rerun: 32)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) (async, rerun: 32)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, 0x0) (async, rerun: 32)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

0s ago: executing program 1 (id=1755):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x20000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x240)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000000)=0x2})
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43)
ioctl$KVM_CREATE_VM(r6, 0x40086602, 0x20000000)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000b40)=@attr_irq_timer={0x0, 0x1, 0x0, 0x0})
r7 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r8 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, <r12=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x800454d3, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e00000000000000400000000000000008000084"], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r14, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

[  381.537201][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0
[  441.718114][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:58669' (ED25519) to the list of known hosts.
[  595.913248][   T25] audit: type=1400 audit(595.010:61): avc:  denied  { name_bind } for  pid=3287 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  597.009113][   T25] audit: type=1400 audit(596.120:62): avc:  denied  { execute } for  pid=3288 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  597.029953][   T25] audit: type=1400 audit(596.140:63): avc:  denied  { execute_no_trans } for  pid=3288 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  618.104157][   T25] audit: type=1400 audit(617.210:64): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  618.133339][   T25] audit: type=1400 audit(617.240:65): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  618.218507][ T3288] cgroup: Unknown subsys name 'net'
[  618.268631][   T25] audit: type=1400 audit(617.380:66): avc:  denied  { unmount } for  pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  618.656712][ T3288] cgroup: Unknown subsys name 'cpuset'
[  618.763402][ T3288] cgroup: Unknown subsys name 'rlimit'
[  619.673876][   T25] audit: type=1400 audit(618.780:67): avc:  denied  { setattr } for  pid=3288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  619.698666][   T25] audit: type=1400 audit(618.800:68): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  619.717511][   T25] audit: type=1400 audit(618.830:69): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  620.933992][ T3291] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  620.955451][   T25] audit: type=1400 audit(620.060:70): avc:  denied  { relabelto } for  pid=3291 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  620.977171][   T25] audit: type=1400 audit(620.090:71): avc:  denied  { write } for  pid=3291 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  621.165599][   T25] audit: type=1400 audit(620.270:72): avc:  denied  { read } for  pid=3288 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  621.185244][   T25] audit: type=1400 audit(620.290:73): avc:  denied  { open } for  pid=3288 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  621.227828][ T3288] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  668.844971][   T25] audit: type=1400 audit(667.960:74): avc:  denied  { execmem } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  672.428282][   T25] audit: type=1400 audit(671.540:75): avc:  denied  { read } for  pid=3295 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  672.449198][   T25] audit: type=1400 audit(671.550:76): avc:  denied  { read } for  pid=3294 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  672.483794][   T25] audit: type=1400 audit(671.580:77): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  672.555441][   T25] audit: type=1400 audit(671.650:78): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  672.787866][   T25] audit: type=1400 audit(671.900:79): avc:  denied  { module_request } for  pid=3295 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  673.923601][   T25] audit: type=1400 audit(673.030:80): avc:  denied  { sys_module } for  pid=3295 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  701.527481][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  701.768560][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  705.005516][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  705.295917][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  719.702523][ T3295] hsr_slave_0: entered promiscuous mode
[  719.729046][ T3295] hsr_slave_1: entered promiscuous mode
[  721.127962][ T3294] hsr_slave_0: entered promiscuous mode
[  721.165160][ T3294] hsr_slave_1: entered promiscuous mode
[  721.193889][ T3294] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  721.198592][ T3294] Cannot create hsr debugfs directory
[  726.182942][   T25] audit: type=1400 audit(725.290:81): avc:  denied  { create } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  726.254251][   T25] audit: type=1400 audit(725.310:82): avc:  denied  { write } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  726.262602][   T25] audit: type=1400 audit(725.360:83): avc:  denied  { read } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  726.389480][ T3295] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  726.925355][ T3295] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  727.174221][ T3295] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  727.447216][ T3295] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  728.982831][ T3294] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  729.136783][ T3294] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  729.306299][ T3294] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  729.516475][ T3294] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  741.918467][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0
[  744.466431][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0
[  800.476255][ T3295] veth0_vlan: entered promiscuous mode
[  801.027279][ T3295] veth1_vlan: entered promiscuous mode
[  802.954316][ T3295] veth0_macvtap: entered promiscuous mode
[  803.414102][ T3295] veth1_macvtap: entered promiscuous mode
[  803.570211][ T3294] veth0_vlan: entered promiscuous mode
[  804.493362][ T3294] veth1_vlan: entered promiscuous mode
[  805.560233][ T3295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  805.596072][ T3295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  805.608068][ T3295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  805.627689][ T3295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  807.375896][ T3294] veth0_macvtap: entered promiscuous mode
[  808.073739][ T3294] veth1_macvtap: entered promiscuous mode
[  808.143170][   T25] audit: type=1400 audit(807.250:84): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  808.336578][   T25] audit: type=1400 audit(807.450:85): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/syzkaller.GxRzd7/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  808.480453][   T25] audit: type=1400 audit(807.590:86): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  808.744463][   T25] audit: type=1400 audit(807.850:87): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/syzkaller.GxRzd7/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  808.886897][   T25] audit: type=1400 audit(807.980:88): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/syzkaller.GxRzd7/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3237 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  809.755307][   T25] audit: type=1400 audit(808.830:89): avc:  denied  { unmount } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  809.845316][ T3294] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  809.849517][ T3294] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  809.866403][ T3294] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  809.877873][ T3294] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  810.054362][   T25] audit: type=1400 audit(809.150:90): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  810.179805][   T25] audit: type=1400 audit(809.290:91): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="gadgetfs" ino=3247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  810.398101][   T25] audit: type=1400 audit(809.500:92): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  810.489963][   T25] audit: type=1400 audit(809.600:93): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  812.207431][ T3295] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  813.434861][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  813.446696][   T25] audit: type=1400 audit(812.520:95): avc:  denied  { read write } for  pid=3295 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  813.473445][   T25] audit: type=1400 audit(812.570:96): avc:  denied  { open } for  pid=3295 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  813.509319][   T25] audit: type=1400 audit(812.620:97): avc:  denied  { ioctl } for  pid=3295 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  818.342760][   T25] audit: type=1400 audit(817.450:98): avc:  denied  { read } for  pid=3453 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  818.396378][   T25] audit: type=1400 audit(817.500:99): avc:  denied  { open } for  pid=3453 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  819.042077][   T25] audit: type=1400 audit(818.140:100): avc:  denied  { ioctl } for  pid=3453 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  830.343499][   T25] audit: type=1400 audit(829.430:101): avc:  denied  { append } for  pid=3462 comm="syz.1.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  878.374478][   T25] audit: type=1400 audit(877.480:102): avc:  denied  { write } for  pid=3495 comm="syz.1.13" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  929.402901][ T3531] kvm [3531]: Failed to find VMA for hva 0x20c01000
[  978.077539][   T25] audit: type=1400 audit(977.160:103): avc:  denied  { map } for  pid=3561 comm="syz.1.30" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1036.909467][ T3605] kvm [3605]: Failed to find VMA for hva 0x21016000
[ 1037.588263][ T3605] kvm [3605]: Failed to find VMA for hva 0x21016000
[ 1076.981935][   T25] audit: type=1400 audit(1076.080:104): avc:  denied  { ioctl } for  pid=3636 comm="syz.1.51" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x5839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1282.144843][ T3778] kvm [3778]: Failed to find VMA for hva 0x20000000
[ 1282.552955][   T25] audit: type=1400 audit(1281.640:105): avc:  denied  { execute } for  pid=3777 comm="syz.1.90" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=8909 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1399.020198][ T3850] kvm [3850]: Failed to find VMA for hva 0x208a1000
[ 1652.075992][ T4008] kvm [4008]: Failed to find VMA for hva 0x20000000
[ 1652.239038][ T4008] kvm [4008]: Failed to find VMA for hva 0x20c01000
[ 1706.675754][ T4042] kvm [4042]: Failed to find VMA for hva 0x20d8d000
[ 1863.214484][   T25] audit: type=1400 audit(1862.270:106): avc:  denied  { execute } for  pid=4152 comm="syz.0.199" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2122.005640][   T25] audit: type=1400 audit(2121.050:107): avc:  denied  { setattr } for  pid=4321 comm="syz.0.250" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2133.399709][ T4328] kvm [4328]: Failed to find VMA for hva 0x20bff000
[ 2322.557421][ T4452] kvm [4452]: Failed to find VMA for hva 0x20c01000
[ 2489.963900][ T4566] kvm [4566]: Failed to find VMA for hva 0x20c01000
[ 2546.906428][ T4607] debugfs: File 'vgic-its-state@8080000' in directory '4607-12' already present!
[ 3051.734762][ T4858] kvm [4858]: Failed to find VMA for hva 0x20d8d000
[ 3355.794602][ T5012] kvm [5012]: Failed to find VMA for hva 0x21016000
[ 3502.189511][ T5091] kvm [5091]: Failed to find VMA for hva 0x20d8d000
[ 4007.457342][ T5341] kvm [5341]: Failed to find VMA for hva 0x208a1000
[ 4547.449331][ T5612] kvm [5611]: Unsupported guest access at: eeef0000
[ 4547.449331][ T5612]  { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write },
[ 4766.313500][ T5711] kvm [5711]: Failed to find VMA for hva 0x20d8d000
[ 4823.762882][ T5738] kvm [5738]: Failed to find VMA for hva 0x20c01000
[ 4889.153635][ T5769] kvm [5769]: Failed to find VMA for hva 0x20c00000
[ 5497.805192][ T6081] kvm [6081]: Failed to find VMA for hva 0x20d8d000
[ 5725.959632][ T6186] kvm [6186]: Failed to find VMA for hva 0x20c01000
[ 5792.384695][ T6217] debugfs: File 'vgic-its-state@0' in directory '6217-4' already present!
[ 6033.849310][ T5508] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6034.729438][ T5508] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6035.479413][ T5508] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6036.334947][ T5508] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6049.476914][ T5508] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6049.647443][ T5508] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6049.783364][ T5508] bond0 (unregistering): Released all slaves
[ 6051.813020][ T5508] hsr_slave_0: left promiscuous mode
[ 6052.092740][ T5508] hsr_slave_1: left promiscuous mode
[ 6052.797249][ T5508] veth1_macvtap: left promiscuous mode
[ 6052.816681][ T5508] veth0_macvtap: left promiscuous mode
[ 6052.837472][ T5508] veth1_vlan: left promiscuous mode
[ 6052.875012][ T5508] veth0_vlan: left promiscuous mode
[ 6114.339948][ T6331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6114.690315][ T6331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6143.880201][ T6331] hsr_slave_0: entered promiscuous mode
[ 6144.016209][ T6331] hsr_slave_1: entered promiscuous mode
[ 6161.662606][ T6331] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 6161.888926][ T6331] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 6162.158186][ T6331] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 6162.434830][ T6331] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 6186.396842][ T6331] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6268.608029][ T6331] veth0_vlan: entered promiscuous mode
[ 6269.073951][ T6331] veth1_vlan: entered promiscuous mode
[ 6270.484811][ T6331] veth0_macvtap: entered promiscuous mode
[ 6270.863886][ T6331] veth1_macvtap: entered promiscuous mode
[ 6272.317282][ T6331] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6272.334496][ T6331] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6272.347162][ T6331] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6272.362258][ T6331] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6513.545930][ T6623] kvm [6623]: Failed to find VMA for hva 0x20c01000
[ 6668.499123][ T6692] KVM: debugfs: duplicate directory 6692-5
[ 6906.473699][   T25] audit: type=1400 audit(6905.530:108): avc:  denied  { map } for  pid=6795 comm="syz.0.1157" path="pipe:[56350]" dev="pipefs" ino=56350 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 7181.010104][ T6930] FAULT_INJECTION: forcing a failure.
[ 7181.010104][ T6930] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 7181.034022][ T6930] CPU: 0 UID: 0 PID: 6930 Comm: syz.0.1212 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 7181.034734][ T6930] Hardware name: linux,dummy-virt (DT)
[ 7181.035220][ T6930] Call trace:
[ 7181.037546][ T6930]  show_stack+0x2c/0x3c (C)
[ 7181.039437][ T6930]  __dump_stack+0x30/0x40
[ 7181.039721][ T6930]  dump_stack_lvl+0xd8/0x12c
[ 7181.039924][ T6930]  dump_stack+0x1c/0x28
[ 7181.040168][ T6930]  should_fail_ex+0x570/0x6e0
[ 7181.040423][ T6930]  should_fail_alloc_page+0xd4/0xd8
[ 7181.040641][ T6930]  prepare_alloc_pages+0x20c/0x5e0
[ 7181.040848][ T6930]  __alloc_frozen_pages_noprof+0xd8/0x2d0
[ 7181.041059][ T6930]  alloc_pages_mpol+0x204/0x4c8
[ 7181.041363][ T6930]  folio_alloc_mpol_noprof+0x4c/0x2b4
[ 7181.041642][ T6930]  shmem_alloc_and_add_folio+0x364/0x16e4
[ 7181.041852][ T6930]  shmem_get_folio_gfp+0x538/0x18e8
[ 7181.042138][ T6930]  shmem_write_begin+0x120/0x4e8
[ 7181.042366][ T6930]  generic_perform_write+0x25c/0x7e4
[ 7181.042566][ T6930]  shmem_file_write_iter+0x130/0x17c
[ 7181.042771][ T6930]  vfs_write+0x9f0/0xacc
[ 7181.043008][ T6930]  ksys_write+0x100/0x1f4
[ 7181.043264][ T6930]  __arm64_sys_write+0x98/0xcc
[ 7181.043509][ T6930]  invoke_syscall+0x90/0x2b4
[ 7181.043783][ T6930]  el0_svc_common+0x180/0x2f4
[ 7181.044088][ T6930]  do_el0_svc+0x58/0x74
[ 7181.044389][ T6930]  el0_svc+0x58/0x160
[ 7181.044628][ T6930]  el0t_64_sync_handler+0x78/0x108
[ 7181.044861][ T6930]  el0t_64_sync+0x198/0x19c
[ 7205.944659][ T6940] FAULT_INJECTION: forcing a failure.
[ 7205.944659][ T6940] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 7205.960405][ T6940] CPU: 0 UID: 0 PID: 6940 Comm: syz.0.1217 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 7205.960755][ T6940] Hardware name: linux,dummy-virt (DT)
[ 7205.960864][ T6940] Call trace:
[ 7205.960946][ T6940]  show_stack+0x2c/0x3c (C)
[ 7205.961321][ T6940]  __dump_stack+0x30/0x40
[ 7205.961519][ T6940]  dump_stack_lvl+0xd8/0x12c
[ 7205.961708][ T6940]  dump_stack+0x1c/0x28
[ 7205.961892][ T6940]  should_fail_ex+0x570/0x6e0
[ 7205.962122][ T6940]  should_fail+0x14/0x24
[ 7205.962363][ T6940]  should_fail_usercopy+0x20/0x30
[ 7205.962602][ T6940]  copy_folio_from_iter_atomic+0x3a4/0x1de4
[ 7205.962868][ T6940]  generic_perform_write+0x4a4/0x7e4
[ 7205.963068][ T6940]  shmem_file_write_iter+0x130/0x17c
[ 7205.963299][ T6940]  vfs_write+0x9f0/0xacc
[ 7205.963543][ T6940]  ksys_write+0x100/0x1f4
[ 7205.963780][ T6940]  __arm64_sys_write+0x98/0xcc
[ 7205.964046][ T6940]  invoke_syscall+0x90/0x2b4
[ 7205.964361][ T6940]  el0_svc_common+0x180/0x2f4
[ 7205.964649][ T6940]  do_el0_svc+0x58/0x74
[ 7205.964919][ T6940]  el0_svc+0x58/0x160
[ 7205.965163][ T6940]  el0t_64_sync_handler+0x78/0x108
[ 7205.965421][ T6940]  el0t_64_sync+0x198/0x19c
[ 7226.860344][ T6950] FAULT_INJECTION: forcing a failure.
[ 7226.860344][ T6950] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 7226.925007][ T6950] CPU: 0 UID: 0 PID: 6950 Comm: syz.0.1222 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 7226.925375][ T6950] Hardware name: linux,dummy-virt (DT)
[ 7226.925495][ T6950] Call trace:
[ 7226.925580][ T6950]  show_stack+0x2c/0x3c (C)
[ 7226.925934][ T6950]  __dump_stack+0x30/0x40
[ 7226.926127][ T6950]  dump_stack_lvl+0xd8/0x12c
[ 7226.926342][ T6950]  dump_stack+0x1c/0x28
[ 7226.926530][ T6950]  should_fail_ex+0x570/0x6e0
[ 7226.926762][ T6950]  should_fail+0x14/0x24
[ 7226.926978][ T6950]  should_fail_usercopy+0x20/0x30
[ 7226.927223][ T6950]  copy_folio_from_iter_atomic+0x3a4/0x1de4
[ 7226.927504][ T6950]  generic_perform_write+0x4a4/0x7e4
[ 7226.927707][ T6950]  shmem_file_write_iter+0x130/0x17c
[ 7226.927916][ T6950]  vfs_write+0x9f0/0xacc
[ 7226.928198][ T6950]  ksys_write+0x100/0x1f4
[ 7226.928454][ T6950]  __arm64_sys_write+0x98/0xcc
[ 7226.928699][ T6950]  invoke_syscall+0x90/0x2b4
[ 7226.929027][ T6950]  el0_svc_common+0x180/0x2f4
[ 7226.929347][ T6950]  do_el0_svc+0x58/0x74
[ 7226.929624][ T6950]  el0_svc+0x58/0x160
[ 7226.929858][ T6950]  el0t_64_sync_handler+0x78/0x108
[ 7226.930093][ T6950]  el0t_64_sync+0x198/0x19c
[ 7250.038643][ T6966] FAULT_INJECTION: forcing a failure.
[ 7250.038643][ T6966] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 7250.059684][ T6966] CPU: 0 UID: 0 PID: 6966 Comm: syz.0.1228 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 7250.060051][ T6966] Hardware name: linux,dummy-virt (DT)
[ 7250.060184][ T6966] Call trace:
[ 7250.060273][ T6966]  show_stack+0x2c/0x3c (C)
[ 7250.060657][ T6966]  __dump_stack+0x30/0x40
[ 7250.060855][ T6966]  dump_stack_lvl+0xd8/0x12c
[ 7250.061044][ T6966]  dump_stack+0x1c/0x28
[ 7250.061241][ T6966]  should_fail_ex+0x570/0x6e0
[ 7250.061489][ T6966]  should_fail+0x14/0x24
[ 7250.061708][ T6966]  should_fail_usercopy+0x20/0x30
[ 7250.061943][ T6966]  copy_folio_from_iter_atomic+0x3a4/0x1de4
[ 7250.062225][ T6966]  generic_perform_write+0x4a4/0x7e4
[ 7250.062442][ T6966]  shmem_file_write_iter+0x130/0x17c
[ 7250.062650][ T6966]  vfs_write+0x9f0/0xacc
[ 7250.062890][ T6966]  ksys_write+0x100/0x1f4
[ 7250.063124][ T6966]  __arm64_sys_write+0x98/0xcc
[ 7250.063386][ T6966]  invoke_syscall+0x90/0x2b4
[ 7250.063662][ T6966]  el0_svc_common+0x180/0x2f4
[ 7250.063934][ T6966]  do_el0_svc+0x58/0x74
[ 7250.064246][ T6966]  el0_svc+0x58/0x160
[ 7250.064505][ T6966]  el0t_64_sync_handler+0x78/0x108
[ 7250.064746][ T6966]  el0t_64_sync+0x198/0x19c
[ 7434.394413][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 7434.394413][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7434.428773][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 7434.428773][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7434.467053][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 7434.467053][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7434.509986][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 7434.509986][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7434.565378][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 7434.565378][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7434.616625][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 7434.616625][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7434.654903][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 7434.654903][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7434.677978][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 7434.677978][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7434.734587][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 7434.734587][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7434.758576][ T7050] kvm [7047]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 7434.758576][ T7050]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 7732.917534][ T7205] kvm [7205]: Failed to find VMA for hva 0x20c01000
[ 8077.846605][ T7368] KVM: debugfs: duplicate directory 7368-5
[ 8188.643591][ T7420] kvm [7420]: Failed to find VMA for hva 0x20d8d000
[ 8325.169540][ T7503] kvm [7503]: Failed to find VMA for hva 0x21016000
[ 8612.903750][ T7640] kvm [7640]: Failed to find VMA for hva 0x20d8d000
[ 8679.529739][ T6341] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 8680.754562][ T6341] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 8681.817526][ T6341] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 8682.910537][ T6341] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 8700.956564][ T6341] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 8701.320324][ T6341] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 8701.710115][ T6341] bond0 (unregistering): Released all slaves
[ 8704.205975][ T6341] hsr_slave_0: left promiscuous mode
[ 8704.472495][ T6341] hsr_slave_1: left promiscuous mode
[ 8705.142472][ T6341] veth1_macvtap: left promiscuous mode
[ 8705.147576][ T6341] veth0_macvtap: left promiscuous mode
[ 8705.173996][ T6341] veth1_vlan: left promiscuous mode
[ 8705.196721][ T6341] veth0_vlan: left promiscuous mode
[ 8706.279494][ T7695] FAULT_INJECTION: forcing a failure.
[ 8706.279494][ T7695] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 8706.344999][ T7695] CPU: 0 UID: 0 PID: 7695 Comm: syz.0.1517 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 8706.345370][ T7695] Hardware name: linux,dummy-virt (DT)
[ 8706.345482][ T7695] Call trace:
[ 8706.345566][ T7695]  show_stack+0x2c/0x3c (C)
[ 8706.345932][ T7695]  __dump_stack+0x30/0x40
[ 8706.346140][ T7695]  dump_stack_lvl+0xd8/0x12c
[ 8706.346339][ T7695]  dump_stack+0x1c/0x28
[ 8706.346526][ T7695]  should_fail_ex+0x570/0x6e0
[ 8706.346768][ T7695]  should_fail+0x14/0x24
[ 8706.346990][ T7695]  should_fail_usercopy+0x20/0x30
[ 8706.347240][ T7695]  _inline_copy_from_user+0x3c/0x18c
[ 8706.347504][ T7695]  kstrtouint_from_user+0x70/0xf8
[ 8706.347763][ T7695]  proc_fail_nth_write+0x4c/0x174
[ 8706.348058][ T7695]  vfs_write+0x2c0/0xacc
[ 8706.348327][ T7695]  ksys_write+0x100/0x1f4
[ 8706.348568][ T7695]  __arm64_sys_write+0x98/0xcc
[ 8706.348826][ T7695]  invoke_syscall+0x90/0x2b4
[ 8706.349103][ T7695]  el0_svc_common+0x180/0x2f4
[ 8706.349392][ T7695]  do_el0_svc+0x58/0x74
[ 8706.349661][ T7695]  el0_svc+0x58/0x160
[ 8706.349908][ T7695]  el0t_64_sync_handler+0x78/0x108
[ 8706.350154][ T7695]  el0t_64_sync+0x198/0x19c
[ 8788.267492][ T7674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 8788.524264][ T7674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 8817.129471][ T7674] hsr_slave_0: entered promiscuous mode
[ 8817.207927][ T7674] hsr_slave_1: entered promiscuous mode
[ 8817.277114][ T7674] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 8817.286027][ T7674] Cannot create hsr debugfs directory
[ 8844.377298][ T7674] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 8844.833846][ T7674] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 8845.228306][ T7674] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 8845.580257][ T7674] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 8870.736742][ T7674] 8021q: adding VLAN 0 to HW filter on device bond0
[ 8970.286427][ T7674] veth0_vlan: entered promiscuous mode
[ 8970.989256][ T7674] veth1_vlan: entered promiscuous mode
[ 8973.134226][ T7674] veth0_macvtap: entered promiscuous mode
[ 8973.449404][ T7674] veth1_macvtap: entered promiscuous mode
[ 8975.820352][ T7674] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 8975.848437][ T7674] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 8975.865200][ T7674] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 8975.876308][ T7674] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 9227.984097][ T8083] debugfs: File 'vgic-its-state@8080000' in directory '8083-5' already present!
[ 9298.662528][ T8130] kvm [8130]: Failed to find VMA for hva 0x20d8d000
[ 9385.276379][ T8189] kvm [8189]: Failed to find VMA for hva 0x20c01000
[ 9470.886738][ T8251] print_sys_reg_msg: 198 callbacks suppressed
[ 9470.945761][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 9470.945761][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9471.005544][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 9471.005544][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9471.017260][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 9471.017260][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9471.077563][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 9471.077563][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9471.103616][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 9471.103616][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9471.156566][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 9471.156566][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9471.175170][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 9471.175170][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9471.228300][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 9471.228300][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9471.339471][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 9471.339471][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9471.394589][ T8251] kvm [8249]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 9471.394589][ T8251]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 9649.464065][ T8372] kvm [8372]: Failed to find VMA for hva 0x21016000
[ 9649.580195][ T8372] kvm [8372]: Failed to find VMA for hva 0x21016000
[ 9773.967056][ T8455] kvm [8455]: Failed to find VMA for hva 0x20d8d000
[ 9776.445815][ T8458] kvm [8458]: Failed to find VMA for hva 0x20d8d000
[ 9927.544875][ T8555] kvm [8555]: Failed to find VMA for hva 0x20d8d000
[10030.016822][ T8624] ------------[ cut here ]------------
[10030.017729][ T8624] WARNING: CPU: 0 PID: 8624 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac
[10030.020365][ T8624] Modules linked in:
[10030.022513][ T8624] CPU: 0 UID: 0 PID: 8624 Comm: syz.0.1754 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[10030.024230][ T8624] Hardware name: linux,dummy-virt (DT)
[10030.025535][ T8624] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[10030.027013][ T8624] pc : pend_sync_exception+0x198/0x5ac
[10030.028212][ T8624] lr : pend_sync_exception+0x198/0x5ac
[10030.029348][ T8624] sp : ffff80008f0178c0
[10030.030194][ T8624] x29: ffff80008f0178c0 x28: 0000000000000036 x27: 36f000001d675b28
[10030.032311][ T8624] x26: 0000000000000036 x25: 0000000000000001 x24: 0000000000000000
[10030.034142][ T8624] x23: 0000000000000000 x22: 0000000000000036 x21: 36f000001d676701
[10030.035808][ T8624] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[10030.037599][ T8624] x17: 000000000000008d x16: ffff800080011d9c x15: 0000000020000040
[10030.039473][ T8624] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000cd
[10030.041257][ T8624] x11: cdf0000014969564 x10: 0000000000ff0100 x9 : 0000000000000000
[10030.043152][ T8624] x8 : cdf0000014968000 x7 : ffff800080b08704 x6 : ffff80008f017a88
[10030.044995][ T8624] x5 : ffff80008f017a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[10030.046654][ T8624] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[10030.048460][ T8624] Call trace:
[10030.049415][ T8624]  pend_sync_exception+0x198/0x5ac (P)
[10030.050560][ T8624]  __kvm_inject_sea+0x268/0x96c
[10030.051598][ T8624]  kvm_inject_sea+0x98/0x72c
[10030.052640][ T8624]  __kvm_arm_vcpu_set_events+0x134/0x238
[10030.053723][ T8624]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[10030.054818][ T8624]  kvm_vcpu_ioctl+0x5c4/0xc2c
[10030.055897][ T8624]  __arm64_sys_ioctl+0x18c/0x244
[10030.057003][ T8624]  invoke_syscall+0x90/0x2b4
[10030.058105][ T8624]  el0_svc_common+0x180/0x2f4
[10030.059265][ T8624]  do_el0_svc+0x58/0x74
[10030.060356][ T8624]  el0_svc+0x58/0x160
[10030.061364][ T8624]  el0t_64_sync_handler+0x78/0x108
[10030.062332][ T8624]  el0t_64_sync+0x198/0x19c
[10030.063528][ T8624] irq event stamp: 144
[10030.064435][ T8624] hardirqs last  enabled at (143): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[10030.066028][ T8624] hardirqs last disabled at (144): [<ffff800086517e08>] el1_dbg+0x24/0x80
[10030.067498][ T8624] softirqs last  enabled at (110): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[10030.068888][ T8624] softirqs last disabled at (108): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[10030.070472][ T8624] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[10049.278429][ T6341] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[10050.109088][ T6341] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[10051.129976][ T6341] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[10052.186503][ T6341] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

VM DIAGNOSIS:
06:44:08  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000804516b8 X00=0000000000000000 X01=ffff8000872b1fa2
X02=ffff8000804580e0 X03=0000000000000000 X04=ffff80008f016f20
X05=0000000000000020 X06=0000000000000000 X07=ffff80008047db18
X08=00000000000003c0 X09=0000000000000000 X10=00000000000000cd
X11=0000000000000144 X12=0000000000000044 X13=0000000000000002
X14=00000000000000c8 X15=ffff800087f39a30 X16=ffff800080011d9c
X17=000000000000008d X18=0000000000000000 X19=0000000000000000
X20=0000000000000000 X21=ffff80008047db18 X22=ffff8000877e6618
X23=0000000000000000 X24=0000000000000001 X25=0000000000000000
X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000
X29=ffff80008f0170e0 X30=ffff800080451698  SP=ffff80008f017090
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:ffffffff00000007 Z01=0000ffffcc154630:5e21f18519de6800
Z02=0000ffffcc154610:ffffff80ffffffd8 Z03=0000ffffcc1546c0:0000ffffcc1546c0
Z04=0000ffffcc1546c0:0000ffffb7b36d08 Z05=0000ffffcc154690:0000ffffcc1546c0
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffcc1548e0:0000ffffcc1548e0 Z17=ffffff80ffffffd0:0000ffffcc1548b0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000