last executing test programs:

44m20.527506089s ago: executing program 1 (id=1237):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x3)
r4 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x8000000000000000, 0x0, 0x2, r4, 0x3})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000040)={0x1, 0xd000, 0x1, r4, 0xa})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r4, 0x3})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x3, 0x100000, 0x1000, &(0x7f0000fd1000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x0, 0x200000, 0x1000, &(0x7f0000ec2000/0x1000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
r14 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r13, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000080)="fb0149dd033be3ac4e37c4005a9614fbff67521ce16f8f09449a7a836b73312954000000000000000000000000000000000000000000000000000000dc6900", 0x0, 0x2e)
munmap(&(0x7f000049b000/0x400000)=nil, 0x400000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, 0x0)

44m7.996886934s ago: executing program 1 (id=1239):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r11 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x2c)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)

44m5.081168876s ago: executing program 0 (id=1240):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1})
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_RUN(r0, 0xae80, 0x0)

44m0.837115138s ago: executing program 0 (id=1241):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

43m56.691815431s ago: executing program 1 (id=1242):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

43m53.852351127s ago: executing program 0 (id=1243):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x80100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x80)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x3, 0x4, 0x0})
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@svc={0x122, 0x40, {0x40, [0x0, 0x0, 0x7, 0x2, 0x6]}}, @uexit={0x0, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x1, 0xd, 0x8, 0x3, 0x2}}, @eret={0xe6, 0x18, 0x2f59}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x251}}, @code={0xa, 0x6c, {"202299d20080b0f2010180d2020080d2430080d2e40080d2020000d4007008d5008008d5007008d5c0029cd200a0b0f2810180d2a20180d2230080d2240080d2020000d4000008d50000211e000008d5007008d5007008d5"}}, @hvc={0x32, 0x40, {0x40, [0x9, 0x100, 0x101, 0x6, 0x5]}}, @memwrite={0x6e, 0x30, @generic={0xf000, 0x233, 0x2f337d4a, 0x4}}, @msr={0x14, 0x20, {0x603000000013dee1, 0xfffffffffffffff9}}], 0x1bc}, &(0x7f0000000040)=[@featur1={0x1, 0x4}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r5, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r5, 0x600000f, 0x13, r3, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

43m45.643167028s ago: executing program 0 (id=1244):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xd, 0x5, 0xb, 0x0, 0x2, 0x6, 0x6, 0x9, 0x8, 0x89, 0x6, 0x2, 0x0, 0x6, 0x6, 0xe2, 0x3, 0x29, 0x0, '\x00', 0x10, 0x6})
write$eventfd(r4, &(0x7f00000001c0)=0x9, 0x1d)
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x3000001, 0x11, r7, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x408600, 0x0) (async)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) (async)
r9 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
openat$kvm(0x0, 0x0, 0x0, 0x0) (async)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_VCPU_FINALIZE(r12, 0x4004aec2, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x6421c0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r10, 0x4018aee3, &(0x7f00000001c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x1})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8})

43m44.62094076s ago: executing program 1 (id=1245):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000300)=[{0x0, &(0x7f0000000340)}], 0x0, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0xda}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x3, 0x100)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8})
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0x4b47, 0xfffffffffffffffe)
r10 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x10010, 0x0, 0x4, 0x2}}], 0x50}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
r14 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r13, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000001c0)="fb0149dd833be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8faa767969d22627e700", 0x0, 0x48)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000240)="86e07febe74641c22b808e9a9c73ae5580b4e6c4913db22f8bb1c89cdd92efb404e9b29dc2dd19cf8aa89222a557765053ae1014c8704f5ac183794ca0b520a474018b271eb7958a", 0x0, 0x48)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

43m33.964087044s ago: executing program 0 (id=1246):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r11 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x2c)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)

43m23.85626052s ago: executing program 1 (id=1247):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bc2000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)
ioctl$KVM_RUN(r3, 0xae80, 0xfc)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

43m22.184313831s ago: executing program 0 (id=1248):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x6, 0x2000, 0x2000, &(0x7f0000ec1000/0x2000)=nil})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r4, 0x2})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000000)={0x5, 0x3, 0x6000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r4, 0x3})
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000040)={0xd9, 0x10})

43m18.01570641s ago: executing program 1 (id=1249):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

42m36.360018245s ago: executing program 32 (id=1248):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x6, 0x2000, 0x2000, &(0x7f0000ec1000/0x2000)=nil})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r4, 0x2})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x34)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000000)={0x5, 0x3, 0x6000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r4, 0x3})
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000040)={0xd9, 0x10})

42m32.04255316s ago: executing program 33 (id=1249):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

8m15.7590062s ago: executing program 2 (id=1504):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r6, 0x5421, 0x20004000)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ee6000/0x1000)=nil, r7, 0xb, 0x11, r5, 0x40000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
r11 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
syz_memcpy_off$KVM_EXIT_MMIO(r11, 0x20, &(0x7f0000000080)="173ea04e539f083b583a50e00fc16c4b72bd83875fa60766", 0x0, 0x18)
ioctl$KVM_GET_SREGS(r5, 0x8000ae83, &(0x7f00000003c0))

8m7.200751453s ago: executing program 3 (id=1506):
r0 = eventfd2(0x0, 0x80000) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x2, 0x100) (async)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000800)={0x0, &(0x7f0000000500)=[@msr={0x14, 0x20, {0x603000000013c10a, 0x6}}, @mrs={0xbe, 0x18, {0x603000000013c602}}, @mrs={0xbe, 0x18, {0x603000000013e6c2}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x1c6}}, @irq_setup={0x46, 0x18, {0x0, 0x2b0}}, @uexit={0x0, 0x18}, @eret={0xe6, 0x18, 0xb}, @smc={0x1e, 0x40, {0x1, [0xfff, 0x8, 0x96, 0x10, 0xd]}}, @irq_setup={0x46, 0x18, {0x4, 0x10c}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x1, 0x5, 0x1, 0x100, 0x3}}, @svc={0x122, 0x40, {0x6000000, [0x1, 0x1, 0x4, 0x100000000, 0x7fff]}}, @uexit={0x0, 0x18, 0x5}, @irq_setup={0x46, 0x18, {0x3, 0x9b}}, @mrs={0xbe, 0x18, {0x603000000013c00c}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x4, 0x5, 0x6, 0x4, 0x4}}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0x727, 0x5, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x99}}, @mrs={0xbe, 0x18, {0x603000000013e6ce}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x3, 0xe, 0x8000, 0x1, 0x4}}, @svc={0x122, 0x40, {0x400, [0xcb5, 0x6, 0xfff, 0x9, 0x9]}}], 0x2c8}, &(0x7f0000000840)=[@featur2={0x1, 0xfa}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r0, 0x3})
r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bff000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000480)={0x0, &(0x7f0000000080)=[@eret={0xe6, 0x18, 0xffffffffffffffff}, @hvc={0x32, 0x40, {0x80000002, [0x80, 0x7, 0x0, 0x7, 0x7]}}, @msr={0x14, 0x20, {0x603000000013e6da, 0x3}}, @uexit={0x0, 0x18, 0x5}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x34c}}, @irq_setup={0x46, 0x18, {0x3, 0x254}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x1, 0x8, 0x7, 0x78, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x1, 0x9, 0x6, 0xffff, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x0, 0xa, 0x3, 0x3, 0x4}}, @smc={0x1e, 0x40, {0xc4000014, [0x9, 0x4, 0x3, 0x9, 0x3fffc000]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x0, 0x1, 0xffff8000, 0x10000, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x67}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x3, 0xa, 0x2, 0xffff, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x4b, 0x0, 0x5, 0x5, 0xf, 0x1}}, @code={0xa, 0xb4, {"60bc88d200c0b8f2e10180d2c20080d2630180d2240080d2020000d4000028d5007008d5a0a994d20060b0f2c10080d2620080d2630180d2840080d2020000d4a00f97d20000b8f2010080d2820180d2030180d2240180d2020000d4e0d283d20060b8f2210180d2220080d2230080d2640180d2020000d4000860380084006fe07482d200e0b8f2610080d2220080d2030080d2040080d2020000d4000008d5"}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x157}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x3d8}}, @smc={0x1e, 0x40, {0x8400000e, [0x74dc, 0x2, 0x5, 0x2, 0x7ff00000]}}, @eret={0xe6, 0x18, 0xfffffffffffffff9}, @uexit={0x0, 0x18, 0xec}, @mrs={0xbe, 0x18, {0x603000000013c600}}, @smc={0x1e, 0x40, {0x44000038, [0x0, 0x0, 0x80, 0x3, 0x69ff]}}], 0x3f4}, &(0x7f00000004c0), 0x1)

8m6.470154883s ago: executing program 2 (id=1507):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000180)=@arm64_sys={0x603000000013d801, &(0x7f0000000000)=0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0xfffffffffffffffd)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0xa, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000040)={0x5})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x1, 0x810, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x3, 0x3ffffe, 0x1}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x57fd, 0x2}})
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000040)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x6030000000138002}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)

7m58.901536722s ago: executing program 3 (id=1508):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}], 0x28}, 0x0, 0x0) (async)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x62)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r8, 0x400454cc, 0x1)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x10010, 0x0, 0x4, 0x2}}], 0x50}, 0x0, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7m52.754712866s ago: executing program 2 (id=1509):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000140)=@arm64={0x2, 0x3, 0x1, '\x00', 0x6})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

7m45.311482334s ago: executing program 3 (id=1510):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee3, &(0x7f00000000c0)=@attr_pmu_irq={0x0, 0x0, 0x500, 0x0})

7m41.893090019s ago: executing program 2 (id=1511):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bc2000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r3, 0xae80, 0x2000000)

7m35.901869189s ago: executing program 3 (id=1512):
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x3, 0xc0) (async)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x4, <r0=>0xffffffffffffffff})
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)={0x4, [0x10000, 0x4, 0x2, 0x3]}) (async)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1d)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000004c0)={0x0, &(0x7f0000000080)=[@uexit={0x0, 0x18, 0x2}, @svc={0x122, 0x40, {0x84000050, [0x5, 0x3, 0x6, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x8, 0x4}}, @uexit={0x0, 0x18, 0xfffffffffffffff7}, @mrs={0xbe, 0x18, {0x6030000000138017}}, @uexit={0x0, 0x18, 0x8000000000000001}, @hvc={0x32, 0x40, {0x2000, [0x7, 0xf5, 0x8, 0x9, 0x3]}}, @code={0xa, 0xb4, {"000008d5e0e999d200c0b0f2010180d2620180d2430180d2640080d2020000d40070800c00d8a07e00a0ff0da0e794d20040b0f2a10180d2a20080d2430080d2040180d2020000d4c08386d20040b0f2a10180d2220180d2230180d2840080d2020000d4600f80d20000b0f2e10080d2020080d2a30080d2240180d2020000d460fd81d200c0b8f2410180d2820080d2230180d2a40080d2020000d40044007f"}}, @code={0xa, 0x6c, {"000028d50040c01a008008d500d8a00e20da81d20040b8f2210080d2220180d2230080d2440180d2020000d40000191e0080df0c0000c0390080a09bc09b98d20020b0f2c10180d2020080d2c30180d2e40180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013c4f2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x280, 0x2, 0x8}}, @svc={0x122, 0x40, {0xc4000014, [0x8000000000000000, 0xf9, 0x5, 0xffffffffffffffff, 0x10000]}}, @msr={0x14, 0x20, {0x603000000013de87, 0x3}}, @code={0xa, 0x84, {"003c200e008c000f007008d5a0cd8ad200c0b8f2810180d2420080d2430180d2c40180d2020000d460009fd20020b0f2610080d2a20180d2830180d2840080d2020000d40068200e008008d5e003002a60a984d20020b8f2010180d2a20180d2430080d2c40080d2020000d40000219e"}}, @uexit={0x0, 0x18, 0x100000001}, @eret={0xe6, 0x18, 0x1}, @svc={0x122, 0x40, {0x8400000f, [0xffff, 0x6, 0x4, 0x0, 0x2]}}, @smc={0x1e, 0x40, {0xc6000009, [0x9, 0x5, 0x3ff, 0x30000000000000]}}], 0x40c}, &(0x7f0000000500)=[@featur1={0x1, 0x2c}], 0x1) (async)
r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000a00)={0x0, &(0x7f0000000540)=[@svc={0x122, 0x40, {0x84000004, [0x10001, 0x5, 0x9, 0x8001, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013e64a}}, @svc={0x122, 0x40, {0x200, [0x7, 0x7, 0x67, 0xfffffffffffffffb, 0xfffffffffffffffc]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x121}}, @uexit={0x0, 0x18, 0x8000000000000001}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x1, 0x1, 0x7, 0x9, 0x2}}, @svc={0x122, 0x40, {0x10, [0x7, 0x9, 0x8, 0x1, 0x1000]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x206}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3a1}}, @eret={0xe6, 0x18, 0x7}, @code={0xa, 0x6c, {"008000c8001c600e007008d5007008d50000008a80a994d200e0b8f2010080d2620080d2230080d2c40080d2020000d4007008d5002c205e0000429e20a787d20040b8f2410080d2c20180d2430080d2840180d2020000d4"}}, @uexit={0x0, 0x18, 0x3}, @eret={0xe6, 0x18, 0xa38f}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x68}}, @eret={0xe6, 0x18, 0x6}, @msr={0x14, 0x20, {0x603000000013b0e4, 0x3ff}}, @hvc={0x32, 0x40, {0xc4000014, [0x7, 0x4, 0xfff, 0x4, 0xfa3e]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x3, 0x1, 0xf, 0x9, 0x3}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x27e}}, @svc={0x122, 0x40, {0x4000, [0x5, 0x2c, 0xa, 0x80000001, 0x80000000]}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x295}}, @svc={0x122, 0x40, {0x84000001, [0x0, 0x100000000, 0x401, 0x8001]}}, @svc={0x122, 0x40, {0x84000012, [0x1, 0x0, 0x7ff, 0x0, 0x5]}}, @irq_setup={0x46, 0x18, {0x2, 0x23f}}, @msr={0x14, 0x20, {0x603000000013dea1, 0x9}}, @smc={0x1e, 0x40, {0x30000000, [0x7, 0x3, 0x33, 0x0, 0x5]}}], 0x494}, &(0x7f0000000a40)=[@featur2={0x1, 0x2}], 0x1) (async)
write$eventfd(r0, &(0x7f0000000a80)=0xc3, 0x8) (async, rerun: 64)
r6 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) (rerun: 64)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r6, 0x4068aea3, &(0x7f0000000ac0)) (async, rerun: 64)
ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, &(0x7f0000000b40)={0xffffffff, 0x25000, 0x7, 0x1, 0xe}) (async, rerun: 64)
r7 = eventfd2(0x7, 0x80000)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000b80)={r7, 0x6, 0x1, r6})
r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000010c0)={0x0, &(0x7f0000000bc0)=[@eret={0xe6, 0x18, 0x1000}, @smc={0x1e, 0x40, {0x84000050, [0xef, 0x1b, 0x3, 0xc915, 0x7]}}, @code={0xa, 0x6c, {"0080c04840bb86d20020b0f2410180d2c20080d2030180d2240080d2020000d4008008d5000008d50004005f0008e078c0b491d200c0b8f2810180d2220180d2a30080d2040180d2020000d4007008d50048c01a007008d5"}}, @mrs={0xbe, 0x18, {0x60300000001380a4}}, @hvc={0x32, 0x40, {0x4000000, [0xffffffffffff265b, 0x8, 0x7b59, 0x80, 0x6986]}}, @smc={0x1e, 0x40, {0x8400000f, [0x1, 0x5, 0x6, 0x0, 0x3]}}, @uexit={0x0, 0x18, 0x8000}, @hvc={0x32, 0x40, {0x84000005, [0x8, 0x6, 0x4, 0x9, 0x9f3d]}}, @code={0xa, 0x6c, {"0058202e007008d5202f80d20000b0f2210180d2820180d2830080d2a40080d2020000d4007008d500e8a05e008008d5007008d50080400d00529ad200c0b8f2610180d2220080d2030180d2a40180d2020000d4008008d5"}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x2, 0x9, 0xfffffffd, 0xc, 0x2}}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0xfffffffffffffff7}, @uexit={0x0, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x300, 0x0, 0x10}}, @mrs={0xbe, 0x18, {0x603000000013ff12}}, @uexit={0x0, 0x18, 0xf51}, @smc={0x1e, 0x40, {0x84000004, [0xba77, 0x8, 0x4, 0x8, 0xfffffffffffff2ff]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x380, 0x6}}, @svc={0x122, 0x40, {0x40, [0x6, 0x5, 0x7, 0x1, 0x4]}}, @hvc={0x32, 0x40, {0xc4000005, [0x0, 0x5, 0x3, 0x1, 0xffffffffffffffff]}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x109}}, @code={0xa, 0x9c, {"003f83d20080b8f2c10180d2220080d2430080d2a40180d2020000d4007008d50000699e407893d20020b0f2210180d2e20080d2430180d2040180d2020000d4e00393d20000b0f2610180d2820080d2430080d2040080d2020000d40004000f608989d20080b0f2210180d2c20080d2230180d2040080d2020000d40088201e007008d5000008d5"}}, @svc={0x122, 0x40, {0x80003fff, [0x3, 0x8, 0x8, 0x2, 0x7ca]}}], 0x4fc}, &(0x7f0000001100)=[@featur1={0x1, 0x60}], 0x1)
ioctl$KVM_S390_VCPU_FAULT(r8, 0x4008ae52, &(0x7f0000001140)=0x2)
ioctl$KVM_SET_SREGS(r2, 0x4000ae84, &(0x7f0000001180)={{0xf000, 0x2, 0xb, 0x4, 0x5, 0x8, 0x0, 0x4, 0x9, 0x7, 0x1, 0x4}, {0x30000, 0xb000, 0x10, 0xfb, 0x7, 0x4, 0xff, 0xc, 0x1, 0x2, 0xd6, 0x8}, {0x54000, 0xa000, 0xe, 0x8, 0x5, 0xf8, 0xe0, 0xe2, 0x7, 0x9, 0xfc, 0x9}, {0x40000, 0xb000, 0xe, 0x80, 0x3, 0xe, 0xe, 0x8, 0xb1, 0x1, 0x7, 0x2}, {0x5000, 0x58000, 0x10, 0x2, 0x8, 0x3, 0x10, 0x7, 0x2, 0x3, 0xf, 0xfe}, {0x80a0000, 0x2, 0x10, 0x3, 0xf8, 0x4, 0x2, 0x7, 0x3, 0x4, 0x0, 0x6}, {0x2000, 0x30000, 0xe, 0x7, 0x2, 0x8, 0x5, 0x8, 0x4, 0xb8, 0x2}, {0x70000, 0xb000, 0xe, 0x0, 0x1, 0x0, 0xd5, 0x10, 0x3, 0x2, 0x3, 0x64}, {0xdddd1000, 0x6}, {0xfec00000, 0x3}, 0x6000000c, 0x0, 0x9000, 0x200000, 0x3, 0x5c00, 0x3000, [0x2, 0x80000001, 0x80000000, 0x80]}) (async)
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000001300)=@arm64_extra={0x603000000013c512, &(0x7f00000012c0)=0xbc5})
r9 = ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f0000001340)) (async, rerun: 32)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x25) (rerun: 32)
ioctl$KVM_GET_MP_STATE(r8, 0x8004ae98, &(0x7f00000013c0)) (async)
ioctl$KVM_SET_GSI_ROUTING(r10, 0x4008ae6a, &(0x7f0000001400)={0x8, 0x0, [{0x6, 0x4, 0x0, 0x0, @msi={0x7, 0x9f2, 0x1c760000, 0x1ff}}, {0xa, 0x0, 0x0, 0x0, @irqchip={0x4, 0xfffff729}}, {0x7, 0x3, 0x0, 0x0, @irqchip={0x1, 0x4}}, {0x6, 0x4, 0x0, 0x0, @irqchip={0x6b, 0xfffffffd}}, {0x9, 0x5, 0x0, 0x0, @sint={0x8, 0x3}}, {0x800, 0x6, 0x1, 0x0, @irqchip={0x3ff, 0xffffffff}}, {0xf43, 0x3, 0x1, 0x0, @msi={0x2, 0x800, 0x5, 0x80000000}}, {0xfffffffd, 0x4, 0x0, 0x0, @adapter={0x2, 0x8000, 0x9, 0x7fff, 0x6}}]}) (async, rerun: 64)
ioctl$KVM_ARM_VCPU_FINALIZE(r9, 0x4004aec2, &(0x7f00000015c0)=0x2) (async, rerun: 64)
r11 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x4)
ioctl$KVM_SIGNAL_MSI(r11, 0x4020aea5, &(0x7f0000001600)={0x10000, 0x3000, 0x1, 0x0, 0x7e0c})
r12 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x23)
ioctl$KVM_REGISTER_COALESCED_MMIO(r12, 0x4010ae67, &(0x7f0000001640)={0xa000, 0x5000, 0x1})
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000001680)=0x5)

7m31.877569292s ago: executing program 2 (id=1513):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x0, 0x2000, &(0x7f0000fb0000/0x2000)=nil})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f00000000c0)={0x4, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000fd3000/0x1000)=nil})
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0xa)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r14, r15, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)

7m26.864526009s ago: executing program 3 (id=1514):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0xb, 0x30d2a4fbfbfad6b8, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bc2000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013dcf3, &(0x7f00000000c0)=0x3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r9 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x9, 0x0, 0x80}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000b10000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000b80)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140003, &(0x7f00000000c0)=0x5})
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000240)={0x0, &(0x7f00000005c0)=[@msr={0x14, 0x20, {0x603000000013c300, 0x1}}, @svc={0x122, 0x40, {0xc5000021, [0x6e, 0x4, 0xffffffffffffffff, 0x8, 0xffff]}}, @msr={0x14, 0x20, {0x603000000013e532, 0x6}}, @smc={0x1e, 0x40, {0x2000000, [0x4, 0x0, 0x2, 0x295a, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013df73}}, @svc={0x122, 0x40, {0x200, [0x6, 0x6, 0x5, 0x80000001, 0xb]}}, @memwrite={0x6e, 0x30, @generic={0xd000, 0x99a, 0xffffffffffff7fff}}, @hvc={0x32, 0x40, {0x80000002, [0x0, 0x1000, 0x4ead00, 0xffffffffffffffff, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013e6d6}}, @smc={0x1e, 0x40, {0x3f000000, [0x8c3, 0x9a, 0x3, 0x9, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013c113}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x4, 0x0, 0x8, 0x6, 0x2}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x7, 0x13}}, @svc={0x122, 0x40, {0xc4000010, [0x8, 0x9, 0x5, 0x5, 0x968b]}}, @code={0xa, 0x6c, {"40d891d20000b0f2410180d2e20180d2a30180d2e40080d2020000d4000008d5007008d5000000180020000c007008d5007008d50080601f006c200e60799ed200c0b8f2610180d2e20080d2830180d2840080d2020000d4"}}, @svc={0x122, 0x40, {0x84000005, [0x7, 0x4, 0x8, 0xe28, 0xbaf]}}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013e706}}, @irq_setup={0x46, 0x18, {0x2, 0x2a8}}, @irq_setup={0x46, 0x18, {0x0, 0x139}}, @memwrite={0x6e, 0x30, @generic={0xdddd0000, 0x2f6, 0x4, 0x4}}, @irq_setup={0x46, 0x18, {0x0, 0x28}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xb8f84f87b97d388e, 0x5, 0xc}}, @mrs={0xbe, 0x18, {0x603000000013c2a2}}, @mrs={0xbe, 0x18, {0x603000000013e218}}], 0x45c}, &(0x7f0000000280)=[@featur2={0x1, 0x28}], 0x1)
syz_kvm_add_vcpu$arm64(r4, &(0x7f00000002c0)={0x0, &(0x7f0000000bc0)=[@its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x2, 0xe, 0x4, 0x8, 0x1}}, @smc={0x1e, 0x40, {0x20, [0xa5, 0x100000001, 0x8, 0x6, 0x8]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x12f}}, @irq_setup={0x46, 0x18, {0x1, 0x46}}, @mrs={0xbe, 0x18, {0x603000000013df5c}}, @mrs={0xbe, 0x18, {0x603000000013df65}}, @eret={0xe6, 0x18, 0x3}, @smc={0x1e, 0x40, {0x4000, [0x0, 0x1, 0x1000, 0x40]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x6, 0x7, 0x1ff}}, @irq_setup={0x46, 0x18, {0x1, 0x112}}, @smc={0x1e, 0x40, {0x84000007, [0x100000001, 0x1, 0x7, 0x5, 0xa]}}, @hvc={0x32, 0x40, {0xc4000010, [0x649c2788, 0x7, 0x1, 0x1, 0x3]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x2b6}}, @eret={0xe6, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x2, 0x1, 0x5, 0x75ee}}, @hvc={0x32, 0x40, {0x3000000, [0x9, 0xd, 0xff, 0x4, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013805f}}, @smc={0x1e, 0x40, {0x80000002, [0x0, 0x6, 0xbf, 0x3, 0x8]}}, @irq_setup={0x46, 0x18, {0x1, 0x38d}}, @msr={0x14, 0x20, {0x2902, 0x6}}, @smc={0x1e, 0x40, {0x6000000, [0x1d799daf, 0x8, 0x19b8, 0x9, 0x5]}}, @eret={0xe6, 0x18, 0x400}, @mrs={0xbe, 0x18, {0x603000000013c113}}, @hvc={0x32, 0x40, {0x32000000, [0x3, 0xba0, 0x7fffffffffffffff, 0x3, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013e6df}}, @memwrite={0x6e, 0x30, @generic={0xffffffff, 0xda1, 0x8, 0xe}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x2c}}, @mrs={0xbe, 0x18, {0x6030000000138016}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x2, 0x8}}, @code={0xa, 0x6c, {"000008d50018000e00e4002f0024200e007008d500c391d20060b8f2610080d2020080d2430180d2640080d2020000d4007008d5000008d5007008d5008685d200a0b0f2c10180d2a20080d2c30080d2640180d2020000d4"}}, @irq_setup={0x46, 0x18, {0x0, 0x167}}], 0x514}, &(0x7f0000000300)=[@featur1={0x1, 0x28}], 0x1)
syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000340)={0x0, &(0x7f0000001100)=[@uexit={0x0, 0x18, 0xfffffffffffffff8}, @code={0xa, 0xcc, {"409b99d20000b8f2010080d2420180d2030080d2040080d2020000d4e0958fd20020b0f2210180d2c20080d2a30180d2440080d2020000d4c02a92d20040b0f2610180d2020080d2630180d2640080d2020000d4008d90d20080b0f2810180d2a20180d2830180d2040080d2020000d400b0205e00c0e00d607e9cd20080b8f2610180d2420180d2c30180d2c40080d2020000d4007008d5e0e094d200a0b8f2010180d2c20080d2a30080d2040180d2020000d400a4200e"}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x3, 0xd, 0x2d, 0x80000000, 0x2}}, @svc={0x122, 0x40, {0x6000000, [0x7, 0x5, 0x3, 0x9, 0x9]}}, @smc={0x1e, 0x40, {0x8400000d, [0x10, 0x5, 0xfffffffffffffffe, 0x8, 0x200]}}, @svc={0x122, 0x40, {0x2000, [0xffffffffffffff00, 0x6, 0x426, 0x8000000000000001, 0x80000001]}}, @eret={0xe6, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x6030000000138006}}, @svc={0x122, 0x40, {0xffff, [0x100000000, 0xfffffffffffffffd, 0x9, 0x2df97c96, 0x6]}}, @msr={0x14, 0x20, {0x0, 0x6}}, @eret={0xe6, 0x18, 0xa774}, @code={0xa, 0x6c, {"000008d50084ff0d000008d50090802fe0b185d20020b0f2010080d2020080d2030180d2440180d2020000d43f2003d580c697d20040b0f2c10080d2820080d2e30080d2240180d2020000d4007008d5000008d5000040bd"}}, @code={0xa, 0x84, {"40d89fd20000b8f2e10080d2020080d2c30080d2c40180d2020000d4007008d5a05780d200a0b8f2410080d2e20080d2430080d2e40080d2020000d4007008d500a0800c000860f8000008d5000008d50008c078e0a591d20020b0f2210080d2420180d2a30080d2c40180d2020000d4"}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x248}}, @svc={0x122, 0x40, {0x8, [0xa, 0x2, 0x3, 0x2ba3, 0xe442d61]}}, @hvc={0x32, 0x40, {0xc4000003, [0x2b1, 0x6, 0x1, 0x9, 0x4]}}, @hvc={0x32, 0x40, {0xc4000005, [0x6, 0x9, 0x9, 0x1, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x0, 0x0, 0x9, 0x80, 0x1}}, @memwrite={0x6e, 0x30, @generic={0x0, 0x665, 0xfffffffffffff3ee, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1a00, 0xa9, 0x2}}, @eret={0xe6, 0x18, 0x4}, @uexit={0x0, 0x18, 0x1}, @svc={0x122, 0x40, {0xc4000003, [0x0, 0x2, 0x3, 0x5, 0x5]}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x17b}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x30a}}], 0x594}, &(0x7f0000000380)=[@featur2={0x1, 0x4}], 0x1)

7m13.072283161s ago: executing program 2 (id=1515):
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f0000000080)=0x5)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000700)={0x0, &(0x7f00000001c0)=[@svc={0x122, 0x40, {0x8400000e, [0xfffffffffffeffff, 0x9, 0x6, 0x5, 0x10]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x6a}}, @irq_setup={0x46, 0x18, {0x1, 0x2e4}}, @code={0xa, 0x84, {"c0b584d200e0b0f2010180d2e20080d2630080d2040180d2020000d400a8a15e0000601f809083d200e0b0f2c10180d2a20180d2030080d2240180d2020000d41004201e007008d5000000b8000008d5a04599d20020b8f2010180d2c20080d2230180d2040080d2020000d4008008d5"}}, @eret={0xe6, 0x18, 0x401}, @mrs={0xbe, 0x18, {0x6030000000138006}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x10, 0x2, 0x9, 0x3}}, @hvc={0x32, 0x40, {0x84000013, [0x4, 0xb4, 0x1000, 0x7, 0x1]}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x10c, 0x2, 0x5}}, @memwrite={0x6e, 0x30, @generic={0xf000, 0x4d7, 0xffffffff, 0x1}}, @eret={0xe6, 0x18, 0x200}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x84000003, [0x5, 0x7, 0xe0, 0x0, 0x6]}}, @eret={0xe6, 0x18, 0x101}, @mrs={0xbe, 0x18, {0x603000000013f290}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xff48, 0x6, 0x3}}, @uexit={0x0, 0x18, 0x2}, @uexit={0x0, 0x18, 0x9}, @hvc={0x32, 0x40, {0x84000009, [0x7ff, 0x5400000000000000, 0x4, 0x4, 0x1]}}, @hvc={0x32, 0x40, {0xffff, [0x8001, 0xc, 0xffffffff, 0x3b62, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x2, 0x6, 0x3, 0x0, 0x1}}, @svc={0x122, 0x40, {0xc4000010, [0x9, 0x3, 0x3, 0x9, 0xcdf]}}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0xa, 0xbb, 0xba, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e663}}, @uexit={0x0, 0x18, 0xe}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x4, 0x9, 0x3, 0x8, 0x2}}, @eret={0xe6, 0x18, 0x8e4}, @uexit={0x0, 0x18, 0x7fffffffffffffff}, @eret={0xe6, 0x18, 0xc700}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x7f}}], 0x504}, &(0x7f0000000740)=[@featur2={0x1, 0x8}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r5, 0x5760, 0x2000001c)
r6 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x0, 0x0, 0x6, 0x2, 0x4}}], 0x50}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_init)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x9})
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async)
ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f0000000080)=0x5) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000700)={0x0, &(0x7f00000001c0)=[@svc={0x122, 0x40, {0x8400000e, [0xfffffffffffeffff, 0x9, 0x6, 0x5, 0x10]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x6a}}, @irq_setup={0x46, 0x18, {0x1, 0x2e4}}, @code={0xa, 0x84, {"c0b584d200e0b0f2010180d2e20080d2630080d2040180d2020000d400a8a15e0000601f809083d200e0b0f2c10180d2a20180d2030080d2240180d2020000d41004201e007008d5000000b8000008d5a04599d20020b8f2010180d2c20080d2230180d2040080d2020000d4008008d5"}}, @eret={0xe6, 0x18, 0x401}, @mrs={0xbe, 0x18, {0x6030000000138006}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x10, 0x2, 0x9, 0x3}}, @hvc={0x32, 0x40, {0x84000013, [0x4, 0xb4, 0x1000, 0x7, 0x1]}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x10c, 0x2, 0x5}}, @memwrite={0x6e, 0x30, @generic={0xf000, 0x4d7, 0xffffffff, 0x1}}, @eret={0xe6, 0x18, 0x200}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x84000003, [0x5, 0x7, 0xe0, 0x0, 0x6]}}, @eret={0xe6, 0x18, 0x101}, @mrs={0xbe, 0x18, {0x603000000013f290}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xff48, 0x6, 0x3}}, @uexit={0x0, 0x18, 0x2}, @uexit={0x0, 0x18, 0x9}, @hvc={0x32, 0x40, {0x84000009, [0x7ff, 0x5400000000000000, 0x4, 0x4, 0x1]}}, @hvc={0x32, 0x40, {0xffff, [0x8001, 0xc, 0xffffffff, 0x3b62, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x2, 0x6, 0x3, 0x0, 0x1}}, @svc={0x122, 0x40, {0xc4000010, [0x9, 0x3, 0x3, 0x9, 0xcdf]}}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0xa, 0xbb, 0xba, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e663}}, @uexit={0x0, 0x18, 0xe}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x4, 0x9, 0x3, 0x8, 0x2}}, @eret={0xe6, 0x18, 0x8e4}, @uexit={0x0, 0x18, 0x7fffffffffffffff}, @eret={0xe6, 0x18, 0xc700}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x7f}}], 0x504}, &(0x7f0000000740)=[@featur2={0x1, 0x8}], 0x1) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000) (async)
ioctl$KVM_CREATE_VM(r5, 0x5760, 0x2000001c) (async)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x0, 0x0, 0x6, 0x2, 0x4}}], 0x50}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_init) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x9}) (async)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) (async)

7m5.386788733s ago: executing program 3 (id=1516):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000001c0), 0x80, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x20)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x8000})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r6, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x4, 0x0}) (async)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
r9 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x36)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x4, <r12=>0xffffffffffffffff, 0x1})
ioctl$KVM_HAS_DEVICE_ATTR(r12, 0x4018aee3, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r12, 0x4018aee3, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
close(r8) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x397336fe777b8b50, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) (async)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000000)=@arm64_fp={0x60400000001000ca, 0x0})

6m29.179074181s ago: executing program 34 (id=1515):
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34)
ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f0000000080)=0x5)
r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000700)={0x0, &(0x7f00000001c0)=[@svc={0x122, 0x40, {0x8400000e, [0xfffffffffffeffff, 0x9, 0x6, 0x5, 0x10]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x6a}}, @irq_setup={0x46, 0x18, {0x1, 0x2e4}}, @code={0xa, 0x84, {"c0b584d200e0b0f2010180d2e20080d2630080d2040180d2020000d400a8a15e0000601f809083d200e0b0f2c10180d2a20180d2030080d2240180d2020000d41004201e007008d5000000b8000008d5a04599d20020b8f2010180d2c20080d2230180d2040080d2020000d4008008d5"}}, @eret={0xe6, 0x18, 0x401}, @mrs={0xbe, 0x18, {0x6030000000138006}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x10, 0x2, 0x9, 0x3}}, @hvc={0x32, 0x40, {0x84000013, [0x4, 0xb4, 0x1000, 0x7, 0x1]}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x10c, 0x2, 0x5}}, @memwrite={0x6e, 0x30, @generic={0xf000, 0x4d7, 0xffffffff, 0x1}}, @eret={0xe6, 0x18, 0x200}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x84000003, [0x5, 0x7, 0xe0, 0x0, 0x6]}}, @eret={0xe6, 0x18, 0x101}, @mrs={0xbe, 0x18, {0x603000000013f290}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xff48, 0x6, 0x3}}, @uexit={0x0, 0x18, 0x2}, @uexit={0x0, 0x18, 0x9}, @hvc={0x32, 0x40, {0x84000009, [0x7ff, 0x5400000000000000, 0x4, 0x4, 0x1]}}, @hvc={0x32, 0x40, {0xffff, [0x8001, 0xc, 0xffffffff, 0x3b62, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x2, 0x6, 0x3, 0x0, 0x1}}, @svc={0x122, 0x40, {0xc4000010, [0x9, 0x3, 0x3, 0x9, 0xcdf]}}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0xa, 0xbb, 0xba, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e663}}, @uexit={0x0, 0x18, 0xe}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x4, 0x9, 0x3, 0x8, 0x2}}, @eret={0xe6, 0x18, 0x8e4}, @uexit={0x0, 0x18, 0x7fffffffffffffff}, @eret={0xe6, 0x18, 0xc700}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x7f}}], 0x504}, &(0x7f0000000740)=[@featur2={0x1, 0x8}], 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r5, 0x5760, 0x2000001c)
r6 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x0, 0x0, 0x6, 0x2, 0x4}}], 0x50}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_init)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x9})
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async)
ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f0000000080)=0x5) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000700)={0x0, &(0x7f00000001c0)=[@svc={0x122, 0x40, {0x8400000e, [0xfffffffffffeffff, 0x9, 0x6, 0x5, 0x10]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x6a}}, @irq_setup={0x46, 0x18, {0x1, 0x2e4}}, @code={0xa, 0x84, {"c0b584d200e0b0f2010180d2e20080d2630080d2040180d2020000d400a8a15e0000601f809083d200e0b0f2c10180d2a20180d2030080d2240180d2020000d41004201e007008d5000000b8000008d5a04599d20020b8f2010180d2c20080d2230180d2040080d2020000d4008008d5"}}, @eret={0xe6, 0x18, 0x401}, @mrs={0xbe, 0x18, {0x6030000000138006}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x10, 0x2, 0x9, 0x3}}, @hvc={0x32, 0x40, {0x84000013, [0x4, 0xb4, 0x1000, 0x7, 0x1]}}, @eret={0xe6, 0x18, 0xffffffffffffffff}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x10c, 0x2, 0x5}}, @memwrite={0x6e, 0x30, @generic={0xf000, 0x4d7, 0xffffffff, 0x1}}, @eret={0xe6, 0x18, 0x200}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x84000003, [0x5, 0x7, 0xe0, 0x0, 0x6]}}, @eret={0xe6, 0x18, 0x101}, @mrs={0xbe, 0x18, {0x603000000013f290}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xff48, 0x6, 0x3}}, @uexit={0x0, 0x18, 0x2}, @uexit={0x0, 0x18, 0x9}, @hvc={0x32, 0x40, {0x84000009, [0x7ff, 0x5400000000000000, 0x4, 0x4, 0x1]}}, @hvc={0x32, 0x40, {0xffff, [0x8001, 0xc, 0xffffffff, 0x3b62, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x2, 0x6, 0x3, 0x0, 0x1}}, @svc={0x122, 0x40, {0xc4000010, [0x9, 0x3, 0x3, 0x9, 0xcdf]}}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0xa, 0xbb, 0xba, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e663}}, @uexit={0x0, 0x18, 0xe}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x4, 0x9, 0x3, 0x8, 0x2}}, @eret={0xe6, 0x18, 0x8e4}, @uexit={0x0, 0x18, 0x7fffffffffffffff}, @eret={0xe6, 0x18, 0xc700}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x7f}}], 0x504}, &(0x7f0000000740)=[@featur2={0x1, 0x8}], 0x1) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000) (async)
ioctl$KVM_CREATE_VM(r5, 0x5760, 0x2000001c) (async)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x0, 0x0, 0x6, 0x2, 0x4}}], 0x50}, 0x0, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_init) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x9}) (async)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) (async)

6m20.941681246s ago: executing program 35 (id=1516):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000001c0), 0x80, 0x0) (async)
r2 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x20)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x8000})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r6, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x4, 0x0}) (async)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
r9 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x36)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x4, <r12=>0xffffffffffffffff, 0x1})
ioctl$KVM_HAS_DEVICE_ATTR(r12, 0x4018aee3, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r12, 0x4018aee3, 0x0) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
close(r8) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x397336fe777b8b50, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) (async)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000000)=@arm64_fp={0x60400000001000ca, 0x0})

1m0.991552232s ago: executing program 4 (id=1517):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x39d}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0xffffffffffbdfffc, 0x120)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
write$eventfd(r9, 0x0, 0x300)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r14, 0xc008aeb0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0})

47.480816607s ago: executing program 5 (id=1518):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r3, 0x5421, 0x20004000)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x5, 0x2, 0x3]}}], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0) (async)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x179}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x3550, 0x3}}], 0x58}, 0x0, 0x0)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r14, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c61000/0x3000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000000)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000000)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

12.343949936s ago: executing program 36 (id=1517):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x39d}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0xffffffffffbdfffc, 0x120)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
write$eventfd(r9, 0x0, 0x300)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_REG_LIST(r14, 0xc008aeb0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0})

0s ago: executing program 37 (id=1518):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r3, 0x5421, 0x20004000)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r2, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x5, 0x2, 0x3]}}], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0) (async)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x179}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x3550, 0x3}}], 0x58}, 0x0, 0x0)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r14, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c61000/0x3000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000000)={0x8}) (async)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000000)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

[  392.137273][ T3166] 8021q: adding VLAN 0 to HW filter on device bond0
[  441.512021][ T3166] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:6749' (ED25519) to the list of known hosts.
[  607.999706][   T25] audit: type=1400 audit(607.280:61): avc:  denied  { name_bind } for  pid=3322 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  608.870075][   T25] audit: type=1400 audit(608.150:62): avc:  denied  { execute } for  pid=3323 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  608.897135][   T25] audit: type=1400 audit(608.180:63): avc:  denied  { execute_no_trans } for  pid=3323 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  631.873799][   T25] audit: type=1400 audit(631.150:64): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  631.913575][   T25] audit: type=1400 audit(631.190:65): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  631.999991][ T3323] cgroup: Unknown subsys name 'net'
[  632.077760][   T25] audit: type=1400 audit(631.360:66): avc:  denied  { unmount } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  632.669352][ T3323] cgroup: Unknown subsys name 'cpuset'
[  632.885574][ T3323] cgroup: Unknown subsys name 'rlimit'
[  635.274935][   T25] audit: type=1400 audit(634.550:67): avc:  denied  { setattr } for  pid=3323 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  635.315356][   T25] audit: type=1400 audit(634.570:68): avc:  denied  { create } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  635.339135][   T25] audit: type=1400 audit(634.610:69): avc:  denied  { write } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  635.393214][   T25] audit: type=1400 audit(634.640:70): avc:  denied  { module_request } for  pid=3323 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  636.308163][   T25] audit: type=1400 audit(635.560:71): avc:  denied  { read } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  636.387581][   T25] audit: type=1400 audit(635.640:72): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  636.388859][   T25] audit: type=1400 audit(635.660:73): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  638.630136][ T3328] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  638.683788][   T25] audit: type=1400 audit(637.940:74): avc:  denied  { relabelto } for  pid=3328 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  638.723949][   T25] audit: type=1400 audit(637.960:75): avc:  denied  { write } for  pid=3328 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  639.001747][   T25] audit: type=1400 audit(638.280:76): avc:  denied  { read } for  pid=3323 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  639.021608][   T25] audit: type=1400 audit(638.300:77): avc:  denied  { open } for  pid=3323 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  639.091632][ T3323] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  689.286851][   T25] audit: type=1400 audit(688.570:78): avc:  denied  { execmem } for  pid=3329 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  750.637455][   T25] audit: type=1400 audit(749.920:79): avc:  denied  { read } for  pid=3331 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  750.652148][   T25] audit: type=1400 audit(749.930:80): avc:  denied  { open } for  pid=3331 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  750.744710][   T25] audit: type=1400 audit(750.020:81): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  751.938205][   T25] audit: type=1400 audit(751.210:82): avc:  denied  { sys_module } for  pid=3332 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  778.347866][ T3331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  778.595671][ T3331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  778.652213][ T3332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  778.880492][ T3332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  789.941457][ T3331] hsr_slave_0: entered promiscuous mode
[  789.977287][ T3331] hsr_slave_1: entered promiscuous mode
[  790.728226][ T3332] hsr_slave_0: entered promiscuous mode
[  790.759845][ T3332] hsr_slave_1: entered promiscuous mode
[  790.789405][ T3332] debugfs: 'hsr0' already exists in 'hsr'
[  790.814094][ T3332] Cannot create hsr debugfs directory
[  796.607489][ T3331] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  797.012100][ T3331] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  797.309628][ T3331] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  797.644976][ T3331] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  799.130127][ T3332] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  799.281435][ T3332] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  799.550664][ T3332] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  799.865398][ T3332] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  811.665549][ T3331] 8021q: adding VLAN 0 to HW filter on device bond0
[  813.827624][ T3332] 8021q: adding VLAN 0 to HW filter on device bond0
[  869.906826][ T3331] veth0_vlan: entered promiscuous mode
[  870.618560][ T3331] veth1_vlan: entered promiscuous mode
[  873.046295][ T3331] veth0_macvtap: entered promiscuous mode
[  873.105794][ T3332] veth0_vlan: entered promiscuous mode
[  873.398010][ T3331] veth1_macvtap: entered promiscuous mode
[  873.901154][ T3332] veth1_vlan: entered promiscuous mode
[  875.786015][ T3437] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  875.795280][ T3437] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  875.815317][ T3437] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  875.945461][ T3437] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  876.551165][ T3332] veth0_macvtap: entered promiscuous mode
[  877.211780][ T3332] veth1_macvtap: entered promiscuous mode
[  878.856455][   T25] audit: type=1400 audit(878.130:83): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  879.306145][   T25] audit: type=1400 audit(878.500:84): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/syzkaller.5R3tNU/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  879.556532][   T25] audit: type=1400 audit(878.790:85): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  880.009040][   T25] audit: type=1400 audit(879.290:86): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/syzkaller.5R3tNU/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  880.286285][   T25] audit: type=1400 audit(879.560:87): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/syzkaller.5R3tNU/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3773 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  880.710724][ T3404] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  880.739848][ T3404] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  880.781232][ T3404] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  880.795276][ T3404] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  881.364255][   T25] audit: type=1400 audit(880.640:88): avc:  denied  { unmount } for  pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  881.765747][   T25] audit: type=1400 audit(880.970:89): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  881.896101][   T25] audit: type=1400 audit(881.110:90): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="gadgetfs" ino=3784 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  882.388418][   T25] audit: type=1400 audit(881.670:91): avc:  denied  { mount } for  pid=3331 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  882.529726][   T25] audit: type=1400 audit(881.810:92): avc:  denied  { mounton } for  pid=3331 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  884.420929][ T3331] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  885.886159][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  885.903436][   T25] audit: type=1400 audit(885.160:94): avc:  denied  { read write } for  pid=3331 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  885.995769][   T25] audit: type=1400 audit(885.180:95): avc:  denied  { open } for  pid=3331 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  886.047067][   T25] audit: type=1400 audit(885.270:96): avc:  denied  { ioctl } for  pid=3331 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  913.261746][   T25] audit: type=1400 audit(912.540:97): avc:  denied  { append } for  pid=3501 comm="syz.1.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  913.329659][   T25] audit: type=1400 audit(912.610:98): avc:  denied  { open } for  pid=3501 comm="syz.1.6" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  921.124923][   T25] audit: type=1400 audit(920.390:99): avc:  denied  { read } for  pid=3507 comm="syz.0.9" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  921.570341][   T25] audit: type=1400 audit(920.760:100): avc:  denied  { ioctl } for  pid=3507 comm="syz.0.9" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  928.581711][   T25] audit: type=1400 audit(927.750:101): avc:  denied  { execute } for  pid=3512 comm="syz.1.12" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3915 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  940.314818][   T25] audit: type=1400 audit(939.570:102): avc:  denied  { write } for  pid=3521 comm="syz.1.16" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1000.954520][   T25] audit: type=1400 audit(1000.220:103): avc:  denied  { map } for  pid=3563 comm="syz.0.37" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1046.764698][   T25] audit: type=1400 audit(1046.030:104): avc:  denied  { setattr } for  pid=3596 comm="syz.0.53" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1408.527587][   T25] audit: type=1400 audit(1407.800:105): avc:  denied  { create } for  pid=3819 comm="syz.1.157" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1409.254514][   T25] audit: type=1400 audit(1408.530:106): avc:  denied  { ioctl } for  pid=3819 comm="syz.1.157" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=6058 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1534.838840][   T25] audit: type=1400 audit(1534.120:107): avc:  denied  { map } for  pid=3896 comm="syz.1.187" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=6851 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1534.877712][   T25] audit: type=1400 audit(1534.130:108): avc:  denied  { read } for  pid=3896 comm="syz.1.187" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=6851 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1999.571365][ T4156] kvm [4156]: Failed to find VMA for hva 0x21016000
[ 2438.567384][   T25] audit: type=1400 audit(2437.830:109): avc:  denied  { ioctl } for  pid=4406 comm="syz.1.400" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb70d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 2656.359356][ T4516] kvm [4516]: Failed to find VMA for hva 0x20c01000
[ 3020.599263][ T4713] kvm [4713]: Failed to find VMA for hva 0x20c01000
[ 3112.325144][   T25] audit: type=1400 audit(3111.510:110): avc:  denied  { execute } for  pid=4761 comm="syz.0.545" path=2F3237322F10FBFF67525673312B0104 dev="tmpfs" ino=1381 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 3303.506774][ T4875] debugfs: 'vgic-its-state@8080000' already exists in '4875-4'
[ 3447.721781][ T4948] kvm [4948]: Failed to find VMA for hva 0x20e51000
[ 3455.258577][ T4956] kvm [4956]: Failed to find VMA for hva 0x21016000
[ 3495.103883][   T25] audit: type=1400 audit(3494.380:111): avc:  denied  { execute } for  pid=4972 comm="syz.1.621" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 3791.986777][ T5134] kvm [5134]: Failed to find VMA for hva 0x21016000
[ 4044.962169][ T5272] kvm [5272]: Failed to find VMA for hva 0x20c01000
[ 4045.017262][ T5270] kvm [5270]: Failed to find VMA for hva 0x20c01000
[ 4163.898683][ T5329] kvm [5328]: Unsupported guest access at: eeef0000
[ 4163.898683][ T5329]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4165.119577][ T5329] kvm [5329]: Failed to find VMA for hva 0x20d8d000
[ 4175.937884][ T5336] KVM: debugfs: duplicate directory 5336-5
[ 4187.955484][ T5342] kvm [5341]: Unsupported guest access at: eeef0000
[ 4187.955484][ T5342]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4188.816617][ T5342] kvm [5342]: Failed to find VMA for hva 0x20d8d000
[ 4229.691530][ T5364] kvm [5362]: Unsupported guest access at: eeef0000
[ 4229.691530][ T5364]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4230.804757][ T5364] kvm [5364]: Failed to find VMA for hva 0x20d8d000
[ 4279.421318][ T5393] kvm [5391]: Unsupported guest access at: eeef0000
[ 4279.421318][ T5393]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4310.298387][ T5411] kvm [5410]: Unsupported guest access at: eeef0000
[ 4310.298387][ T5411]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4346.120090][ T5430] kvm [5429]: Unsupported guest access at: eeef0000
[ 4346.120090][ T5430]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4346.715876][ T5430] kvm [5430]: Failed to find VMA for hva 0x20d8d000
[ 4356.771709][ T5435] kvm [5434]: Unsupported guest access at: eeef0000
[ 4356.771709][ T5435]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4383.816696][ T5449] kvm [5448]: Unsupported guest access at: eeef0000
[ 4383.816696][ T5449]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4384.481929][ T5449] kvm [5449]: Failed to find VMA for hva 0x20d8d000
[ 4416.746808][ T5465] kvm [5464]: Unsupported guest access at: eeef0000
[ 4416.746808][ T5465]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4417.327779][ T5465] kvm [5465]: Failed to find VMA for hva 0x20d8d000
[ 4426.901720][ T5470] kvm [5469]: Unsupported guest access at: eeef0000
[ 4426.901720][ T5470]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4427.990181][ T5470] kvm [5470]: Failed to find VMA for hva 0x20d8d000
[ 4555.530890][ T5541] kvm [5539]: Unsupported guest access at: eeef0000
[ 4555.530890][ T5541]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4609.815425][ T5566] kvm [5566]: Failed to find VMA for hva 0x20c01000
[ 4609.896791][ T5569] kvm [5569]: Failed to find VMA for hva 0x20c01000
[ 4775.336885][ T5654] kvm [5652]: Unsupported guest access at: eeef0000
[ 4775.336885][ T5654]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4776.778283][ T5654] kvm [5654]: Failed to find VMA for hva 0x20d8d000
[ 4858.089828][ T5693] kvm [5692]: Unsupported guest access at: eeef0000
[ 4858.089828][ T5693]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4859.398341][ T5693] kvm [5693]: Failed to find VMA for hva 0x20d8d000
[ 4922.247678][ T5726] kvm [5726]: Failed to find VMA for hva 0x20c01000
[ 4922.260360][ T5728] kvm [5728]: Failed to find VMA for hva 0x20c01000
[ 4935.370250][ T5732] kvm [5732]: Failed to find VMA for hva 0x20c01000
[ 5035.631799][ T5787] kvm [5785]: Unsupported guest access at: eeef0000
[ 5035.631799][ T5787]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5037.246460][ T5787] kvm [5787]: Failed to find VMA for hva 0x20d8d000
[ 5088.156306][ T5814] kvm [5813]: Unsupported guest access at: eeef0000
[ 5088.156306][ T5814]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5088.789094][ T5814] kvm [5814]: Failed to find VMA for hva 0x20d8d000
[ 5118.780795][ T5827] kvm [5826]: Unsupported guest access at: eeef0000
[ 5118.780795][ T5827]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5119.575142][ T5827] kvm [5827]: Failed to find VMA for hva 0x20d8d000
[ 5159.901278][ T5847] kvm [5847]: Failed to find VMA for hva 0x20c01000
[ 5159.998890][ T5849] kvm [5849]: Failed to find VMA for hva 0x20c01000
[ 5187.878594][ T5861] kvm [5860]: Unsupported guest access at: eeef0000
[ 5187.878594][ T5861]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5188.608464][ T5861] kvm [5861]: Failed to find VMA for hva 0x20d8d000
[ 5192.372098][ T5864] kvm [5863]: Unsupported guest access at: eeef0000
[ 5192.372098][ T5864]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5193.348255][ T5864] kvm [5864]: Failed to find VMA for hva 0x20d8d000
[ 5200.690194][ T5867] kvm [5867]: Failed to find VMA for hva 0x20c01000
[ 5210.431513][ T5873] kvm [5871]: Unsupported guest access at: eeef0000
[ 5210.431513][ T5873]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5211.326667][ T5873] kvm [5873]: Failed to find VMA for hva 0x20d8d000
[ 5221.290058][ T5879] kvm [5877]: Unsupported guest access at: eeef0000
[ 5221.290058][ T5879]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5222.235590][ T5879] kvm [5879]: Failed to find VMA for hva 0x20d8d000
[ 5236.287389][ T5885] kvm [5883]: Unsupported guest access at: eeef0000
[ 5236.287389][ T5885]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5236.915781][ T5885] kvm [5885]: Failed to find VMA for hva 0x20d8d000
[ 5249.088955][ T5891] kvm [5890]: Unsupported guest access at: eeef0000
[ 5249.088955][ T5891]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5250.134756][ T5891] kvm [5891]: Failed to find VMA for hva 0x20d8d000
[ 5253.860488][ T5894] kvm [5893]: Unsupported guest access at: eeef0000
[ 5253.860488][ T5894]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5254.830450][ T5894] kvm [5894]: Failed to find VMA for hva 0x20d8d000
[ 5267.377045][ T5901] kvm [5900]: Unsupported guest access at: eeef0000
[ 5267.377045][ T5901]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5268.354805][ T5901] kvm [5901]: Failed to find VMA for hva 0x20d8d000
[ 5278.824890][ T5907] kvm [5905]: Unsupported guest access at: eeef0000
[ 5278.824890][ T5907]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5280.170155][ T5907] kvm [5907]: Failed to find VMA for hva 0x20d8d000
[ 5306.469803][ T5920] kvm [5920]: Failed to find VMA for hva 0x20c01000
[ 5306.507860][ T5917] kvm [5917]: Failed to find VMA for hva 0x20c01000
[ 5311.839555][ T5923] kvm [5922]: Unsupported guest access at: eeef0000
[ 5311.839555][ T5923]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5313.048171][ T5923] kvm [5923]: Failed to find VMA for hva 0x20d8d000
[ 5323.631468][ T5928] kvm [5927]: Unsupported guest access at: eeef0000
[ 5323.631468][ T5928]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5324.336141][ T5928] kvm [5928]: Failed to find VMA for hva 0x20d8d000
[ 5386.738682][ T5961] kvm [5961]: Failed to find VMA for hva 0x20c01000
[ 5395.555170][ T5964] kvm [5963]: Unsupported guest access at: eeef0000
[ 5395.555170][ T5964]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5396.355009][ T5964] kvm [5964]: Failed to find VMA for hva 0x20d8d000
[ 5452.178138][ T5998] kvm [5998]: Failed to find VMA for hva 0x20c01000
[ 5492.688156][ T6019] kvm [6018]: Unsupported guest access at: eeef0000
[ 5492.688156][ T6019]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5493.617352][ T6019] kvm [6019]: Failed to find VMA for hva 0x20d8d000
[ 5517.417714][ T6034] kvm [6032]: Unsupported guest access at: eeef0000
[ 5517.417714][ T6034]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5518.296516][ T6034] kvm [6034]: Failed to find VMA for hva 0x20d8d000
[ 5548.229767][ T6048] kvm [6047]: Unsupported guest access at: eeef0000
[ 5548.229767][ T6048]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5549.266837][ T6048] kvm [6048]: Failed to find VMA for hva 0x20d8d000
[ 5568.625698][ T6057] kvm [6057]: Failed to find VMA for hva 0x20c01000
[ 5568.651028][ T6060] kvm [6060]: Failed to find VMA for hva 0x20c01000
[ 5626.700091][ T6092] kvm [6091]: Unsupported guest access at: eeef0000
[ 5626.700091][ T6092]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5627.751995][ T6092] kvm [6092]: Failed to find VMA for hva 0x20d8d000
[ 5658.821844][ T6107] kvm [6105]: Unsupported guest access at: eeef0000
[ 5658.821844][ T6107]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5660.468644][ T6107] kvm [6107]: Failed to find VMA for hva 0x20d8d000
[ 5679.458226][ T6118] kvm [6116]: Unsupported guest access at: eeef0000
[ 5679.458226][ T6118]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5679.730546][ T6117] kvm [6115]: Unsupported guest access at: eeef0000
[ 5679.730546][ T6117]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5680.131299][ T6118] kvm [6118]: Failed to find VMA for hva 0x20d8d000
[ 5680.654892][ T6117] kvm [6117]: Failed to find VMA for hva 0x20d8d000
[ 5693.408773][ T6122] kvm [6122]: Failed to find VMA for hva 0x20c01000
[ 5693.578790][ T6126] kvm [6126]: Failed to find VMA for hva 0x20c01000
[ 5710.265101][ T6131] kvm [6131]: Failed to find VMA for hva 0x20d8d000
[ 5747.462175][ T6152] kvm [6152]: Failed to find VMA for hva 0x20d8d000
[ 5768.401590][ T6166] kvm [6165]: Unsupported guest access at: eeef0000
[ 5768.401590][ T6166]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5769.505364][ T6166] kvm [6166]: Failed to find VMA for hva 0x20d8d000
[ 5769.899982][ T6169] kvm [6168]: Unsupported guest access at: eeef0000
[ 5769.899982][ T6169]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5771.427881][ T6169] kvm [6169]: Failed to find VMA for hva 0x20d8d000
[ 5830.944900][ T6197] kvm [6196]: Unsupported guest access at: eeef0000
[ 5830.944900][ T6197]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5832.089758][ T6197] kvm [6197]: Failed to find VMA for hva 0x20d8d000
[ 5853.291659][ T6206] kvm [6205]: Unsupported guest access at: eeef0000
[ 5853.291659][ T6206]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5854.492264][ T6206] kvm [6206]: Failed to find VMA for hva 0x20d8d000
[ 5878.841697][ T6220] kvm [6219]: Unsupported guest access at: eeef0000
[ 5878.841697][ T6220]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5880.204772][ T6220] kvm [6220]: Failed to find VMA for hva 0x20d8d000
[ 5915.545163][ T6235] kvm [6235]: Failed to find VMA for hva 0x20c01000
[ 5917.089614][ T6237] kvm [6236]: Unsupported guest access at: eeef0000
[ 5917.089614][ T6237]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 5918.077419][ T6237] kvm [6237]: Failed to find VMA for hva 0x20d8d000
[ 5942.235802][ T6251] kvm [6251]: Failed to find VMA for hva 0x20c01000
[ 5978.319533][ T6270] kvm [6270]: Failed to find VMA for hva 0x20c01000
[ 6008.866088][ T6286] kvm [6286]: Failed to find VMA for hva 0x20c01000
[ 6048.949497][ T6307] kvm [6307]: Failed to find VMA for hva 0x20c01000
[ 6057.479010][ T6313] kvm [6312]: Unsupported guest access at: eeef0000
[ 6057.479010][ T6313]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6058.405013][ T6313] kvm [6313]: Failed to find VMA for hva 0x20d8d000
[ 6060.897667][ T6315] kvm [6315]: Failed to find VMA for hva 0x20c01000
[ 6072.907078][ T6319] kvm [6318]: Unsupported guest access at: eeef0000
[ 6072.907078][ T6319]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6073.579310][ T6319] kvm [6319]: Failed to find VMA for hva 0x20d8d000
[ 6097.380561][ T6331] kvm [6331]: Failed to find VMA for hva 0x20c01000
[ 6098.429663][ T6334] kvm [6333]: Unsupported guest access at: eeef0000
[ 6098.429663][ T6334]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6099.196918][ T6334] kvm [6334]: Failed to find VMA for hva 0x20d8d000
[ 6109.236418][ T6338] kvm [6337]: Unsupported guest access at: eeef0000
[ 6109.236418][ T6338]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6110.315404][ T6338] kvm [6338]: Failed to find VMA for hva 0x20d8d000
[ 6122.841266][ T6347] kvm [6346]: Unsupported guest access at: eeef0000
[ 6122.841266][ T6347]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6124.366353][ T6347] kvm [6347]: Failed to find VMA for hva 0x20d8d000
[ 6125.967579][ T6350] FAULT_INJECTION: forcing a failure.
[ 6125.967579][ T6350] name failslab, interval 1, probability 0, space 0, times 1
[ 6125.998456][ T6350] CPU: 0 UID: 0 PID: 6350 Comm: syz.1.1155 Not tainted syzkaller #0 PREEMPT 
[ 6125.999128][ T6350] Hardware name: linux,dummy-virt (DT)
[ 6125.999629][ T6350] Call trace:
[ 6126.000069][ T6350]  show_stack+0x2c/0x3c (C)
[ 6126.001967][ T6350]  __dump_stack+0x30/0x40
[ 6126.002253][ T6350]  dump_stack_lvl+0xd8/0x12c
[ 6126.002487][ T6350]  dump_stack+0x1c/0x28
[ 6126.002684][ T6350]  should_fail_ex+0x570/0x6e0
[ 6126.002923][ T6350]  should_failslab+0xb8/0xec
[ 6126.003151][ T6350]  __kmalloc_cache_noprof+0x80/0x5b4
[ 6126.003489][ T6350]  resv_map_alloc+0x38/0x340
[ 6126.003730][ T6350]  hugetlbfs_get_inode+0x88/0x8c4
[ 6126.004057][ T6350]  hugetlb_file_setup+0x188/0x544
[ 6126.004356][ T6350]  ksys_mmap_pgoff+0x17c/0x448
[ 6126.004603][ T6350]  __arm64_sys_mmap+0x13c/0x198
[ 6126.004892][ T6350]  invoke_syscall+0x90/0x238
[ 6126.005189][ T6350]  el0_svc_common+0x180/0x2f4
[ 6126.005494][ T6350]  do_el0_svc+0x58/0x74
[ 6126.005783][ T6350]  el0_svc+0x5c/0x234
[ 6126.006077][ T6350]  el0t_64_sync_handler+0x84/0x12c
[ 6126.006401][ T6350]  el0t_64_sync+0x198/0x19c
[ 6161.330187][ T6371] kvm [6370]: Unsupported guest access at: eeef0000
[ 6161.330187][ T6371]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6162.004833][ T6371] kvm [6371]: Failed to find VMA for hva 0x20d8d000
[ 6173.617619][ T6376] kvm [6375]: Unsupported guest access at: eeef0000
[ 6173.617619][ T6376]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6174.807677][ T6376] kvm [6376]: Failed to find VMA for hva 0x20d8d000
[ 6181.640750][ T6383] FAULT_INJECTION: forcing a failure.
[ 6181.640750][ T6383] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 6181.700123][ T6383] CPU: 0 UID: 0 PID: 6383 Comm: syz.0.1164 Not tainted syzkaller #0 PREEMPT 
[ 6181.700539][ T6383] Hardware name: linux,dummy-virt (DT)
[ 6181.700651][ T6383] Call trace:
[ 6181.700729][ T6383]  show_stack+0x2c/0x3c (C)
[ 6181.701082][ T6383]  __dump_stack+0x30/0x40
[ 6181.701304][ T6383]  dump_stack_lvl+0xd8/0x12c
[ 6181.701525][ T6383]  dump_stack+0x1c/0x28
[ 6181.701721][ T6383]  should_fail_ex+0x570/0x6e0
[ 6181.701961][ T6383]  should_fail_alloc_page+0xd4/0xd8
[ 6181.702212][ T6383]  prepare_alloc_pages+0x20c/0x5e0
[ 6181.702496][ T6383]  __alloc_frozen_pages_noprof+0xd8/0x2d0
[ 6181.702715][ T6383]  alloc_pages_mpol+0x204/0x4c8
[ 6181.703016][ T6383]  alloc_pages_noprof+0x104/0x2ec
[ 6181.703327][ T6383]  pte_alloc_one_noprof+0x38/0x360
[ 6181.703618][ T6383]  __pte_alloc+0x40/0x320
[ 6181.703914][ T6383]  handle_mm_fault+0x3338/0x5860
[ 6181.704227][ T6383]  do_page_fault+0x414/0x1508
[ 6181.704525][ T6383]  do_translation_fault+0xbc/0xfc
[ 6181.704801][ T6383]  do_mem_abort+0x50/0x110
[ 6181.705063][ T6383]  el0_da+0x64/0x210
[ 6181.705386][ T6383]  el0t_64_sync_handler+0x90/0x12c
[ 6181.705686][ T6383]  el0t_64_sync+0x198/0x19c
[ 6181.800261][ T6383] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 6207.499563][ T6396] kvm [6395]: Unsupported guest access at: eeef0000
[ 6207.499563][ T6396]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6208.361583][ T6396] kvm [6396]: Failed to find VMA for hva 0x20d8d000
[ 6221.967463][ T6403] kvm [6403]: Failed to find VMA for hva 0x20c01000
[ 6236.660332][ T6411] kvm [6409]: Unsupported guest access at: eeef0000
[ 6236.660332][ T6411]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6237.585237][ T6411] kvm [6411]: Failed to find VMA for hva 0x20d8d000
[ 6280.576320][ T6434] FAULT_INJECTION: forcing a failure.
[ 6280.576320][ T6434] name failslab, interval 1, probability 0, space 0, times 0
[ 6280.581073][ T6434] CPU: 0 UID: 0 PID: 6434 Comm: syz.1.1181 Not tainted syzkaller #0 PREEMPT 
[ 6280.581430][ T6434] Hardware name: linux,dummy-virt (DT)
[ 6280.581539][ T6434] Call trace:
[ 6280.581617][ T6434]  show_stack+0x2c/0x3c (C)
[ 6280.581975][ T6434]  __dump_stack+0x30/0x40
[ 6280.582188][ T6434]  dump_stack_lvl+0xd8/0x12c
[ 6280.582422][ T6434]  dump_stack+0x1c/0x28
[ 6280.582622][ T6434]  should_fail_ex+0x570/0x6e0
[ 6280.582861][ T6434]  should_failslab+0xb8/0xec
[ 6280.583078][ T6434]  __kmalloc_noprof+0xdc/0x668
[ 6280.583401][ T6434]  tomoyo_encode+0x27c/0x4ec
[ 6280.583709][ T6434]  tomoyo_realpath_from_path+0x5bc/0x628
[ 6280.584044][ T6434]  tomoyo_path_number_perm+0x13c/0x33c
[ 6280.584346][ T6434]  tomoyo_file_ioctl+0x2c/0x3c
[ 6280.584562][ T6434]  security_file_ioctl+0xe8/0x2f0
[ 6280.584778][ T6434]  __arm64_sys_ioctl+0xd0/0x244
[ 6280.585012][ T6434]  invoke_syscall+0x90/0x238
[ 6280.585331][ T6434]  el0_svc_common+0x180/0x2f4
[ 6280.585624][ T6434]  do_el0_svc+0x58/0x74
[ 6280.585901][ T6434]  el0_svc+0x5c/0x234
[ 6280.586217][ T6434]  el0t_64_sync_handler+0x84/0x12c
[ 6280.586532][ T6434]  el0t_64_sync+0x198/0x19c
[ 6280.687591][ T6434] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 6290.320604][ T6441] kvm [6439]: Unsupported guest access at: eeef0000
[ 6290.320604][ T6441]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6291.769658][ T6441] kvm [6441]: Failed to find VMA for hva 0x20d8d000
[ 6311.749051][ T6450] FAULT_INJECTION: forcing a failure.
[ 6311.749051][ T6450] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 6311.794355][ T6450] CPU: 0 UID: 0 PID: 6450 Comm: syz.1.1187 Not tainted syzkaller #0 PREEMPT 
[ 6311.794742][ T6450] Hardware name: linux,dummy-virt (DT)
[ 6311.794866][ T6450] Call trace:
[ 6311.794948][ T6450]  show_stack+0x2c/0x3c (C)
[ 6311.795352][ T6450]  __dump_stack+0x30/0x40
[ 6311.795565][ T6450]  dump_stack_lvl+0xd8/0x12c
[ 6311.795795][ T6450]  dump_stack+0x1c/0x28
[ 6311.795995][ T6450]  should_fail_ex+0x570/0x6e0
[ 6311.796249][ T6450]  should_fail+0x14/0x24
[ 6311.796487][ T6450]  should_fail_usercopy+0x20/0x30
[ 6311.796726][ T6450]  _inline_copy_from_user+0x3c/0x18c
[ 6311.796961][ T6450]  kstrtouint_from_user+0x70/0xf8
[ 6311.797189][ T6450]  proc_fail_nth_write+0x4c/0x20c
[ 6311.797490][ T6450]  vfs_write+0x2c0/0xb1c
[ 6311.797732][ T6450]  ksys_write+0x100/0x1f4
[ 6311.797979][ T6450]  __arm64_sys_write+0x98/0xcc
[ 6311.798246][ T6450]  invoke_syscall+0x90/0x238
[ 6311.798545][ T6450]  el0_svc_common+0x180/0x2f4
[ 6311.798832][ T6450]  do_el0_svc+0x58/0x74
[ 6311.799116][ T6450]  el0_svc+0x5c/0x234
[ 6311.799442][ T6450]  el0t_64_sync_handler+0x84/0x12c
[ 6311.799758][ T6450]  el0t_64_sync+0x198/0x19c
[ 6335.991531][ T6465] kvm [6465]: Failed to find VMA for hva 0x21016000
[ 6350.838854][ T6475] kvm [6473]: Unsupported guest access at: eeef0000
[ 6350.838854][ T6475]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6351.726572][ T6475] kvm [6475]: Failed to find VMA for hva 0x20d8d000
[ 6384.341393][ T6498] FAULT_INJECTION: forcing a failure.
[ 6384.341393][ T6498] name failslab, interval 1, probability 0, space 0, times 0
[ 6384.384509][ T6498] CPU: 0 UID: 0 PID: 6498 Comm: syz.0.1202 Not tainted syzkaller #0 PREEMPT 
[ 6384.384896][ T6498] Hardware name: linux,dummy-virt (DT)
[ 6384.385000][ T6498] Call trace:
[ 6384.385078][ T6498]  show_stack+0x2c/0x3c (C)
[ 6384.385471][ T6498]  __dump_stack+0x30/0x40
[ 6384.385677][ T6498]  dump_stack_lvl+0xd8/0x12c
[ 6384.385874][ T6498]  dump_stack+0x1c/0x28
[ 6384.386065][ T6498]  should_fail_ex+0x570/0x6e0
[ 6384.386310][ T6498]  should_failslab+0xb8/0xec
[ 6384.386536][ T6498]  kmem_cache_alloc_noprof+0x84/0x5a8
[ 6384.386827][ T6498]  security_file_alloc+0x38/0x350
[ 6384.387038][ T6498]  init_file+0xb0/0x36c
[ 6384.387328][ T6498]  alloc_empty_file+0x74/0x17c
[ 6384.387619][ T6498]  path_openat+0xa4/0x35f8
[ 6384.387937][ T6498]  do_filp_open+0x190/0x3cc
[ 6384.388231][ T6498]  do_sys_openat2+0xd4/0x158
[ 6384.388472][ T6498]  __arm64_sys_openat+0x154/0x1b8
[ 6384.388703][ T6498]  invoke_syscall+0x90/0x238
[ 6384.388996][ T6498]  el0_svc_common+0x180/0x2f4
[ 6384.389292][ T6498]  do_el0_svc+0x58/0x74
[ 6384.389587][ T6498]  el0_svc+0x5c/0x234
[ 6384.389881][ T6498]  el0t_64_sync_handler+0x84/0x12c
[ 6384.390198][ T6498]  el0t_64_sync+0x198/0x19c
[ 6404.625480][ T6506] FAULT_INJECTION: forcing a failure.
[ 6404.625480][ T6506] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 6404.627505][ T6506] CPU: 0 UID: 0 PID: 6506 Comm: syz.0.1205 Not tainted syzkaller #0 PREEMPT 
[ 6404.627857][ T6506] Hardware name: linux,dummy-virt (DT)
[ 6404.627967][ T6506] Call trace:
[ 6404.628048][ T6506]  show_stack+0x2c/0x3c (C)
[ 6404.628446][ T6506]  __dump_stack+0x30/0x40
[ 6404.628651][ T6506]  dump_stack_lvl+0xd8/0x12c
[ 6404.628846][ T6506]  dump_stack+0x1c/0x28
[ 6404.629031][ T6506]  should_fail_ex+0x570/0x6e0
[ 6404.629284][ T6506]  should_fail+0x14/0x24
[ 6404.629519][ T6506]  should_fail_usercopy+0x20/0x30
[ 6404.629750][ T6506]  _inline_copy_to_user+0x3c/0x170
[ 6404.630009][ T6506]  kvm_vm_ioctl+0x850/0x9a8
[ 6404.630289][ T6506]  __arm64_sys_ioctl+0x18c/0x244
[ 6404.630539][ T6506]  invoke_syscall+0x90/0x238
[ 6404.630835][ T6506]  el0_svc_common+0x180/0x2f4
[ 6404.631122][ T6506]  do_el0_svc+0x58/0x74
[ 6404.631432][ T6506]  el0_svc+0x5c/0x234
[ 6404.631725][ T6506]  el0t_64_sync_handler+0x84/0x12c
[ 6404.632050][ T6506]  el0t_64_sync+0x198/0x19c
[ 6413.769572][ T6513] kvm [6512]: Unsupported guest access at: eeef0000
[ 6413.769572][ T6513]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6414.856951][ T6513] kvm [6513]: Failed to find VMA for hva 0x20d8d000
[ 6423.270969][ T6517] kvm [6517]: Failed to find VMA for hva 0x21016000
[ 6484.391180][ T6547] FAULT_INJECTION: forcing a failure.
[ 6484.391180][ T6547] name failslab, interval 1, probability 0, space 0, times 0
[ 6484.426418][ T6547] CPU: 0 UID: 0 PID: 6547 Comm: syz.0.1218 Not tainted syzkaller #0 PREEMPT 
[ 6484.426810][ T6547] Hardware name: linux,dummy-virt (DT)
[ 6484.426922][ T6547] Call trace:
[ 6484.427000][ T6547]  show_stack+0x2c/0x3c (C)
[ 6484.427389][ T6547]  __dump_stack+0x30/0x40
[ 6484.427594][ T6547]  dump_stack_lvl+0xd8/0x12c
[ 6484.427820][ T6547]  dump_stack+0x1c/0x28
[ 6484.428022][ T6547]  should_fail_ex+0x570/0x6e0
[ 6484.428283][ T6547]  should_failslab+0xb8/0xec
[ 6484.428507][ T6547]  kmem_cache_alloc_noprof+0x84/0x5a8
[ 6484.428798][ T6547]  security_file_alloc+0x38/0x350
[ 6484.429017][ T6547]  init_file+0xb0/0x36c
[ 6484.429314][ T6547]  alloc_empty_file+0x74/0x17c
[ 6484.429586][ T6547]  alloc_file_pseudo+0xf0/0x1e8
[ 6484.429863][ T6547]  hugetlb_file_setup+0x364/0x544
[ 6484.430179][ T6547]  ksys_mmap_pgoff+0x17c/0x448
[ 6484.430430][ T6547]  __arm64_sys_mmap+0x13c/0x198
[ 6484.430726][ T6547]  invoke_syscall+0x90/0x238
[ 6484.431017][ T6547]  el0_svc_common+0x180/0x2f4
[ 6484.431323][ T6547]  do_el0_svc+0x58/0x74
[ 6484.431601][ T6547]  el0_svc+0x5c/0x234
[ 6484.431925][ T6547]  el0t_64_sync_handler+0x84/0x12c
[ 6484.432249][ T6547]  el0t_64_sync+0x198/0x19c
[ 6497.718238][ T6556] kvm [6556]: Failed to find VMA for hva 0x21016000
[ 6533.000615][ T6573] FAULT_INJECTION: forcing a failure.
[ 6533.000615][ T6573] name failslab, interval 1, probability 0, space 0, times 0
[ 6533.047217][ T6573] CPU: 0 UID: 0 PID: 6573 Comm: syz.0.1227 Not tainted syzkaller #0 PREEMPT 
[ 6533.047613][ T6573] Hardware name: linux,dummy-virt (DT)
[ 6533.047720][ T6573] Call trace:
[ 6533.047829][ T6573]  show_stack+0x2c/0x3c (C)
[ 6533.048206][ T6573]  __dump_stack+0x30/0x40
[ 6533.048425][ T6573]  dump_stack_lvl+0xd8/0x12c
[ 6533.048630][ T6573]  dump_stack+0x1c/0x28
[ 6533.048820][ T6573]  should_fail_ex+0x570/0x6e0
[ 6533.049047][ T6573]  should_failslab+0xb8/0xec
[ 6533.049280][ T6573]  kmem_cache_alloc_noprof+0x84/0x5a8
[ 6533.049591][ T6573]  vm_area_alloc+0x2c/0x1a8
[ 6533.049851][ T6573]  mmap_region+0xb70/0x1fcc
[ 6533.050126][ T6573]  do_mmap+0xa50/0xf64
[ 6533.050360][ T6573]  vm_mmap_pgoff+0x290/0x3e8
[ 6533.050611][ T6573]  ksys_mmap_pgoff+0x1d0/0x448
[ 6533.050844][ T6573]  __arm64_sys_mmap+0x13c/0x198
[ 6533.051136][ T6573]  invoke_syscall+0x90/0x238
[ 6533.051457][ T6573]  el0_svc_common+0x180/0x2f4
[ 6533.051769][ T6573]  do_el0_svc+0x58/0x74
[ 6533.052058][ T6573]  el0_svc+0x5c/0x234
[ 6533.052423][ T6573]  el0t_64_sync_handler+0x84/0x12c
[ 6533.052725][ T6573]  el0t_64_sync+0x198/0x19c
[ 6592.390820][ T6611] kvm [6609]: Unsupported guest access at: eeef0000
[ 6592.390820][ T6611]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 6593.681691][ T6611] kvm [6611]: Failed to find VMA for hva 0x20d8d000
[ 6638.125782][ T6633] kvm [6633]: Failed to find VMA for hva 0x20c01000
[ 6755.717202][ T6643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6755.965448][ T6643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6759.997460][ T6646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 6760.218410][ T6646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 6778.369199][ T6643] hsr_slave_0: entered promiscuous mode
[ 6778.438317][ T6643] hsr_slave_1: entered promiscuous mode
[ 6778.518036][ T6643] debugfs: 'hsr0' already exists in 'hsr'
[ 6778.525914][ T6643] Cannot create hsr debugfs directory
[ 6783.405045][ T6646] hsr_slave_0: entered promiscuous mode
[ 6783.470320][ T6646] hsr_slave_1: entered promiscuous mode
[ 6783.511060][ T6646] debugfs: 'hsr0' already exists in 'hsr'
[ 6783.544063][ T6646] Cannot create hsr debugfs directory
[ 6810.885347][ T6643] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 6811.560134][ T6643] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 6812.061835][ T5973] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6812.275467][ T6643] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 6813.086677][ T5973] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6813.288680][ T6643] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 6813.939625][ T5973] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6814.747981][ T5973] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6817.075643][ T6646] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 6817.940794][ T6646] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 6818.804167][ T6646] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 6819.548055][ T6646] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 6829.111534][ T5973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6829.249657][ T5973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6829.307132][ T5973] bond0 (unregistering): Released all slaves
[ 6831.807439][ T5973] hsr_slave_0: left promiscuous mode
[ 6831.957130][ T5973] hsr_slave_1: left promiscuous mode
[ 6832.566086][ T5973] veth1_macvtap: left promiscuous mode
[ 6832.576839][ T5973] veth0_macvtap: left promiscuous mode
[ 6832.596941][ T5973] veth1_vlan: left promiscuous mode
[ 6832.626032][ T5973] veth0_vlan: left promiscuous mode
[ 6857.497828][ T5973] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6859.209217][ T5973] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6860.591451][ T5973] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6862.346141][ T5973] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 6880.257951][ T5973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 6880.336039][ T5973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 6880.418811][ T5973] bond0 (unregistering): Released all slaves
[ 6881.764918][ T5973] hsr_slave_0: left promiscuous mode
[ 6881.814443][ T5973] hsr_slave_1: left promiscuous mode
[ 6882.201250][ T5973] veth1_macvtap: left promiscuous mode
[ 6882.209994][ T5973] veth0_macvtap: left promiscuous mode
[ 6882.225892][ T5973] veth1_vlan: left promiscuous mode
[ 6882.237468][ T5973] veth0_vlan: left promiscuous mode
[ 6895.936292][ T6643] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6901.796364][ T6646] 8021q: adding VLAN 0 to HW filter on device bond0
[ 6985.017978][ T6643] veth0_vlan: entered promiscuous mode
[ 6986.028985][ T6643] veth1_vlan: entered promiscuous mode
[ 6989.147448][ T6643] veth0_macvtap: entered promiscuous mode
[ 6990.138602][ T6643] veth1_macvtap: entered promiscuous mode
[ 6991.415558][ T6646] veth0_vlan: entered promiscuous mode
[ 6992.911603][ T6646] veth1_vlan: entered promiscuous mode
[ 6994.145890][ T5973] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 6994.150283][ T5973] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 6994.220270][ T5973] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 6994.235199][ T5973] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 6997.899763][ T6646] veth0_macvtap: entered promiscuous mode
[ 6998.405282][ T6646] veth1_macvtap: entered promiscuous mode
[ 7001.609922][ T6106] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 7001.634358][ T6106] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 7001.689341][ T6106] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 7001.697659][ T6106] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 7306.946226][ T7028] kvm [7026]: Unsupported guest access at: eeef0000
[ 7306.946226][ T7028]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 7308.011569][ T7028] kvm [7028]: Failed to find VMA for hva 0x20d8d000
[ 7493.179969][ T7141] FAULT_INJECTION: forcing a failure.
[ 7493.179969][ T7141] name failslab, interval 1, probability 0, space 0, times 0
[ 7493.230675][ T7141] CPU: 0 UID: 0 PID: 7141 Comm: syz.2.1311 Not tainted syzkaller #0 PREEMPT 
[ 7493.231060][ T7141] Hardware name: linux,dummy-virt (DT)
[ 7493.231169][ T7141] Call trace:
[ 7493.231276][ T7141]  show_stack+0x2c/0x3c (C)
[ 7493.231644][ T7141]  __dump_stack+0x30/0x40
[ 7493.231884][ T7141]  dump_stack_lvl+0xd8/0x12c
[ 7493.232088][ T7141]  dump_stack+0x1c/0x28
[ 7493.232330][ T7141]  should_fail_ex+0x570/0x6e0
[ 7493.232574][ T7141]  should_failslab+0xb8/0xec
[ 7493.232798][ T7141]  __kmalloc_cache_noprof+0x80/0x5b4
[ 7493.233102][ T7141]  kvm_create_vm_debugfs+0x43c/0x7d0
[ 7493.233412][ T7141]  kvm_dev_ioctl+0x974/0x13e0
[ 7493.233676][ T7141]  __arm64_sys_ioctl+0x18c/0x244
[ 7493.233908][ T7141]  invoke_syscall+0x90/0x238
[ 7493.234209][ T7141]  el0_svc_common+0x180/0x2f4
[ 7493.234513][ T7141]  do_el0_svc+0x58/0x74
[ 7493.234797][ T7141]  el0_svc+0x5c/0x234
[ 7493.235083][ T7141]  el0t_64_sync_handler+0x84/0x12c
[ 7493.235406][ T7141]  el0t_64_sync+0x198/0x19c
[ 7617.456217][ T7207] kvm [7207]: Failed to find VMA for hva 0x20c01000
[ 7717.271537][ T7255] FAULT_INJECTION: forcing a failure.
[ 7717.271537][ T7255] name failslab, interval 1, probability 0, space 0, times 0
[ 7717.353673][ T7255] CPU: 0 UID: 0 PID: 7255 Comm: syz.2.1347 Not tainted syzkaller #0 PREEMPT 
[ 7717.354053][ T7255] Hardware name: linux,dummy-virt (DT)
[ 7717.354159][ T7255] Call trace:
[ 7717.354261][ T7255]  show_stack+0x2c/0x3c (C)
[ 7717.354643][ T7255]  __dump_stack+0x30/0x40
[ 7717.354846][ T7255]  dump_stack_lvl+0xd8/0x12c
[ 7717.355043][ T7255]  dump_stack+0x1c/0x28
[ 7717.355256][ T7255]  should_fail_ex+0x570/0x6e0
[ 7717.355497][ T7255]  should_failslab+0xb8/0xec
[ 7717.355715][ T7255]  __kmalloc_noprof+0xdc/0x668
[ 7717.356070][ T7255]  tomoyo_realpath_from_path+0xdc/0x628
[ 7717.356442][ T7255]  tomoyo_path_number_perm+0x13c/0x33c
[ 7717.356751][ T7255]  tomoyo_file_ioctl+0x2c/0x3c
[ 7717.356972][ T7255]  security_file_ioctl+0xe8/0x2f0
[ 7717.357204][ T7255]  __arm64_sys_ioctl+0xd0/0x244
[ 7717.357453][ T7255]  invoke_syscall+0x90/0x238
[ 7717.357770][ T7255]  el0_svc_common+0x180/0x2f4
[ 7717.358057][ T7255]  do_el0_svc+0x58/0x74
[ 7717.358420][ T7255]  el0_svc+0x5c/0x234
[ 7717.358720][ T7255]  el0t_64_sync_handler+0x84/0x12c
[ 7717.359039][ T7255]  el0t_64_sync+0x198/0x19c
[ 7717.466250][ T7255] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 7961.040301][ T7390] kvm [7389]: Unsupported guest access at: eeef0000
[ 7961.040301][ T7390]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 7961.749708][ T7390] kvm [7390]: Failed to find VMA for hva 0x20d8d000
[ 8185.885826][ T7503] kvm [7503]: Failed to find VMA for hva 0x21016000
[ 8261.609205][ T7532] FAULT_INJECTION: forcing a failure.
[ 8261.609205][ T7532] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 8261.629663][ T7532] CPU: 0 UID: 0 PID: 7532 Comm: syz.2.1434 Not tainted syzkaller #0 PREEMPT 
[ 8261.630043][ T7532] Hardware name: linux,dummy-virt (DT)
[ 8261.630152][ T7532] Call trace:
[ 8261.630250][ T7532]  show_stack+0x2c/0x3c (C)
[ 8261.630629][ T7532]  __dump_stack+0x30/0x40
[ 8261.630841][ T7532]  dump_stack_lvl+0xd8/0x12c
[ 8261.631043][ T7532]  dump_stack+0x1c/0x28
[ 8261.631247][ T7532]  should_fail_ex+0x570/0x6e0
[ 8261.631491][ T7532]  should_fail_alloc_page+0xd4/0xd8
[ 8261.631716][ T7532]  prepare_alloc_pages+0x20c/0x5e0
[ 8261.631954][ T7532]  __alloc_frozen_pages_noprof+0xd8/0x2d0
[ 8261.632166][ T7532]  alloc_pages_mpol+0x204/0x4c8
[ 8261.632508][ T7532]  alloc_pages_noprof+0x104/0x2ec
[ 8261.632800][ T7532]  get_free_pages_noprof+0x1c/0xc4
[ 8261.633004][ T7532]  selinux_genfs_get_sid+0x70/0x2c0
[ 8261.633229][ T7532]  inode_doinit_with_dentry+0x754/0xb7c
[ 8261.633454][ T7532]  selinux_d_instantiate+0x30/0x48
[ 8261.633713][ T7532]  security_d_instantiate+0xf8/0x1fc
[ 8261.633967][ T7532]  d_instantiate+0x68/0xb8
[ 8261.634241][ T7532]  __debugfs_create_file+0x2ac/0x5dc
[ 8261.634534][ T7532]  debugfs_create_file_full+0x58/0x70
[ 8261.634806][ T7532]  kvm_create_vm_debugfs+0x57c/0x7d0
[ 8261.635082][ T7532]  kvm_dev_ioctl+0x974/0x13e0
[ 8261.635378][ T7532]  __arm64_sys_ioctl+0x18c/0x244
[ 8261.635607][ T7532]  invoke_syscall+0x90/0x238
[ 8261.635935][ T7532]  el0_svc_common+0x180/0x2f4
[ 8261.636245][ T7532]  do_el0_svc+0x58/0x74
[ 8261.636550][ T7532]  el0_svc+0x5c/0x234
[ 8261.636848][ T7532]  el0t_64_sync_handler+0x84/0x12c
[ 8261.637144][ T7532]  el0t_64_sync+0x198/0x19c
[ 8278.160125][ T7538] kvm [7537]: Unsupported guest access at: eeef0000
[ 8278.160125][ T7538]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 8279.188408][ T7538] kvm [7538]: Failed to find VMA for hva 0x20d8d000
[ 8298.927141][ T7549] FAULT_INJECTION: forcing a failure.
[ 8298.927141][ T7549] name failslab, interval 1, probability 0, space 0, times 0
[ 8298.945497][ T7549] CPU: 0 UID: 0 PID: 7549 Comm: syz.2.1439 Not tainted syzkaller #0 PREEMPT 
[ 8298.945879][ T7549] Hardware name: linux,dummy-virt (DT)
[ 8298.945986][ T7549] Call trace:
[ 8298.946064][ T7549]  show_stack+0x2c/0x3c (C)
[ 8298.946455][ T7549]  __dump_stack+0x30/0x40
[ 8298.946661][ T7549]  dump_stack_lvl+0xd8/0x12c
[ 8298.946851][ T7549]  dump_stack+0x1c/0x28
[ 8298.947042][ T7549]  should_fail_ex+0x570/0x6e0
[ 8298.947290][ T7549]  should_failslab+0xb8/0xec
[ 8298.947531][ T7549]  __kmalloc_cache_noprof+0x80/0x5b4
[ 8298.947861][ T7549]  kvm_create_vm_debugfs+0x43c/0x7d0
[ 8298.948139][ T7549]  kvm_dev_ioctl+0x974/0x13e0
[ 8298.948422][ T7549]  __arm64_sys_ioctl+0x18c/0x244
[ 8298.948655][ T7549]  invoke_syscall+0x90/0x238
[ 8298.948943][ T7549]  el0_svc_common+0x180/0x2f4
[ 8298.949248][ T7549]  do_el0_svc+0x58/0x74
[ 8298.949541][ T7549]  el0_svc+0x5c/0x234
[ 8298.949839][ T7549]  el0t_64_sync_handler+0x84/0x12c
[ 8298.950140][ T7549]  el0t_64_sync+0x198/0x19c
[ 8329.306172][ T7566] FAULT_INJECTION: forcing a failure.
[ 8329.306172][ T7566] name failslab, interval 1, probability 0, space 0, times 0
[ 8329.334103][ T7566] CPU: 0 UID: 0 PID: 7566 Comm: syz.2.1445 Not tainted syzkaller #0 PREEMPT 
[ 8329.334521][ T7566] Hardware name: linux,dummy-virt (DT)
[ 8329.334651][ T7566] Call trace:
[ 8329.334735][ T7566]  show_stack+0x2c/0x3c (C)
[ 8329.335141][ T7566]  __dump_stack+0x30/0x40
[ 8329.335380][ T7566]  dump_stack_lvl+0xd8/0x12c
[ 8329.335580][ T7566]  dump_stack+0x1c/0x28
[ 8329.335793][ T7566]  should_fail_ex+0x570/0x6e0
[ 8329.336027][ T7566]  should_failslab+0xb8/0xec
[ 8329.336260][ T7566]  kmem_cache_alloc_lru_noprof+0x88/0x5ac
[ 8329.336579][ T7566]  __d_alloc+0x40/0x844
[ 8329.336832][ T7566]  d_alloc_parallel+0x9c/0x1438
[ 8329.337097][ T7566]  __lookup_slow+0xe0/0x388
[ 8329.337399][ T7566]  lookup_noperm+0x134/0x280
[ 8329.337667][ T7566]  simple_start_creating+0xc4/0x190
[ 8329.337958][ T7566]  debugfs_start_creating+0x134/0x1b0
[ 8329.338263][ T7566]  __debugfs_create_file+0x7c/0x5dc
[ 8329.338546][ T7566]  debugfs_create_file_full+0x58/0x70
[ 8329.338823][ T7566]  kvm_create_vm_debugfs+0x57c/0x7d0
[ 8329.339100][ T7566]  kvm_dev_ioctl+0x974/0x13e0
[ 8329.339394][ T7566]  __arm64_sys_ioctl+0x18c/0x244
[ 8329.339619][ T7566]  invoke_syscall+0x90/0x238
[ 8329.339947][ T7566]  el0_svc_common+0x180/0x2f4
[ 8329.340249][ T7566]  do_el0_svc+0x58/0x74
[ 8329.340540][ T7566]  el0_svc+0x5c/0x234
[ 8329.340836][ T7566]  el0t_64_sync_handler+0x84/0x12c
[ 8329.341133][ T7566]  el0t_64_sync+0x198/0x19c
[ 8383.628610][ T7588] FAULT_INJECTION: forcing a failure.
[ 8383.628610][ T7588] name failslab, interval 1, probability 0, space 0, times 0
[ 8383.665161][ T7588] CPU: 0 UID: 0 PID: 7588 Comm: syz.2.1453 Not tainted syzkaller #0 PREEMPT 
[ 8383.665572][ T7588] Hardware name: linux,dummy-virt (DT)
[ 8383.665682][ T7588] Call trace:
[ 8383.665760][ T7588]  show_stack+0x2c/0x3c (C)
[ 8383.666112][ T7588]  __dump_stack+0x30/0x40
[ 8383.666327][ T7588]  dump_stack_lvl+0xd8/0x12c
[ 8383.666539][ T7588]  dump_stack+0x1c/0x28
[ 8383.666739][ T7588]  should_fail_ex+0x570/0x6e0
[ 8383.666969][ T7588]  should_failslab+0xb8/0xec
[ 8383.667209][ T7588]  kmem_cache_alloc_noprof+0x84/0x5a8
[ 8383.667521][ T7588]  security_inode_alloc+0x3c/0x354
[ 8383.667849][ T7588]  inode_init_always_gfp+0xb48/0xfd4
[ 8383.668153][ T7588]  alloc_inode+0x98/0x23c
[ 8383.668464][ T7588]  new_inode+0x2c/0x1c4
[ 8383.668754][ T7588]  __debugfs_create_file+0x15c/0x5dc
[ 8383.669035][ T7588]  debugfs_create_file_full+0x58/0x70
[ 8383.669330][ T7588]  kvm_create_vm_debugfs+0x57c/0x7d0
[ 8383.669609][ T7588]  kvm_dev_ioctl+0x974/0x13e0
[ 8383.669870][ T7588]  __arm64_sys_ioctl+0x18c/0x244
[ 8383.670105][ T7588]  invoke_syscall+0x90/0x238
[ 8383.670428][ T7588]  el0_svc_common+0x180/0x2f4
[ 8383.670724][ T7588]  do_el0_svc+0x58/0x74
[ 8383.671006][ T7588]  el0_svc+0x5c/0x234
[ 8383.671315][ T7588]  el0t_64_sync_handler+0x84/0x12c
[ 8383.671618][ T7588]  el0t_64_sync+0x198/0x19c
[ 8383.887523][ T7588] debugfs: out of free dentries, can not create file 'halt_wait_ns'
[ 8453.310366][ T7612] kvm [7612]: Failed to find VMA for hva 0x21016000
[ 8453.516041][ T7612] kvm [7612]: Failed to find VMA for hva 0x21016000
[ 8625.687237][ T7708] kvm [7708]: Failed to find VMA for hva 0x20c01000
[ 8733.358399][ T7768] kvm [7765]: Unsupported guest access at: eeef0000
[ 8733.358399][ T7768]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 8734.209666][ T7768] kvm [7768]: Failed to find VMA for hva 0x20d8d000
[ 8929.631499][ T7824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 8929.979320][ T7824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 8940.506966][ T7831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 8940.789835][ T7831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 8961.066001][ T7824] hsr_slave_0: entered promiscuous mode
[ 8961.171886][ T7824] hsr_slave_1: entered promiscuous mode
[ 8980.065940][ T7831] hsr_slave_0: entered promiscuous mode
[ 8980.209620][ T7831] hsr_slave_1: entered promiscuous mode
[ 8980.414192][ T7831] debugfs: 'hsr0' already exists in 'hsr'
[ 8980.417282][ T7831] Cannot create hsr debugfs directory
[ 8986.524391][ T7824] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 8987.594443][ T7824] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 8988.174724][ T7824] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 8988.420701][ T7824] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 8999.117132][ T7831] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 8999.590855][ T7831] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 9000.038357][ T7831] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 9000.349109][ T7831] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 9022.171478][ T7824] 8021q: adding VLAN 0 to HW filter on device bond0
[ 9034.171723][ T7831] 8021q: adding VLAN 0 to HW filter on device bond0
[ 9163.216983][ T7824] veth0_vlan: entered promiscuous mode
[ 9164.426966][ T7824] veth1_vlan: entered promiscuous mode
[ 9168.028951][ T7824] veth0_macvtap: entered promiscuous mode
[ 9168.609995][ T7824] veth1_macvtap: entered promiscuous mode
[ 9172.453941][ T7921] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 9172.465786][ T3869] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 9172.466648][ T3869] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 9172.467378][ T3869] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 9175.956808][ T7831] veth0_vlan: entered promiscuous mode
[ 9177.947161][ T7831] veth1_vlan: entered promiscuous mode
[ 9182.231048][ T7831] veth0_macvtap: entered promiscuous mode
[ 9182.899824][ T7831] veth1_macvtap: entered promiscuous mode
[ 9186.994266][ T3869] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 9186.999047][ T3869] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 9187.056103][ T3869] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 9187.097588][ T7087] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 9274.156099][   T27] INFO: task syz.3.1516:7819 blocked for more than 430 seconds.
[ 9274.178325][   T27]       Not tainted syzkaller #0
[ 9274.195380][   T27]       Blocked by coredump.
[ 9274.204497][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 9274.209892][   T27] task:syz.3.1516      state:D stack:0     pid:7819  tgid:7817  ppid:6646   task_flags:0x40044c flags:0x00000018
[ 9274.265623][   T27] Call trace:
[ 9274.266185][   T27]  __switch_to+0x584/0xb20 (T)
[ 9274.266820][   T27]  __schedule+0x1eec/0x33a4
[ 9274.267303][   T27]  schedule+0xac/0x27c
[ 9274.267771][   T27]  schedule_timeout+0x5c/0x1e4
[ 9274.268294][   T27]  do_wait_for_common+0x28c/0x444
[ 9274.268764][   T27]  wait_for_completion+0x44/0x5c
[ 9274.269223][   T27]  __synchronize_srcu+0x2a4/0x320
[ 9274.269721][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 9274.270220][   T27]  __mmu_notifier_release+0x424/0x614
[ 9274.270669][   T27]  exit_mmap+0xbc/0xbbc
[ 9274.271095][   T27]  __mmput+0x10c/0x530
[ 9274.271624][   T27]  mmput+0x70/0xac
[ 9274.272134][   T27]  exit_mm+0x158/0x258
[ 9274.374193][   T27]  do_exit+0x788/0x2378
[ 9274.374873][   T27]  do_group_exit+0x1d4/0x2ac
[ 9274.375381][   T27]  get_signal+0x1440/0x1554
[ 9274.375900][   T27]  arch_do_signal_or_restart+0x23c/0x4d98
[ 9274.376430][   T27]  exit_to_user_mode_loop+0x7c/0x178
[ 9274.376880][   T27]  el0_svc+0x170/0x234
[ 9274.377394][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 9274.377892][   T27]  el0t_64_sync+0x198/0x19c
[ 9274.379299][   T27] 
[ 9274.379299][   T27] Showing all locks held in the system:
[ 9274.379793][   T27] 1 lock held by khungtaskd/27:
[ 9274.380184][   T27]  #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 9274.494367][   T27] 1 lock held by klogd/3129:
[ 9274.494878][   T27] 2 locks held by getty/3194:
[ 9274.495255][   T27]  #0: b7f00000120328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 9274.497118][   T27]  #1: 98ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 9274.498864][   T27] 4 locks held by sshd-session/3322:
[ 9274.499178][   T27] 2 locks held by syz-executor/3323:
[ 9274.499526][   T27] 2 locks held by kworker/u4:1/3869:
[ 9274.499873][   T27]  #0: bef000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18
[ 9274.501511][   T27]  #1: ffff80008ea27c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18
[ 9274.625827][   T27] 3 locks held by kworker/u4:2/5973:
[ 9274.626222][   T27] 3 locks held by kworker/u4:9/6736:
[ 9274.626579][   T27] 3 locks held by kworker/u4:3/7087:
[ 9274.626893][   T27] 2 locks held by syz.2.1515/7815:
[ 9274.627221][   T27] 2 locks held by kworker/u4:6/7849:
[ 9274.627578][   T27] 3 locks held by kworker/u4:8/7918:
[ 9274.627916][   T27] 3 locks held by kworker/u4:12/7921:
[ 9274.628256][   T27] 3 locks held by syz-executor/8005:
[ 9274.628571][   T27] 2 locks held by modprobe/8018:
[ 9274.629010][   T27] 
[ 9274.629294][   T27] =============================================
[ 9274.629294][   T27] 
[ 9294.814421][   T27] INFO: task syz.3.1516:7819 blocked for more than 450 seconds.
[ 9294.833594][   T27]       Not tainted syzkaller #0
[ 9294.834301][   T27]       Blocked by coredump.
[ 9294.834596][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 9294.834848][   T27] task:syz.3.1516      state:D stack:0     pid:7819  tgid:7817  ppid:6646   task_flags:0x40044c flags:0x00000018
[ 9294.835598][   T27] Call trace:
[ 9294.835890][   T27]  __switch_to+0x584/0xb20 (T)
[ 9294.836447][   T27]  __schedule+0x1eec/0x33a4
[ 9294.836899][   T27]  schedule+0xac/0x27c
[ 9294.837360][   T27]  schedule_timeout+0x5c/0x1e4
[ 9294.837849][   T27]  do_wait_for_common+0x28c/0x444
[ 9294.838332][   T27]  wait_for_completion+0x44/0x5c
[ 9294.838789][   T27]  __synchronize_srcu+0x2a4/0x320
[ 9294.839299][   T27]  synchronize_srcu+0x3cc/0x4f0
[ 9294.839794][   T27]  __mmu_notifier_release+0x424/0x614
[ 9294.840256][   T27]  exit_mmap+0xbc/0xbbc
[ 9294.840709][   T27]  __mmput+0x10c/0x530
[ 9294.841193][   T27]  mmput+0x70/0xac
[ 9294.841696][   T27]  exit_mm+0x158/0x258
[ 9294.842155][   T27]  do_exit+0x788/0x2378
[ 9294.904086][   T27]  do_group_exit+0x1d4/0x2ac
[ 9294.904733][   T27]  get_signal+0x1440/0x1554
[ 9294.905253][   T27]  arch_do_signal_or_restart+0x23c/0x4d98
[ 9294.905781][   T27]  exit_to_user_mode_loop+0x7c/0x178
[ 9294.906226][   T27]  el0_svc+0x170/0x234
[ 9294.906729][   T27]  el0t_64_sync_handler+0x84/0x12c
[ 9294.907230][   T27]  el0t_64_sync+0x198/0x19c
[ 9294.907882][   T27] 
[ 9294.907882][   T27] Showing all locks held in the system:
[ 9294.908178][   T27] 1 lock held by khungtaskd/27:
[ 9294.908522][   T27]  #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48
[ 9294.910289][   T27] 2 locks held by getty/3194:
[ 9294.910629][   T27]  #0: b7f00000120328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[ 9294.960432][   T27]  #1: 98ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8
[ 9295.104270][   T27] 3 locks held by kworker/u4:2/5973:
[ 9295.115496][   T27] 2 locks held by kworker/u4:9/6736:
[ 9295.116026][   T27] 2 locks held by syz.2.1515/7815:
[ 9295.116414][   T27] 3 locks held by kworker/u4:6/7849:
[ 9295.116765][   T27] 6 locks held by kworker/u4:8/7918:
[ 9295.117066][   T27] 3 locks held by kworker/u4:10/7919:
[ 9295.117393][   T27] 3 locks held by kworker/u4:12/7921:
[ 9295.117697][   T27] 3 locks held by kworker/0:7/7993:
[ 9295.117990][   T27] 1 lock held by syz-executor/8013:
[ 9295.118378][   T27] 
[ 9295.118623][   T27] =============================================
[ 9295.118623][   T27]