last executing test programs:

1m3.412619459s ago: executing program 0 (id=120):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bde000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@smc={0x1e, 0x40, {0xc4000053, [0x3, 0x4b8, 0x3, 0x3, 0xa]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r11, 0x0)
syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x141000, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, &(0x7f0000000300)=[@its_setup={0x82, 0x28, {0x0, 0x0, 0x46}}, @mrs={0xbe, 0x18, {0x603000000013e08c}}, @mrs={0xbe, 0x18, {0x2f5dff869795a149}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x80, 0x94}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x29}}, @svc={0x122, 0x40, {0xc4000005, [0x4, 0xffff, 0x3, 0xfffffffff20c1e4d, 0xfffffffffffffff9]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x10, 0x1, 0x8}}, @smc={0x1e, 0x40, {0xc4000007, [0x3, 0x8000000000000000, 0x7, 0xa8, 0x7]}}, @uexit={0x0, 0x18, 0x5}, @mrs={0xbe, 0x18, {0x603000000013c300}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1}}], 0x1b8}, &(0x7f0000000100)=[@featur2={0x1, 0x53}], 0x1)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000140)={0x4, <r14=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x40305828, &(0x7f0000000240)=@attr_other={0x0, 0x8, 0x80000000, &(0x7f00000001c0)=0x40})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x10000000000002b)
ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x1)

51.467616367s ago: executing program 0 (id=122):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x8600ff01, [0x8, 0xfffffffffffffff7, 0x40000000000000, 0x8, 0x1ff]}}, @svc={0x122, 0x40, {0x84000004, [0x6, 0x1, 0x400, 0x4, 0x80000000]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x1, 0x2, 0x3, 0x3, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x0, 0x9, 0x9, 0x1000}}, @svc={0x122, 0x40, {0x84000052, [0x5, 0x80000001, 0xc, 0x87, 0xa8]}}, @uexit={0x0, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x3, 0x5, 0x6f364a34, 0x8}}, @uexit={0x0, 0x18, 0xff}, @eret={0xe6, 0x18, 0x8}, @uexit={0x0, 0x18, 0x177}, @uexit={0x0, 0x18, 0x1}, @hvc={0x32, 0x40, {0xc4000003, [0x800, 0x10001, 0x10, 0x2, 0x345eefd4]}}, @smc={0x1e, 0x40, {0x84000053, [0x9, 0x200, 0x9, 0x1]}}, @smc={0x1e, 0x40, {0x40001008, [0x4, 0x3, 0x6, 0x8, 0x1]}}, @svc={0x122, 0x40, {0x3f000000, [0x7fffffff, 0xfffffffffffffffa, 0x813, 0x8, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x4, 0x4, 0x5}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0xc9f9}}, @msr={0x14, 0x20, {0x6030000000138006, 0xb542}}, @uexit={0x0, 0x18, 0x64}, @msr={0x14, 0x20, {0x603000000013df72, 0xff}}, @code={0xa, 0x6c, {"0060002f000028d500a49f0d000008d5c0ac9cd200a0b8f2410180d2220180d2030080d2440180d2020000d4007008d5007008d50000004be0d297d20040b0f2410080d2420180d2e30080d2840180d2020000d40000599e"}}, @irq_setup={0x46, 0x18, {0x0, 0x376}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x3c9}}, @smc={0x1e, 0x40, {0xc5000021, [0x7, 0xfffffffffffffff6, 0x5, 0x3b9]}}, @irq_setup={0x46, 0x18, {0x4, 0x5c}}, @mrs={0xbe, 0x18, {0x603000000013c681}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x1, 0x0, 0xfffffe00, 0x2e5}}, @uexit={0x0, 0x18, 0x1}], 0x4bc}], 0x1, 0x0, &(0x7f0000000040)=[@featur1={0x1, 0x40}], 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

51.405037573s ago: executing program 1 (id=123):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@msr={0x14, 0x20, {0x603000000013e728, 0x3}}, @smc={0x1e, 0x40, {0xffff, [0x4, 0x0, 0x9e5b, 0x31d, 0x8]}}, @memwrite={0x6e, 0x30, @generic={0x0, 0x297, 0x7, 0xe}}, @uexit={0x0, 0x18, 0x8}, @uexit={0x0, 0x18}, @mrs={0xbe, 0x18, {0x603000000013e102}}, @msr={0x14, 0x20, {0x603000000013f518, 0x7}}, @hvc={0x32, 0x40, {0x84000008, [0xfffffffffffffffe, 0x1ff, 0xe, 0x2, 0x2]}}, @irq_setup={0x46, 0x18, {0x1, 0xa5}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x2e4}}, @hvc={0x32, 0x40, {0x84000007, [0x4ad, 0x2, 0x3ff, 0xe1]}}, @msr={0x14, 0x20, {0xf50e5f60a6d580b6, 0x2}}, @svc={0x122, 0x40, {0x86000000, [0x4c89, 0x80, 0x5, 0x3, 0x7]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0xe3}}, @svc={0x122, 0x40, {0x400, [0x1, 0x400, 0x2, 0x21, 0xfffffffffffffff7]}}, @msr={0x14, 0x20, {0x603000000013e088, 0xa}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x315}}], 0x2c8}, &(0x7f0000000380)=[@featur1={0x1, 0x1}], 0x1)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f00000003c0)={0x4, 0xfec53000})
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
r6 = ioctl$KVM_CREATE_VM(r5, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xb701, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xb701, 0x80002)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

43.435307313s ago: executing program 0 (id=124):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xb6)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x603000000010001e, &(0x7f0000000100)=0xc5c5})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0xffffffffffffffff)

42.771885974s ago: executing program 1 (id=125):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x4400, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x1) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async, rerun: 32)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x126}}, @code={0xa, 0x6c, {"0020bf0d0000629e0038201e0088a10e00b8210e008008d500288ad200c0b8f2610080d2a20180d2630180d2240180d2020000d4008008d50038300ec0f29ed200c0b0f2c10180d2c20180d2a30080d2640180d2020000d4"}}, @msr={0x14, 0x20, {0xa55596352fcb1aae, 0x9}}], 0xb4}, &(0x7f00000001c0)=[@featur2={0x1, 0x50}], 0x1) (rerun: 32)
r3 = mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, r1, 0x8, 0x20010, r2, 0x0) (async, rerun: 32)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0) (rerun: 32)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x3) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, r1, 0x2000000, 0x1010, r2, 0x0) (rerun: 64)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000240)={0x0, <r5=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f00000002c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000280)=0x4f}) (async)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000300)={0x4, 0xa000, 0x5, 0x0, 0x1})
ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2b)
ioctl$KVM_GET_DEVICE_ATTR_vm(r6, 0x4018aee2, &(0x7f0000000380)=@attr_other={0x0, 0x4, 0x1, &(0x7f0000000340)=0x5}) (async)
ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f00000003c0)={0xc0, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000400)="e2f0201965c22eebeea45d1a8ea661899ba326230aaeaddee104683c1a9e28105063738f53522f127ad9155d824d8cc88e87adb8cd9f3c62fdbdc3ca453ca897913496c8729f2a6d", 0x0, 0x48)
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f00000004c0)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000480)=0xffffffffffff5d6c}) (async)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000500)={0x9, 0xffffffffffffffff, 0x1}) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r1, 0x1, 0xd351a6632ec2f59c, r7, 0x0) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_S390_VCPU_FAULT(r8, 0x4008ae52, &(0x7f0000000540)=0x7)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x3a)
ioctl$KVM_SET_GSI_ROUTING(r9, 0x4008ae6a, &(0x7f0000000580)={0x4, 0x0, [{0x8, 0x1, 0x0, 0x0, @irqchip={0x0, 0x4}}, {0x6, 0x3, 0x1, 0x0, @msi={0x8, 0x1ff, 0x80000000, 0x1}}, {0x800, 0x4, 0x0, 0x0, @adapter={0xfffffffffffffff9, 0x9, 0x6, 0x31, 0xfffffffa}}, {0x1, 0x1, 0x1, 0x0, @sint={0x10, 0x9}}]}) (async)
ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f0000000680)={0x101, 0xb})

34.946215982s ago: executing program 1 (id=126):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000100)={0x1, 0x0, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0x1, 0x308, &(0x7f0000000000)=0xd46})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x20)
r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013c03d, &(0x7f0000000080)=0x200})
r7 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f0000000640)=[@smc={0x1e, 0x40, {0xc4000012, [0x0, 0x4, 0x0, 0x4, 0x8001]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = ioctl$KVM_GET_STATS_FD_cpu(r7, 0xaece)
r9 = eventfd2(0x3428, 0x800)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000000c0)={r8, 0x0, 0x0, r9})

33.924727637s ago: executing program 0 (id=127):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x26e8, 0x0, 0x8080000, 0x1000, &(0x7f0000ccc000/0x1000)=nil})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)

13.17083713s ago: executing program 0 (id=128):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x8, 0x8000000000000001, 0xffffffffffffffff})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bc5000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013dce6}}], 0x18}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
r7 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000000c0)={0x2, 0x4, 0x1}})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

12.571129386s ago: executing program 1 (id=129):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80180, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0x5450, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0xfffffe1a, 0xfffffffffffffffc, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80180, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r1, 0x5450, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0xfffffe1a, 0xfffffffffffffffc, 0x0}) (async)

6.063560314s ago: executing program 1 (id=130):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000040)={0x5})
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x2, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r2})

5.371243778s ago: executing program 0 (id=131):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000240)={0x26000, 0x4000})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, <r8=>0xffffffffffffffff})
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x2, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x3, 0x10000, 0x0, 0x100, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async, rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

0s ago: executing program 1 (id=132):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000001c0)={0x9, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0xfffffffffffffffc})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="46000d000000000018a11e19000000000000000100000020"], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

[  382.301759][ T3166] 8021q: adding VLAN 0 to HW filter on device bond0
[  432.663342][ T3166] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:59098' (ED25519) to the list of known hosts.
[  598.463467][   T25] audit: type=1400 audit(597.680:60): avc:  denied  { name_bind } for  pid=3324 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  599.312423][   T25] audit: type=1400 audit(598.540:61): avc:  denied  { execute } for  pid=3325 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  599.332869][   T25] audit: type=1400 audit(598.560:62): avc:  denied  { execute_no_trans } for  pid=3325 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  619.470666][   T25] audit: type=1400 audit(618.690:63): avc:  denied  { mounton } for  pid=3325 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  619.530372][   T25] audit: type=1400 audit(618.750:64): avc:  denied  { mount } for  pid=3325 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  619.613493][ T3325] cgroup: Unknown subsys name 'net'
[  619.681680][   T25] audit: type=1400 audit(618.910:65): avc:  denied  { unmount } for  pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  620.136782][ T3325] cgroup: Unknown subsys name 'cpuset'
[  620.281591][ T3325] cgroup: Unknown subsys name 'rlimit'
[  621.235348][   T25] audit: type=1400 audit(620.460:66): avc:  denied  { setattr } for  pid=3325 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  621.254670][   T25] audit: type=1400 audit(620.480:67): avc:  denied  { mounton } for  pid=3325 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  621.281699][   T25] audit: type=1400 audit(620.500:68): avc:  denied  { mount } for  pid=3325 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  622.292315][ T3329] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  622.313500][   T25] audit: type=1400 audit(621.530:69): avc:  denied  { relabelto } for  pid=3329 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  622.338525][   T25] audit: type=1400 audit(621.560:70): avc:  denied  { write } for  pid=3329 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  622.521287][   T25] audit: type=1400 audit(621.740:71): avc:  denied  { read } for  pid=3325 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  622.536095][   T25] audit: type=1400 audit(621.760:72): avc:  denied  { open } for  pid=3325 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  622.583108][ T3325] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  675.402300][   T25] audit: type=1400 audit(674.600:73): avc:  denied  { execmem } for  pid=3330 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  679.805153][   T25] audit: type=1400 audit(679.030:74): avc:  denied  { read } for  pid=3332 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  679.839536][   T25] audit: type=1400 audit(679.040:75): avc:  denied  { open } for  pid=3332 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  679.900204][   T25] audit: type=1400 audit(679.110:76): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  680.154546][   T25] audit: type=1400 audit(679.380:77): avc:  denied  { module_request } for  pid=3333 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  681.136322][   T25] audit: type=1400 audit(680.360:78): avc:  denied  { sys_module } for  pid=3332 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  707.376660][ T3333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  707.641162][ T3333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  707.704339][ T3332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  707.949002][ T3332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  719.574662][ T3333] hsr_slave_0: entered promiscuous mode
[  719.602637][ T3333] hsr_slave_1: entered promiscuous mode
[  720.531326][ T3332] hsr_slave_0: entered promiscuous mode
[  720.563778][ T3332] hsr_slave_1: entered promiscuous mode
[  720.603692][ T3332] debugfs: 'hsr0' already exists in 'hsr'
[  720.609991][ T3332] Cannot create hsr debugfs directory
[  726.289697][   T25] audit: type=1400 audit(725.470:79): avc:  denied  { create } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  726.296573][   T25] audit: type=1400 audit(725.510:80): avc:  denied  { write } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  726.355255][   T25] audit: type=1400 audit(725.580:81): avc:  denied  { read } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  726.505540][ T3333] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  726.786278][ T3333] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  727.105599][ T3333] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  727.556265][ T3333] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  729.103931][ T3332] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  729.276491][ T3332] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  729.441420][ T3332] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  729.576266][ T3332] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  741.254993][ T3333] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.221817][ T3332] 8021q: adding VLAN 0 to HW filter on device bond0
[  794.768342][ T3333] veth0_vlan: entered promiscuous mode
[  795.331299][ T3333] veth1_vlan: entered promiscuous mode
[  797.336839][ T3332] veth0_vlan: entered promiscuous mode
[  797.406257][ T3333] veth0_macvtap: entered promiscuous mode
[  797.835386][ T3333] veth1_macvtap: entered promiscuous mode
[  798.105642][ T3332] veth1_vlan: entered promiscuous mode
[  800.315162][   T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  800.404736][   T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  800.412074][   T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  800.573391][   T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  800.963560][ T3332] veth0_macvtap: entered promiscuous mode
[  801.376002][ T3332] veth1_macvtap: entered promiscuous mode
[  802.964401][   T25] audit: type=1400 audit(802.180:82): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  803.149321][   T25] audit: type=1400 audit(802.360:83): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzkaller.QsS9lg/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  803.362059][   T25] audit: type=1400 audit(802.590:84): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  803.990881][   T25] audit: type=1400 audit(803.190:85): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzkaller.QsS9lg/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  804.089398][   T25] audit: type=1400 audit(803.310:86): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/syzkaller.QsS9lg/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3788 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  804.143564][ T3363] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  804.179796][ T2124] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  804.181015][ T2124] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  804.181848][ T2124] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  804.650323][   T25] audit: type=1400 audit(803.870:87): avc:  denied  { unmount } for  pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  804.909357][   T25] audit: type=1400 audit(804.090:88): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  804.976671][   T25] audit: type=1400 audit(804.200:89): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="gadgetfs" ino=3798 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  805.541314][   T25] audit: type=1400 audit(804.720:90): avc:  denied  { mount } for  pid=3333 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  805.611504][   T25] audit: type=1400 audit(804.840:91): avc:  denied  { mounton } for  pid=3333 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  806.680127][ T3333] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  816.394484][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  816.406060][   T25] audit: type=1400 audit(815.620:96): avc:  denied  { read } for  pid=3485 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  816.425969][   T25] audit: type=1400 audit(815.650:97): avc:  denied  { open } for  pid=3485 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  816.535829][   T25] audit: type=1400 audit(815.760:98): avc:  denied  { ioctl } for  pid=3485 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  827.013604][   T25] audit: type=1400 audit(826.220:99): avc:  denied  { write } for  pid=3495 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  832.983476][   T25] audit: type=1400 audit(832.200:100): avc:  denied  { append } for  pid=3499 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  848.516395][   T25] audit: type=1400 audit(847.640:101): avc:  denied  { create } for  pid=3505 comm="syz.0.7" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  848.699247][   T25] audit: type=1400 audit(847.900:102): avc:  denied  { map } for  pid=3505 comm="syz.0.7" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=4199 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  848.851844][   T25] audit: type=1400 audit(847.950:103): avc:  denied  { read } for  pid=3505 comm="syz.0.7" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=4199 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  860.123221][   T25] audit: type=1400 audit(859.340:104): avc:  denied  { execute } for  pid=3515 comm="syz.1.10" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4354 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1012.923392][   T25] audit: type=1400 audit(1012.150:105): avc:  denied  { write } for  pid=3613 comm="syz.0.41" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=5880 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1131.886748][   T25] audit: type=1400 audit(1131.110:106): avc:  denied  { ioctl } for  pid=3699 comm="syz.1.66" path="net:[4026532625]" dev="nsfs" ino=4026532625 ioctlcmd=0xb703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1301.125954][   T25] audit: type=1400 audit(1300.330:107): avc:  denied  { setattr } for  pid=3814 comm="syz.0.98" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1392.939514][ T3879] kvm [3879]: Failed to find VMA for hva 0x21016000
[ 1393.004472][ T3878] kvm [3878]: Failed to find VMA for hva 0x21016000
[ 1472.630693][ T3921] Unable to handle kernel paging request at virtual address ffef800000000001
[ 1472.683742][ T3921] KASAN: maybe wild-memory-access in range [0xff00000000000010-0xff0000000000001f]
[ 1472.758263][ T3921] Mem abort info:
[ 1472.774247][ T3921]   ESR = 0x0000000096000004
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1472.850335][   T25] audit: type=1400 audit(1471.990:108): avc:  denied  { read } for  pid=3125 comm="syslogd" name="log" dev="vda" ino=1857 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 1472.863663][   T25] audit: type=1400 audit(1472.080:109): avc:  denied  { search } for  pid=3125 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1472.868968][ T3921]   EC = 0x25: DABT (current EL), IL = 32 bits
[ 1472.869525][ T3921]   SET = 0, FnV = 0
[ 1472.869853][ T3921]   EA = 0, S1PTW = 0
[ 1472.870182][ T3921]   FSC = 0x04: level 0 translation fault
[ 1472.870635][ T3921] Data abort info:
[ 1472.870992][ T3921]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 1472.871355][ T3921]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 1472.871697][ T3921]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 1472.872196][ T3921] [ffef800000000001] address between user and kernel address ranges
[ 1472.873930][ T3921] Internal error: Oops: 0000000096000004 [#1]  SMP
[ 1472.888401][ T3921] Modules linked in:
[ 1472.890589][ T3921] CPU: 0 UID: 0 PID: 3921 Comm: syz.0.131 Not tainted syzkaller #0 PREEMPT 
[ 1472.892520][ T3921] Hardware name: linux,dummy-virt (DT)
[ 1472.894006][ T3921] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1472.895685][ T3921] pc : vgic_its_save_tables_v0+0x3b0/0xe38
[ 1472.898206][ T3921] lr : vgic_its_save_tables_v0+0x308/0xe38
[ 1472.899589][ T3921] sp : ffff80008e867bf0
[ 1472.900578][ T3921] x29: ffff80008e867c70 x28: 59f000001e32a4f0 x27: 0000000000000000
[ 1472.902564][ T3921] x26: 00000000000000ea x25: e2f000001e90e0c0 x24: 7bf000001eb96bc0
[ 1472.904320][ T3921] x23: 59f000001e32a438 x22: b9070000c0000600 x21: 3ff000001eb96c00
[ 1472.906080][ T3921] x20: 38f000001eb96b90 x19: efff800000000000 x18: 0000000000000000
[ 1472.907840][ T3921] x17: 000000000000008a x16: ffff800080011d9c x15: 0000000020000300
[ 1472.909553][ T3921] x14: 0000000000000002 x13: fff000000d350008 x12: 0ff0000000000001
[ 1472.911275][ T3921] x11: 0000000000000010 x10: 0000000000002000 x9 : 0000000000000000
[ 1472.913077][ T3921] x8 : 0001000000000000 x7 : ffff80008024d408 x6 : 0000000000000000
[ 1472.914603][ T3921] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080166870
[ 1472.916272][ T3921] x2 : 3ff000001eb96c00 x1 : 0000000000000000 x0 : 0000000000000000
[ 1472.918182][ T3921] Call trace:
[ 1472.919242][ T3921]  vgic_its_save_tables_v0+0x3b0/0xe38 (P)
[ 1472.920905][ T3921]  vgic_its_set_attr+0x65c/0x860
[ 1472.922055][ T3921]  kvm_device_ioctl+0x354/0x418
[ 1472.923172][ T3921]  __arm64_sys_ioctl+0x18c/0x244
[ 1472.924275][ T3921]  invoke_syscall+0x90/0x238
[ 1472.925403][ T3921]  el0_svc_common+0x180/0x2f4
[ 1472.926539][ T3921]  do_el0_svc+0x58/0x74
[ 1472.927608][ T3921]  el0_svc+0x5c/0x234
[ 1472.928657][ T3921]  el0t_64_sync_handler+0x84/0x12c
[ 1472.929889][ T3921]  el0t_64_sync+0x198/0x19c
[ 1472.931586][ T3921] Code: 9100412b b2481d69 d344fd2c d378fd69 (386c6a6c) 
[ 1472.933762][ T3921] ---[ end trace 0000000000000000 ]---
[ 1472.935556][ T3921] Kernel panic - not syncing: Oops: Fatal exception
[ 1472.937706][ T3921] Kernel Offset: disabled
[ 1472.938621][ T3921] CPU features: 0x000000,00068c01,7ef8cfa1,057ffe1f
[ 1472.940004][ T3921] Memory Limit: none
[ 1472.941833][ T3921] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:29:08  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000804627d8 X00=0000000000000000 X01=ffff80008743f718
X02=f3f0000014ae4ce2 X03=ffff8000865cdfc8 X04=0000000000000000
X05=0000000000000000 X06=0000000000000000 X07=ffff8000855720bc
X08=91f000001216d940 X09=0000000000000026 X10=0000000000ff0100
X11=000000000000004c X12=0000000000ff0100 X13=0000000000000003
X14=0000000000000000 X15=ffff80008c5c7690 X16=ffff800080010e20
X17=0000000000000068 X18=00000000000000ff X19=efff800000000000
X20=0000000000000001 X21=0000000000000008 X22=0000000000000003
X23=26f0000010dcb110 X24=26f0000010dcb120 X25=0000000000000000
X26=8ef0000014b0a000 X27=def0000010d6cd80 X28=0000000000000026
X29=ffff80008c5c7cf0 X30=ffff800082fb298c  SP=ffff80008c5c7b30
PSTATE=40402009 -Z-- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0d00000000000000:0d00000000000000 Z01=0000000d00000000:0000000000000000
Z02=000000000000000d:0000000000000000 Z03=00d000a800000000:0000000000000000
Z04=0000000000000000:0000000000000002 Z05=000000000000000d:0000000000000002
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffc483ecf0:0000ffffc483ecf0 Z17=ffffff80ffffffd0:0000ffffc483ecc0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000