last executing test programs:

2h7m7.278194662s ago: executing program 0 (id=1):
ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000))

2h7m5.151608926s ago: executing program 0 (id=3):
write(0xffffffffffffffff, &(0x7f0000000000), 0x0)

2h7m3.406346637s ago: executing program 0 (id=5):
munmap(0x0, 0x0)

2h7m0.178839115s ago: executing program 0 (id=7):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0)

2h6m43.458493238s ago: executing program 0 (id=8):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1m14.92596995s ago: executing program 2 (id=919):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000000)=0x26})
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xf)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa000, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x80)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f00000001c0)={0x2400004, 0xe0fa})

1m14.650717091s ago: executing program 1 (id=920):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000005, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x2, 0x102000})
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2000009, 0x4102932, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x4, 0x0, 0x0, 0xffffffffffffffff, 0x1})

59.945938559s ago: executing program 1 (id=921):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x4000})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x0, 0x100000f, 0x1010, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_REGS(r4, 0x4360ae82, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000340)={0x5})

59.568950588s ago: executing program 2 (id=922):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_kvm_add_vcpu(0x0, &(0x7f0000000640)={0x0, &(0x7f0000000040)=[@uexit={0x0, 0x18, 0x1}, @irq_setup={0x5, 0x18, {0x1, 0x225}}, @memwrite={0x6, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x100, 0x6}}, @uexit={0x0, 0x18, 0x101}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x1c00, 0x3f, 0x8}}, @its_send_cmd={0x8, 0x28, {0x5, 0x0, 0x1, 0x10, 0x0, 0x4, 0x4}}, @smc={0x3, 0x40, {0xc400000e, [0x7f, 0x1, 0x9, 0x8, 0x9]}}, @uexit={0x0, 0x18, 0xe}, @msr={0x2, 0x20, {0x603000000013d921, 0xff}}, @memwrite={0x6, 0x30, @vgic_gits={0x8080000, 0x1ffc8, 0x8720, 0x4}}, @code={0x1, 0xcc, {"a0d39bd20040b0f2c10180d2a20180d2a30080d2e40180d2020000d4000000b1a08295d200a0b0f2c10080d2220080d2030080d2840180d2020000d4008008d5c08187d20060b0f2a10180d2820080d2430080d2640180d2020000d40050c01a807797d20060b0f2c10080d2e20080d2c30180d2240080d2020000d4a06194d200a0b8f2e10080d2a20080d2a30180d2a40080d2020000d480ad9bd200c0b8f2010180d2e20180d2e30080d2240180d2020000d4000400f8"}}, @smc={0x3, 0x40, {0x84000007, [0x584, 0x2, 0x9, 0xfffffffffffffffc, 0x7]}}, @its_setup={0x7, 0x28, {0x0, 0x3, 0x1a5}}, @msr={0x2, 0x20, {0x603000000013df79, 0x8}}, @its_send_cmd={0x8, 0x28, {0xb, 0x1, 0x3, 0xb, 0x81, 0xfffff4e9, 0x1}}, @code={0x1, 0x9c, {"007008d5606692d200c0b8f2210180d2c20080d2430180d2240180d2020000d440da93d20000b8f2e10180d2c20180d2c30180d2640180d2020000d4a00c82d20020b0f2410080d2220080d2430180d2a40180d2020000d4000008d5e0e788d20040b8f2c10080d2620180d2e30080d2640080d2020000d40030000e000880780004c0da001c0013"}}, @its_send_cmd={0x8, 0x28, {0xb, 0x0, 0x2, 0x3, 0xcd, 0x9}}, @uexit={0x0, 0x18, 0x8}, @irq_setup={0x5, 0x18, {0x0, 0x74}}, @memwrite={0x6, 0x30, @generic={0x1000, 0xa42, 0xfffffffffffffffb, 0x10}}, @uexit={0x0, 0x18, 0x10}, @memwrite={0x6, 0x30, @vgic_gicr={0x80c0000, 0x100, 0x1, 0x1}}, @uexit={0x0, 0x18, 0x4}, @its_send_cmd={0x8, 0x28, {0xb, 0x0, 0x1, 0x2, 0x5, 0x10, 0x4}}, @uexit={0x0, 0x18, 0x9}, @code={0x1, 0x9c, {"e0bb85d20000b0f2e10180d2820080d2830080d2a40180d2020000d40000c0ac000028d560188bd20000b8f2e10180d2220180d2230080d2a40080d2020000d4202e89d20060b0f2010180d2620180d2a30080d2040080d2020000d4008008d50008200e00a4004f00cb96d20020b0f2810180d2a20080d2030180d2840080d2020000d4007c0053"}}, @uexit={0x0, 0x18, 0x4}, @its_send_cmd={0x8, 0x28, {0xe, 0x0, 0x4, 0x0, 0x3, 0xa}}, @its_send_cmd={0x8, 0x28, {0x1, 0x0, 0x0, 0xd, 0x2}}, @hvc={0x4, 0x40, {0x1, [0x4, 0x1, 0x9, 0x3e, 0x972b]}}], 0x5fc}, &(0x7f0000000680)=[@featur2], 0x1)
syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000000000/0x400000)=nil, &(0x7f00000009c0)=[{0x0, &(0x7f00000006c0)=[@msr={0x2, 0x20, {0x603000000013df12, 0xf}}, @its_setup={0x7, 0x28, {0x1, 0x1, 0x181}}, @code={0x1, 0x6c, {"000008d50000c038007008d50084200e00c0271ec0469cd200e0b0f2c10080d2820180d2c30180d2040080d2020000d4606789d20020b0f2610180d2020080d2030180d2240180d2020000d4007008d50024c09a0078000e"}}, @smc={0x3, 0x40, {0xc4000011, [0x800, 0x1, 0x9, 0x5, 0xba0]}}, @its_setup={0x7, 0x28, {0x0, 0x0, 0x2cf}}, @uexit={0x0, 0x18, 0x1}, @its_setup={0x7, 0x28, {0x0, 0x4, 0x153}}, @uexit={0x0, 0x18, 0xf24}, @its_setup={0x7, 0x28, {0x3, 0x2, 0x2c4}}, @hvc={0x4, 0x40, {0x84000011, [0x2, 0x0, 0x8, 0x5, 0x101]}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x3000, 0x9, 0x8}}, @its_setup={0x7, 0x28, {0x3, 0x2, 0x3d5}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x400}, @its_send_cmd={0x8, 0x28, {0x5, 0x1, 0x2, 0xe, 0x10001, 0x10001, 0x2}}, @msr={0x2, 0x20, {0x603000000013c4c9, 0x6}}, @msr={0x2, 0x20, {0x603000000013deb9, 0x5aa8b523}}, @irq_setup={0x5, 0x18, {0x1, 0x1dc}}], 0x2e4}], 0x1, 0x0, &(0x7f0000000a00)=[@featur2={0x1, 0x40}], 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r1, 0x100000b, 0x28031, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2640, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0x4020940d, 0x20000000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)

48.1795428s ago: executing program 2 (id=923):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
eventfd2(0x0, 0xc00)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xe3)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="02000000000000002000000000000000e2dc130000003060ffff00000000000003000000000000004000000000000000040000000000000008000000000000007f000000000000009ca0e1510000000006000000000000000100000000000000060000000000000030000000000000000000080800000000040000000000000008000000000000"], 0x5e0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

46.856356024s ago: executing program 1 (id=924):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3f000000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0xffffffffffffffff)

33.426132799s ago: executing program 1 (id=925):
r0 = openat$kvm(0x0, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000000, 0x4f831, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000c90000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000efb000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000db0000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2800, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000240)={0x5, 0x1, 0xffff1000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

31.211543853s ago: executing program 2 (id=926):
close(0xffffffffffffffff)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

20.456249861s ago: executing program 2 (id=927):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x60100, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
close(0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x8000000})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
munmap(&(0x7f0000738000/0x3000)=nil, 0x3000)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f00009c0000/0x400000)=nil, &(0x7f00000001c0)=[{0x0, 0x0, 0xfffffffffffffff9}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000340)={0x5, 0x2})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000b9f000/0x1000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, r3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x930, 0x8, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)

16.670261921s ago: executing program 1 (id=928):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x4000})
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r0, 0x1, 0x100)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x0, 0x100000f, 0x1010, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_REGS(r5, 0x4360ae82, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000340)={0x5})

358.08µs ago: executing program 2 (id=929):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x62)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f00000001c0)={0x5})
ioctl$KVM_SET_GUEST_DEBUG(r7, 0x4208ae9b, &(0x7f0000000000)={0x30001, 0x0, [0x11, 0x2, 0x7c, 0xb, 0x2, 0xffff, 0xfffffffffffffff9, 0x3c7]})
syz_kvm_vgic_v3_setup(r6, 0x4, 0x100)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_kvm_add_vcpu(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x7, 0x28, {0x0, 0x1, 0x17}}, @memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x58}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x8, 0xffff, &(0x7f00000002c0)=0xffffffffffff0001})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x4, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000080)={0x5})
ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x6030000000140002, &(0x7f0000000100)=0xa})
syz_kvm_vgic_v3_setup(r10, 0x1, 0x60)

0s ago: executing program 1 (id=930):
r0 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000180)=@other={0x0, 0x0})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2000002, 0x4f832, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000100), 0x183a42, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x141242, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r4, r2, &(0x7f0000e58000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x18}], 0x1, 0x0, &(0x7f0000000140)=[@featur1={0x1, 0x9}], 0x1)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000200)={0x7})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000080)={0x5000, 0x0, 0x2, 0xffffffffffffffff, 0x1})
close(0x4)
close(0x5)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000000c0)={0x2, 0x0, [{0x6, 0x1, 0x1, 0x0, @sint={0x1, 0xc}}, {0x5d, 0x0, 0x0, 0x0, @irqchip={0x7, 0x3b}}]})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:41059' (ED25519) to the list of known hosts.
[  725.572360][   T24] audit: type=1400 audit(724.520:69): avc:  denied  { name_bind } for  pid=3279 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  726.882434][   T24] audit: type=1400 audit(725.830:70): avc:  denied  { execute } for  pid=3281 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  726.902412][   T24] audit: type=1400 audit(725.850:71): avc:  denied  { execute_no_trans } for  pid=3281 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  754.201473][   T24] audit: type=1400 audit(753.140:72): avc:  denied  { mounton } for  pid=3281 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  754.269577][   T24] audit: type=1400 audit(753.210:73): avc:  denied  { mount } for  pid=3281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  754.375927][ T3281] cgroup: Unknown subsys name 'net'
[  754.448292][   T24] audit: type=1400 audit(753.400:74): avc:  denied  { unmount } for  pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  754.987783][ T3281] cgroup: Unknown subsys name 'cpuset'
[  755.111058][ T3281] cgroup: Unknown subsys name 'rlimit'
[  756.437500][   T24] audit: type=1400 audit(755.380:75): avc:  denied  { setattr } for  pid=3281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  756.490905][   T24] audit: type=1400 audit(755.440:76): avc:  denied  { create } for  pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  756.519247][   T24] audit: type=1400 audit(755.450:77): avc:  denied  { write } for  pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  756.568169][   T24] audit: type=1400 audit(755.510:78): avc:  denied  { module_request } for  pid=3281 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  757.192690][   T24] audit: type=1400 audit(756.140:79): avc:  denied  { read } for  pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  757.288934][   T24] audit: type=1400 audit(756.230:80): avc:  denied  { mounton } for  pid=3281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  757.335775][   T24] audit: type=1400 audit(756.270:81): avc:  denied  { mount } for  pid=3281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  758.789307][ T3286] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[  759.120634][ T3281] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  814.772275][   T24] kauditd_printk_skb: 4 callbacks suppressed
[  814.772584][   T24] audit: type=1400 audit(813.720:86): avc:  denied  { execmem } for  pid=3287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  815.172467][   T24] audit: type=1400 audit(814.120:87): avc:  denied  { read } for  pid=3289 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  815.230000][   T24] audit: type=1400 audit(814.180:88): avc:  denied  { open } for  pid=3289 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  815.323120][   T24] audit: type=1400 audit(814.270:89): avc:  denied  { mounton } for  pid=3289 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  817.591127][   T24] audit: type=1400 audit(816.500:90): avc:  denied  { mount } for  pid=3290 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  817.700612][   T24] audit: type=1400 audit(816.650:91): avc:  denied  { mounton } for  pid=3290 comm="syz-executor" path="/syzkaller.PCY3Tt/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  817.809222][   T24] audit: type=1400 audit(816.750:92): avc:  denied  { mount } for  pid=3290 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  818.015702][   T24] audit: type=1400 audit(816.960:93): avc:  denied  { mounton } for  pid=3289 comm="syz-executor" path="/syzkaller.ChLuni/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  818.116345][   T24] audit: type=1400 audit(817.050:94): avc:  denied  { mounton } for  pid=3289 comm="syz-executor" path="/syzkaller.ChLuni/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2870 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  818.231519][   T24] audit: type=1400 audit(817.180:95): avc:  denied  { unmount } for  pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  827.490813][   T24] kauditd_printk_skb: 9 callbacks suppressed
[  827.491095][   T24] audit: type=1400 audit(826.440:105): avc:  denied  { read } for  pid=3300 comm="syz.0.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  827.588879][   T24] audit: type=1400 audit(826.480:106): avc:  denied  { open } for  pid=3300 comm="syz.0.7" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  827.671157][   T24] audit: type=1400 audit(826.560:107): avc:  denied  { write } for  pid=3300 comm="syz.0.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  831.152045][   T24] audit: type=1400 audit(830.100:108): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  837.032578][   T24] audit: type=1401 audit(835.980:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[  931.771590][   T24] audit: type=1400 audit(930.720:110): avc:  denied  { sys_module } for  pid=3307 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  971.242761][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  971.460497][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  971.600967][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  971.723000][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  986.730466][ T3307] hsr_slave_0: entered promiscuous mode
[  986.791536][ T3307] hsr_slave_1: entered promiscuous mode
[  988.057141][ T3309] hsr_slave_0: entered promiscuous mode
[  988.130699][ T3309] hsr_slave_1: entered promiscuous mode
[  988.206409][ T3309] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  988.211314][ T3309] Cannot create hsr debugfs directory
[  994.828492][ T3307] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  995.318946][ T3307] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  995.657776][ T3307] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  996.078121][ T3307] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  998.639196][ T3309] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  998.951609][ T3309] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  999.172387][ T3309] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  999.480352][ T3309] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1020.982107][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1025.673005][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1105.262792][ T3307] veth0_vlan: entered promiscuous mode
[ 1106.199423][ T3307] veth1_vlan: entered promiscuous mode
[ 1108.970262][ T3307] veth0_macvtap: entered promiscuous mode
[ 1109.298456][ T3309] veth0_vlan: entered promiscuous mode
[ 1109.669647][ T3307] veth1_macvtap: entered promiscuous mode
[ 1110.661996][ T3309] veth1_vlan: entered promiscuous mode
[ 1113.041107][ T3307] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1113.049746][ T3307] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1113.051655][ T3307] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1113.061119][ T3307] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1114.798488][ T3309] veth0_macvtap: entered promiscuous mode
[ 1115.688403][ T3309] veth1_macvtap: entered promiscuous mode
[ 1119.141905][ T3309] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1119.177517][ T3309] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1119.179742][ T3309] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1119.181704][ T3309] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.733131][ T3307] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 1141.742305][   T24] audit: type=1400 audit(1140.690:111): avc:  denied  { append } for  pid=3458 comm="syz.1.11" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1142.518136][   T24] audit: type=1400 audit(1141.420:112): avc:  denied  { ioctl } for  pid=3458 comm="syz.1.11" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1244.671973][   T24] audit: type=1400 audit(1243.620:113): avc:  denied  { setattr } for  pid=3504 comm="syz.1.31" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1275.057455][   T24] audit: type=1400 audit(1273.990:114): avc:  denied  { execute } for  pid=3516 comm="syz.1.37" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4032 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1988.836629][   T24] audit: type=1400 audit(1987.780:115): avc:  denied  { map } for  pid=3834 comm="syz.2.152" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2551.232723][   T24] audit: type=1400 audit(2550.150:116): avc:  denied  { map } for  pid=4085 comm="syz.2.232" path="pipe:[2968]" dev="pipefs" ino=2968 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 3717.250909][ T4615] kvm [4615]: Failed to find VMA for hva 0x21016000
[ 3751.780628][ T4630] kvm [4630]: Failed to find VMA for hva 0x21016000
[ 3779.101795][ T4641] kvm [4641]: Failed to find VMA for hva 0x21174000
[ 3970.732119][ T4730] kvm [4730]: Failed to find VMA for hva 0x21016000
[ 4003.212766][ T4742] kvm [4742]: Failed to find VMA for hva 0x21016000
[ 4213.172527][ T4848] kvm [4848]: Failed to find VMA for hva 0x21016000
[ 4421.052477][ T4937] KVM: debugfs: duplicate directory 4937-4
[ 4598.152109][ T5011] kvm [5011]: Failed to find VMA for hva 0x21174000
[ 4844.812996][ T5104] KVM: debugfs: duplicate directory 5104-4
[ 4845.742786][ T5104] KVM: debugfs: duplicate directory 5104-4
[ 4874.102476][ T5115] kvm [5115]: Failed to find VMA for hva 0x21174000
[ 4878.596385][ T5120] kvm [5120]: Failed to find VMA for hva 0x21016000
[ 4948.940917][ T5143] kvm [5143]: Failed to find VMA for hva 0x21174000
[ 5130.129854][ T5210] kvm [5210]: Failed to find VMA for hva 0x21174000
[ 5218.533191][ T5246] kvm [5246]: Failed to find VMA for hva 0x21016000
[ 5326.600081][   T24] audit: type=1400 audit(5325.490:117): avc:  denied  { ioctl } for  pid=5290 comm="syz.2.576" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 5462.469806][ T5354] kvm [5354]: Failed to find VMA for hva 0x21016000
[ 5580.150481][ T5410] kvm [5410]: Failed to find VMA for hva 0x21016000
[ 5775.527135][ T5494] kvm [5494]: Failed to find VMA for hva 0x21174000
[ 6549.611620][ T5801] kvm [5801]: Failed to find VMA for hva 0x21016000
[ 6626.035817][ T5832] kvm [5832]: Failed to find VMA for hva 0x21016000
[ 7090.162905][ T6016] kvm [6016]: Failed to find VMA for hva 0x21016000
[ 7105.568414][ T6018] FAULT_INJECTION: forcing a failure.
[ 7105.568414][ T6018] name failslab, interval 1, probability 0, space 0, times 1
[ 7105.570218][ T6018] CPU: 0 UID: 0 PID: 6018 Comm: syz.2.780 Not tainted 6.12.0-rc7-syzkaller-g5db899a34f75 #0
[ 7105.570917][ T6018] Hardware name: linux,dummy-virt (DT)
[ 7105.571429][ T6018] Call trace:
[ 7105.571640][ T6018]  dump_backtrace+0x1b8/0x1e4
[ 7105.573117][ T6018]  show_stack+0x2c/0x3c
[ 7105.573503][ T6018]  dump_stack_lvl+0xe4/0x150
[ 7105.573909][ T6018]  dump_stack+0x1c/0x28
[ 7105.574264][ T6018]  should_fail_ex+0x318/0x338
[ 7105.574622][ T6018]  should_failslab+0x94/0xb0
[ 7105.574943][ T6018]  __kmalloc_noprof+0xdc/0x438
[ 7105.575261][ T6018]  tomoyo_realpath_from_path+0x8c/0x330
[ 7105.575602][ T6018]  tomoyo_path_number_perm+0x10c/0x320
[ 7105.576005][ T6018]  tomoyo_file_ioctl+0x2c/0x3c
[ 7105.576305][ T6018]  security_file_ioctl+0x108/0x364
[ 7105.576660][ T6018]  __arm64_sys_ioctl+0x80/0x184
[ 7105.576973][ T6018]  invoke_syscall+0x78/0x1b8
[ 7105.577327][ T6018]  el0_svc_common+0xe8/0x1b0
[ 7105.577706][ T6018]  do_el0_svc+0x40/0x50
[ 7105.578056][ T6018]  el0_svc+0x54/0x14c
[ 7105.578418][ T6018]  el0t_64_sync_handler+0x84/0xfc
[ 7105.578824][ T6018]  el0t_64_sync+0x190/0x194
[ 7105.802117][ T6018] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 7282.232429][ T6093] FAULT_INJECTION: forcing a failure.
[ 7282.232429][ T6093] name failslab, interval 1, probability 0, space 0, times 0
[ 7282.330993][ T6093] CPU: 0 UID: 0 PID: 6093 Comm: syz.2.802 Not tainted 6.12.0-rc7-syzkaller-g5db899a34f75 #0
[ 7282.333129][ T6093] Hardware name: linux,dummy-virt (DT)
[ 7282.334388][ T6093] Call trace:
[ 7282.335548][ T6093]  dump_backtrace+0x1b8/0x1e4
[ 7282.337058][ T6093]  show_stack+0x2c/0x3c
[ 7282.338419][ T6093]  dump_stack_lvl+0xe4/0x150
[ 7282.339928][ T6093]  dump_stack+0x1c/0x28
[ 7282.341173][ T6093]  should_fail_ex+0x318/0x338
[ 7282.342669][ T6093]  should_failslab+0x94/0xb0
[ 7282.344057][ T6093]  kmem_cache_alloc_noprof+0x84/0x35c
[ 7282.345510][ T6093]  vm_area_dup+0x74/0x204
[ 7282.346730][ T6093]  __split_vma+0x114/0x600
[ 7282.348095][ T6093]  vms_gather_munmap_vmas+0x18c/0xb40
[ 7282.349523][ T6093]  mmap_region+0x324/0x1020
[ 7282.350895][ T6093]  do_mmap+0x630/0xa3c
[ 7282.352103][ T6093]  vm_mmap_pgoff+0x10c/0x278
[ 7282.353503][ T6093]  ksys_mmap_pgoff+0xbc/0x2dc
[ 7282.354762][ T6093]  __arm64_sys_mmap+0x9c/0xb0
[ 7282.356197][ T6093]  invoke_syscall+0x78/0x1b8
[ 7282.357607][ T6093]  el0_svc_common+0xe8/0x1b0
[ 7282.358863][ T6093]  do_el0_svc+0x40/0x50
[ 7282.360235][ T6093]  el0_svc+0x54/0x14c
[ 7282.361624][ T6093]  el0t_64_sync_handler+0x84/0xfc
[ 7282.362934][ T6093]  el0t_64_sync+0x190/0x194
[ 7336.537809][ T6114] kvm [6114]: Failed to find VMA for hva 0x21174000
[ 7519.152854][ T6191] kvm [6191]: Failed to find VMA for hva 0x21016000
[ 7561.238724][ T6207] kvm [6207]: Failed to find VMA for hva 0x21016000
[ 7615.392384][ T6229] kvm [6229]: Failed to find VMA for hva 0x21016000
[ 7731.738194][ T6277] kvm [6277]: Failed to find VMA for hva 0x21016000
[ 8455.020911][ T6560] Unable to handle kernel paging request at virtual address efff800000000137
[ 8455.041432][ T6560] KASAN: probably user-memory-access in range [0x0000000000001370-0x000000000000137f]
[ 8455.042000][ T6560] Mem abort info:
[ 8455.042220][ T6560]   ESR = 0x0000000096000005
[ 8455.042527][ T6560]   EC = 0x25: DABT (current EL), IL = 32 bits
[ 8455.042883][ T6560]   SET = 0, FnV = 0
[ 8455.043141][ T6560]   EA = 0, S1PTW = 0
[ 8455.080400][ T6560]   FSC = 0x05: level 1 translation fault
[ 8455.080840][ T6560] Data abort info:
[ 8455.081076][ T6560]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 8455.081354][ T6560]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 8455.081663][ T6560]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 8455.082173][ T6560] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000044a53000
[ 8455.082547][ T6560] [efff800000000137] pgd=1000000049992003, p4d=1000000049993003, pud=0000000000000000
[ 8455.303122][ T6560] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 8455.305207][ T6560] Modules linked in:
[ 8455.306698][ T6560] CPU: 0 UID: 0 PID: 6560 Comm: syz.2.929 Not tainted 6.12.0-rc7-syzkaller-g5db899a34f75 #0
[ 8455.308626][ T6560] Hardware name: linux,dummy-virt (DT)
[ 8455.310043][ T6560] pstate: 80402009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 8455.311792][ T6560] pc : __hwasan_check_x0_67043363+0x4/0x30
[ 8455.313109][ T6560] lr : vgic_get_irq+0x7c/0x3d4
[ 8455.314373][ T6560] sp : ffff80008c597650
[ 8455.315485][ T6560] x29: ffff80008c597660 x28: 00000000000000e0 x27: 0000000000000004
[ 8455.317795][ T6560] x26: 0000000000000002 x25: ffff800083a7fe20 x24: 16f0000014accd90
[ 8455.319792][ T6560] x23: 16f0000014acb9a0 x22: 0000000000000000 x21: a9ff80008c583000
[ 8455.321835][ T6560] x20: 0000000000000001 x19: efff800000000000 x18: 0000000000000005
[ 8455.323849][ T6560] x17: 0000000000000000 x16: 0000000000000137 x15: 0000000000000000
[ 8455.325875][ T6560] x14: 0000000000000002 x13: 0000000000000003 x12: 70f000000a33ba80
[ 8455.327868][ T6560] x11: 0000000000080000 x10: 0000000000001378 x9 : efff800000000000
[ 8455.330016][ T6560] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000001
[ 8455.332012][ T6560] x5 : ffff80008c597858 x4 : ffff8000800f2b38 x3 : ffff8000800f7a00
[ 8455.334035][ T6560] x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000001378
[ 8455.335982][ T6560] Call trace:
[ 8455.336895][ T6560]  __hwasan_check_x0_67043363+0x4/0x30
[ 8455.338277][ T6560]  vgic_mmio_write_invlpi+0xb0/0x174
[ 8455.339739][ T6560]  dispatch_mmio_write+0x2a4/0x308
[ 8455.340885][ T6560]  __kvm_io_bus_write+0x290/0x340
[ 8455.342278][ T6560]  kvm_io_bus_write+0x100/0x1bc
[ 8455.343660][ T6560]  io_mem_abort+0x4b8/0x7a0
[ 8455.344892][ T6560]  kvm_handle_guest_abort+0xb4c/0x1c64
[ 8455.346246][ T6560]  handle_exit+0x1a0/0x274
[ 8455.347542][ T6560]  kvm_arch_vcpu_ioctl_run+0xbc0/0x15b0
[ 8455.348765][ T6560]  kvm_vcpu_ioctl+0x660/0xf78
[ 8455.350030][ T6560]  __arm64_sys_ioctl+0x108/0x184
[ 8455.351322][ T6560]  invoke_syscall+0x78/0x1b8
[ 8455.352636][ T6560]  el0_svc_common+0xe8/0x1b0
[ 8455.353757][ T6560]  do_el0_svc+0x40/0x50
[ 8455.355035][ T6560]  el0_svc+0x54/0x14c
[ 8455.356330][ T6560]  el0t_64_sync_handler+0x84/0xfc
[ 8455.357726][ T6560]  el0t_64_sync+0x190/0x194
[ 8455.359495][ T6560] Code: a90efbfd d2800441 143a3ed3 9344dc10 (38706930) 
[ 8455.361725][ T6560] ---[ end trace 0000000000000000 ]---
[ 8455.363540][ T6560] Kernel panic - not syncing: Oops: Fatal exception
[ 8455.366306][ T6560] Kernel Offset: disabled
[ 8455.367426][ T6560] CPU features: 0x00,00000034,003f797c,437ffe1f
[ 8455.368871][ T6560] Memory Limit: none
[ 8455.370473][ T6560] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:12:32  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000833954b4 X00=0000000000000000 X01=ffff8000845d2f18
X02=2bf000000f8ac4f8 X03=2bf000000f8ac4f8 X04=2bf000000f8ac600
X05=0000000000000000 X06=0000000000000000 X07=ffff800083395484
X08=0000000100000100 X09=0000000000000000 X10=0000000000ff0100
X11=ffff8000852d2000 X12=0000000039529a68 X13=0000000000000028
X14=2bf000000f8ac578 X15=2bf000000f8ac500 X16=000000000000002b
X17=8eb2dcef0edf6b76 X18=0000000000000055 X19=efff800000000000
X20=0000000000000001 X21=0000000000000000 X22=bef0000010993610
X23=0000000000000038 X24=0000000000000000 X25=0000000000000006
X26=ffff800084ef2468 X27=ffff800084a84b90 X28=bef000001099367f
X29=ffff8000800077b0 X30=ffff800083a2b48c  SP=ffff8000800077b0
PSTATE=604020c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=1300000000000000:1300000000000000 Z01=0000001300000000:0000000000000000
Z02=0000000000000013:0000000000000000 Z03=00d000a800000000:0000000000000000
Z04=0000000000000000:0000000000000002 Z05=0000000000000013:0000000000000002
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffd74507d0:0000ffffd74507d0 Z17=ffffff80ffffffd0:0000ffffd74507a0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000