last executing test programs:

39.611845146s ago: executing program 0 (id=522):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (rerun: 64)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x1, 0x5000, 0x1000, &(0x7f0000fa2000/0x1000)=nil})
ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f0000000040)={0x1}) (async, rerun: 64)
r2 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (rerun: 64)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0xa)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f00000000c0)={0x5, 0x1f}) (async)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013e110, &(0x7f0000000040)=0x2}) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x100, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 32)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 32)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64)
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) (rerun: 64)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) (async)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x161642, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2)
r14 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x0, 0x2800002, 0x13, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r13, 0x0) (async, rerun: 64)
r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
ioctl$KVM_CREATE_VM(r15, 0x80086601, 0x20000000) (async)
syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='n\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00i'], 0x30}, 0x0, 0x0) (async, rerun: 64)
syz_kvm_vgic_v3_setup(r9, 0xfffffbffffffffff, 0x240) (rerun: 64)

32.958614379s ago: executing program 1 (id=523):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 32)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) (rerun: 32)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000380)={0x10200, 0x0, 0xdddd1000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xf1)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000080)={0x80020009, 0x1})

32.034974964s ago: executing program 0 (id=524):
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0xc0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_vgic_v3_setup(r4, 0x2, 0x2c0)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[], 0x20}, 0x0, 0x0) (async)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, 0xffffffffffffffff)

24.000285954s ago: executing program 1 (id=525):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x200981, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="4e0500009991618640000000000000005200008400000000fc4ce74f000000007802000000000000f8ffffffffffffff00000000000000000a00000000000000"], 0x40}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x20000, 0xffff0000})
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x1f9, 0x0, 0xeeee8000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r4, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0x8000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r4, 0x4068aea3, &(0x7f0000000080)={0xe1, 0x0, 0x2000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

19.762289715s ago: executing program 0 (id=526):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x5c0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

18.597446647s ago: executing program 1 (id=527):
openat$kvm(0x0, &(0x7f0000000040), 0x4080, 0x0)
mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x10, 0xffffffffffffffff, 0x0)

13.445305112s ago: executing program 1 (id=528):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x4, <r2=>0xffffffffffffffff, 0x932d82b1a9412f16})
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000c40)={0x2, 0x0, [{0x40, 0x3, 0x1, 0x0, @sint={0x7fffffff, 0xf}}, {0xb4c700d5, 0x3, 0x1, 0x0, @sint={0x6, 0x4}}]})
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000b23000/0x400000)=nil)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
r9 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r11, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0x2, 0x10}})
r12 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000014000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060c7"], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfe000/0x400000)=nil)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0x0, 0x32, 0xffffffffffffffff, 0x0)

13.137516707s ago: executing program 0 (id=529):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xd0582, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000e78000/0x3000)=nil, 0x0, 0x6, 0x4010, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x1000000, 0x24132, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x3, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x0, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000) (async)
munmap(&(0x7f0000763000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f00006e2000/0x2000)=nil, 0x2000) (async)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x280000e, 0x12, r3, 0x0)
mmap$KVM_VCPU(&(0x7f000000d000/0x3000)=nil, 0x930, 0x1000004, 0x4010, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)

7.207576821s ago: executing program 0 (id=530):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) (rerun: 64)
ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000180)=@arm64_ccsidr={0x6020000000110009, &(0x7f00000000c0)=0x2})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x2010, r1, 0x0) (async, rerun: 32)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async, rerun: 32)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r8 = syz_kvm_vgic_v3_setup(r7, 0x9, 0x140)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) (async)
ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x5, 0x8, &(0x7f0000000000)=0x7}) (async, rerun: 64)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc9}) (async, rerun: 64)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x40305829, &(0x7f0000000100)=@attr_other={0x1000000, 0xb, 0x9f01, 0x0}) (async, rerun: 32)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5}) (async, rerun: 32)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x6030000000140002, &(0x7f0000000100)=0x100000000000a}) (async, rerun: 64)
ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae03, 0x42) (rerun: 64)

6.266856648s ago: executing program 1 (id=531):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x5452, 0x2000fdfd) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x5452, 0x2000fdfd)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r4 = eventfd2(0x0, 0x0)
close(r4)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
write$eventfd(r4, &(0x7f0000000000), 0xfffffe1e) (async)
write$eventfd(r4, &(0x7f0000000000), 0xfffffe1e)
r5 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (async)
r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
close(r9)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
close(r9)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)

1.665608211s ago: executing program 0 (id=532):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x80000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5})
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013df19, &(0x7f0000000100)=0x3ff})
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f00000001c0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x3cc27b60, 0x3, 0x0})
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000100)="fb0149dd033bac2cc4a29ea6ab8021d1dfd92f0000000001001000479610fbff67521cd66f8f1f447d3570707cd24b7eebb207000000000000000000000001000000002000", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x100b31, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r12, 0x4000ae84, &(0x7f0000000140)={{0x4, 0x2, 0x1, 0x8, 0x0, 0x5, 0x3, 0x2, 0x2, 0x8, 0x0, 0x9}, {0x2000, 0x1, 0x9, 0x4, 0xb6, 0x7, 0x4, 0x4, 0x2, 0xd4, 0xa, 0x7}, {0x2000, 0x1000, 0x0, 0xf8, 0x7, 0x4, 0x1, 0xd, 0xd, 0xd, 0x36, 0xba}, {0x2, 0xdddd7000, 0xb, 0x85, 0xbf, 0x8, 0x1, 0xa, 0x7f, 0xc, 0xa8, 0x7f}, {0xdddd1000, 0x2000, 0x0, 0x9, 0x70, 0x1, 0x7f, 0x7, 0xaa, 0x14, 0xff, 0x80}, {0x1, 0x0, 0x10, 0x57, 0x6, 0xf6, 0x0, 0xb, 0x1, 0x7, 0x0, 0x2}, {0x8080000, 0x5000, 0x10, 0x2, 0x9, 0x6, 0x6, 0xe2, 0x7, 0x1, 0x5, 0x8}, {0x10000, 0x1000, 0xc, 0x10, 0x3, 0x8, 0x0, 0xc, 0x0, 0xd, 0xff, 0x7}, {0x0, 0x4}, {0x1, 0x7ff}, 0x40040020, 0x0, 0x8080000, 0x873d681030fe6e11, 0xc, 0x100, 0x100000, [0xbcdb, 0x6, 0xfc7a, 0x7]})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3fffffffffffffc)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000380)=ANY=[@ANYBLOB="050000000000000001000000020000000000000000000000000000800010000000000000000000000000000000000000000000000018000000800000040000000000000000000000e67600000000000010000000d6f686eac3b82dd72f4d2c9d00000000ff0100000000000008000000010000000300000003000000010000000000000004000000f8ffffff000000000000000000000000000000000000000000000000fdffffff030000000100000000000000000000808191eb9d000000000000000000000000000000000000000000000000520d000004000000000000000000000001000000ffffff7f040000000700"/260])
r13 = openat$kvm(0x0, &(0x7f0000000080), 0x101000, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b60000/0x400000)=nil)

0s ago: executing program 1 (id=533):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0x8000})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000080)={0xe1, 0x900, 0x2000})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4208ae9b, &(0x7f00000000c0)={0x10000, 0x0, [0x1060, 0xcebc, 0x2278, 0x1, 0x5, 0x7, 0xffffffff, 0xa]})
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000080)=@arm64={0x91, 0x6, 0x5, '\x00', 0x1dd}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000080)=@arm64={0x91, 0x6, 0x5, '\x00', 0x1dd})
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) (async)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2})
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

[  383.808381][ T3131] 8021q: adding VLAN 0 to HW filter on device bond0
[  437.782749][ T3131] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:42314' (ED25519) to the list of known hosts.
[  600.528043][   T25] audit: type=1400 audit(599.580:60): avc:  denied  { name_bind } for  pid=3286 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  602.067320][   T25] audit: type=1400 audit(601.130:61): avc:  denied  { execute } for  pid=3288 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  602.097033][   T25] audit: type=1400 audit(601.140:62): avc:  denied  { execute_no_trans } for  pid=3288 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  623.399469][   T25] audit: type=1400 audit(622.460:63): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  623.439606][   T25] audit: type=1400 audit(622.480:64): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  623.521763][ T3288] cgroup: Unknown subsys name 'net'
[  623.571834][   T25] audit: type=1400 audit(622.630:65): avc:  denied  { unmount } for  pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  623.987451][ T3288] cgroup: Unknown subsys name 'cpuset'
[  624.091531][ T3288] cgroup: Unknown subsys name 'rlimit'
[  624.997731][   T25] audit: type=1400 audit(624.050:66): avc:  denied  { setattr } for  pid=3288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  625.019821][   T25] audit: type=1400 audit(624.070:67): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  625.046187][   T25] audit: type=1400 audit(624.100:68): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  626.253529][ T3291] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  626.278742][   T25] audit: type=1400 audit(625.330:69): avc:  denied  { relabelto } for  pid=3291 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.300601][   T25] audit: type=1400 audit(625.360:70): avc:  denied  { write } for  pid=3291 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  626.496742][   T25] audit: type=1400 audit(625.540:71): avc:  denied  { read } for  pid=3288 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.508507][   T25] audit: type=1400 audit(625.550:72): avc:  denied  { open } for  pid=3288 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  626.546494][ T3288] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  675.038255][   T25] audit: type=1400 audit(674.100:73): avc:  denied  { execmem } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  678.586364][   T25] audit: type=1400 audit(677.640:74): avc:  denied  { read } for  pid=3294 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  678.618561][   T25] audit: type=1400 audit(677.660:75): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  678.699664][   T25] audit: type=1400 audit(677.760:76): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  678.970321][   T25] audit: type=1400 audit(678.000:77): avc:  denied  { module_request } for  pid=3295 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  680.138330][   T25] audit: type=1400 audit(679.190:78): avc:  denied  { sys_module } for  pid=3295 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  709.202496][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  709.698637][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  710.592387][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  710.879044][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  722.728040][ T3294] hsr_slave_0: entered promiscuous mode
[  722.757897][ T3294] hsr_slave_1: entered promiscuous mode
[  723.645973][ T3295] hsr_slave_0: entered promiscuous mode
[  723.679180][ T3295] hsr_slave_1: entered promiscuous mode
[  723.712926][ T3295] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  723.727359][ T3295] Cannot create hsr debugfs directory
[  729.267186][   T25] audit: type=1400 audit(728.320:79): avc:  denied  { create } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.316134][   T25] audit: type=1400 audit(728.370:80): avc:  denied  { write } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.345456][   T25] audit: type=1400 audit(728.400:81): avc:  denied  { read } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.462425][ T3294] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  729.835708][ T3294] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  730.099102][ T3294] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  730.523013][ T3294] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  731.959860][ T3295] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  732.140914][ T3295] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  732.341390][ T3295] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  732.478356][ T3295] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  745.601732][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0
[  747.879410][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0
[  805.383513][ T3294] veth0_vlan: entered promiscuous mode
[  805.888911][ T3294] veth1_vlan: entered promiscuous mode
[  807.820069][ T3295] veth0_vlan: entered promiscuous mode
[  808.069941][ T3294] veth0_macvtap: entered promiscuous mode
[  808.337968][ T3294] veth1_macvtap: entered promiscuous mode
[  808.669871][ T3295] veth1_vlan: entered promiscuous mode
[  810.691931][ T3294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  810.717236][ T3294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  810.726163][ T3294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  810.733112][ T3294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  811.457956][ T3295] veth0_macvtap: entered promiscuous mode
[  811.971412][ T3295] veth1_macvtap: entered promiscuous mode
[  813.571055][   T25] audit: type=1400 audit(812.600:82): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  813.690693][   T25] audit: type=1400 audit(812.750:83): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.8PQmWH/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  813.963213][   T25] audit: type=1400 audit(813.020:84): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  814.446490][   T25] audit: type=1400 audit(813.500:85): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.8PQmWH/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  814.586924][   T25] audit: type=1400 audit(813.640:86): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.8PQmWH/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3257 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  814.648625][ T3295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  814.665633][ T3295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  814.691851][ T3295] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  814.706404][ T3295] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  815.172359][   T25] audit: type=1400 audit(814.210:87): avc:  denied  { unmount } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  815.390380][   T25] audit: type=1400 audit(814.450:88): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  815.489118][   T25] audit: type=1400 audit(814.520:89): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="gadgetfs" ino=3270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  816.100743][   T25] audit: type=1400 audit(815.140:90): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  816.245805][   T25] audit: type=1400 audit(815.250:91): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  817.748416][ T3294] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  819.097159][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  819.108454][   T25] audit: type=1400 audit(818.150:93): avc:  denied  { read write } for  pid=3294 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  819.156761][   T25] audit: type=1400 audit(818.210:94): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  819.292357][   T25] audit: type=1400 audit(818.210:95): avc:  denied  { ioctl } for  pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  823.777531][   T25] audit: type=1400 audit(822.820:96): avc:  denied  { read append } for  pid=3448 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  823.952073][   T25] audit: type=1400 audit(822.950:97): avc:  denied  { open } for  pid=3448 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  824.725780][   T25] audit: type=1400 audit(823.770:98): avc:  denied  { setattr } for  pid=3448 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  824.801028][   T25] audit: type=1400 audit(823.860:99): avc:  denied  { ioctl } for  pid=3448 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  831.347218][   T25] audit: type=1400 audit(830.390:100): avc:  denied  { write } for  pid=3454 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  844.450557][   T25] audit: type=1400 audit(843.490:101): avc:  denied  { execute } for  pid=3463 comm="syz.0.6" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3491 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  910.140225][ T3517] kvm [3517]: Failed to find VMA for hva 0x20c01000
[ 1011.125851][   T25] audit: type=1400 audit(1010.170:102): avc:  denied  { ioctl } for  pid=3578 comm="syz.1.41" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1106.787615][ T3648] debugfs: File 'vgic-its-state@0' in directory '3648-7' already present!
[ 1336.470376][ T3804] KVM: debugfs: duplicate directory 3804-6
[ 1336.761458][ T3804] KVM: debugfs: duplicate directory 3804-6
[ 1611.890488][ T3988] kvm [3988]: Failed to find VMA for hva 0x20d8d000
[ 1829.272535][ T4142] kvm [4142]: Failed to find VMA for hva 0x20c01000
[ 1918.966095][   T25] audit: type=1400 audit(1918.000:103): avc:  denied  { map } for  pid=4218 comm="syz.0.220" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1963.295858][ T4247] KVM: debugfs: duplicate directory 4247-10
[ 2032.283223][ T4295] KVM: debugfs: duplicate directory 4295-12
[ 2054.849535][ T4307] kvm [4307]: Failed to find VMA for hva 0x20d8d000
[ 2116.953279][ T4362] kvm [4361]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 2116.953279][ T4362]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2117.042069][ T4362] kvm [4361]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2117.042069][ T4362]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2117.068268][ T4362] kvm [4361]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2117.068268][ T4362]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2117.103577][ T4362] kvm [4361]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2117.103577][ T4362]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2117.167615][ T4362] kvm [4361]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2117.167615][ T4362]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2117.209227][ T4362] kvm [4361]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2117.209227][ T4362]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2117.232569][ T4362] kvm [4361]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2117.232569][ T4362]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2117.283689][ T4362] kvm [4361]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2117.283689][ T4362]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2217.907304][ T4427] KVM: debugfs: duplicate directory 4427-4
[ 2414.596390][ T4572] kvm [4572]: Failed to find VMA for hva 0x2101a000
[ 2571.750557][ T4675] kvm [4675]: Failed to find VMA for hva 0x20c01000
[ 2716.411681][ T4782] kvm [4782]: Failed to find VMA for hva 0x20d8d000
[ 2735.518253][ T4796] kvm [4796]: Failed to find VMA for hva 0x21016000
[ 2856.282580][ T4873] kvm [4873]: Failed to find VMA for hva 0x20c01000
[ 2864.289034][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 2864.289034][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2864.358132][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2864.358132][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2864.427264][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2864.427264][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2864.477693][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2864.477693][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2864.518029][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2864.518029][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2864.610130][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2864.610130][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2864.652107][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2864.652107][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2864.682554][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2864.682554][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2864.757118][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2864.757118][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2864.822495][ T4882] kvm [4880]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2864.822495][ T4882]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 2886.307660][ T4891] kvm [4891]: Failed to find VMA for hva 0x20d8d000
[ 2979.937203][ T4959] kvm [4959]: Failed to find VMA for hva 0x20c01000
[ 3010.416777][   T25] audit: type=1400 audit(3009.470:104): avc:  denied  { execute } for  pid=4980 comm="syz.0.439" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 3024.742600][ T4993] kvm [4993]: Failed to find VMA for hva 0x20d8d000
[ 3187.131249][ T5098] kvm [5098]: Failed to find VMA for hva 0x20c01000
[ 3285.832055][ T5181] kvm [5181]: Failed to find VMA for hva 0x20c01000
[ 3404.349768][ T5268] kvm [5268]: Failed to find VMA for hva 0x20d8d000
[ 3464.280071][ T5325] ------------[ cut here ]------------
[ 3464.280971][ T5325] WARNING: CPU: 0 PID: 5325 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac
[ 3464.285502][ T5325] Modules linked in:
[ 3464.288549][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.1.533 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 3464.290859][ T5325] Hardware name: linux,dummy-virt (DT)
[ 3464.292475][ T5325] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 3464.294214][ T5325] pc : pend_sync_exception+0x198/0x5ac
[ 3464.295464][ T5325] lr : pend_sync_exception+0x198/0x5ac
[ 3464.296817][ T5325] sp : ffff80008e7878c0
[ 3464.297927][ T5325] x29: ffff80008e7878c0 x28: 00000000000000a2 x27: a2f000001d7302a8
[ 3464.300235][ T5325] x26: 00000000000000a2 x25: 0000000000000000 x24: 0000000000000000
[ 3464.302262][ T5325] x23: 0000000000000000 x22: 00000000000000a2 x21: a2f000001d730e81
[ 3464.304342][ T5325] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 3464.306179][ T5325] x17: 0000000000000005 x16: ffff800080011d9c x15: 0000000020000080
[ 3464.308201][ T5325] x14: ffffffffffffffff x13: 0000000000000028 x12: 000000000000001d
[ 3464.310004][ T5325] x11: 1df000001d50ede4 x10: 0000000000ff0100 x9 : 0000000000000000
[ 3464.312174][ T5325] x8 : 1df000001d50d880 x7 : ffff800080b08704 x6 : ffff80008e787a88
[ 3464.314186][ T5325] x5 : ffff80008e787a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 3464.316124][ T5325] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 3464.318372][ T5325] Call trace:
[ 3464.319579][ T5325]  pend_sync_exception+0x198/0x5ac (P)
[ 3464.321219][ T5325]  __kvm_inject_sea+0x268/0x96c
[ 3464.322602][ T5325]  kvm_inject_sea+0x98/0x72c
[ 3464.323896][ T5325]  __kvm_arm_vcpu_set_events+0x134/0x238
[ 3464.325028][ T5325]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 3464.326222][ T5325]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 3464.327448][ T5325]  __arm64_sys_ioctl+0x18c/0x244
[ 3464.328672][ T5325]  invoke_syscall+0x90/0x2b4
[ 3464.329968][ T5325]  el0_svc_common+0x180/0x2f4
[ 3464.331021][ T5325]  do_el0_svc+0x58/0x74
[ 3464.332175][ T5325]  el0_svc+0x58/0x160
[ 3464.333252][ T5325]  el0t_64_sync_handler+0x78/0x108
[ 3464.334333][ T5325]  el0t_64_sync+0x198/0x19c
[ 3464.335597][ T5325] irq event stamp: 962
[ 3464.336669][ T5325] hardirqs last  enabled at (961): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 3464.338500][ T5325] hardirqs last disabled at (962): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 3464.340152][ T5325] softirqs last  enabled at (944): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 3464.341641][ T5325] softirqs last disabled at (942): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 3464.343533][ T5325] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 3485.370476][ T3919] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3486.189534][ T3919] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3486.939581][ T3919] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3487.510216][ T3919] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

VM DIAGNOSIS:
17:10:11  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000820d04b8 X00=0000000000000003 X01=0000000000000002
X02=000000000000002a X03=ffff8000820d02ac X04=0000000000000001
X05=0000000000000001 X06=0000000000000000 X07=ffff800081ebe428
X08=68ff80008c41b000 X09=000000000000006e X10=000000000000006e
X11=00000000000000fe X12=00000000000000c5 X13=0000000000000003
X14=0000000000000000 X15=0000000020000080 X16=ffff800080011d9c
X17=0000000000000005 X18=0000000000000000 X19=efff800000000000
X20=c5f000000dca8880 X21=68ff80008c41b018 X22=0000000000000002
X23=c5f000000dca897c X24=00000000000000c5 X25=0000000000000000
X26=68ff80008c41b000 X27=00000000000000c5 X28=00000000000000c5
X29=ffff80008e786fb0 X30=ffff8000820d04ac  SP=ffff80008e786fa0
PSTATE=804023c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000000 Z01=0000ffffd3a628c0:ee107ce305ac3500
Z02=0000ffffd3a628a0:ffffff80ffffffd8 Z03=0000ffffd3a62950:0000ffffd3a62950
Z04=0000ffffd3a62950:0000ffffa0136d08 Z05=0000ffffd3a62920:0000ffffd3a62950
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffd3a62b70:0000ffffd3a62b70 Z17=ffffff80ffffffd0:0000ffffd3a62b40
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000