last executing test programs:

1m1.490481953s ago: executing program 1 (id=144):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=ANY=[], 0x40}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8})
r2 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x81f})
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8200000000000000280000000000000001000000000000000400000000000000020000000000000082"], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1c})
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c03b, &(0x7f00000001c0)=0x10003})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f0000000080)={0x119000, 0x10f000})
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f00000000c0)={0x6000, 0x107000})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="76b92cfb97422a99b188adac74647aa1221e4d8e6da62d5f533e7f6120be5a845d77658c900fa608d72c085a1f4e5203df5e7728260b7ab522076295a9cbeeae01832398e92fc7bc", 0x0, 0x48)
ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000340)={0x5})

58.405045144s ago: executing program 0 (id=145):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
r5 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000001c0)={0x8, <r7=>0xffffffffffffffff})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x1, 0x2001, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x4, 0x100)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, 0x0})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r13 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000140)={0x0, &(0x7f0000000180)=ANY=[], 0xe0}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000dff000/0x1000)=nil, 0x0, 0x4, 0x4000010, r11, 0x0)
ioctl$KVM_GET_REG_LIST(r16, 0xc008aeb0, &(0x7f0000000000))
ioctl$KVM_SIGNAL_MSI(r9, 0x4020aea5, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x9, 0xe, &(0x7f0000000180)=0xabb})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x128, &(0x7f0000000340)=0x8000000000000000})
close(0x4)
close(0x5)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)

46.704242269s ago: executing program 1 (id=146):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000000)={0xdddd0000, 0x4, 0xfff, 0x1, 0x8001})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
r3 = eventfd2(0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x40)
r6 = eventfd2(0x0, 0x0)
r7 = eventfd2(0x8001, 0x0)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f00000000c0)={r7, 0x1, 0x2, r6})
close(r6)
r8 = eventfd2(0x80000000, 0x1)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000002c0)={r3, 0x1, 0x2, r8})
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r7, 0x1, 0x0, r8})

45.185689021s ago: executing program 0 (id=147):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x2c00, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x7, <r7=>0xffffffffffffffff, 0x1})
r8 = ioctl$KVM_CREATE_VM(r7, 0x894c, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xb701, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f00004f0000/0x2000)=nil, 0x930, 0x0, 0x11, r12, 0x0)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04)
mmap$KVM_VCPU(&(0x7f0000dee000/0x3000)=nil, r14, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r14, 0x2000002, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0x4030582b, 0xfffffffffffffffe)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x8, 0x0, &(0x7f0000000200)=0x1})
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, 0x0)

33.945049768s ago: executing program 1 (id=148):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r1, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000c90000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x7, 0xffffffffffffffff, 0x1})
syz_kvm_vgic_v3_setup(r3, 0x2, 0x200)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
r4 = eventfd2(0x5788, 0x800)
write$eventfd(r4, &(0x7f0000000000)=0xc0, 0x8)
munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0)
close(r2)
close(r2)

32.002447534s ago: executing program 0 (id=149):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x51)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x1000, 0x4})
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r4, 0x541b, 0x10000000000000)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000280)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x7fff, 0x200b, 0x1}})
close(0x5)
close(0x4)

22.577887411s ago: executing program 0 (id=150):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0000000000000000180000000000000002000000000000006e0000000000000030000000000000000000000800000000000000000000000004000000000000000600000000000000be000000000000001800000000000000ce831300000030601400000000000000200000000000000018c51300000030609501000000000000000000000000000018000000000000000900000000000000aa000000000000002800000000000000030104000000020000000600000001040000000000000000be0000000000000018000000000000005bc613000000306046000000000000001800000000000000030000004100000082000000000000002800000000000000030000000000000003000000000000008a0100"], 0x36c}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5})
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x603000000010004c, &(0x7f0000000280)=0x7})
r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="140000000000000020000000000000005dc613"], 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22.314666244s ago: executing program 1 (id=151):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xab)
openat$kvm(0x0, &(0x7f0000000180), 0x2, 0x0)
r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000180)=@arm64_fw={0x6030000000140003, &(0x7f0000000000)=0x4})
ioctl$KVM_CREATE_VM(r3, 0x4020940d, 0x20000000) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0x80000, 0xe000000000000000, &(0x7f0000000000)=0x87}) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100008, &(0x7f0000000180)=0x9}) (async)
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) (async)
ioctl$KVM_SET_GSI_ROUTING(r9, 0x4008ae6a, &(0x7f0000000100)=ANY=[@ANYBLOB="0200000000000000000000000100000000000000000000000000000000f0030000090000000000000000000000000000000000000000000000020000000100000000000000001000000300000000000000000000000000000000000010c60000001e000000"])

12.128605578s ago: executing program 1 (id=152):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd8, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
munmap(&(0x7f0000ad4000/0x1000)=nil, 0x1000)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x7, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4030582a, 0x0)
r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000480)={0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="220100000000000040000000000000000000003200000000c5020000000000000f00000000000000050000000000000002000000000000000000000000000000140000000000000020000000000000000ac1130000003060e6d7000000000000e600000000000000180000000000000007000000000000001400000000000000200000000000000003e71300000030600800000000000000460000000000000018000000000000000400000049030000aa0000000000000028000000000000000e010400000003000000ff07000005000000010000000000e60000000000000018000000000000000046000000000000001800000000000000010000000101000022010000000000004000000000000000080000000000000001000000000000008000000000000000fffeffffffffffff9c780000000000000f000000000000004600000000000000180000000000000000000000230200000a00000000000000840000000000000060739dd20000b8f2c10180d2820180d2c30080d2c40180d2020000d4bf2003d50060004f0020200e000008d5000040b340b881d200c0b8f2e10180d2a20080d2030180d2240080d2020000d4007008d500ee8ed200e0b8f2810080d2a20180d2830080d2e40180d2020000d4008008d5c0035fd6e60000000000000018000000000000006008000000000000be000000000000003060320000000000000040000000000000000500008400000000080000000000000000080000000000000400000000000000c8000000000000000700000000000000be0000000000000018000000000000001ae21300000030604600000000000000180000000000000002000000f70000000a000000000000009c00000000000000007008d50000000b404284d20080b0f2810180d2020080d2430080d2840080d2020000d480f089d200e0b8f2010080d2e20080d2030080d2640180d2020000d49a655e13b0ba6faeed648cf8d14d65006c200e0000008b24e5cc9514f4c9761d9a0253000028d5c06391d200c0b0f2210080d2e20080d2e30180d2640180d2020000d4007c0053e04e91d20080b0f2c10080d2c20080d2c30080d2640080d2020000d4c0035fd6be000000000000001800000000000000b0c21300000030606e0000000000bd1ee551b5260dc8182577caacf48a570000300000000000000000000808000000000000000000000000cc010000000000000b000000000000001e000000000000004000000000000000210000c500000000000000000000000000000028000000000900000000000000070000000000000008000000000000001e000000000000004000000000000000000000030000000005000000000000000100000000000000020000000000000001000000010000007f00000000000000aa0000000000000028000000000000000501030000000d0000000100010008000000010000000000220100000000000040000000000000000e000084000000000700000000000000b0000000000000000100000000000000010000000000000003000000000000000000000000000078645d82275c92d1cf3c05c327062d77d56035c682d406e290aac2b44a60a518aec307df172a3cd8bb049ecf61b823e543558d7d325a53bd8cc823393c2436439d390bda4e71025947b68e64550bd650676a0ecdbb9ad0ae35e0f119880014a8043b7c82d56ab0bfe5d908bd7cef922b778b54269db6cc29593e467832cf4739c8a79a2f105e8d498eb0da557f6b091105335f7eb6"], 0x450}, &(0x7f00000004c0), 0x1)
mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, r0, 0x2000003, 0x4120932, r4, 0x0)

10.578768295s ago: executing program 0 (id=153):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_ONE_REG(r2, 0x8000ae8c, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r6 = eventfd2(0x0, 0x80800)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r6, 0x1, 0x3})
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x0, 0x4, 0x0})
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000002000000000002000000000000000000aa00000000000000280000000000000009"], 0x50}, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x4800, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x1, 0x40)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r13, 0xae80, 0x0)

7.113681576s ago: executing program 1 (id=154):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x18001, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000040)={0x5})
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000080)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000100)=0x467e})
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100022, &(0x7f00000000c0)=0x3ff})
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_IRQFD(r12, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xffe00, 0x3})
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, <r13=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x400454d8, 0x0)
r14 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1c})
ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100006})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000380)={0x10200, 0x0, 0xdddd1000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000180)=@x86={0x20, 0x6, 0x8, 0x0, 0x9, 0x2, 0x7, 0x7, 0x75, 0x7, 0x5, 0x8a, 0x0, 0x0, 0xd86, 0x7, 0x3, 0x7, 0x6, '\x00', 0x4, 0x7})

0s ago: executing program 0 (id=155):
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x84000000, [0xa298, 0x5, 0x9, 0x6, 0x5]}}], 0x40}, &(0x7f0000000080)=[@featur2={0x1, 0x88}], 0x1) (async)
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x84000000, [0xa298, 0x5, 0x9, 0x6, 0x5]}}], 0x40}, &(0x7f0000000080)=[@featur2={0x1, 0x88}], 0x1)
ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000000c0)=0x3ff)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r1, 0x4, 0x10, r0, 0x0)
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000100)=0x1)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000140)={0x6, 0x8880}) (async)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000140)={0x6, 0x8880})
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, &(0x7f0000000180)={0x3d66, 0xe, 0x9}) (async)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, &(0x7f0000000180)={0x3d66, 0xe, 0x9})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000001c0)={0xb, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0xfffffff8, 0x3, &(0x7f0000000200)=0xf227}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0xfffffff8, 0x3, &(0x7f0000000200)=0xf227})
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000280)={0xd000, 0x100000, 0x5, 0x1, 0x42f3}) (async)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000280)={0xd000, 0x100000, 0x5, 0x1, 0x42f3})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000300)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000002c0)=0x1}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000300)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000002c0)=0x1})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f0000000380)={0xc0, 0x0, 0x1000})
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000440)=@attr_other={0x0, 0xfff, 0x4, &(0x7f0000000400)=0x3}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000440)=@attr_other={0x0, 0xfff, 0x4, &(0x7f0000000400)=0x3})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
eventfd2(0xfff, 0x0) (async)
r7 = eventfd2(0xfff, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000480)={0xd, 0x8000000, 0x0, r7, 0x4})
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f00000004c0)=@arm64={0x2, 0x6, 0x3, '\x00', 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f00000004c0)=@arm64={0x2, 0x6, 0x3, '\x00', 0x1})
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000840)={0x0, &(0x7f0000000500)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x180, 0x1b, 0x8}}, @smc={0x1e, 0x40, {0x84000006, [0x9, 0x0, 0x7, 0xd6, 0x10001]}}, @uexit={0x0, 0x18, 0x20000}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x2, 0x4, 0x9, 0xffffffff, 0x1}}, @uexit={0x0, 0x18, 0xad3d}, @svc={0x122, 0x40, {0x3ba76e6fc86db220, [0x8, 0x8, 0xfffffffffffffff7, 0x9, 0x10000]}}, @code={0xa, 0x84, {"007008d5007008d540459cd20040b0f2410180d2e20080d2630180d2840180d2020000d4c0ba89d20080b8f2e10180d2620080d2830080d2e40180d2020000d4e04099d200c0b0f2810080d2820180d2e30180d2040080d2020000d4007008d5007008d5007008d5008008d5000020c8"}}, @eret={0xe6, 0x18, 0x2}, @svc={0x122, 0x40, {0xc5000020, [0x5, 0x9b, 0x3, 0x8, 0x7fffffffffffffff]}}, @hvc={0x32, 0x40, {0xc4000014, [0xdaa9, 0x3, 0x9, 0xae8, 0x800]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x3, 0x1, 0x270a, 0x7, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x3ec}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x80, 0x0, 0x2}}, @eret={0xe6, 0x18, 0x100000001}, @mrs={0xbe, 0x18, {0x603000000013df4d}}, @uexit={0x0, 0x18, 0xfd44}, @memwrite={0x6e, 0x30, @generic={0x2000, 0x391, 0x80000000, 0x2}}], 0x31c}, &(0x7f0000000880)=[@featur1={0x1, 0x20}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, 0x0, 0x0, 0x30, r8, 0x0)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f00000008c0)={0x3, 0x5})
r9 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000900)={0x2, 0xeeee8000, 0x8, r9, 0x6}) (async)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000900)={0x2, 0xeeee8000, 0x8, r9, 0x6})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000980)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000940)=0x9})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

kernel console output (not intermixed with test programs):

[  390.481907][ T3133] 8021q: adding VLAN 0 to HW filter on device bond0
[  425.835070][ T3133] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:43617' (ED25519) to the list of known hosts.
[  605.900681][   T25] audit: type=1400 audit(605.030:60): avc:  denied  { name_bind } for  pid=3291 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  607.075838][   T25] audit: type=1400 audit(606.210:61): avc:  denied  { execute } for  pid=3292 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  607.096035][   T25] audit: type=1400 audit(606.230:62): avc:  denied  { execute_no_trans } for  pid=3292 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  627.885232][   T25] audit: type=1400 audit(627.020:63): avc:  denied  { mounton } for  pid=3292 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  627.922064][   T25] audit: type=1400 audit(627.050:64): avc:  denied  { mount } for  pid=3292 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  628.008006][ T3292] cgroup: Unknown subsys name 'net'
[  628.056580][   T25] audit: type=1400 audit(627.190:65): avc:  denied  { unmount } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  628.440176][ T3292] cgroup: Unknown subsys name 'cpuset'
[  628.544366][ T3292] cgroup: Unknown subsys name 'rlimit'
[  629.811571][   T25] audit: type=1400 audit(628.950:66): avc:  denied  { setattr } for  pid=3292 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  629.834565][   T25] audit: type=1400 audit(628.960:67): avc:  denied  { mounton } for  pid=3292 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  629.861252][   T25] audit: type=1400 audit(629.000:68): avc:  denied  { mount } for  pid=3292 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  631.045701][ T3295] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  631.064992][   T25] audit: type=1400 audit(630.200:69): avc:  denied  { relabelto } for  pid=3295 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  631.094901][   T25] audit: type=1400 audit(630.230:70): avc:  denied  { write } for  pid=3295 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  631.281729][   T25] audit: type=1400 audit(630.410:71): avc:  denied  { read } for  pid=3292 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  631.300046][   T25] audit: type=1400 audit(630.430:72): avc:  denied  { open } for  pid=3292 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  631.346638][ T3292] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  680.414479][   T25] audit: type=1400 audit(679.550:73): avc:  denied  { execmem } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  683.986253][   T25] audit: type=1400 audit(683.120:74): avc:  denied  { read } for  pid=3298 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  684.018646][   T25] audit: type=1400 audit(683.150:75): avc:  denied  { open } for  pid=3298 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  684.108905][   T25] audit: type=1400 audit(683.240:76): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  684.392986][   T25] audit: type=1400 audit(683.500:77): avc:  denied  { module_request } for  pid=3299 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  685.553590][   T25] audit: type=1400 audit(684.670:78): avc:  denied  { sys_module } for  pid=3299 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  714.170167][ T3298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  714.410501][ T3298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  714.473574][ T3299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  714.732157][ T3299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  727.431764][ T3298] hsr_slave_0: entered promiscuous mode
[  727.478017][ T3298] hsr_slave_1: entered promiscuous mode
[  728.283660][ T3299] hsr_slave_0: entered promiscuous mode
[  728.312547][ T3299] hsr_slave_1: entered promiscuous mode
[  728.345902][ T3299] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  728.361199][ T3299] Cannot create hsr debugfs directory
[  733.885312][   T25] audit: type=1400 audit(733.020:79): avc:  denied  { create } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  733.942816][   T25] audit: type=1400 audit(733.080:80): avc:  denied  { write } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  734.010980][   T25] audit: type=1400 audit(733.100:81): avc:  denied  { read } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  734.152841][ T3298] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  734.370905][ T3298] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  734.625665][ T3298] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  734.898386][ T3298] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  736.342163][ T3299] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  736.575621][ T3299] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  736.735409][ T3299] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  736.904864][ T3299] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  749.344438][ T3298] 8021q: adding VLAN 0 to HW filter on device bond0
[  751.711219][ T3299] 8021q: adding VLAN 0 to HW filter on device bond0
[  808.551400][ T3298] veth0_vlan: entered promiscuous mode
[  809.085385][ T3298] veth1_vlan: entered promiscuous mode
[  810.920119][ T3299] veth0_vlan: entered promiscuous mode
[  811.201507][ T3298] veth0_macvtap: entered promiscuous mode
[  811.640019][ T3298] veth1_macvtap: entered promiscuous mode
[  811.961274][ T3299] veth1_vlan: entered promiscuous mode
[  814.205921][ T3298] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  814.219930][ T3298] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  814.239097][ T3298] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  814.250170][ T3298] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  814.495023][ T3299] veth0_macvtap: entered promiscuous mode
[  814.854018][ T3299] veth1_macvtap: entered promiscuous mode
[  816.716784][   T25] audit: type=1400 audit(815.850:82): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  817.130666][   T25] audit: type=1400 audit(816.220:83): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzkaller.rBflRL/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  817.415668][   T25] audit: type=1400 audit(816.550:84): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  817.950527][   T25] audit: type=1400 audit(817.060:85): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzkaller.rBflRL/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  817.991332][ T3299] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  817.998859][ T3299] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  818.018591][ T3299] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  818.039680][ T3299] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  818.151157][   T25] audit: type=1400 audit(817.270:86): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzkaller.rBflRL/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  819.061987][   T25] audit: type=1400 audit(818.200:87): avc:  denied  { unmount } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  819.438633][   T25] audit: type=1400 audit(818.530:88): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  819.583282][   T25] audit: type=1400 audit(818.700:89): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="gadgetfs" ino=3281 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  820.011436][   T25] audit: type=1400 audit(819.140:90): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  820.269732][   T25] audit: type=1400 audit(819.330:91): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  821.910411][ T3298] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  823.533950][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  823.548931][   T25] audit: type=1400 audit(822.630:93): avc:  denied  { read write } for  pid=3298 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  823.590589][   T25] audit: type=1400 audit(822.710:94): avc:  denied  { open } for  pid=3298 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  823.609089][   T25] audit: type=1400 audit(822.740:95): avc:  denied  { ioctl } for  pid=3298 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  827.409828][   T25] audit: type=1400 audit(826.530:96): avc:  denied  { read } for  pid=3450 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  827.480501][   T25] audit: type=1400 audit(826.610:97): avc:  denied  { open } for  pid=3450 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  828.206071][   T25] audit: type=1400 audit(827.340:99): avc:  denied  { ioctl } for  pid=3450 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  828.278752][   T25] audit: type=1400 audit(827.320:98): avc:  denied  { append } for  pid=3451 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  832.105868][ T3453] kvm [3453]: Failed to find VMA for hva 0x208a1000
[  846.833214][   T25] audit: type=1400 audit(845.840:100): avc:  denied  { ioctl } for  pid=3460 comm="syz.1.4" path="net:[4026532630]" dev="nsfs" ino=4026532630 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  847.868532][   T25] audit: type=1400 audit(847.000:101): avc:  denied  { write } for  pid=3460 comm="syz.1.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  903.969600][   T25] audit: type=1400 audit(903.070:102): avc:  denied  { execute } for  pid=3493 comm="syz.0.14" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4238 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  937.288906][   T25] audit: type=1400 audit(936.410:103): avc:  denied  { map } for  pid=3513 comm="syz.1.21" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1065.811619][ T3591] kvm [3591]: Failed to find VMA for hva 0x208a1000
[ 1143.058988][   T25] audit: type=1400 audit(1142.080:104): avc:  denied  { setattr } for  pid=3635 comm="syz.1.56" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1161.148773][ T3650] kvm [3650]: Failed to find VMA for hva 0x20d8d000
[ 1178.303111][ T3665] debugfs: File 'vgic-its-state@8080000' in directory '3665-4' already present!
[ 1197.620971][ T3675] kvm [3675]: Failed to find VMA for hva 0x21016000
[ 1206.324059][ T3679] debugfs: File 'vgic-its-state@8080000' in directory '3679-4' already present!
[ 1224.480539][ T3688] kvm [3688]: Failed to find VMA for hva 0x20d8d000
[ 1304.180586][ T3734] debugfs: File 'vgic-its-state@8080000' in directory '3734-4' already present!
[ 1313.354201][ T3736] kvm [3736]: Failed to find VMA for hva 0x20d8d000
[ 1401.010084][ T3791] kvm [3791]: Failed to find VMA for hva 0x20d8d000
[ 1536.265342][ T3874] kvm [3874]: Failed to find VMA for hva 0x208a1000
[ 1548.020823][ T3878] kvm [3878]: Failed to find VMA for hva 0x20c01000
[ 1606.451694][ T3911] irq bypass consumer (token 00000000d482bdc0) registration fails: -16
[ 1630.710080][ T3924] kvm [3924]: Failed to find VMA for hva 0x21016000
[ 1649.151364][ T3940] ------------[ cut here ]------------
[ 1649.152719][ T3940] WARNING: CPU: 0 PID: 3940 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac
[ 1649.157054][ T3940] Modules linked in:
[ 1649.159991][ T3940] CPU: 0 UID: 0 PID: 3940 Comm: syz.0.155 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 1649.162077][ T3940] Hardware name: linux,dummy-virt (DT)
[ 1649.163677][ T3940] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1649.165325][ T3940] pc : pend_sync_exception+0x198/0x5ac
[ 1649.166583][ T3940] lr : pend_sync_exception+0x198/0x5ac
[ 1649.167788][ T3940] sp : ffff80008ef478c0
[ 1649.168884][ T3940] x29: ffff80008ef478c0 x28: 00000000000000e0 x27: e0f00000149edb28
[ 1649.171227][ T3940] x26: 00000000000000e0 x25: 0000000000000000 x24: 0000000000000000
[ 1649.173118][ T3940] x23: 0000000000000000 x22: 00000000000000e0 x21: e0f00000149ee701
[ 1649.175134][ T3940] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 1649.176979][ T3940] x17: 0000000000000013 x16: ffff800080011d9c x15: 00000000200004c0
[ 1649.178965][ T3940] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000d4
[ 1649.180924][ T3940] x11: d4f000001d849564 x10: 0000000000ff0100 x9 : 0000000000000000
[ 1649.183020][ T3940] x8 : d4f000001d848000 x7 : ffff800080b08704 x6 : ffff80008ef47a88
[ 1649.184940][ T3940] x5 : ffff80008ef47a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 1649.186918][ T3940] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 1649.189094][ T3940] Call trace:
[ 1649.190294][ T3940]  pend_sync_exception+0x198/0x5ac (P)
[ 1649.191847][ T3940]  __kvm_inject_sea+0x268/0x96c
[ 1649.193223][ T3940]  kvm_inject_sea+0x98/0x72c
[ 1649.194469][ T3940]  __kvm_arm_vcpu_set_events+0x134/0x238
[ 1649.195694][ T3940]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 1649.196884][ T3940]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 1649.198102][ T3940]  __arm64_sys_ioctl+0x18c/0x244
[ 1649.199310][ T3940]  invoke_syscall+0x90/0x2b4
[ 1649.200530][ T3940]  el0_svc_common+0x180/0x2f4
[ 1649.201817][ T3940]  do_el0_svc+0x58/0x74
[ 1649.202964][ T3940]  el0_svc+0x58/0x160
[ 1649.204024][ T3940]  el0t_64_sync_handler+0x78/0x108
[ 1649.205214][ T3940]  el0t_64_sync+0x198/0x19c
[ 1649.206570][ T3940] irq event stamp: 112
[ 1649.207587][ T3940] hardirqs last  enabled at (111): [<ffff80008651a00c>] exit_to_kernel_mode+0xc0/0xf0
[ 1649.209306][ T3940] hardirqs last disabled at (112): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 1649.210901][ T3940] softirqs last  enabled at (88): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 1649.212490][ T3940] softirqs last disabled at (86): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 1649.214293][ T3940] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1665.285415][ T3634] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1666.194760][ T3634] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1666.964787][ T3634] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1667.930929][ T3634] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

VM DIAGNOSIS:
13:06:01  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000804544a8 X00=0000000000000000 X01=ffff8000872b1fa2
X02=0000000000000008 X03=0000000000000000 X04=0000000000000001
X05=0000000000000001 X06=0000000000000000 X07=ffff800081ebe428
X08=00000000000003c0 X09=0000000000000000 X10=00000000000000d4
X11=d4f000001d848000 X12=0000000000ff0100 X13=0000000000000001
X14=0000000000000000 X15=ffff800087f39a30 X16=0000000000000000
X17=0000000000000013 X18=0000000000000000 X19=ffff800081eb2630
X20=d4f000001d848000 X21=ffff80008790fdc0 X22=0000000000000004
X23=d4f000001d848b08 X24=ffff800087666580 X25=00000000000003c0
X26=0000000000000003 X27=0000000000000003 X28=000000000000007d
X29=ffff80008ef46fa0 X30=ffff800080454488  SP=ffff80008ef46f90
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0d00000000000000:0d00000000000000 Z01=0000000d00000000:0000000000000000
Z02=000000000000000d:0000000000000000 Z03=00d000a800000000:0000000000000000
Z04=0000000000000000:0000000000000002 Z05=000000000000000d:0000000000000002
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffedf36880:0000ffffedf36880 Z17=ffffff80ffffffd0:0000ffffedf36850
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000