last executing test programs:

1m10.487841943s ago: executing program 0 (id=922):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x101200, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x48102, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) (async)
r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r7, 0x100000a, 0x12, r8, 0x100000) (async)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r7, 0x1, 0x11, r8, 0x0) (async)
r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, r7, 0x0, 0x12, r9, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r4, 0x0, 0x2012, r9, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="820000000000000028000000000000000200000000002200040000000000000001"], 0x28}, 0x0, 0x0)
r13 = syz_kvm_vgic_v3_setup(r10, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) (async)
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x3, 0x0}) (async)
r15 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0)
r17 = syz_kvm_setup_syzos_vm$arm64(r16, &(0x7f0000c00000/0x400000)=nil)
r18 = syz_kvm_add_vcpu$arm64(r17, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r16, 0x1, 0x100) (async)
ioctl$KVM_RUN(r18, 0xae80, 0x0)

56.939827488s ago: executing program 0 (id=924):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000840)=ANY=[@ANYBLOB], 0x36c}], 0x5d, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f00000001c0)=@arm64_core={0x603000000010003a, &(0x7f00000000c0)=0x1})
r6 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x80000400004)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r9, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000580)=[{0x0, &(0x7f0000000100)=[@hvc={0x32, 0x40, {0xc4000001, [0x7fffffffffffffff, 0x7, 0x4, 0xcaa0, 0x5]}}], 0x40}], 0x1, 0x0, 0x0, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000780)={0x0, &(0x7f0000000680)=[@code={0xa, 0x84, {"00fc209b000008d5e0888dd20060b8f2c10080d2620080d2a30180d2440080d2020000d4000000130000002b000008d50084202ea0a483d20000b8f2010080d2020080d2630180d2040180d2020000d4004d8fd200c0b0f2e10080d2e20080d2030180d2040180d2020000d4007008d5"}}], 0x84}, &(0x7f00000007c0)=[@featur2={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0xe, 0x4f832, r7, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x5452, 0xa00000000000000)

42.788128516s ago: executing program 0 (id=927):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, 0x0, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x65a480, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xef)
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r3, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x4, 0x40)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
r5 = eventfd2(0x0, 0x0)
close(r5)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
write$eventfd(r5, &(0x7f0000000000), 0xfffffe1e)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f00000001c0)=[@featur1={0x1, 0x4}], 0x1)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000380)={0x10200, 0x0, 0xdddd1000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x4, 0x4c})
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)

41.960791552s ago: executing program 1 (id=928):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x18b080, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f00000000c0)={0x5, 0x10})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) (async)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, &(0x7f0000000280)=ANY=[], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x1, 0x2001, 0x1}}], 0x28}, 0x0, 0x0) (async)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x1, 0x2001, 0x1}}], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r9, 0x4068aea3, &(0x7f0000000080)={0xb6, 0x0, 0xed6})
syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bfd000/0x400000)=nil) (async)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bfd000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000001, [0x99a, 0xb, 0xaca, 0x101, 0x1]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r11, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r11, 0x4360ae82, 0x0)
munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2, 0x4102932, 0xffffffffffffffff, 0x0)

29.415229634s ago: executing program 1 (id=929):
openat$kvm(0x0, &(0x7f0000000700), 0x26280, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x1, 0x5000, 0x1000, &(0x7f0000fa2000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f0000000040)={0x1})
mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0)
r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="220100000000000040000000000000000800008400000000000000000000000006000000000000000900000000000000890800000000000008000000000000004600000000000000180000000000000001000000d60200000a000000000000006c00000000000000007008d520598dd20000b0f2e10080d2820180d2e30180d2040080d2020000d4000028d50004c038e0ca98d20000b8f2410180d2820180d2230080d2e40080d2020000d40000805a0004c07800a4000d0000200e000008d5c0035fd60a000000000000003c00000000000000002cc09a000028d5000820380000400d007008d50040271e0000403c008008d50050c01a008008d5c0035fd6aa0000000000000028000000000000000b00010000000a0000000300000000100000070000000000820000000000000028000000000000000000000000000000040000000000000019020000000000000a000000000000008400000000000000007008d5000028d5609a91d200e0b8f2610180d2a20180d2830080d2840180d2020000d4007008d5007008d5e0e585d200c0b8f2410080d2820080d2a30080d2840080d2020000d40000800cc06f82d20020b8f2c10180d2220180d2230080d2e40080d2020000d4007008d5000008d5c0035fd66e0000000000000030000000000000000000000800000000006000000000000001000000000000000200000000000000220100000000000040000000000000000000008000000000c9b8000000000000faffffffffffffff0100000000000000060000000000000047af0000000000004600000000000000180000000000000003000000a102000046000000000000001800000000000000020000004a0100006e00000000000000300000000000000000000c0800000000000c000000000000030000000000000004000000000000008200000000000000280000000000000001000000000000000000000000000000940100000000000082000000000000002800000000000000030000000000000001000000000000003d0000000000000082000000000000002800000000000000040000000000000002000000000000003c0300000000000022010000000000004000000000000000120000840000000008000000000000000600000000000000ad453e6e000000f8ffffffffffffffff0b050000000000000a000000000000006c000000000000000094202e008008d580489fd20020b0f2610080d2220080d2230080d2040080d2020000d4007008d5007008d5404b80d20080b8f2c10080d2e20180d2830080d2440180d2020000d40008a0f8007008d50040000c007008d5c0035fd622010000000000004000000000000000000000800000000001000000000000000002000000000000070000000000000009000000000000000300000000000000220100000000000040000000000000000900008400000000020000000000000008000400000000000000ff7f0000000000001400000000000000200000000000000039c01300000030600800000000000000220100000000000040000000000000000000008000000000080000000000000001000080000000000200000000000000090000000000000080000000000000006e0000000000000030000000000000000000000800000000080000000000000001040000000000000f000000000000006e00000000000000300000000000000000000a0800000000000d000000000000740e0000000000000200000000000000460000000000000018000000000000000100000029010000aa0000000000000028000000000000000501010000000100000005000000030000000200000000003200000000000000400000000000000080000000000000000300000000000000feffffffffffffff0000000000000000ffffffffffffffff0200000000000000"], 0x588}, &(0x7f0000000100)=[@featur2={0x1, 0xc0}], 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0x4b49, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x62221, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc9})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfd000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000200)={0x5})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f00000001c0)={0x8})
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f00000001c0)=ANY=[])
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000480)=[{0x0, &(0x7f0000000180)=ANY=[], 0x2fc}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)

27.886710208s ago: executing program 0 (id=930):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x6, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x8, 0x88, &(0x7f00000001c0)=0xe5c5})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0000000000000000180000000000000002000000000000006e0000000000000030000000000000000000000800000000000000000000000004000000000000000600000000000000be000000000000001800000000000000ce831300000030601400000000000000200000000000000018c51300000030609501000000000000000000000000000018000000000000000900000000000000aa000000000000002800000000000000030104000000020000000600000001040000000000000000be0000000000000018000000000000005bc613000000306046000000000000001800000000000000030000004100000082000000000000002800000000000000030000000000000003000000000000008a0100"], 0x36c}], 0x1, 0x0, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
eventfd2(0x7, 0x100001)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0xc6)
r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r10 = eventfd2(0x100, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x3, &(0x7f0000000200)=0xfffffffffffffffe})
ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000900)={0xb5, 0x0, 0x4, r10, 0x1})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

20.286845955s ago: executing program 1 (id=931):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4020ae46, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000001000000000000000806"])
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f00000001c0)=0xffffff7f, 0xe80)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r4, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000580)=[{0x0, &(0x7f0000000140)=[@smc={0x1e, 0x40, {0x84000012, [0x38000000000, 0x9, 0x4, 0x8001, 0x6]}}], 0x40}], 0x1, 0x0, 0x0, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000780)={0x0, &(0x7f0000000680)=[@code={0xa, 0x84, {"00fc209b000008d5e0888dd20060b8f2c10080d2620080d2a30180d2440080d2020000d4000000130000002b000008d50084202ea0a483d20000b8f2010080d2020080d2630180d2040180d2020000d4004d8fd200c0b0f2e10080d2e20080d2030180d2040180d2020000d4007008d5"}}], 0x84}, &(0x7f00000007c0)=[@featur2={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

14.947007224s ago: executing program 1 (id=932):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0xc0081, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x441c0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x3, 0x40)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e0c000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e86000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ed0000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x1000000, 0x10010, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e0b000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f00000002c0)={0xffffffffffffffff, 0x1, 0x2})
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x800454d2, 0x0)

13.606749972s ago: executing program 0 (id=933):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x19) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

7.444531676s ago: executing program 1 (id=934):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
close(r0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x4d)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000100), 0x183a42, 0x0)
close(0x5)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x4, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x400454ce, 0x0)

2.982931142s ago: executing program 1 (id=935):
openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0xb1, 0x0, 0x5})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="820000000000000028000000000000000100000000000000040000000000000002000000000000008200000000000000280000000000000004"], 0x50}, 0x0, 0x0) (async)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="820000000000000028000000000000000100000000000000040000000000000002000000000000008200000000000000280000000000000004"], 0x50}, 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x26e7, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
close(r7)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000200)=@arm64={0x4, 0x0, 0x0, '\x00', 0x101}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000200)=@arm64={0x4, 0x0, 0x0, '\x00', 0x101})
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

0s ago: executing program 0 (id=936):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_MTE(r5, 0x4068aea3, &(0x7f0000000140))
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa})
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000180)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000080)=0x7fffffff})
ioctl$KVM_CREATE_VM(r3, 0xc0045878, 0x20000000)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff})
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)

kernel console output (not intermixed with test programs):

[  384.408475][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0
[  420.090950][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:60468' (ED25519) to the list of known hosts.
[  601.370787][   T25] audit: type=1400 audit(600.540:60): avc:  denied  { name_bind } for  pid=3290 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  602.324038][   T25] audit: type=1400 audit(601.490:61): avc:  denied  { execute } for  pid=3291 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  602.350507][   T25] audit: type=1400 audit(601.520:62): avc:  denied  { execute_no_trans } for  pid=3291 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  622.784467][   T25] audit: type=1400 audit(621.950:63): avc:  denied  { mounton } for  pid=3291 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  622.820349][   T25] audit: type=1400 audit(621.990:64): avc:  denied  { mount } for  pid=3291 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  622.902617][ T3291] cgroup: Unknown subsys name 'net'
[  622.956716][   T25] audit: type=1400 audit(622.120:65): avc:  denied  { unmount } for  pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  623.331856][ T3291] cgroup: Unknown subsys name 'cpuset'
[  623.455484][ T3291] cgroup: Unknown subsys name 'rlimit'
[  624.346867][   T25] audit: type=1400 audit(623.520:66): avc:  denied  { setattr } for  pid=3291 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  624.366242][   T25] audit: type=1400 audit(623.530:67): avc:  denied  { mounton } for  pid=3291 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  624.389716][   T25] audit: type=1400 audit(623.560:68): avc:  denied  { mount } for  pid=3291 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  625.592865][ T3294] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  625.615417][   T25] audit: type=1400 audit(624.780:69): avc:  denied  { relabelto } for  pid=3294 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  625.641122][   T25] audit: type=1400 audit(624.810:70): avc:  denied  { write } for  pid=3294 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  625.820583][   T25] audit: type=1400 audit(624.990:71): avc:  denied  { read } for  pid=3291 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  625.847437][   T25] audit: type=1400 audit(625.010:72): avc:  denied  { open } for  pid=3291 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  625.888788][ T3291] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  674.257777][   T25] audit: type=1400 audit(673.430:73): avc:  denied  { execmem } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  677.847886][   T25] audit: type=1400 audit(677.020:74): avc:  denied  { read } for  pid=3297 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  677.866708][   T25] audit: type=1400 audit(677.030:75): avc:  denied  { open } for  pid=3297 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  677.966618][   T25] audit: type=1400 audit(677.130:76): avc:  denied  { mounton } for  pid=3297 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  678.228343][   T25] audit: type=1400 audit(677.400:77): avc:  denied  { module_request } for  pid=3297 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  678.239580][   T25] audit: type=1400 audit(677.410:78): avc:  denied  { module_request } for  pid=3298 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  679.391217][   T25] audit: type=1400 audit(678.550:79): avc:  denied  { sys_module } for  pid=3298 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  708.289301][ T3298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  708.559228][ T3298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  708.658384][ T3297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  709.091364][ T3297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  721.582117][ T3298] hsr_slave_0: entered promiscuous mode
[  721.609428][ T3298] hsr_slave_1: entered promiscuous mode
[  722.672489][ T3297] hsr_slave_0: entered promiscuous mode
[  722.708660][ T3297] hsr_slave_1: entered promiscuous mode
[  722.747488][ T3297] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  722.760525][ T3297] Cannot create hsr debugfs directory
[  728.065584][   T25] audit: type=1400 audit(727.230:80): avc:  denied  { create } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  728.117479][   T25] audit: type=1400 audit(727.280:81): avc:  denied  { write } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  728.194241][   T25] audit: type=1400 audit(727.300:82): avc:  denied  { read } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  728.324828][ T3298] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  728.562516][ T3298] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  728.976188][ T3298] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  729.325676][ T3298] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  730.800474][ T3297] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  730.922726][ T3297] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  731.111958][ T3297] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  731.278609][ T3297] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  743.966095][ T3298] 8021q: adding VLAN 0 to HW filter on device bond0
[  745.971050][ T3297] 8021q: adding VLAN 0 to HW filter on device bond0
[  802.145471][ T3298] veth0_vlan: entered promiscuous mode
[  802.621692][ T3298] veth1_vlan: entered promiscuous mode
[  804.611640][ T3298] veth0_macvtap: entered promiscuous mode
[  804.711910][ T3297] veth0_vlan: entered promiscuous mode
[  804.899908][ T3298] veth1_macvtap: entered promiscuous mode
[  805.547618][ T3297] veth1_vlan: entered promiscuous mode
[  807.330468][ T3298] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  807.339460][ T3298] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  807.354584][ T3298] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  807.365532][ T3298] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  808.147985][ T3297] veth0_macvtap: entered promiscuous mode
[  808.728112][ T3297] veth1_macvtap: entered promiscuous mode
[  809.796815][   T25] audit: type=1400 audit(808.960:83): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  809.978542][   T25] audit: type=1400 audit(809.110:84): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzkaller.jcXvS7/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  810.255236][   T25] audit: type=1400 audit(809.400:85): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  810.680566][   T25] audit: type=1400 audit(809.840:86): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzkaller.jcXvS7/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  810.895733][   T25] audit: type=1400 audit(809.960:87): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzkaller.jcXvS7/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  811.091054][ T3297] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  811.129299][ T3297] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  811.145251][ T3297] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  811.159267][ T3297] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  811.450899][   T25] audit: type=1400 audit(810.620:88): avc:  denied  { unmount } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  811.774640][   T25] audit: type=1400 audit(810.930:89): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  811.972620][   T25] audit: type=1400 audit(811.060:90): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="gadgetfs" ino=3280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  812.369862][   T25] audit: type=1400 audit(811.540:91): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  812.410690][   T25] audit: type=1400 audit(811.580:92): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  813.906504][ T3298] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  814.818860][   T25] kauditd_printk_skb: 2 callbacks suppressed
[  814.829021][   T25] audit: type=1400 audit(813.990:95): avc:  denied  { open } for  pid=3298 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  814.875576][   T25] audit: type=1400 audit(814.030:96): avc:  denied  { ioctl } for  pid=3298 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  818.292861][   T25] audit: type=1400 audit(817.460:97): avc:  denied  { read } for  pid=3451 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  818.341870][   T25] audit: type=1400 audit(817.510:98): avc:  denied  { open } for  pid=3451 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  818.644305][   T25] audit: type=1400 audit(817.800:99): avc:  denied  { ioctl } for  pid=3451 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  829.505900][   T25] audit: type=1400 audit(828.660:100): avc:  denied  { write } for  pid=3459 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  838.707768][   T25] audit: type=1400 audit(837.870:101): avc:  denied  { append } for  pid=3464 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  867.421165][ T3485] kvm [3485]: Failed to find VMA for hva 0x21016000
[  867.610121][   T25] audit: type=1400 audit(866.750:102): avc:  denied  { ioctl } for  pid=3486 comm="syz.1.11" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  889.689659][   T25] audit: type=1400 audit(888.760:103): avc:  denied  { execute } for  pid=3497 comm="syz.1.14" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4400 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  967.040675][ T3564] KVM: debugfs: duplicate directory 3564-4
[ 1250.144439][   T25] audit: type=1400 audit(1249.300:104): avc:  denied  { map } for  pid=3744 comm="syz.0.82" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1250.174945][   T25] audit: type=1400 audit(1249.330:105): avc:  denied  { execute } for  pid=3744 comm="syz.0.82" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1269.454676][ T3755] kvm [3755]: Failed to find VMA for hva 0x20000000
[ 1315.781907][   T25] audit: type=1400 audit(1314.860:106): avc:  denied  { setattr } for  pid=3778 comm="syz.0.94" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1417.771577][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001d3]
[ 1417.771577][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1417.811479][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001db]
[ 1417.811479][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1417.847624][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001db]
[ 1417.847624][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1417.879896][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001db]
[ 1417.879896][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1417.899538][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001db]
[ 1417.899538][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1417.958608][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001db]
[ 1417.958608][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1417.981660][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001db]
[ 1417.981660][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1418.008709][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001db]
[ 1418.008709][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1418.046888][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001db]
[ 1418.046888][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1418.086320][ T3848] kvm [3846]: Unsupported guest CP15 access at: 00000080 [000001db]
[ 1418.086320][ T3848]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 1734.174665][   T25] audit: type=1400 audit(1733.320:107): avc:  denied  { map } for  pid=4064 comm="syz.0.176" path="/" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 2010.552338][ T4254] kvm [4254]: Failed to find VMA for hva 0x20c01000
[ 2016.787206][ T4261] debugfs: File 'vgic-its-state@0' in directory '4261-4' already present!
[ 2062.210045][ T4287] kvm [4287]: Failed to find VMA for hva 0x20d8d000
[ 2062.226617][ T4290] kvm [4290]: Failed to find VMA for hva 0x20d8d000
[ 2115.958333][ T4316] kvm [4316]: Failed to find VMA for hva 0x2018c000
[ 2116.065267][ T4317] kvm [4317]: Failed to find VMA for hva 0x2018c000
[ 2334.615958][ T4488] KVM: debugfs: duplicate directory 4488-6
[ 2597.035841][ T4644] kvm [4644]: Failed to find VMA for hva 0x20c01000
[ 2771.561522][ T4776] kvm [4776]: Failed to find VMA for hva 0x20d8d000
[ 2814.137887][ T4807] kvm [4807]: Failed to find VMA for hva 0x208a1000
[ 3139.825496][ T5030] irq bypass consumer (token 000000005eab8c93) registration fails: -16
[ 3435.730470][ T5188] kvm [5188]: Failed to find VMA for hva 0x20d8d000
[ 3579.567960][ T5260] kvm [5260]: Failed to find VMA for hva 0x20d8c000
[ 3783.106833][ T5352] kvm [5352]: Failed to find VMA for hva 0x20d8d000
[ 3783.111151][ T5353] kvm [5353]: Failed to find VMA for hva 0x20d8d000
[ 3793.074760][ T5357] debugfs: File 'vgic-its-state@8080000' in directory '5357-7' already present!
[ 4058.458047][ T5495] kvm [5495]: Failed to find VMA for hva 0x21016000
[ 4069.237326][ T5497] kvm [5497]: Failed to find VMA for hva 0x20d8d000
[ 4182.295523][ T5549] kvm [5549]: Failed to find VMA for hva 0x20c01000
[ 4331.711734][ T5624] kvm [5624]: Failed to find VMA for hva 0x21016000
[ 4383.027857][ T5646] kvm [5646]: Failed to find VMA for hva 0x20c01000
[ 4808.147193][ T5863] kvm [5863]: Failed to find VMA for hva 0x20c01000
[ 4889.852377][   T25] audit: type=1400 audit(4889.010:108): avc:  denied  { execute } for  pid=5901 comm="syz.1.794" path=2F3434302F10FBFF67525673312B0104 dev="tmpfs" ino=2237 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 4954.699117][ T5930] kvm [5930]: Failed to find VMA for hva 0x21016000
[ 5348.249433][ T6139] kvm [6139]: Failed to find VMA for hva 0x20d8d000
[ 5561.575373][ T6241] debugfs: File 'vgic-its-state@8080000' in directory '6241-4' already present!
[ 5613.972219][ T6265] ------------[ cut here ]------------
[ 5613.973123][ T6265] WARNING: CPU: 0 PID: 6265 at arch/arm64/kvm/inject_fault.c:71 pend_serror_exception+0x19c/0x5ac
[ 5613.978769][ T6265] Modules linked in:
[ 5613.981195][ T6265] CPU: 0 UID: 0 PID: 6265 Comm: syz.1.935 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 5613.982881][ T6265] Hardware name: linux,dummy-virt (DT)
[ 5613.984176][ T6265] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 5613.985445][ T6265] pc : pend_serror_exception+0x19c/0x5ac
[ 5613.986391][ T6265] lr : pend_serror_exception+0x19c/0x5ac
[ 5613.987373][ T6265] sp : ffff8000a3ec7930
[ 5613.988213][ T6265] x29: ffff8000a3ec7930 x28: a0f000001d5d8028 x27: 0000000000000001
[ 5613.990116][ T6265] x26: 0000000000000000 x25: 0000000000000001 x24: 00000000000000a0
[ 5613.991709][ T6265] x23: a0f000001d5d82a8 x22: 00000000000000a0 x21: a0f000001d5d8e81
[ 5613.993211][ T6265] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 5613.994805][ T6265] x17: 0000000000000078 x16: ffff800080011d9c x15: 0000000020000200
[ 5613.996285][ T6265] x14: ffffffffffffffff x13: 0000000000000028 x12: 000000000000000e
[ 5613.997868][ T6265] x11: 0ef000001d501564 x10: 0000000000ff0100 x9 : 0000000000000000
[ 5613.999533][ T6265] x8 : 0ef000001d500000 x7 : ffff800080b08704 x6 : ffff8000a3ec7a88
[ 5614.001097][ T6265] x5 : ffff8000a3ec7a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 5614.002686][ T6265] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 5614.004384][ T6265] Call trace:
[ 5614.005397][ T6265]  pend_serror_exception+0x19c/0x5ac (P)
[ 5614.006751][ T6265]  kvm_inject_serror_esr+0x274/0xe40
[ 5614.007800][ T6265]  __kvm_arm_vcpu_set_events+0x1d4/0x238
[ 5614.008836][ T6265]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 5614.009825][ T6265]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 5614.010804][ T6265]  __arm64_sys_ioctl+0x18c/0x244
[ 5614.011768][ T6265]  invoke_syscall+0x90/0x2b4
[ 5614.012738][ T6265]  el0_svc_common+0x180/0x2f4
[ 5614.013706][ T6265]  do_el0_svc+0x58/0x74
[ 5614.014683][ T6265]  el0_svc+0x58/0x160
[ 5614.015560][ T6265]  el0t_64_sync_handler+0x78/0x108
[ 5614.016571][ T6265]  el0t_64_sync+0x198/0x19c
[ 5614.017812][ T6265] irq event stamp: 4720
[ 5614.018690][ T6265] hardirqs last  enabled at (4719): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 5614.019883][ T6265] hardirqs last disabled at (4720): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 5614.021029][ T6265] softirqs last  enabled at (4702): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 5614.022259][ T6265] softirqs last disabled at (4700): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 5614.023640][ T6265] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5628.520418][ T5649] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5628.888104][ T5649] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5629.274898][ T5649] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5629.878780][ T5649] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5641.888187][ T5649] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5642.051480][ T5649] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5642.171078][ T5649] bond0 (unregistering): Released all slaves

VM DIAGNOSIS:
08:36:24  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008048c578 X00=0000000000000000 X01=0000000000000000
X02=0000000000000000 X03=ffff80008047b3ec X04=0000000000000000
X05=0000000000000001 X06=0000000000000000 X07=ffff800081ebe428
X08=0ef000001d500000 X09=0000000000000000 X10=0000000000ff0100
X11=0ef000001d500000 X12=0000000000ff0100 X13=00000000ffffffff
X14=0000000000000000 X15=0000000020000200 X16=ffff800080011d9c
X17=0000000000000078 X18=0000000000000000 X19=0000000000000000
X20=00000000000000ff X21=000000000000000e X22=efff800000000000
X23=ffff800087983e08 X24=ffff800087921350 X25=ffff8000876bdf68
X26=0ef000001d500010 X27=00000000000003c0 X28=ffff800087705000
X29=ffff8000a3ec7370 X30=ffff80008048c578  SP=ffff8000a3ec7340
PSTATE=804023c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000006 Z01=0000000000274000:0000000000000000
Z02=0000fffff5128850:ffffff80ffffffd8 Z03=0000fffff5128900:0000fffff5128900
Z04=0000fffff5128900:0000ffff82336d08 Z05=0000fffff51288d0:0000fffff5128900
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000fffff5128b20:0000fffff5128b20 Z17=ffffff80ffffffd0:0000fffff5128af0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000