last executing test programs:

46.949147875s ago: executing program 0 (id=74):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x580, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r2, 0x0, 0x12, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r2, 0x0, 0x2012, 0xffffffffffffffff, 0x0)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000540)=[@smc={0x1e, 0x40, {0x1000, [0xffffffff, 0x5, 0x7, 0x4, 0x6]}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x3ff}}, @eret={0xe6, 0x18, 0x9}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1000, 0x3f5, 0x6}}, @code={0xa, 0x84, {"a06186d200e0b0f2810080d2e20080d2630080d2c40080d2020000d4007008d50060df0c008008d5000040bc007008d5000028d500a8300ec00f83d200a0b8f2410080d2220080d2a30080d2640080d2020000d4c09897d20040b0f2c10080d2a20080d2a30180d2640180d2020000d4"}}, @smc={0x1e, 0x40, {0x8000, [0x2, 0x7, 0xf5, 0x0, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013e092}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x4, 0xa, 0x1, 0xd8, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x3ec}}, @msr={0x14, 0x20, {0x603000000013e719, 0x3}}, @svc={0x122, 0x40, {0x84000014, [0x0, 0x1a5, 0x4, 0x61b7, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0x3, 0x4, 0x4, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x0, 0xe, 0x2a, 0x8}}, @smc={0x1e, 0x40, {0x10, [0x80000000, 0x8, 0x3, 0x0, 0x10]}}, @irq_setup={0x46, 0x18, {0x4, 0x38c}}, @uexit={0x0, 0x18, 0x4e}, @hvc={0x32, 0x40, {0x8400000d, [0x0, 0x9, 0xffffffffffffff4f, 0x7fffffffffffffff]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0x9, 0x8, 0xe, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0x7, 0x9}}, @smc={0x1e, 0x40, {0xc400000d, [0xffffffffffff0000, 0x737a, 0x76f, 0xe, 0xd0]}}, @svc={0x122, 0x40, {0x8400000f, [0x5, 0x2, 0x44, 0x5, 0x8000000000000000]}}, @smc={0x1e, 0x40, {0x1000, [0x2, 0x4, 0x5, 0x100, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013dea8}}, @mrs={0xbe, 0x18, {0x603000000013e711}}], 0x47c}, &(0x7f0000000040)=[@featur2={0x1, 0x46}], 0x1)
mmap$KVM_VCPU(&(0x7f0000a46000/0x1000)=nil, r2, 0xd, 0x100010, r3, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f00008a0000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000e00)=ANY=[], 0x630}, 0x0, 0x0)
syz_kvm_add_vcpu$arm64(r4, &(0x7f00000004c0)={0x0, &(0x7f0000000a00)=[@smc={0x1e, 0x40, {0x86000000, [0x6, 0x8000000000000000, 0x1000, 0x0, 0x4]}}, @irq_setup={0x46, 0x18, {0x1, 0x79}}, @mrs={0xbe, 0x18, {0x603000000013df60}}, @irq_setup={0x46, 0x18, {0x0, 0x3ba}}, @code={0xa, 0x54, {"00a0e00d007008d5007008d580be81d20020b8f2c10080d2420080d2030180d2c40180d2020000d4000008d50040400c007008d5000028d50030204e007008d5"}}, @eret={0xe6, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x34}}, @irq_setup={0x46, 0x18, {0x1, 0x32b}}, @irq_setup={0x46, 0x18, {0x1, 0x31f}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x6}, @hvc={0x32, 0x40, {0x84000003, [0x5, 0x54, 0x2, 0xf668]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0xc, 0x2, 0x1}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0x9c6, 0x7}}, @uexit={0x0, 0x18, 0x5}, @msr={0x14, 0x20, {0x603000000013805e, 0x3ff}}, @svc={0x122, 0x40, {0x84000004, [0x779, 0x6, 0x9, 0x80000001, 0x2]}}, @smc={0x1e, 0x40, {0x25800032, [0x5, 0x9, 0x1, 0x5, 0x7fffffffffffffff]}}, @svc={0x122, 0x40, {0x40, [0x1, 0x3, 0x0, 0x0, 0x4e99]}}, @svc={0x122, 0x40, {0xc4000005, [0x0, 0x7e8, 0xc, 0x6, 0x7]}}, @msr={0x14, 0x20, {0x603000000013c64b, 0x7}}, @eret={0xe6, 0x18, 0xbdf}, @uexit={0x0, 0x18, 0x9}, @smc={0x1e, 0x40, {0x8400000c, [0x100000001, 0x77b, 0xa, 0x4, 0x6]}}, @eret={0xe6, 0x18, 0xe4c5}, @code={0xa, 0x3c, {"0038302e000008d5008008d5007008d5000008d5007008d5007008d5008008d500a4000f008008d5"}}, @irq_setup={0x46, 0x18, {0x1, 0x26}}, @uexit={0x0, 0x18, 0x765}, @msr={0x14, 0x20, {0x603000000013c2ab, 0x5ff}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0xe, 0x3, 0x6, 0x1}}], 0x4a8}, &(0x7f0000000500)=[@featur2={0x1, 0x11}], 0x1)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)

42.723554235s ago: executing program 1 (id=75):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x15)
ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0xff, 0x8, &(0x7f0000000000)=0xfe}) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)
close(0x5) (async)
syz_kvm_vgic_v3_setup(r1, 0x0, 0x200) (async)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async, rerun: 64)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 64)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc9})
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x8004b708, 0x0)
close(r3) (async)
close(0x4)

40.509331626s ago: executing program 0 (id=76):
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000c90000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x810, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ff2000/0xd000)=nil, 0xd000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43133, 0xffffffffffffffff, 0xfffffffff0000000)
munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000)
r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000280)=[@irq_setup={0x46, 0x18, {0x3, 0x2a4}}, @msr={0x14, 0x20, {0x603000000013e533, 0x8}}, @msr={0x14, 0x20, {0x603000000013df57, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0x399}}, @uexit={0x0, 0x18, 0x8c39}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x381}}, @code={0xa, 0x53, {"8228d50060800d000008d5000028d500a0006f002cc09ae0248ad20080b0f2210180d2620080d2a30180d2240180d2020000d4000000350000639e000028d5"}}, @uexit={0x0, 0x18, 0x2}, @hvc={0x32, 0x40, {0x2000000, [0x8d8, 0xc, 0xdef, 0xa287, 0x7b]}}, @uexit={0x0, 0x18, 0x2}, @msr={0x14, 0x20, {0x603000000013df52, 0x418f000}}, @irq_setup={0x46, 0x18, {0x0, 0xfc}}, @msr={0x14, 0x20, {0x603000000013da21, 0x8000000000000001}}], 0x1cb}, &(0x7f00000000c0)=[@featur2={0x1, 0xa0}], 0x1)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x8, <r1=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000140)=0x7f})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000100)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x3})
munmap(&(0x7f0000eb0000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="6e00000000000000300000000000000000000008000000000008000000000000090000000000000001"], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x4, 0x100)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x5, 0xfffffffffffffffe})
mmap$KVM_VCPU(&(0x7f0000400000/0xc00000)=nil, 0x930, 0x4, 0x10, 0xffffffffffffffff, 0x0)

36.763755415s ago: executing program 1 (id=77):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x20400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000002c0)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000000)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000200)=0xf3})
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2, 0x4102932, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0x18)
r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[@code={0xa, 0xb4, {"00fc40d3802083d20040b0f2a10080d2020180d2630180d2840080d2020000d4409482d200c0b0f2810080d2220180d2230080d2440080d2020000d4007008d560d584d20000b8f2a10180d2e20180d2030180d2c40080d2020000d400d28ed20040b0f2a10080d2c20080d2430080d2840080d2020000d400a4004f007008d5e0d98ed20060b0f2e10080d2620080d2630080d2840180d2020000d4007008d5"}}, @uexit={0x0, 0x18, 0x1}], 0xcc}, &(0x7f0000000180)=[@featur2={0x1, 0x26}], 0x1)
ioctl$KVM_S390_VCPU_FAULT(r3, 0x4008ae52, &(0x7f00000001c0)=0x5)
r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="fb4149dd033be3ac3bc4a22332fdaa8de0518df242008031d1dfd92f0000000001fff9ffdc9610fbff77521ce30d8f00", 0x0, 0xfcf7)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)

31.63036131s ago: executing program 0 (id=78):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="820000000000000028000000000000000200000000002200040000000000000001"], 0x28}, 0x0, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x180, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x8)
ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) (async, rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) (async, rerun: 64)
r7 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 64)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) (rerun: 64)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x3, 0x0})

30.947607301s ago: executing program 1 (id=79):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5}) (async)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5})
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000200)=@arm64_core={0x603000000010001c, &(0x7f0000000240)=0x4dd4c116}) (async)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000200)=@arm64_core={0x603000000010001c, &(0x7f0000000240)=0x4dd4c116})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, 0x0) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100018, &(0x7f0000000300)=0x812}) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100018, &(0x7f0000000300)=0x812})

22.491494581s ago: executing program 1 (id=80):
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000300)="fb4149dd033b8986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67525673312b01040000000000002627e7000000000000000200", 0x0, 0xfffffffffffffe73)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, r2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x40a0ae49, &(0x7f00000002c0))
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000080)={0x8, 0x1})
openat$kvm(0x18, &(0x7f0000000040), 0x0, 0x0)

22.203523131s ago: executing program 0 (id=81):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x6c2881, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x51) (async)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r6, 0x3, 0x11, r3, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000c93000/0x3000)=nil, 0x3000)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x0, 0x8080000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f0000000100)=ANY=[@ANYRES16=r2, @ANYBLOB="dc5b805ede854d8a19912701557c8ee9e2a81abaa999a386", @ANYRES32=r5, @ANYRES16], 0x28}, 0x0, 0x0) (async)
r11 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r6, 0x4000002, 0x110, r11, 0x0) (async)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
r12 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f47000/0x2000)=nil, 0x2000) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x1) (async)
ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1d})
ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, 0x0)

14.117345052s ago: executing program 0 (id=82):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}, @msr={0x14, 0x20, {0x603000000013801d, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138025, 0x8000}}, @msr={0x14, 0x20, {0x603000000013802d, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138006, 0x8000}}, @msr={0x14, 0x20, {0x603000000013800e, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138016, 0x8000}}, @msr={0x14, 0x20, {0x603000000013801e, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138007, 0x8000}}, @msr={0x14, 0x20, {0x603000000013800f, 0x8000}}], 0x140}, 0x0, 0x0) (async)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r5, 0xffffffffffffffff) (async)
syz_kvm_assert_reg(r3, 0x6030000000138015, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x603000000013801d, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x6030000000138025, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x603000000013802d, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138006, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x603000000013800d, 0x6) (async)
syz_kvm_assert_reg(r3, 0x1000, 0x1000000008000)
syz_kvm_assert_reg(r3, 0x603000000013801e, 0x8000)
syz_kvm_assert_reg(r3, 0x6030000000138007, 0x8000) (async)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000000)=0x8)
syz_kvm_assert_reg(r3, 0x603000000013800f, 0x8000)

10.48090099s ago: executing program 1 (id=83):
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
r0 = mmap$KVM_VCPU(&(0x7f00006b5000/0x2000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0x48) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r2, 0x300000f, 0x32, 0xffffffffffffffff, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0x80087601, 0x0) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
close(r5)
r6 = eventfd2(0x10081, 0x0)
write$eventfd(r6, &(0x7f0000000080)=0xe, 0x8) (async)
r7 = eventfd2(0x0, 0x0)
openat$kvm(0xffffff9c, 0x0, 0x1a3ef2, 0x0) (async)
write$eventfd(r7, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x3000002, 0x12, r5, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x2082, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r11, 0x4020aeae, &(0x7f0000000080)={0x5}) (async)
ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c021, &(0x7f00000002c0)})
ioctl$KVM_GET_STATS_FD_cpu(r11, 0xaece)
r12 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r12, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0x19000}) (async)
r13 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x24)
syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) (async)
ioctl$KVM_CLEAR_DIRTY_LOG(r13, 0xc018aec0, &(0x7f0000000040)={0x3, 0x100, 0x180, &(0x7f00000002c0)=[0x9, 0x9, 0xfffffffffffffff7, 0xd, 0x6, 0x6d1, 0xfffffffffffffff9, 0x80, 0x4, 0x6, 0x8000, 0xfffffffffffffffa, 0x5, 0x2, 0x1, 0x0, 0xfffffffffffffffc, 0x6, 0x7, 0x0, 0x6, 0x7, 0x9, 0x573c, 0x51, 0x61e, 0x2, 0x85, 0x6, 0x80, 0x1ff, 0x8, 0x8, 0x6, 0x7, 0xc, 0x0, 0x16, 0x1, 0x6, 0xa, 0xffffffffffffffff, 0x8, 0x6, 0x4, 0x72995840, 0xfffffffffffffff6, 0x7f63c2bf, 0x8001, 0x5, 0x8, 0x7, 0x4, 0x6, 0x0, 0x9, 0x6, 0x3, 0x62f, 0x0, 0x1, 0x5, 0x1, 0x4de, 0x0, 0x8001, 0xfffffffffffffffa, 0x4, 0xfffffffffffffffe, 0x6b0, 0xe1, 0x6, 0x3, 0x4, 0x1ff, 0xffffffff, 0x80000001, 0x5, 0x4, 0x9, 0xb, 0x5, 0x28, 0x7ff, 0x59, 0x6, 0x0, 0x5, 0x200, 0x1, 0x6, 0x88, 0x5, 0xffffffffffffffff, 0x3, 0x6, 0x0, 0xec0, 0xe4f1, 0x7ff, 0x4, 0x39293a5f, 0x9, 0xea3, 0xcbd, 0x6, 0x0, 0xfffffffffffffff0, 0x4, 0x7, 0xf, 0x4, 0x4, 0xec2, 0x8, 0x1, 0x7, 0x10001, 0x1, 0x52bb, 0x9, 0x0, 0x9, 0x9, 0x7fffffff, 0xd, 0xfffffffffffffff7, 0xffffffffffff8001]})

7.02442039s ago: executing program 0 (id=84):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0xca680, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000000)={0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="820000000000ab63132f000000000000010000000000000001004cfb99c800000200000000000000aa0000000014000028"], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000300)={0x1ff, 0x0, &(0x7f0000c49000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, <r6=>0xffffffffffffffff})
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x0, 0xe, 0x8000e, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r8, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, <r11=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, <r12=>0xffffffffffffffff})
r13 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f00000001c0)={0x8, <r15=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x128, &(0x7f0000000340)=0x8000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
r16 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)

0s ago: executing program 1 (id=85):
r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff, 0x1})
write$eventfd(r4, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f000000d000/0x400000)=nil, &(0x7f00000001c0)=[{0x0, 0x0, 0x58}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000240)={0x8081000})
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
close(r13)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)

kernel console output (not intermixed with test programs):

[  387.014324][ T3131] 8021q: adding VLAN 0 to HW filter on device bond0
[  439.511173][ T3131] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:26009' (ED25519) to the list of known hosts.
[  603.098380][   T25] audit: type=1400 audit(602.280:60): avc:  denied  { name_bind } for  pid=3289 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  604.090416][   T25] audit: type=1400 audit(603.270:61): avc:  denied  { execute } for  pid=3290 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  604.111053][   T25] audit: type=1400 audit(603.290:62): avc:  denied  { execute_no_trans } for  pid=3290 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  625.605549][   T25] audit: type=1400 audit(624.780:63): avc:  denied  { mounton } for  pid=3290 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  625.637775][   T25] audit: type=1400 audit(624.820:64): avc:  denied  { mount } for  pid=3290 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  625.721129][ T3290] cgroup: Unknown subsys name 'net'
[  625.769721][   T25] audit: type=1400 audit(624.950:65): avc:  denied  { unmount } for  pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  626.182696][ T3290] cgroup: Unknown subsys name 'cpuset'
[  626.288444][ T3290] cgroup: Unknown subsys name 'rlimit'
[  627.221176][   T25] audit: type=1400 audit(626.400:66): avc:  denied  { setattr } for  pid=3290 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  627.247265][   T25] audit: type=1400 audit(626.430:67): avc:  denied  { mounton } for  pid=3290 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  627.264307][   T25] audit: type=1400 audit(626.440:68): avc:  denied  { mount } for  pid=3290 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  628.497590][ T3293] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  628.519498][   T25] audit: type=1400 audit(627.700:69): avc:  denied  { relabelto } for  pid=3293 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  628.547041][   T25] audit: type=1400 audit(627.730:70): avc:  denied  { write } for  pid=3293 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  628.711153][   T25] audit: type=1400 audit(627.890:71): avc:  denied  { read } for  pid=3290 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  628.738469][   T25] audit: type=1400 audit(627.910:72): avc:  denied  { open } for  pid=3290 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  628.780167][ T3290] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  677.305178][   T25] audit: type=1400 audit(676.460:73): avc:  denied  { execmem } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  680.825518][   T25] audit: type=1400 audit(679.990:74): avc:  denied  { read } for  pid=3296 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  680.840233][   T25] audit: type=1400 audit(680.020:75): avc:  denied  { open } for  pid=3296 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  680.933500][   T25] audit: type=1400 audit(680.100:76): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  681.190988][   T25] audit: type=1400 audit(680.370:77): avc:  denied  { module_request } for  pid=3296 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  681.210723][   T25] audit: type=1400 audit(680.390:78): avc:  denied  { module_request } for  pid=3297 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  682.365638][   T25] audit: type=1400 audit(681.540:79): avc:  denied  { sys_module } for  pid=3297 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  710.897326][ T3296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  711.205278][ T3296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  712.037913][ T3297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  712.254877][ T3297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  724.511399][ T3296] hsr_slave_0: entered promiscuous mode
[  724.538197][ T3296] hsr_slave_1: entered promiscuous mode
[  725.446920][ T3297] hsr_slave_0: entered promiscuous mode
[  725.490323][ T3297] hsr_slave_1: entered promiscuous mode
[  725.523739][ T3297] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  725.528362][ T3297] Cannot create hsr debugfs directory
[  731.100099][   T25] audit: type=1400 audit(730.280:80): avc:  denied  { create } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  731.166878][   T25] audit: type=1400 audit(730.350:81): avc:  denied  { write } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  731.196782][   T25] audit: type=1400 audit(730.360:82): avc:  denied  { read } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  731.355516][ T3296] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  731.639764][ T3296] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  731.998741][ T3296] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  732.351371][ T3296] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  733.898219][ T3297] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  734.041585][ T3297] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  734.219799][ T3297] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  734.386585][ T3297] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  747.093161][ T3296] 8021q: adding VLAN 0 to HW filter on device bond0
[  749.241466][ T3297] 8021q: adding VLAN 0 to HW filter on device bond0
[  806.057907][ T3296] veth0_vlan: entered promiscuous mode
[  806.595098][ T3296] veth1_vlan: entered promiscuous mode
[  808.524875][ T3296] veth0_macvtap: entered promiscuous mode
[  808.856151][ T3297] veth0_vlan: entered promiscuous mode
[  809.016057][ T3296] veth1_macvtap: entered promiscuous mode
[  809.897177][ T3297] veth1_vlan: entered promiscuous mode
[  811.450938][ T3296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  811.464278][ T3296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  811.477285][ T3296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  811.487215][ T3296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  812.637715][ T3297] veth0_macvtap: entered promiscuous mode
[  813.411569][ T3297] veth1_macvtap: entered promiscuous mode
[  814.069384][   T25] audit: type=1400 audit(813.250:83): avc:  denied  { mount } for  pid=3296 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  814.304557][   T25] audit: type=1400 audit(813.450:84): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/syzkaller.C3ThKa/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  814.395170][   T25] audit: type=1400 audit(813.570:85): avc:  denied  { mount } for  pid=3296 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  814.895094][   T25] audit: type=1400 audit(814.070:86): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/syzkaller.C3ThKa/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  815.038148][   T25] audit: type=1400 audit(814.210:87): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/syzkaller.C3ThKa/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  815.499712][ T3297] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  815.505518][ T3297] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  815.548198][ T3297] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  815.569224][ T3297] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  815.616931][   T25] audit: type=1400 audit(814.770:88): avc:  denied  { unmount } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  815.831094][   T25] audit: type=1400 audit(815.000:89): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  815.920086][   T25] audit: type=1400 audit(815.100:90): avc:  denied  { mount } for  pid=3296 comm="syz-executor" name="/" dev="gadgetfs" ino=3277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  816.356536][   T25] audit: type=1400 audit(815.540:91): avc:  denied  { mount } for  pid=3296 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  816.519399][   T25] audit: type=1400 audit(815.700:92): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  818.508932][ T3296] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  819.983580][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  820.013356][   T25] audit: type=1400 audit(819.140:94): avc:  denied  { read write } for  pid=3296 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  820.015086][   T25] audit: type=1400 audit(819.160:95): avc:  denied  { open } for  pid=3296 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  820.103650][   T25] audit: type=1400 audit(819.160:96): avc:  denied  { ioctl } for  pid=3296 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  823.858576][   T25] audit: type=1400 audit(823.030:97): avc:  denied  { read } for  pid=3449 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  823.888366][   T25] audit: type=1400 audit(823.060:98): avc:  denied  { open } for  pid=3449 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  824.751466][   T25] audit: type=1400 audit(823.910:99): avc:  denied  { ioctl } for  pid=3449 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  837.498771][   T25] audit: type=1400 audit(836.640:100): avc:  denied  { execute } for  pid=3457 comm="syz.1.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3468 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  855.912772][   T25] audit: type=1400 audit(855.070:101): avc:  denied  { write } for  pid=3473 comm="syz.0.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  866.919560][   T25] audit: type=1400 audit(866.100:102): avc:  denied  { append } for  pid=3478 comm="syz.1.8" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  969.465114][   T25] audit: type=1400 audit(968.640:103): avc:  denied  { setattr } for  pid=3555 comm="syz.0.32" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  986.516757][ T3570] kvm [3570]: Failed to find VMA for hva 0x21016000
[ 1092.519718][ T3641] kvm [3639]: Unsupported guest access at: eeef0100
[ 1092.519718][ T3641]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_read },
[ 1099.201238][ T3646] kvm [3646]: Failed to find VMA for hva 0x20e8a000
[ 1153.970096][ T3675] kvm [3675]: Failed to find VMA for hva 0x21016000
[ 1208.474941][ T3716] Unable to handle kernel paging request at virtual address ffef800000000001
[ 1208.511647][ T3716] KASAN: maybe wild-memory-access in range [0xff00000000000010-0xff0000000000001f]
[ 1208.545577][ T3716] Mem abort info:
[ 1208.548921][ T3716]   ESR = 0x0000000096000004
[ 1208.549706][ T3716]   EC = 0x25: DABT (current EL), IL = 32 bits
[ 1208.550429][ T3716]   SET = 0, FnV = 0
[ 1208.551110][ T3716]   EA = 0, S1PTW = 0
[ 1208.599950][   T25] audit: type=1400 audit(1207.760:104): avc:  denied  { read } for  pid=3090 comm="syslogd" name="log" dev="vda" ino=1857 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1208.636510][ T3716]   FSC = 0x04: level 0 translation fault
[ 1208.654887][ T3716] Data abort info:
[ 1208.684422][ T3716]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 1208.693512][   T25] audit: type=1400 audit(1207.860:105): avc:  denied  { search } for  pid=3090 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1208.703628][ T3716]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 1208.720050][ T3716]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 1208.733526][   T25] audit: type=1400 audit(1207.900:106): avc:  denied  { search } for  pid=3090 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1208.764935][ T3716] [ffef800000000001] address between user and kernel address ranges
[ 1208.772548][ T3716] Internal error: Oops: 0000000096000004 [#1]  SMP
[ 1208.774279][ T3716] Modules linked in:
[ 1208.776381][ T3716] CPU: 0 UID: 0 PID: 3716 Comm: syz.0.84 Not tainted 6.16.0-rc3-syzkaller-g7b8346bd9fce #0 PREEMPT 
[ 1208.778085][ T3716] Hardware name: linux,dummy-virt (DT)
[ 1208.779337][ T3716] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1208.780624][ T3716] pc : vgic_its_save_tables_v0+0x3e0/0xe38
[ 1208.783030][ T3716] lr : vgic_its_save_tables_v0+0x37c/0xe38
[ 1208.784068][ T3716] sp : ffff8000a90e7bf0
[ 1208.784804][ T3716] x29: ffff8000a90e7c70 x28: b6f000001d8294f0 x27: 0000000000000000
[ 1208.786641][ T3716] x26: 00000000000000a1 x25: 00000000fffffdfd x24: 3df000001d9c92c0
[ 1208.788196][ T3716] x23: b6f000001d829438 x22: 8af000001d9c9290 x21: 8af000001d9c9290
[ 1208.789749][ T3716] x20: 56f000001d6e3540 x19: efff800000000000 x18: 0000000000000000
[ 1208.791246][ T3716] x17: 0000000000000055 x16: 0000000000000002 x15: ffff800087f39a30
[ 1208.792723][ T3716] x14: 00000000000000c8 x13: fff000001d70bb08 x12: 0ff0000000000001
[ 1208.794216][ T3716] x11: 0000000000000010 x10: 0000000000002000 x9 : 0000000000000000
[ 1208.795882][ T3716] x8 : 0000000000000000 x7 : ffff80008023c60c x6 : 0000000000000000
[ 1208.797336][ T3716] x5 : 0000000000000020 x4 : ffff8000a90e78f0 x3 : ffff8000801648c0
[ 1208.798801][ T3716] x2 : ffff80008023c688 x1 : 8af000001d9c9290 x0 : 0000000000000000
[ 1208.800448][ T3716] Call trace:
[ 1208.801389][ T3716]  vgic_its_save_tables_v0+0x3e0/0xe38 (P)
[ 1208.802736][ T3716]  vgic_its_set_attr+0x65c/0x860
[ 1208.803842][ T3716]  kvm_device_ioctl+0x354/0x418
[ 1208.804883][ T3716]  __arm64_sys_ioctl+0x18c/0x244
[ 1208.805845][ T3716]  invoke_syscall+0x90/0x2b4
[ 1208.806796][ T3716]  el0_svc_common+0x180/0x2f4
[ 1208.807776][ T3716]  do_el0_svc+0x58/0x74
[ 1208.808736][ T3716]  el0_svc+0x58/0x160
[ 1208.809613][ T3716]  el0t_64_sync_handler+0x78/0x108
[ 1208.810555][ T3716]  el0t_64_sync+0x198/0x19c
[ 1208.812061][ T3716] Code: 9100412b b2481d69 d344fd2c d378fd69 (386c6a6c) 
[ 1208.813917][ T3716] ---[ end trace 0000000000000000 ]---
[ 1208.815601][ T3716] Kernel panic - not syncing: Oops: Fatal exception
[ 1208.818199][ T3716] Kernel Offset: disabled
[ 1208.819302][ T3716] CPU features: 0x00000,00000d18,0bef1be1,057ffe1f
[ 1208.820702][ T3716] Memory Limit: none
[ 1208.822413][ T3716] Rebooting in 86400 seconds..

VM DIAGNOSIS:
23:37:04  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008056bd2c X00=0000000000000001 X01=0000000000000000
X02=0000000000000000 X03=ffff80008056be24 X04=0000000000000001
X05=0000000000000001 X06=0000000000000000 X07=ffff80008056be18
X08=ffff80008651d4f0 X09=0000000000000000 X10=0000000000ff0100
X11=ffff800087f39a30 X12=00000000000000d7 X13=0000000000000004
X14=0000000000002000 X15=0000000000000614 X16=00000000000000d7
X17=0fff0000012eea12 X18=00000000000000ff X19=efff800000000000
X20=ffff80008c1b4f00 X21=ffff80008c1b4f38 X22=b5f0000012d9ef62
X23=0000000000000007 X24=0000000000000001 X25=ffff80008c1b4000
X26=ffff80008c1b4f50 X27=000000000003adac X28=0000011906ce6600
X29=ffff800080007360 X30=ffff800084a37770  SP=ffff800080007360
PSTATE=604020c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0900000000000000:0900000000000000 Z01=0000000900000000:0000000000000000
Z02=0000000000000009:0000000000000000 Z03=00d000a800000000:0000000000000000
Z04=0000000000000000:0000000000000002 Z05=0000000000000009:0000000000000002
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffd8060250:0000ffffd8060250 Z17=ffffff80ffffffd0:0000ffffd8060220
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000