last executing test programs:

56.521428883s ago: executing program 1 (id=814):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060008000000000000014000000000000002000000000000000e1dc130000003060008000000000000014000000000000002000000000000000e2dc130000003060008000000000000014000000000000002000000000000000e3dc130000003060008000000000000014000000000000002000000000000000e4dc130000003060008000000000000014000000000000002000000000000000e5dc130000003060008000000000000014000000000000002000000000000000e8dc130000003060008000000000000014000000000000002000000000000000e9dc1300000030600080000000000000d3b84cee2db4a35f70be381a7449ea351e106dcb6a8cc6fe5c4cc1c085c1a6e4d102"], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
syz_kvm_assert_syzos_uexit$arm64(r5, 0xffffffffffffffff)
syz_kvm_assert_reg(r3, 0x603000000013c4f1, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013c4f2, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013dce0, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x603000000013dce1, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x603000000013dce2, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x603000000013dce3, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x603000000013dce4, 0x8000)
r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 32)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x4) (rerun: 32)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa})
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000180)=@arm64_fp={0x6040000000100086, 0x0})
syz_kvm_assert_reg(r3, 0x603000000013dce5, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x603000000013dce8, 0x8000) (async)
syz_kvm_assert_reg(r3, 0x603000000013dce9, 0x8000)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 64)
r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (rerun: 64)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)

49.623210199s ago: executing program 0 (id=815):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x101000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000b60000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x600040, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x1, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0xf, 0x64, &(0x7f0000000100)=0x8})
r6 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x930, 0x0, 0x7f09bd658b282731, 0xffffffffffffffff, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000001c0)={0x8})
close(0x5)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
close(0x4)

48.312265644s ago: executing program 1 (id=816):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x4003831, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r4, 0x5000003, 0x80031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000240)={0x5})
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000200)=@arm64_bitmap={0x6030000010160001, 0x0})
r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0x80, [0x0, 0x1, 0x1, 0x7f, 0x9]}}, @smc={0x1e, 0x40, {0x40000000, [0x716, 0x0, 0x4, 0xd59, 0x1]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x55}}, @hvc={0x32, 0x40, {0x84000009, [0x225, 0xffffffffffffffff, 0x8000000000000000, 0xffffffffffff8017, 0xb]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff0, 0x31094e1, 0x8}}], 0x118}, &(0x7f0000000140)=[@featur2={0x1, 0x45}], 0x1)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r11, 0xfffffffffffffffd, 0x40)
r12 = eventfd2(0x0, 0x0)
r13 = eventfd2(0xffff, 0x80801)
ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f00000002c0)={r12, 0x40fff, 0x2, r13})
close(r12)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f00000001c0)=@arm64_fp={0x60400000001000ac, &(0x7f0000000180)})
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19})
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100012, 0xffffffffffffffff})

39.260222372s ago: executing program 0 (id=817):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0xe, 0x8000e, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000240)=@arm64_core={0x6030000000100048, &(0x7f0000000180)=0xb99b})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4360ae82, &(0x7f0000000280)={[0x734, 0x200, 0x0, 0x7, 0x5, 0x8, 0xffff, 0x7, 0x5, 0x7f, 0xd, 0x6, 0xfffffffffffffffb, 0x800, 0xf0fa5ad], 0x5000, 0x200})
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000000100000000000000aa00000000000000280000000000000008"], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x140)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7ff)

34.663078406s ago: executing program 1 (id=818):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000380)="f30138dd033be3ac4ac4a29ea6ab08004b584bd92e2e0000000000000f0000000000010001000000000000000300000000000000040a00", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x40305839, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x100000000000000, 0x0})
ioctl$KVM_IRQFD(r1, 0x4020ae76, 0xffffffffffffffff)

26.25418067s ago: executing program 0 (id=819):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8})
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async, rerun: 64)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 64)
ioctl$KVM_CREATE_VM(r7, 0x80811501, 0x20000000) (async, rerun: 64)
r8 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (rerun: 64)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc1300000030d11b"], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000240)=[{0x0, &(0x7f0000000040)=[@irq_setup={0x46, 0x18, {0x0, 0x2ae}}], 0x18}], 0x1, 0x0, &(0x7f0000000280)=[@featur2], 0x1)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0x80111500, 0x20000000)
ioctl$KVM_CREATE_VM(r11, 0x40049409, 0x10000000000000)
r12 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000014000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060c7"], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async, rerun: 32)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (rerun: 32)

24.583517368s ago: executing program 1 (id=820):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x4908c1, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r1, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="e51b9ce9a032a1ca7079bce9b3cf3ba9c7fbc2e7ab457eacc044b677d9d49c274b8d12fb382e0520cadbc6763409ffdb41911831b85a42b40c1689a8bf14be81eda4bae2d8c28ef8", 0x0, 0x48)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000c35000/0x6000)=nil, 0x0, 0x0, 0x100010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000000)="70155c5d20a0ec1b57c6ba7f8928a911aff510e60bce908e076df63cccdfba6257c4495a4bfff27920044a3fd685a2e754330cb08b932b41de7aa2558f290ff901f89f37ff70eb13", 0x0, 0x48)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = eventfd2(0x0, 0x0)
close(r5)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000004000/0x4000)=nil, r6, 0x680000a, 0x11, r5, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r6, 0x1, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0xa, <r8=>0xffffffffffffffff, 0x1})
r9 = ioctl$KVM_CREATE_VM(r8, 0x894c, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil)
r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x6, 0x101}})
r15 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000014000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060c7"], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xb702, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)

16.071164684s ago: executing program 0 (id=821):
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000c90000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) (async)
munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000) (async)
munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, 0x0, 0x1000002, 0x24132, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x3, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000) (async)
munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)

15.784014168s ago: executing program 1 (id=822):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c9d000/0x3000)=nil, r1, 0x100000b, 0x10010, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e50000/0x1000)=nil, r1, 0x2000005, 0x10, r2, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f00000001c0)=ANY=[], 0x40}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x1})
r6 = openat$kvm(0x0, &(0x7f0000000240), 0x523b01, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x81f})
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f00000001c0)={0x0, &(0x7f0000000100)=ANY=[], 0x50}, 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x40)
r12 = eventfd2(0x0, 0x0)
r13 = eventfd2(0x0, 0x1)
ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f00000002c0)={r12, 0x1, 0x2, r13})
r14 = eventfd2(0x0, 0x0)
ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f00000000c0)={r14, 0x1, 0x2, r13})

8.90129727s ago: executing program 0 (id=823):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000080)={0x9, <r3=>0xffffffffffffffff, 0x1})
ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000100)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f00000000c0)=0x9b})
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000240)={0x1, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x6})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r5 = eventfd2(0x101, 0x80000)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000140)={r5, 0x100, 0x2})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x7, <r6=>0xffffffffffffffff})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x7, 0xffffffffffffffff, 0x1})
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000180)=0x6})

2.243884095s ago: executing program 1 (id=824):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000000c0)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x4, 0x0})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x80000000, 0x1}})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0xea12157bff932e6})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000000c0)={0x8}) (async)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x4, 0x0}) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x80000000, 0x1}}) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0xea12157bff932e6}) (async)

0s ago: executing program 0 (id=825):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000200)=@arm64={0x4, 0x0, 0x0, '\x00', 0x101})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40086602, 0x20000000)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x80000000000c6)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000200)=@arm64={0x4, 0x0, 0x0, '\x00', 0x101}) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x1}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0x40086602, 0x20000000) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x80000000000c6) (async)

kernel console output (not intermixed with test programs):

[  410.352557][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0
[  441.952425][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:65070' (ED25519) to the list of known hosts.
[  605.236356][   T25] audit: type=1400 audit(604.330:60): avc:  denied  { name_bind } for  pid=3290 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  606.232611][   T25] audit: type=1400 audit(605.330:61): avc:  denied  { execute } for  pid=3291 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  606.253487][   T25] audit: type=1400 audit(605.350:62): avc:  denied  { execute_no_trans } for  pid=3291 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  627.771987][   T25] audit: type=1400 audit(626.860:63): avc:  denied  { mounton } for  pid=3291 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  627.805808][   T25] audit: type=1400 audit(626.900:64): avc:  denied  { mount } for  pid=3291 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  627.895165][ T3291] cgroup: Unknown subsys name 'net'
[  627.946543][   T25] audit: type=1400 audit(627.040:65): avc:  denied  { unmount } for  pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  628.345268][ T3291] cgroup: Unknown subsys name 'cpuset'
[  628.480031][ T3291] cgroup: Unknown subsys name 'rlimit'
[  629.401036][   T25] audit: type=1400 audit(628.500:66): avc:  denied  { setattr } for  pid=3291 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  629.426219][   T25] audit: type=1400 audit(628.510:67): avc:  denied  { mounton } for  pid=3291 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  629.450936][   T25] audit: type=1400 audit(628.540:68): avc:  denied  { mount } for  pid=3291 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  630.645846][ T3294] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  630.679319][   T25] audit: type=1400 audit(629.760:69): avc:  denied  { relabelto } for  pid=3294 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  630.681029][   T25] audit: type=1400 audit(629.770:70): avc:  denied  { write } for  pid=3294 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  630.856828][   T25] audit: type=1400 audit(629.950:71): avc:  denied  { read } for  pid=3291 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  630.876424][   T25] audit: type=1400 audit(629.970:72): avc:  denied  { open } for  pid=3291 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  630.921450][ T3291] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  678.985939][   T25] audit: type=1400 audit(678.080:73): avc:  denied  { execmem } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  682.672981][   T25] audit: type=1400 audit(681.770:74): avc:  denied  { read } for  pid=3297 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  682.697012][   T25] audit: type=1400 audit(681.790:76): avc:  denied  { read } for  pid=3298 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  682.717039][   T25] audit: type=1400 audit(681.780:75): avc:  denied  { open } for  pid=3297 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  682.790649][   T25] audit: type=1400 audit(681.860:77): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  683.034086][   T25] audit: type=1400 audit(682.120:78): avc:  denied  { module_request } for  pid=3298 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  683.046709][   T25] audit: type=1400 audit(682.140:79): avc:  denied  { module_request } for  pid=3297 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  684.202239][   T25] audit: type=1400 audit(683.290:80): avc:  denied  { sys_module } for  pid=3297 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  713.070174][ T3298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  713.282572][ T3298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  714.182415][ T3297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  714.680392][ T3297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  726.691547][ T3298] hsr_slave_0: entered promiscuous mode
[  726.720131][ T3298] hsr_slave_1: entered promiscuous mode
[  727.615232][ T3297] hsr_slave_0: entered promiscuous mode
[  727.650874][ T3297] hsr_slave_1: entered promiscuous mode
[  727.689237][ T3297] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  727.693872][ T3297] Cannot create hsr debugfs directory
[  733.220078][   T25] audit: type=1400 audit(732.310:81): avc:  denied  { create } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  733.259295][   T25] audit: type=1400 audit(732.340:82): avc:  denied  { write } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  733.318839][   T25] audit: type=1400 audit(732.400:83): avc:  denied  { read } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  733.425076][ T3298] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  733.830276][ T3298] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  734.111038][ T3298] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  734.552602][ T3298] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  735.970459][ T3297] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  736.219195][ T3297] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  736.390640][ T3297] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  736.564679][ T3297] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  749.492769][ T3298] 8021q: adding VLAN 0 to HW filter on device bond0
[  751.767031][ T3297] 8021q: adding VLAN 0 to HW filter on device bond0
[  808.726212][ T3298] veth0_vlan: entered promiscuous mode
[  809.192072][ T3298] veth1_vlan: entered promiscuous mode
[  811.153988][ T3298] veth0_macvtap: entered promiscuous mode
[  811.580422][ T3297] veth0_vlan: entered promiscuous mode
[  811.685097][ T3298] veth1_macvtap: entered promiscuous mode
[  812.440801][ T3297] veth1_vlan: entered promiscuous mode
[  813.953513][ T3298] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  813.961291][ T3298] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  813.973249][ T3298] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  813.983073][ T3298] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  815.350863][ T3297] veth0_macvtap: entered promiscuous mode
[  815.963023][ T3297] veth1_macvtap: entered promiscuous mode
[  816.722423][   T25] audit: type=1400 audit(815.820:84): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  817.156841][   T25] audit: type=1400 audit(816.150:85): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzkaller.YGTZha/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  817.439399][   T25] audit: type=1400 audit(816.460:86): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  817.971870][   T25] audit: type=1400 audit(817.020:87): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzkaller.YGTZha/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  818.205172][   T25] audit: type=1400 audit(817.250:88): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/syzkaller.YGTZha/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  818.873172][ T3297] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  818.928987][ T3297] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  818.943728][ T3297] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  818.990080][ T3297] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  819.294297][   T25] audit: type=1400 audit(818.280:89): avc:  denied  { unmount } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  819.610410][   T25] audit: type=1400 audit(818.700:90): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  819.746724][   T25] audit: type=1400 audit(818.840:91): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="gadgetfs" ino=3279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  820.368499][   T25] audit: type=1400 audit(819.380:92): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  820.480635][   T25] audit: type=1400 audit(819.530:93): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  822.624613][ T3298] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  824.109440][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  824.149824][   T25] audit: type=1400 audit(823.200:95): avc:  denied  { read write } for  pid=3298 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  824.211062][   T25] audit: type=1400 audit(823.290:96): avc:  denied  { open } for  pid=3298 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  824.270254][   T25] audit: type=1400 audit(823.340:97): avc:  denied  { ioctl } for  pid=3298 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  829.039362][   T25] audit: type=1400 audit(828.130:99): avc:  denied  { open } for  pid=3450 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  829.130627][   T25] audit: type=1400 audit(828.110:98): avc:  denied  { read } for  pid=3451 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  829.228978][   T25] audit: type=1400 audit(828.300:100): avc:  denied  { ioctl } for  pid=3450 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  829.355676][   T25] audit: type=1400 audit(828.420:101): avc:  denied  { append } for  pid=3451 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  840.289308][   T25] audit: type=1400 audit(839.380:102): avc:  denied  { write } for  pid=3459 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  862.834099][   T25] audit: type=1400 audit(861.930:103): avc:  denied  { execute } for  pid=3472 comm="syz.1.8" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3896 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  893.281900][ T3490] kvm [3490]: Failed to find VMA for hva 0x20e8a000
[  893.514989][ T3490] kvm [3490]: Failed to find VMA for hva 0x20e8a000
[ 1024.758991][   T25] audit: type=1400 audit(1023.830:104): avc:  denied  { setattr } for  pid=3572 comm="syz.0.37" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1025.760044][ T3577] kvm [3577]: Failed to find VMA for hva 0x20d8d000
[ 1058.440158][   T25] audit: type=1400 audit(1057.530:105): avc:  denied  { ioctl } for  pid=3596 comm="syz.1.44" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1451.954110][   T25] audit: type=1400 audit(1451.040:106): avc:  denied  { map } for  pid=3839 comm="syz.0.117" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1575.811547][ T3933] kvm [3933]: Failed to find VMA for hva 0x20d8d000
[ 1575.854632][ T3936] kvm [3936]: Failed to find VMA for hva 0x20d8d000
[ 1772.091502][ T4057] kvm [4057]: Failed to find VMA for hva 0x21016000
[ 2155.391506][   T25] audit: type=1400 audit(2154.480:107): avc:  denied  { map } for  pid=4335 comm="syz.1.261" path="pipe:[2431]" dev="pipefs" ino=2431 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 2201.592903][ T4368] kvm [4368]: Failed to find VMA for hva 0x208a1000
[ 2320.136669][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 2320.136669][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2320.279711][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2320.279711][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2320.311861][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2320.311861][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2320.349181][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2320.349181][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2320.409734][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2320.409734][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2320.432286][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2320.432286][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2320.481490][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2320.481490][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2320.530774][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2320.530774][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2320.566498][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2320.566498][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2320.620892][ T4444] kvm [4442]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2320.620892][ T4444]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2333.829639][ T4451] kvm [4451]: Failed to find VMA for hva 0x20d8d000
[ 2368.755279][ T4474] kvm [4474]: Failed to find VMA for hva 0x20d8d000
[ 2429.843618][ T4522] KVM: debugfs: duplicate directory 4522-4
[ 2494.120632][ T4561] kvm [4561]: Failed to find VMA for hva 0x20c01000
[ 2543.476214][ T4594] kvm [4594]: Failed to find VMA for hva 0x20c01000
[ 2577.790960][ T4614] kvm [4614]: Failed to find VMA for hva 0x20c01000
[ 2906.487165][ T4864] KVM: debugfs: duplicate directory 4864-5
[ 3418.570320][ T5205] kvm [5205]: Failed to find VMA for hva 0x20c01000
[ 4088.519699][ T5657] kvm [5657]: Failed to find VMA for hva 0x20c01000
[ 4127.346229][ T5678] kvm [5678]: Failed to find VMA for hva 0x21016000
[ 4203.944051][ T5736] kvm [5736]: Failed to find VMA for hva 0x208a1000
[ 4283.922568][ T5792] kvm [5792]: Failed to find VMA for hva 0x20c01000
[ 4294.612358][ T5797] irq bypass consumer (token 00000000d76e9bb6) registration fails: -16
[ 4442.482238][ T5898] irq bypass consumer (token 000000003830327f) registration fails: -16
[ 4634.733725][ T6028] kvm [6028]: Failed to find VMA for hva 0x20c2d000
[ 4996.456266][ T6289] ------------[ cut here ]------------
[ 4996.457163][ T6289] WARNING: CPU: 0 PID: 6289 at arch/arm64/kvm/inject_fault.c:71 pend_serror_exception+0x19c/0x5ac
[ 4996.461327][ T6289] Modules linked in:
[ 4996.464151][ T6289] CPU: 0 UID: 0 PID: 6289 Comm: syz.0.825 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 4996.466246][ T6289] Hardware name: linux,dummy-virt (DT)
[ 4996.467737][ T6289] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 4996.469223][ T6289] pc : pend_serror_exception+0x19c/0x5ac
[ 4996.470471][ T6289] lr : pend_serror_exception+0x19c/0x5ac
[ 4996.471621][ T6289] sp : ffff8000a8d97930
[ 4996.472581][ T6289] x29: ffff8000a8d97930 x28: e2f000001d711da8 x27: 0000000000000001
[ 4996.474748][ T6289] x26: 0000000000000000 x25: 0000000000000001 x24: 00000000000000e2
[ 4996.476609][ T6289] x23: e2f000001d712028 x22: 00000000000000e2 x21: e2f000001d712c01
[ 4996.478534][ T6289] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 4996.480231][ T6289] x17: 000000000000001c x16: ffff800080011d9c x15: 0000000020000200
[ 4996.482189][ T6289] x14: ffffffffffffffff x13: 0000000000000028 x12: 0000000000000030
[ 4996.483975][ T6289] x11: 30f0000018481564 x10: 0000000000ff0100 x9 : 0000000000000000
[ 4996.485952][ T6289] x8 : 30f0000018480000 x7 : ffff800080b08704 x6 : ffff8000a8d97a88
[ 4996.487758][ T6289] x5 : ffff8000a8d97a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 4996.489598][ T6289] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 4996.491740][ T6289] Call trace:
[ 4996.492891][ T6289]  pend_serror_exception+0x19c/0x5ac (P)
[ 4996.494461][ T6289]  kvm_inject_serror_esr+0x274/0xe40
[ 4996.495630][ T6289]  __kvm_arm_vcpu_set_events+0x1d4/0x238
[ 4996.496821][ T6289]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 4996.497942][ T6289]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 4996.499080][ T6289]  __arm64_sys_ioctl+0x18c/0x244
[ 4996.500183][ T6289]  invoke_syscall+0x90/0x2b4
[ 4996.501330][ T6289]  el0_svc_common+0x180/0x2f4
[ 4996.502515][ T6289]  do_el0_svc+0x58/0x74
[ 4996.503637][ T6289]  el0_svc+0x58/0x160
[ 4996.504680][ T6289]  el0t_64_sync_handler+0x78/0x108
[ 4996.505900][ T6289]  el0t_64_sync+0x198/0x19c
[ 4996.507222][ T6289] irq event stamp: 312
[ 4996.508148][ T6289] hardirqs last  enabled at (311): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 4996.509817][ T6289] hardirqs last disabled at (312): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 4996.511368][ T6289] softirqs last  enabled at (294): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 4996.512824][ T6289] softirqs last disabled at (292): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 4996.514565][ T6289] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5015.225310][ T3376] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5015.930120][ T3376] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5016.680803][ T3376] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5017.343816][ T3376] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

VM DIAGNOSIS:
02:45:31  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000804516b8 X00=0000000000000000 X01=ffff8000872b1fa2
X02=ffff8000804580e0 X03=0000000000000000 X04=ffff8000a8d96f90
X05=0000000000000020 X06=0000000000000000 X07=ffff80008047db18
X08=00000000000003c0 X09=0000000000000000 X10=0000000000000030
X11=0000000000000144 X12=0000000000000044 X13=0000000000000002
X14=00000000000000c8 X15=ffff800087f39a30 X16=ffff800080011d9c
X17=000000000000001c X18=0000000000000000 X19=0000000000000000
X20=0000000000000000 X21=ffff80008047db18 X22=ffff8000877e6618
X23=0000000000000000 X24=0000000000000001 X25=0000000000000000
X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000
X29=ffff8000a8d97150 X30=ffff800080451698  SP=ffff8000a8d97100
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000000 Z01=0000ffffda89ead0:ffbbdf96fd381a00
Z02=0000ffffda89eab0:ffffff80ffffffd8 Z03=0000ffffda89eb60:0000ffffda89eb60
Z04=0000ffffda89eb60:0000ffff96536d08 Z05=0000ffffda89eb30:0000ffffda89eb60
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffda89ed80:0000ffffda89ed80 Z17=ffffff80ffffffd0:0000ffffda89ed50
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000