last executing test programs:

1m33.45274584s ago: executing program 1 (id=101):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r3 = syz_kvm_add_vcpu(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000180)=[@irq_setup={0x5, 0x18, {0x1, 0x27b}}, @msr={0x2, 0x20, {0x603000000013df5b, 0x101}}, @smc={0x3, 0x40, {0x84000004, [0xc1, 0xbaea, 0x10, 0x4, 0x1]}}, @uexit={0x0, 0x18, 0x100}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x0, 0x6, 0x4}}, @memwrite={0x6, 0x30, @vgic_gicr={0x80c0000, 0xc78, 0x1, 0x4}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x202c, 0xaa1, 0x8}}, @memwrite={0x6, 0x30, @generic={0xeeee0000, 0xb53, 0x6, 0x5}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x1800, 0x6, 0x4}}, @msr={0x2, 0x20, {0x603000000013e712, 0x1}}, @uexit={0x0, 0x18, 0x9953}, @uexit={0x0, 0x18, 0xff}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x8, 0x5}}, @msr={0x2, 0x20, {0x4116, 0x3}}, @code={0x1, 0xb4, {"007008d5e0dd85d20020b8f2c10080d2c20180d2c30180d2640180d2020000d4000028d540e683d200c0b8f2210180d2220180d2e30180d2440080d2020000d40020601e40b99cd200c0b0f2610180d2a20180d2630080d2040080d2020000d4204e83d200a0b0f2810180d2a20080d2230080d2640180d2020000d4000008d5007008d5e06295d200e0b8f2210080d2c20180d2e30180d2040180d2020000d4"}}, @uexit={0x0, 0x18, 0x6a}], 0x2ec}, &(0x7f0000000040)=[@featur2={0x1, 0x20}], 0x1)
mmap$KVM_VCPU(&(0x7f0000d98000/0x2000)=nil, r2, 0x2abb32dc41ea4cc7, 0x10, r3, 0x0)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000f78000/0x3000)=nil, 0x0, 0x0, 0x6efcf3a2fd459e36, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x8040aeb6, &(0x7f0000000200)=@attr_other={0x0, 0x8, 0x9, 0x0})
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0})

1m4.558301241s ago: executing program 0 (id=105):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x20000000)
ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000080))

1m2.179951449s ago: executing program 1 (id=103):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000)
write$eventfd(r1, &(0x7f0000000000), 0xfffffdef)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000)
eventfd2(0x0, 0x80000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x428c01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c7c000/0x4000)=nil, 0x930, 0x300000e, 0x11, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000340)={0x5})
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x8200, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000900)={0x2})
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)={0xd000, 0x0, 0x0, 0xffffffffffffffff, 0xbc48f19a015f6adb})
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, 0x0)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, 0x0)
ioctl$KVM_GET_REG_LIST(r5, 0xc008aeb0, &(0x7f0000000100)=ANY=[])
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_FPU(0xffffffffffffffff, 0x8000ae8c, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80282, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4010aeb5, 0x0)

57.178004645s ago: executing program 0 (id=106):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x80111500, 0x2000010000000000)
r1 = openat$kvm(0x0, &(0x7f00000001c0), 0x22801, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000)
openat$kvm(0x0, 0x0, 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
write$eventfd(0xffffffffffffffff, 0x0, 0xffffffffffffffeb)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000200)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80180, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x930, 0x0, 0x32, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae01, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)

53.194314113s ago: executing program 1 (id=107):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) (async, rerun: 64)
munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) (async, rerun: 64)
munmap(&(0x7f0000ffa000/0x1000)=nil, 0x1000)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) (async, rerun: 64)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000140)={0xb6, 0x1000000, 0x8}) (rerun: 64)

48.162717992s ago: executing program 0 (id=108):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000849000/0x2000)=nil, 0x2000) (async)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000040)={0xe1, 0x0, 0x8000})

45.507947984s ago: executing program 1 (id=109):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x1ff, 0x6, 0x100000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
close(0x3)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f932, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae01, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x2000)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x7, 0xffffffffffffffff, 0x1})
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x2, 0xffffffffffffffff, 0x1})

40.918628385s ago: executing program 0 (id=110):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x20000000)
ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000080))

30.938738416s ago: executing program 0 (id=112):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000f2a000/0x3000)=nil, 0x930, 0x0, 0x10, r2, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
munmap(&(0x7f0000e1f000/0x4000)=nil, 0x4000)
r6 = eventfd2(0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x0, r6})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000080)={0x1000, 0x0, 0x1, r6, 0x5})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, r7, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x0, 0xf, 0x32, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, 0x0)

10.096405437s ago: executing program 1 (id=111):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_FPU(r0, 0x4000ae8d, &(0x7f0000000000)={'\x00', 0xff7f, 0x1, 0x4, 0x0, 0x4, 0xeeee0000, 0xeeee0000, '\x00', 0x401})
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x20)
ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000200)=@attr_arm64={0x0, 0x4, 0x5, &(0x7f00000001c0)=0x4})
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000240)={0x2, 0x0, [{0xd8f, 0x0, 0x1, 0x0, @msi={0x4, 0x0, 0x5, 0x4}}, {0x8001, 0x5, 0x1, 0x0, @msi={0xb3, 0x3, 0x5, 0xfff}}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc80, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000300)={0x10004, 0x0, &(0x7f0000fff000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000340)={0x1f000, 0x4000, 0x1})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000780)=[{0x0, &(0x7f0000000380)=[@hvc={0x4, 0x40, {0xc4000011, [0x6, 0x5, 0x401, 0x2, 0x8000000000000000]}}, @memwrite={0x6, 0x30, @generic={0xeeee0000, 0x37c, 0xfffffffffffffffe, 0x5}}, @code={0x1, 0x84, {"e09b93d200c0b0f2410080d2820080d2230180d2240080d2020000d40020c01a000028d500d49bd200e0b8f2010080d2220180d2a30080d2040080d2020000d4205594d20060b8f2010080d2820180d2e30080d2c40080d2020000d4007008d5e003003200e0df0d0100a0d40080000d"}}, @uexit={0x0, 0x18}, @hvc={0x4, 0x40, {0x4000000, [0x8, 0xee, 0x7f, 0x5, 0x10000]}}, @code={0x1, 0x9c, {"804490d200c0b0f2010080d2a20180d2630080d2a40080d2020000d40038212e0040201e000080da9f2003d5007890d20020b0f2210180d2620080d2430180d2e40180d2020000d4a01b93d200c0b8f2010180d2220080d2830180d2e40180d2020000d4007008d51f00006a801f9bd20040b0f2010080d2820080d2e30080d2640080d2020000d4"}}, @uexit={0x0, 0x18, 0x1}, @irq_setup={0x5, 0x18, {0x2, 0x246}}, @code={0x1, 0xe4, {"601484d200a0b8f2210180d2220180d2c30180d2640180d2020000d460089ed20060b8f2210180d2620080d2630180d2c40180d2020000d4201798d20000b8f2410180d2820180d2e30080d2640180d2020000d4a04182d20040b8f2410180d2e20180d2030180d2440180d2020000d420dd81d200e0b8f2a10180d2820080d2430180d2440080d2020000d4806494d200c0b0f2410180d2020180d2c30080d2e40180d2020000d420f291d20060b0f2c10080d2020080d2630080d2e40180d2020000d40068203c000028d5000028d5"}}, @smc={0x3, 0x40, {0x0, [0x6, 0x0, 0x2, 0x7, 0x4]}}, @code={0x1, 0x9c, {"0080206e0008803800a0e00d202f94d20040b0f2c10080d2620080d2630080d2640080d2020000d4c0c084d20040b8f2010080d2620080d2030080d2040180d2020000d4008008d5007008d5007008d5e02587d20060b0f2a10080d2a20180d2c30080d2e40080d2020000d4007898d200a0b8f2210080d2620080d2230080d2a40080d2020000d4"}}], 0x3d8}], 0x1, 0x0, &(0x7f00000007c0)=[@featur2={0x1, 0x2e}], 0x1)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r6, 0x200000b, 0x810, r0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x2)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_USER_IRQ(r7, 0x4068aea3, &(0x7f0000000800))
ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000880)={0xf7ff1000, 0xf000, 0x3, 0x1, 0x8})
ioctl$KVM_CAP_STEAL_TIME(r5, 0x4068aea3, &(0x7f00000008c0))
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(r7, 0xc040aed4, &(0x7f0000000940)={0x40, 0xc2a00})
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000980)={0x2710, 0x0, 0x1000, 0x1000, &(0x7f0000ff8000/0x1000)=nil, 0x3, r8})
munmap(&(0x7f0000ff3000/0x4000)=nil, 0x4000)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r7, 0x4008ae48, &(0x7f0000000a40)=0xdddd1000)
r9 = syz_kvm_vgic_v3_setup(r7, 0x2, 0x340)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4208ae9b, &(0x7f0000000a80)={0x0, 0x0, [0x1, 0x80000000, 0xc5f, 0xa, 0x6, 0x3ff, 0x19, 0x7fff]})
close(r9)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000b00)={0x4, 0x3})

875.968283ms ago: executing program 1 (id=114):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 32)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async, rerun: 32)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000200)={0x8, <r4=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000340)={0x5, 0xf}) (async, rerun: 64)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async, rerun: 64)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000001000/0x4000)=nil, 0x930, 0x2, 0x4102932, 0xffffffffffffffff, 0x0) (async, rerun: 64)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (rerun: 64)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) (async)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async, rerun: 32)
openat$kvm(0xffffffffffffff9c, 0x0, 0x428c01, 0x0) (async, rerun: 32)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000200)={0x7}) (async, rerun: 32)
ioctl$KVM_REGISTER_COALESCED_MMIO(r10, 0x4010ae67, 0x0) (rerun: 32)

0s ago: executing program 0 (id=113):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xfa2a0893ac94205a, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000040)={0x7fff, 0x3ff})
ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0x40086602, 0x20000fff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x83, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000000)={0x5})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x4020940d, 0x20000000)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r7, 0x4068aea3, &(0x7f0000000200)={0xa3, 0x0, &(0x7f00000001c0)})
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x8040ae9f, &(0x7f0000000080))
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r7, 0x4068aea3, &(0x7f0000000140)={0xa3, 0x0, &(0x7f0000000100)})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:51508' (ED25519) to the list of known hosts.
[  748.886198][   T24] audit: type=1400 audit(747.770:69): avc:  denied  { name_bind } for  pid=3265 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  750.215634][   T24] audit: type=1400 audit(749.100:70): avc:  denied  { execute } for  pid=3267 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  750.266764][   T24] audit: type=1400 audit(749.140:71): avc:  denied  { execute_no_trans } for  pid=3267 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  783.501544][   T24] audit: type=1400 audit(782.390:72): avc:  denied  { mounton } for  pid=3267 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  783.580167][   T24] audit: type=1400 audit(782.440:73): avc:  denied  { mount } for  pid=3267 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  783.699177][ T3267] cgroup: Unknown subsys name 'net'
[  783.768268][   T24] audit: type=1400 audit(782.660:74): avc:  denied  { unmount } for  pid=3267 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  784.581174][ T3267] cgroup: Unknown subsys name 'rlimit'
[  785.146709][   T24] audit: type=1400 audit(784.020:75): avc:  denied  { setattr } for  pid=3267 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  785.190879][   T24] audit: type=1400 audit(784.070:76): avc:  denied  { mounton } for  pid=3267 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  785.206399][   T24] audit: type=1400 audit(784.090:77): avc:  denied  { mount } for  pid=3267 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  786.709459][ T3271] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  786.752182][   T24] audit: type=1400 audit(785.620:78): avc:  denied  { relabelto } for  pid=3271 comm="mkswap" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  786.784906][   T24] audit: type=1400 audit(785.660:79): avc:  denied  { write } for  pid=3271 comm="mkswap" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  787.051380][   T24] audit: type=1400 audit(785.930:80): avc:  denied  { read } for  pid=3267 comm="syz-executor" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  787.067865][   T24] audit: type=1400 audit(785.930:81): avc:  denied  { open } for  pid=3267 comm="syz-executor" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  787.124051][ T3267] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  845.565958][   T24] audit: type=1400 audit(844.450:82): avc:  denied  { execmem } for  pid=3277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  850.616274][   T24] audit: type=1400 audit(849.480:83): avc:  denied  { read } for  pid=3279 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  850.620188][   T24] audit: type=1400 audit(849.490:84): avc:  denied  { open } for  pid=3279 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  850.728591][   T24] audit: type=1400 audit(849.620:85): avc:  denied  { mounton } for  pid=3279 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  853.900978][   T24] audit: type=1400 audit(852.770:86): avc:  denied  { mount } for  pid=3279 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  854.078996][   T24] audit: type=1400 audit(852.970:87): avc:  denied  { mounton } for  pid=3279 comm="syz-executor" path="/syzkaller.DrFPW4/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  854.207666][   T24] audit: type=1400 audit(853.090:88): avc:  denied  { mount } for  pid=3279 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  854.419764][   T24] audit: type=1400 audit(853.310:89): avc:  denied  { mounton } for  pid=3279 comm="syz-executor" path="/syzkaller.DrFPW4/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  854.518417][   T24] audit: type=1400 audit(853.390:90): avc:  denied  { mounton } for  pid=3280 comm="syz-executor" path="/syzkaller.uJzEHw/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2880 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  854.769910][   T24] audit: type=1400 audit(853.660:91): avc:  denied  { unmount } for  pid=3279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  854.907413][   T24] audit: type=1400 audit(853.780:92): avc:  denied  { mounton } for  pid=3279 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=1514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  856.859268][   T24] kauditd_printk_skb: 4 callbacks suppressed
[  856.859575][   T24] audit: type=1400 audit(855.750:97): avc:  denied  { read write } for  pid=3279 comm="syz-executor" name="loop1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  856.926607][   T24] audit: type=1400 audit(855.790:98): avc:  denied  { open } for  pid=3279 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  856.930624][   T24] audit: type=1400 audit(855.800:100): avc:  denied  { read write } for  pid=3280 comm="syz-executor" name="loop0" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  856.998827][   T24] audit: type=1400 audit(855.790:99): avc:  denied  { ioctl } for  pid=3279 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=640 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  860.367721][   T24] audit: type=1400 audit(859.250:101): avc:  denied  { read } for  pid=3282 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  860.477353][   T24] audit: type=1400 audit(859.340:102): avc:  denied  { open } for  pid=3282 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  861.171978][   T24] audit: type=1400 audit(860.060:103): avc:  denied  { write } for  pid=3282 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  861.274240][   T24] audit: type=1400 audit(860.090:104): avc:  denied  { ioctl } for  pid=3282 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  871.906503][   T24] audit: type=1400 audit(870.700:105): avc:  denied  { execute } for  pid=3292 comm="syz.1.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3013 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  873.465136][   T24] audit: type=1400 audit(872.350:106): avc:  denied  { append } for  pid=3292 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  900.560624][   T24] audit: type=1400 audit(899.430:107): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1124.452309][   T24] audit: type=1400 audit(1123.340:108): avc:  denied  { setattr } for  pid=3460 comm="syz.0.28" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1839.178522][ T3954] ------------[ cut here ]------------
[ 1839.181883][ T3954] WARNING: CPU: 0 PID: 3954 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 1839.185528][ T3954] Modules linked in:
[ 1839.188146][ T3954] CPU: 0 UID: 0 PID: 3954 Comm: syz.1.114 Not tainted 6.11.0-rc5-syzkaller-g17a000564499 #0
[ 1839.190526][ T3954] Hardware name: linux,dummy-virt (DT)
[ 1839.192285][ T3954] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1839.194237][ T3954] pc : kvm_timer_update_irq+0x21c/0x394
[ 1839.195952][ T3954] lr : kvm_timer_update_irq+0x21c/0x394
[ 1839.197623][ T3954] sp : ffff800089fb78f0
[ 1839.198835][ T3954] x29: ffff800089fb7900 x28: 00000000000001d3 x27: 56f0000016340268
[ 1839.201360][ T3954] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 1839.203657][ T3954] x23: 0000000000000000 x22: 18ff800089ad9000 x21: 000000000000001e
[ 1839.205988][ T3954] x20: 56f0000016340000 x19: 00000000fffffff0 x18: 0000000000000002
[ 1839.208155][ T3954] x17: 0000000000000000 x16: 0000000000000018 x15: c9f000001685c500
[ 1839.210247][ T3954] x14: 0000000000000000 x13: 0000000000000003 x12: c9f000001685ba80
[ 1839.212520][ T3954] x11: 18ff800089ad9000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 1839.214767][ T3954] x8 : c9f000001685ba80 x7 : 0000000000000000 x6 : 000000000000003f
[ 1839.216915][ T3954] x5 : 0000000000000040 x4 : 56f0000016341400 x3 : 0000000000000000
[ 1839.219158][ T3954] x2 : 000000000000001e x1 : 00000000fffffff0 x0 : 0000000000000000
[ 1839.221624][ T3954] Call trace:
[ 1839.222655][ T3954]  kvm_timer_update_irq+0x21c/0x394
[ 1839.224260][ T3954]  kvm_timer_vcpu_reset+0x158/0x684
[ 1839.225888][ T3954]  kvm_reset_vcpu+0x3b4/0x560
[ 1839.227227][ T3954]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 1839.228701][ T3954]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 1839.229923][ T3954]  __arm64_sys_ioctl+0x108/0x184
[ 1839.231167][ T3954]  invoke_syscall+0x78/0x1b8
[ 1839.232575][ T3954]  el0_svc_common+0xe8/0x1b0
[ 1839.234038][ T3954]  do_el0_svc+0x40/0x50
[ 1839.235428][ T3954]  el0_svc+0x54/0x14c
[ 1839.236814][ T3954]  el0t_64_sync_handler+0x84/0xfc
[ 1839.238231][ T3954]  el0t_64_sync+0x190/0x194
[ 1839.239810][ T3954] irq event stamp: 690
[ 1839.240927][ T3954] hardirqs last  enabled at (689): [<ffff80008393f920>] _raw_read_unlock_irqrestore+0x44/0x94
[ 1839.243119][ T3954] hardirqs last disabled at (690): [<ffff800083924208>] el1_dbg+0x24/0x80
[ 1839.245017][ T3954] softirqs last  enabled at (636): [<ffff80008001fcec>] local_bh_enable+0x10/0x34
[ 1839.246903][ T3954] softirqs last disabled at (634): [<ffff80008001fcb8>] local_bh_disable+0x10/0x34
[ 1839.248904][ T3954] ---[ end trace 0000000000000000 ]---
[ 1839.257812][ T3954] ------------[ cut here ]------------
[ 1839.259072][ T3954] WARNING: CPU: 0 PID: 3954 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 1839.261180][ T3954] Modules linked in:
[ 1839.262919][ T3954] CPU: 0 UID: 0 PID: 3954 Comm: syz.1.114 Tainted: G        W          6.11.0-rc5-syzkaller-g17a000564499 #0
[ 1839.265160][ T3954] Tainted: [W]=WARN
[ 1839.266334][ T3954] Hardware name: linux,dummy-virt (DT)
[ 1839.267736][ T3954] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1839.269500][ T3954] pc : kvm_timer_update_irq+0x21c/0x394
[ 1839.271073][ T3954] lr : kvm_timer_update_irq+0x21c/0x394
[ 1839.272691][ T3954] sp : ffff800089fb78f0
[ 1839.273750][ T3954] x29: ffff800089fb7900 x28: 00000000000001d3 x27: 56f0000016340268
[ 1839.276041][ T3954] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 1839.278380][ T3954] x23: 0000000000000000 x22: 18ff800089ad9000 x21: 000000000000001b
[ 1839.280707][ T3954] x20: 56f0000016340000 x19: 00000000fffffff0 x18: 0000000000000002
[ 1839.282976][ T3954] x17: 0000000000000000 x16: 0000000000000018 x15: c9f000001685c500
[ 1839.285310][ T3954] x14: 0000000000000000 x13: 0000000000000003 x12: c9f000001685ba80
[ 1839.287589][ T3954] x11: 18ff800089ad9000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 1839.289747][ T3954] x8 : c9f000001685ba80 x7 : 0000000000000000 x6 : 000000000000003f
[ 1839.291948][ T3954] x5 : 0000000000000040 x4 : 56f0000016341468 x3 : 0000000000000000
[ 1839.294172][ T3954] x2 : 000000000000001b x1 : 00000000fffffff0 x0 : 0000000000000000
[ 1839.296482][ T3954] Call trace:
[ 1839.297577][ T3954]  kvm_timer_update_irq+0x21c/0x394
[ 1839.299069][ T3954]  kvm_timer_vcpu_reset+0x178/0x684
[ 1839.300458][ T3954]  kvm_reset_vcpu+0x3b4/0x560
[ 1839.301850][ T3954]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 1839.303302][ T3954]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 1839.304671][ T3954]  __arm64_sys_ioctl+0x108/0x184
[ 1839.306077][ T3954]  invoke_syscall+0x78/0x1b8
[ 1839.307528][ T3954]  el0_svc_common+0xe8/0x1b0
[ 1839.308882][ T3954]  do_el0_svc+0x40/0x50
[ 1839.310287][ T3954]  el0_svc+0x54/0x14c
[ 1839.311539][ T3954]  el0t_64_sync_handler+0x84/0xfc
[ 1839.312981][ T3954]  el0t_64_sync+0x190/0x194
[ 1839.314262][ T3954] irq event stamp: 732
[ 1839.315266][ T3954] hardirqs last  enabled at (731): [<ffff8000839263dc>] exit_to_kernel_mode+0xdc/0x10c
[ 1839.317363][ T3954] hardirqs last disabled at (732): [<ffff800083924208>] el1_dbg+0x24/0x80
[ 1839.319020][ T3954] softirqs last  enabled at (730): [<ffff80008015e900>] handle_softirqs+0x69c/0x700
[ 1839.320959][ T3954] softirqs last disabled at (693): [<ffff800080010abc>] __do_softirq+0x14/0x20
[ 1839.322884][ T3954] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

VM DIAGNOSIS:
03:39:23  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000812adfcc X00=0000000000000003 X01=0000000000000002
X02=000000000000002a X03=ffff8000812adecc X04=c9f000001685c5b0
X05=0000000000000001 X06=0000000000000000 X07=ffff8000812ad094
X08=44ff800089619000 X09=0000000000000069 X10=0000000000ff0100
X11=0000000000000101 X12=00000000ca3af78e X13=0000000000000028
X14=c9f000001685c500 X15=c9f000001685c500 X16=0000000000000073
X17=0000000000000000 X18=0000000000000002 X19=0000000000000069
X20=0000000000000002 X21=44ff800089619000 X22=73f000000b80517a
X23=0000000000000000 X24=73f000000b8050c8 X25=44ff800089619018
X26=44ff800089619000 X27=73f000000b8052d8 X28=0000000000000f01
X29=ffff800089fb70a0 X30=ffff8000812adfc4  SP=ffff800089fb70a0
PSTATE=804003c9 N--- EL2h  BTYPE=0     FPCR=00000000 FPSR=00000000
Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000
Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000
Q04=00524f5252450040:0000000000000000 Q05=00524f5252450040:0000000000000000
Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000
Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000
Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000
Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000
Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000
Q16=0000ffffe04e4fd0:0000ffffe04e4fd0 Q17=ffffff80ffffffd0:0000ffffe04e4fa0
Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000
Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000
Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000
Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000
Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000
Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000
Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000