last executing test programs:

1m25.435021846s ago: executing program 1 (id=874):
r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000040)="4df74d20cd04ee4ce2aa8a0797d68e953766cd7a4855880c9bf8c2b7cf738dc33732698d631778d116a24fd82e39c234c499eff943378c8ca92835aac201b216e92cae0faa84392b", 0x0, 0x48)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f0000000600)=[@memwrite={0x6, 0x30, @generic={0x3000, 0x468, 0x5, 0x6}}], 0x30}], 0x1, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x103102, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000000)={0xf000, 0x9000})
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xc000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000040)={0x3000, 0xf000})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000100)=@arm64={0x8, 0xb7, 0xfd, '\x00', 0x9})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000140))
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f0000000240), 0x9a}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

1m18.203735764s ago: executing program 0 (id=875):
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) (async)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013df11, &(0x7f00000000c0)=0xfffffffffffffffa}) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000000c0)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x8, 0x0}) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m9.735095624s ago: executing program 1 (id=876):
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000c90000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000efb000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000db0000/0x1000)=nil, 0x1000)
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x440602, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
munmap(&(0x7f0000010000/0x3000)=nil, 0x3000)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c17000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x20)
write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x8a031, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff99)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x2710, 0x3, 0x0, 0x2000, &(0x7f0000eb3000/0x2000)=nil})

1m5.357623147s ago: executing program 0 (id=877):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x7, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x3}) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4000402) (async, rerun: 64)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) (rerun: 64)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xe4) (async)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async, rerun: 64)
r6 = syz_kvm_setup_syzos_vm(r4) (rerun: 64)
r7 = syz_kvm_add_vcpu(r6, 0x0, 0x0, 0x0) (async)
r8 = syz_kvm_add_vcpu(r6, &(0x7f0000000100)={0x0, &(0x7f00000000c0)=[@hvc={0x4, 0x40, {0x8400000d, [0x4000010001, 0xfffffffffffffff6, 0x3, 0x23da, 0xb]}}], 0x40}, 0x0, 0x0) (async)
r9 = syz_kvm_vgic_v3_setup(r5, 0x2, 0x100)
r10 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async, rerun: 32)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) (async, rerun: 32)
munmap(&(0x7f0000c8f000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f000051d000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000d47000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f00007ab000/0x2000)=nil, 0x0, 0x2000001, 0x20010, r7, 0x0)
munmap(&(0x7f0000db0000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000340)={0x5}) (async)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

57.280396015s ago: executing program 1 (id=878):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm(r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_syzos_vm(r3)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r5, 0x0, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={0xffffffffffffffff, 0x5d, 0x2})

55.516350881s ago: executing program 0 (id=879):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x14d843, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x62)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x111040, 0x0)
munmap(&(0x7f0000004000/0x3000)=nil, 0x3000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
r4 = ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000)
write$eventfd(r4, &(0x7f0000000000), 0xfffffdef)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r5, 0x100000c, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0)

41.904441568s ago: executing program 1 (id=880):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000)
write$eventfd(r3, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000f31000/0x4000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000ceb000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0xaaaa962, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r6, &(0x7f0000f1f000/0x18000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f0000000380)=ANY=[@ANYRES64], 0x4f4}], 0x1, 0x0, &(0x7f00000001c0)=[@featur2={0x1, 0x24}], 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4018aee3, 0xfffffffffffffffe)

34.579293255s ago: executing program 0 (id=881):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
eventfd2(0x0, 0x801)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xe5) (async)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000001c0)=ANY=[@ANYBLOB="0002"])

26.90737249s ago: executing program 1 (id=882):
r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async)
r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000fbd000/0x3000)=nil, 0x3000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r4, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x1, 0x5000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) (async)
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f0000000140)={0xe4, 0x0, 0x2}) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x0) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4018aee1, &(0x7f0000000080)={0x4}) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)

21.904363025s ago: executing program 0 (id=883):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100022, &(0x7f0000000180)=0x10000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x7, 0x7e, &(0x7f00000000c0)=0x1})
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x2710, 0x3, 0x0, 0x2000, &(0x7f0000eb3000/0x2000)=nil})
close(0x4)
close(0x5)

9.962438975s ago: executing program 1 (id=884):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000eb3000/0x2000)=nil, 0x2000)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x272001, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x69)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x400000, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000007, 0x4f833, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x401c5820, 0x20000000)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = syz_kvm_vgic_v3_setup(r4, 0x4, 0x80)
ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000c80)=@attr_arm64={0x0, 0x6, 0x1, 0x0})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x8)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000140)=@arm64_sys={0x603000000013805d, &(0x7f00000000c0)=0xffffffffffffff95})

0s ago: executing program 0 (id=885):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
r2 = syz_kvm_add_vcpu(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000380)=[@msr={0x2, 0x20, {0x603000000013e658, 0xfff}}, @uexit={0x0, 0x18}, @smc={0x3, 0x40, {0x86000000, [0xe483, 0x7, 0x7, 0x7fffffffffffffff, 0x3]}}, @smc={0x3, 0x40, {0x80000000, [0x2, 0x4b, 0x5, 0x2, 0x6]}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x1600, 0x0, 0x1}}, @hvc={0x4, 0x40, {0xc700520b, [0x800, 0x40, 0x0, 0x6, 0x6]}}, @smc={0x3, 0x40, {0x400, [0x97c, 0x7563, 0x1ff, 0x80000001, 0x3]}}, @msr={0x2, 0x20, {0x603000000013c2ab, 0x512}}, @smc={0x3, 0x40, {0xc3000010, [0x9, 0x8, 0x26ac, 0x100000000, 0x3]}}, @irq_setup={0x5, 0x18, {0x1, 0x26}}, @memwrite={0x6, 0x30, @generic={0xdddd0000, 0x121, 0x4, 0x3}}, @code={0x1, 0x9c, {"007008d560c29bd20060b8f2010080d2820180d2230080d2e40080d2020000d4008d88d200e0b0f2410080d2420180d2230180d2a40080d2020000d4008008d5000028d5000008d5809586d20000b0f2a10080d2820080d2230080d2e40180d2020000d4008008d580ef92d200c0b8f2410180d2020180d2430080d2840080d2020000d4000008d5"}}, @hvc={0x4, 0x40, {0x1000000, [0x4, 0x7, 0x10001, 0x39ad0000000000, 0x1ff]}}, @hvc={0x4, 0x40, {0x32000000, [0xff, 0x8, 0x1, 0xfff, 0x6]}}, @hvc={0x4, 0x40, {0x73c1bddaf7264f87, [0x8fd7, 0x2, 0x4, 0x4, 0x14]}}, @irq_setup={0x5, 0x18, {0x4, 0x18b}}, @uexit={0x0, 0x18, 0x4}, @uexit={0x0, 0x18, 0x8001}, @uexit={0x0, 0x18, 0x2}, @memwrite={0x6, 0x30, @generic={0xd002, 0xa7f, 0x5, 0xd}}, @irq_setup={0x5, 0x18, {0x2, 0x5c}}, @memwrite={0x6, 0x30, @generic={0xffff1000, 0xb0, 0x4, 0x4}}, @irq_setup={0x5, 0x18, {0x4, 0x2aa}}, @smc={0x3, 0x40, {0x84000050, [0x35a87f00, 0xfffffffffffffffa, 0x5, 0x7fffffff, 0x3]}}], 0x49c}, &(0x7f0000000040)=[@featur2={0x1, 0x13}], 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f00000000c0)={0xf8, "8036351bab24081bf6510ea9cb1c67b06834ccb378a12ff06abfeb8e5d21492266e51786ab07c8c7a4d99784771ff7ac740ecd5804fb7ee9ed54f9fd0cfc25c9a20b883ba06cbe5986f89e31dbce403fe591ed9a16edf05637b840371708229e30f109b684d6059ce419974f16a454b04b46f78172bbdb72ff0ff6795dbd4f9a692c582e28e436d7dfc3f240e17a9954bfed1be6a6b1ff5920842107c76e19789872126ee8ee61f891f0d626b2fb13edc6835bab78a5d15c4c685ffad1b6aac8a3a3540e1b2e0543095e4409b844fc36db6c296b1d1a70b41cc832a49ab35661e73234209325305548ab557a4c9ae5c22705aa265ce2ef1b"}) (async, rerun: 32)
munmap(&(0x7f0000738000/0x3000)=nil, 0x3000) (async, rerun: 32)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000340)={0x5, 0x8}) (async, rerun: 64)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (rerun: 64)

kernel console output (not intermixed with test programs):

[  502.365890][ T3116] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:41377' (ED25519) to the list of known hosts.
[  749.376408][   T24] audit: type=1400 audit(748.320:69): avc:  denied  { name_bind } for  pid=3270 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  750.722771][   T24] audit: type=1400 audit(749.660:70): avc:  denied  { execute } for  pid=3272 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  750.770890][   T24] audit: type=1400 audit(749.680:71): avc:  denied  { execute_no_trans } for  pid=3272 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  788.833948][   T24] audit: type=1400 audit(787.770:72): avc:  denied  { mounton } for  pid=3272 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  788.895909][   T24] audit: type=1400 audit(787.830:73): avc:  denied  { mount } for  pid=3272 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  789.007674][ T3272] cgroup: Unknown subsys name 'net'
[  789.078173][   T24] audit: type=1400 audit(788.020:74): avc:  denied  { unmount } for  pid=3272 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  789.700636][ T3272] cgroup: Unknown subsys name 'cpuset'
[  789.816885][ T3272] cgroup: Unknown subsys name 'rlimit'
[  790.787513][   T24] audit: type=1400 audit(789.720:75): avc:  denied  { setattr } for  pid=3272 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  790.812666][   T24] audit: type=1400 audit(789.750:76): avc:  denied  { mounton } for  pid=3272 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  790.842923][   T24] audit: type=1400 audit(789.770:77): avc:  denied  { mount } for  pid=3272 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  792.354762][ T3276] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  792.390417][   T24] audit: type=1400 audit(791.320:78): avc:  denied  { relabelto } for  pid=3276 comm="mkswap" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  792.424977][   T24] audit: type=1400 audit(791.370:79): avc:  denied  { write } for  pid=3276 comm="mkswap" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  792.682351][   T24] audit: type=1400 audit(791.620:80): avc:  denied  { read } for  pid=3272 comm="syz-executor" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  792.714810][   T24] audit: type=1400 audit(791.640:81): avc:  denied  { open } for  pid=3272 comm="syz-executor" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  792.766650][ T3272] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  856.627041][   T24] audit: type=1400 audit(855.570:82): avc:  denied  { execmem } for  pid=3282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  861.495641][   T24] audit: type=1400 audit(860.440:83): avc:  denied  { read } for  pid=3284 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  861.510779][   T24] audit: type=1400 audit(860.450:84): avc:  denied  { open } for  pid=3284 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  861.666968][   T24] audit: type=1400 audit(860.590:85): avc:  denied  { mounton } for  pid=3284 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  862.016659][   T24] audit: type=1400 audit(860.960:86): avc:  denied  { module_request } for  pid=3284 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  862.041483][   T24] audit: type=1400 audit(860.980:87): avc:  denied  { module_request } for  pid=3285 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  863.422547][   T24] audit: type=1400 audit(862.360:88): avc:  denied  { sys_module } for  pid=3285 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  900.106300][ T3284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  900.335046][ T3285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  900.536781][ T3284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  901.302538][ T3285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  916.955515][ T3284] hsr_slave_0: entered promiscuous mode
[  917.027130][ T3284] hsr_slave_1: entered promiscuous mode
[  918.372884][ T3285] hsr_slave_0: entered promiscuous mode
[  918.446670][ T3285] hsr_slave_1: entered promiscuous mode
[  918.532793][ T3285] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  918.537710][ T3285] Cannot create hsr debugfs directory
[  925.252277][   T24] audit: type=1400 audit(924.190:89): avc:  denied  { create } for  pid=3284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  925.382437][   T24] audit: type=1400 audit(924.250:90): avc:  denied  { write } for  pid=3284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  925.385998][   T24] audit: type=1400 audit(924.320:91): avc:  denied  { read } for  pid=3284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  925.648252][ T3284] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  926.297677][ T3284] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  926.592772][ T3284] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  926.843255][ T3284] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  928.908064][ T3285] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  929.161330][ T3285] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  929.486449][ T3285] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  929.803810][ T3285] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  950.714863][ T3284] 8021q: adding VLAN 0 to HW filter on device bond0
[  954.016507][ T3285] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1039.503058][ T3284] veth0_vlan: entered promiscuous mode
[ 1040.395526][ T3284] veth1_vlan: entered promiscuous mode
[ 1042.406006][ T3285] veth0_vlan: entered promiscuous mode
[ 1043.328098][ T3285] veth1_vlan: entered promiscuous mode
[ 1044.033731][ T3284] veth0_macvtap: entered promiscuous mode
[ 1044.897216][ T3284] veth1_macvtap: entered promiscuous mode
[ 1047.422102][ T3285] veth0_macvtap: entered promiscuous mode
[ 1047.972995][ T3284] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1047.977174][ T3284] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1048.022211][ T3284] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1048.024713][ T3284] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1048.217776][ T3285] veth1_macvtap: entered promiscuous mode
[ 1051.894086][   T24] audit: type=1400 audit(1050.780:92): avc:  denied  { mount } for  pid=3284 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1052.257472][   T24] audit: type=1400 audit(1051.110:93): avc:  denied  { mounton } for  pid=3284 comm="syz-executor" path="/syzkaller.X3GGHZ/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1052.532829][ T3285] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1052.535213][ T3285] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1052.537544][ T3285] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1052.625049][ T3285] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1052.645020][   T24] audit: type=1400 audit(1051.550:94): avc:  denied  { mount } for  pid=3284 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1053.306759][   T24] audit: type=1400 audit(1052.220:95): avc:  denied  { mounton } for  pid=3284 comm="syz-executor" path="/syzkaller.X3GGHZ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1053.566481][   T24] audit: type=1400 audit(1052.510:96): avc:  denied  { mounton } for  pid=3284 comm="syz-executor" path="/syzkaller.X3GGHZ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 1054.167597][   T24] audit: type=1400 audit(1053.110:97): avc:  denied  { unmount } for  pid=3284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1054.573087][   T24] audit: type=1400 audit(1053.450:98): avc:  denied  { mounton } for  pid=3284 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=1512 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 1055.143382][   T24] audit: type=1400 audit(1054.080:99): avc:  denied  { mount } for  pid=3284 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1055.332734][   T24] audit: type=1400 audit(1054.250:100): avc:  denied  { mounton } for  pid=3284 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 1055.541573][   T24] audit: type=1400 audit(1054.390:101): avc:  denied  { mount } for  pid=3284 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1057.601906][   T24] audit: type=1400 audit(1056.530:102): avc:  denied  { mount } for  pid=3285 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1057.693376][ T3284] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 1059.594415][   T24] audit: type=1400 audit(1058.510:103): avc:  denied  { read write } for  pid=3284 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1059.644820][   T24] audit: type=1400 audit(1058.560:104): avc:  denied  { open } for  pid=3284 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1059.727769][   T24] audit: type=1400 audit(1058.660:105): avc:  denied  { ioctl } for  pid=3284 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1064.377139][   T24] audit: type=1400 audit(1063.320:106): avc:  denied  { read } for  pid=3423 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1064.425891][   T24] audit: type=1400 audit(1063.350:107): avc:  denied  { open } for  pid=3423 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1065.593295][   T24] audit: type=1400 audit(1064.520:108): avc:  denied  { ioctl } for  pid=3423 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1067.392711][   T24] audit: type=1400 audit(1066.030:109): avc:  denied  { execute } for  pid=3424 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3674 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1090.381955][   T24] audit: type=1400 audit(1089.310:110): avc:  denied  { write } for  pid=3434 comm="syz.1.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1432.516370][   T24] audit: type=1400 audit(1431.450:111): avc:  denied  { append } for  pid=3599 comm="syz.0.46" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1448.255947][   T24] audit: type=1400 audit(1447.180:112): avc:  denied  { map } for  pid=3608 comm="syz.1.49" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1468.735573][ T3618] kvm [3618]: Failed to find VMA for hva 0x20ff4000
[ 1538.447347][ T3651] kvm [3651]: Failed to find VMA for hva 0x20ff9000
[ 1769.677356][   T24] audit: type=1400 audit(1768.620:113): avc:  denied  { setattr } for  pid=3756 comm="syz.1.89" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2199.802308][ T3962] KVM: debugfs: duplicate directory 3962-4
[ 2880.417337][ T4313] kvm [4313]: Failed to find VMA for hva 0x20e96000
[ 3647.157641][ T4689] kvm [4689]: Failed to find VMA for hva 0x20ff4000
[ 4027.980776][ T4866] KVM: debugfs: duplicate directory 4866-4
[ 4908.554089][ T5294] KVM: debugfs: duplicate directory 5294-5
[ 5594.378339][ T5633] KVM: debugfs: duplicate directory 5633-4
[ 6328.135188][ T5986] kvm [5986]: Failed to find VMA for hva 0x20ff4000
[ 6870.554936][   T24] audit: type=1400 audit(6869.490:114): avc:  denied  { ioctl } for  pid=6255 comm="syz.1.742" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x54cf scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 7923.064607][ T6789] ------------[ cut here ]------------
[ 7923.068148][ T6789] WARNING: CPU: 0 PID: 6789 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 7923.071887][ T6789] Modules linked in:
[ 7923.074441][ T6789] CPU: 0 UID: 0 PID: 6789 Comm: syz.0.885 Not tainted 6.12.0-rc3-syzkaller-g2e5ea59d8ff4 #0
[ 7923.076876][ T6789] Hardware name: linux,dummy-virt (DT)
[ 7923.078725][ T6789] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 7923.080764][ T6789] pc : kvm_timer_update_irq+0x21c/0x394
[ 7923.082566][ T6789] lr : kvm_timer_update_irq+0x21c/0x394
[ 7923.084124][ T6789] sp : ffff8000a0e778f0
[ 7923.085429][ T6789] x29: ffff8000a0e77900 x28: 00000000000003c5 x27: b9f000000fef0268
[ 7923.088069][ T6789] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 7923.090378][ T6789] x23: 0000000000000000 x22: 8bff8000a10ef000 x21: 000000000000001e
[ 7923.092788][ T6789] x20: b9f000000fef0000 x19: 00000000fffffff0 x18: 0000000000000000
[ 7923.095069][ T6789] x17: 0000000000000000 x16: 000000000000008b x15: cdf00000182b8a80
[ 7923.097373][ T6789] x14: 0000000000000000 x13: 0000000000000003 x12: cdf00000182b8000
[ 7923.099755][ T6789] x11: 8bff8000a10ef000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 7923.102242][ T6789] x8 : cdf00000182b8000 x7 : 0000000000000000 x6 : 000000000000003f
[ 7923.104589][ T6789] x5 : 0000000000000040 x4 : b9f000000fef1400 x3 : 0000000000000000
[ 7923.106958][ T6789] x2 : 000000000000001e x1 : 00000000fffffff0 x0 : 0000000000000000
[ 7923.109514][ T6789] Call trace:
[ 7923.110648][ T6789]  kvm_timer_update_irq+0x21c/0x394
[ 7923.112372][ T6789]  kvm_timer_vcpu_reset+0x158/0x684
[ 7923.113883][ T6789]  kvm_reset_vcpu+0x3b4/0x560
[ 7923.115409][ T6789]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 7923.116918][ T6789]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 7923.118436][ T6789]  __arm64_sys_ioctl+0x108/0x184
[ 7923.119943][ T6789]  invoke_syscall+0x78/0x1b8
[ 7923.121449][ T6789]  el0_svc_common+0xe8/0x1b0
[ 7923.122960][ T6789]  do_el0_svc+0x40/0x50
[ 7923.124419][ T6789]  el0_svc+0x54/0x14c
[ 7923.125673][ T6789]  el0t_64_sync_handler+0x84/0xfc
[ 7923.127137][ T6789]  el0t_64_sync+0x190/0x194
[ 7923.128774][ T6789] irq event stamp: 314
[ 7923.130000][ T6789] hardirqs last  enabled at (313): [<ffff8000839e92cc>] _raw_read_unlock_irqrestore+0x44/0x94
[ 7923.132162][ T6789] hardirqs last disabled at (314): [<ffff8000839d104c>] el1_dbg+0x24/0x80
[ 7923.134127][ T6789] softirqs last  enabled at (296): [<ffff80008001fc84>] local_bh_enable+0x10/0x34
[ 7923.136179][ T6789] softirqs last disabled at (294): [<ffff80008001fc50>] local_bh_disable+0x10/0x34
[ 7923.138355][ T6789] ---[ end trace 0000000000000000 ]---
[ 7923.147123][ T6789] ------------[ cut here ]------------
[ 7923.148581][ T6789] WARNING: CPU: 0 PID: 6789 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 7923.150740][ T6789] Modules linked in:
[ 7923.152581][ T6789] CPU: 0 UID: 0 PID: 6789 Comm: syz.0.885 Tainted: G        W          6.12.0-rc3-syzkaller-g2e5ea59d8ff4 #0
[ 7923.154918][ T6789] Tainted: [W]=WARN
[ 7923.156123][ T6789] Hardware name: linux,dummy-virt (DT)
[ 7923.157523][ T6789] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 7923.159368][ T6789] pc : kvm_timer_update_irq+0x21c/0x394
[ 7923.160944][ T6789] lr : kvm_timer_update_irq+0x21c/0x394
[ 7923.162588][ T6789] sp : ffff8000a0e778f0
[ 7923.163671][ T6789] x29: ffff8000a0e77900 x28: 00000000000003c5 x27: b9f000000fef0268
[ 7923.166080][ T6789] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 7923.168448][ T6789] x23: 0000000000000000 x22: 8bff8000a10ef000 x21: 000000000000001b
[ 7923.170625][ T6789] x20: b9f000000fef0000 x19: 00000000fffffff0 x18: 0000000000000000
[ 7923.172977][ T6789] x17: 0000000000000000 x16: 000000000000008b x15: cdf00000182b8a80
[ 7923.175311][ T6789] x14: 0000000000000000 x13: 0000000000000003 x12: cdf00000182b8000
[ 7923.177498][ T6789] x11: 8bff8000a10ef000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 7923.179902][ T6789] x8 : cdf00000182b8000 x7 : 0000000000000000 x6 : 000000000000003f
[ 7923.182109][ T6789] x5 : 0000000000000040 x4 : b9f000000fef1468 x3 : 0000000000000000
[ 7923.184450][ T6789] x2 : 000000000000001b x1 : 00000000fffffff0 x0 : 0000000000000000
[ 7923.186762][ T6789] Call trace:
[ 7923.187802][ T6789]  kvm_timer_update_irq+0x21c/0x394
[ 7923.189441][ T6789]  kvm_timer_vcpu_reset+0x178/0x684
[ 7923.191065][ T6789]  kvm_reset_vcpu+0x3b4/0x560
[ 7923.192545][ T6789]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 7923.194020][ T6789]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 7923.195528][ T6789]  __arm64_sys_ioctl+0x108/0x184
[ 7923.197001][ T6789]  invoke_syscall+0x78/0x1b8
[ 7923.198570][ T6789]  el0_svc_common+0xe8/0x1b0
[ 7923.199906][ T6789]  do_el0_svc+0x40/0x50
[ 7923.201409][ T6789]  el0_svc+0x54/0x14c
[ 7923.202753][ T6789]  el0t_64_sync_handler+0x84/0xfc
[ 7923.204024][ T6789]  el0t_64_sync+0x190/0x194
[ 7923.205524][ T6789] irq event stamp: 388
[ 7923.206743][ T6789] hardirqs last  enabled at (387): [<ffff8000839d3220>] exit_to_kernel_mode+0xdc/0x10c
[ 7923.208599][ T6789] hardirqs last disabled at (388): [<ffff8000839d104c>] el1_dbg+0x24/0x80
[ 7923.210468][ T6789] softirqs last  enabled at (386): [<ffff8000801635e4>] handle_softirqs+0x698/0x6fc
[ 7923.212486][ T6789] softirqs last disabled at (317): [<ffff800080010a68>] __do_softirq+0x14/0x20
[ 7923.214425][ T6789] ---[ end trace 0000000000000000 ]---
[ 7924.903235][ T6789] ------------[ cut here ]------------
[ 7924.904785][ T6789] WARNING: CPU: 0 PID: 6789 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 7924.907068][ T6789] Modules linked in:
[ 7924.908572][ T6789] CPU: 0 UID: 0 PID: 6789 Comm: syz.0.885 Tainted: G        W          6.12.0-rc3-syzkaller-g2e5ea59d8ff4 #0
[ 7924.910878][ T6789] Tainted: [W]=WARN
[ 7924.912064][ T6789] Hardware name: linux,dummy-virt (DT)
[ 7924.913388][ T6789] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 7924.915246][ T6789] pc : kvm_timer_update_irq+0x21c/0x394
[ 7924.916918][ T6789] lr : kvm_timer_update_irq+0x21c/0x394
[ 7924.918577][ T6789] sp : ffff8000a0e778f0
[ 7924.919775][ T6789] x29: ffff8000a0e77900 x28: 00000000000003c5 x27: b9f000000fef0268
[ 7924.922230][ T6789] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 7924.924489][ T6789] x23: 0000000000000000 x22: 8bff8000a10ef000 x21: 000000000000001e
[ 7924.926886][ T6789] x20: b9f000000fef0000 x19: 00000000fffffff0 x18: 0000000000000000
[ 7924.929315][ T6789] x17: 0000000000000000 x16: 000000000000008b x15: cdf00000182b8a80
[ 7924.931743][ T6789] x14: 0000000000000000 x13: 0000000000000003 x12: cdf00000182b8000
[ 7924.934177][ T6789] x11: 8bff8000a10ef000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 7924.936361][ T6789] x8 : cdf00000182b8000 x7 : 0000000000000000 x6 : 000000000000003f
[ 7924.938758][ T6789] x5 : 0000000000000040 x4 : b9f000000fef1400 x3 : 0000000000000000
[ 7924.941157][ T6789] x2 : 000000000000001e x1 : 00000000fffffff0 x0 : 0000000000000000
[ 7924.943616][ T6789] Call trace:
[ 7924.944739][ T6789]  kvm_timer_update_irq+0x21c/0x394
[ 7924.946220][ T6789]  kvm_timer_vcpu_reset+0x158/0x684
[ 7924.947871][ T6789]  kvm_reset_vcpu+0x3b4/0x560
[ 7924.949187][ T6789]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 7924.950739][ T6789]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 7924.952089][ T6789]  __arm64_sys_ioctl+0x108/0x184
[ 7924.953621][ T6789]  invoke_syscall+0x78/0x1b8
[ 7924.955058][ T6789]  el0_svc_common+0xe8/0x1b0
[ 7924.956625][ T6789]  do_el0_svc+0x40/0x50
[ 7924.957958][ T6789]  el0_svc+0x54/0x14c
[ 7924.959404][ T6789]  el0t_64_sync_handler+0x84/0xfc
[ 7924.960931][ T6789]  el0t_64_sync+0x190/0x194
[ 7924.962439][ T6789] irq event stamp: 524
[ 7924.963534][ T6789] hardirqs last  enabled at (523): [<ffff8000839e92cc>] _raw_read_unlock_irqrestore+0x44/0x94
[ 7924.965695][ T6789] hardirqs last disabled at (524): [<ffff8000839d104c>] el1_dbg+0x24/0x80
[ 7924.967491][ T6789] softirqs last  enabled at (506): [<ffff80008001fc84>] local_bh_enable+0x10/0x34
[ 7924.969501][ T6789] softirqs last disabled at (504): [<ffff80008001fc50>] local_bh_disable+0x10/0x34
[ 7924.971221][ T6789] ---[ end trace 0000000000000000 ]---
[ 7924.977681][ T6789] ------------[ cut here ]------------
[ 7924.979173][ T6789] WARNING: CPU: 0 PID: 6789 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 7924.981312][ T6789] Modules linked in:
[ 7924.982793][ T6789] CPU: 0 UID: 0 PID: 6789 Comm: syz.0.885 Tainted: G        W          6.12.0-rc3-syzkaller-g2e5ea59d8ff4 #0
[ 7924.985075][ T6789] Tainted: [W]=WARN
[ 7924.986180][ T6789] Hardware name: linux,dummy-virt (DT)
[ 7924.987622][ T6789] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 7924.989476][ T6789] pc : kvm_timer_update_irq+0x21c/0x394
[ 7924.991137][ T6789] lr : kvm_timer_update_irq+0x21c/0x394
[ 7924.992805][ T6789] sp : ffff8000a0e778f0
[ 7924.994003][ T6789] x29: ffff8000a0e77900 x28: 00000000000003c5 x27: b9f000000fef0268
[ 7924.996470][ T6789] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 7924.998851][ T6789] x23: 0000000000000000 x22: 8bff8000a10ef000 x21: 000000000000001b
[ 7925.001263][ T6789] x20: b9f000000fef0000 x19: 00000000fffffff0 x18: 0000000000000000
[ 7925.003684][ T6789] x17: 0000000000000000 x16: 000000000000008b x15: cdf00000182b8a80
[ 7925.005888][ T6789] x14: 0000000000000000 x13: 0000000000000003 x12: cdf00000182b8000
[ 7925.008370][ T6789] x11: 8bff8000a10ef000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 7925.010752][ T6789] x8 : cdf00000182b8000 x7 : 0000000000000000 x6 : 000000000000003f
[ 7925.013157][ T6789] x5 : 0000000000000040 x4 : b9f000000fef1468 x3 : 0000000000000000
[ 7925.015624][ T6789] x2 : 000000000000001b x1 : 00000000fffffff0 x0 : 0000000000000000
[ 7925.017863][ T6789] Call trace:
[ 7925.019011][ T6789]  kvm_timer_update_irq+0x21c/0x394
[ 7925.020700][ T6789]  kvm_timer_vcpu_reset+0x178/0x684
[ 7925.022241][ T6789]  kvm_reset_vcpu+0x3b4/0x560
[ 7925.023756][ T6789]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 7925.025281][ T6789]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 7925.026823][ T6789]  __arm64_sys_ioctl+0x108/0x184
[ 7925.028349][ T6789]  invoke_syscall+0x78/0x1b8
[ 7925.029890][ T6789]  el0_svc_common+0xe8/0x1b0
[ 7925.031518][ T6789]  do_el0_svc+0x40/0x50
[ 7925.032986][ T6789]  el0_svc+0x54/0x14c
[ 7925.034396][ T6789]  el0t_64_sync_handler+0x84/0xfc
[ 7925.035880][ T6789]  el0t_64_sync+0x190/0x194
[ 7925.037283][ T6789] irq event stamp: 554
[ 7925.038568][ T6789] hardirqs last  enabled at (553): [<ffff8000839d3220>] exit_to_kernel_mode+0xdc/0x10c
[ 7925.040526][ T6789] hardirqs last disabled at (554): [<ffff8000839d104c>] el1_dbg+0x24/0x80
[ 7925.042493][ T6789] softirqs last  enabled at (552): [<ffff8000801635e4>] handle_softirqs+0x698/0x6fc
[ 7925.044497][ T6789] softirqs last disabled at (527): [<ffff800080010a68>] __do_softirq+0x14/0x20
[ 7925.046479][ T6789] ---[ end trace 0000000000000000 ]---

VM DIAGNOSIS:
18:07:18  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008130f384 X00=0000000000000003 X01=0000000000000002
X02=000000000000002a X03=ffff80008130f2f4 X04=cdf00000182b8b58
X05=0000000000000001 X06=0000000000000000 X07=ffff80008130e108
X08=cdf00000182b8000 X09=0000000000000000 X10=0000000000ff0100
X11=0000000000000101 X12=00000000d104b7ab X13=0000000000000028
X14=cdf00000182b8a80 X15=cdf00000182b8a80 X16=0000000000000060
X17=0000000000000000 X18=0000000000000000 X19=0000000000000069
X20=efff800000000000 X21=0000000000000002 X22=60f000000b80917a
X23=60f000000b8092c8 X24=60f000000b8090c8 X25=3aff800089749018
X26=60f000000b8092d8 X27=ffff8000894e6cb5 X28=0000000000000f01
X29=ffff8000a0e770a0 X30=ffff80008130f384  SP=ffff8000a0e770a0
PSTATE=804003c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000000 Z01=0000ffffec63ee80:208faed2d45db500
Z02=0000ffff834ce000:ffffff80ffffffd8 Z03=0000ffffec63ef10:0000ffffec63ef10
Z04=0000ffffec63ef10:0000ffffec63eec8 Z05=0000ffffec63eee0:0000ffffec63ef10
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffec63f120:0000ffffec63f120 Z17=ffffff80ffffffd0:0000ffffec63f0f0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000