last executing test programs:

1m53.089903476s ago: executing program 0 (id=69):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
munmap(&(0x7f0000004000/0x3000)=nil, 0x3000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x20000000)
write$eventfd(r3, &(0x7f0000000000), 0xfffffdef) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000)
r4 = ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x20000000)
write$eventfd(r4, &(0x7f00000000c0), 0x8)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r0, 0x541b, 0x0)
openat$kvm(0x0, 0x0, 0x9c481, 0x0) (async, rerun: 64)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (rerun: 64)
ioctl$KVM_DIRTY_TLB(r5, 0x4010aeaa, &(0x7f00000000c0)={0x6, 0x2})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x40a0ae49, &(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYRES16]) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x80031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)

1m37.188160158s ago: executing program 1 (id=72):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xc000, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013c027, &(0x7f00000002c0)=0x1})

1m29.099601991s ago: executing program 1 (id=73):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xcd)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000000)={0x0, 0x0, @pic={0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x20}})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x10000, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r7, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000140))
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000002c0)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000280))
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x9)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000080)={0x8})
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000200)={0x7})
close(0xffffffffffffffff)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_SIGNAL_MSI(r10, 0x4020aea5, &(0x7f0000000000)={0x5000, 0x5000, 0x54, 0x0, 0x80000001})
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x4, &(0x7f0000000300)})
ioctl$KVM_SET_FPU(r2, 0x4000ae8d, &(0x7f0000000100)={'\x00', 0x7, 0x6, 0x9, 0x0, 0x8, 0x1, 0xffff1000, '\x00', 0x8001})

1m22.7757227s ago: executing program 0 (id=71):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0x5452, 0x2000fdfd)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x8040aeb6, &(0x7f0000000200)=@attr_arm64={0x0, 0x0, 0x1000000000000, 0x0})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="bca4b480a15842fa4db58c2479b93f6a8a0f7aed7ae30358d05296299963c6a16398e042f3b31fea1ded24bf1e7ca64df0a503a32a750fcbad9859c64a2844f2918e3348bc166256", 0x0, 0x48)

52.850426406s ago: executing program 1 (id=74):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x401c5820, 0x20000000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
munmap(&(0x7f0000738000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x0, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000fe1000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f0000fe6000/0x4000)=nil, 0x4000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x183000, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r4, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000840)=[{0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="04000000000000004000000000000000001000000000000001000000000000000200000000000000034e0000000000000500000000000000090000000000000001000000000000006c00000000000000007008d5a03e9dd20020b0f2e10080d2e20180d2000028d5c40080d2020000d4000008d5604b82d20020b0f2214080d2e20180d2830080d2640180d2020000d40000600d0048202e00084038007008d50008203c007008d5c0035fd604000000000000004000000000000000040000000000000004000000000000000a0000000000000000000000020000000900000000000000080000040000000001000000000000009c00000000000000000028d540ef8ad20020b0f2810180d2e20180d2430180d2840080d2020000d4000028d50004801a008008d580179fd200e0b0f2a10180d2820180d2830080d2440080d20200000600000000000000f2810180d2c20080d2230180d2a40180d2020000d480e784d20060b8f2e10180d2820080d2230080d2a40180d2020000d4007008d500c8a10ec0035fd601000000000000008400000000000000008008d5007008d50040bf0de09084d20000b8f2e10180d2a20080d2430180d2040080d2020000d400cc200e008008d580eb9bd200a0b8f2e10080d2c20080d2e30180d2840180d2020000d4000008d5e04d87d200c0b0f2210180d2c20180d2a30080d2c40180d2020000d4e003006bc0035fd60300000000000000400000000000000000000005000000000c00000000000000000000000000000007000000000000005900000000000000060000000000000003000000000000004000000000000000210000000000492e030000000000000000080000000000000500000000000000ffffffffffffff7f020000000000000004000000000000004000000000000000000000050000000002003962265900000000000010000000000000000600000000000000040000000000000000feffffffffffff040000000000000040000000000000000040000000000000040000000000000001000000000000000d000000000000000300000000000000030000000000000002000000000000002000000000000000c6e61300000030600100000000000080000000000000000018000000000000000b0000000000000003000000000000004000000000000000004000000000000007000000000000000200000000000000000000000000000004000000000000000800000000000000030000000000000040000000000000000200000000000000020000000000000006000000000000000500000000000000020000000000000007000000"], 0x3c4}], 0x1, 0x0, &(0x7f0000000880)=[@featur2={0x1, 0x1}], 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x2480, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000a40)={0x2})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000000c0)=0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0xa0000, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r4, 0x4010ae74, &(0x7f0000000b00)={0x7, 0xe, 0x9})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(0xffffffffffffffff, 0x4068aea3, 0x0)

49.020753082s ago: executing program 0 (id=75):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x141242, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r2, &(0x7f0000e10000/0x18000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae03, 0xbb)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x6030000000100016, &(0x7f0000000100)=0x95})

43.551807711s ago: executing program 1 (id=76):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xc000, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r1, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013c027, &(0x7f00000002c0)=0x1})

40.198423983s ago: executing program 0 (id=77):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x6030000000100012, &(0x7f0000000040)=0x3ba4})

37.181430664s ago: executing program 1 (id=78):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x642200, 0x0)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000001c0)={0x7, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x5, 0x1203d4c8, 0x0})
openat$kvm(0xffffffffffffff9c, 0x0, 0x14200, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x80000003, 0x6}})
r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r5, 0x0, 0x8012, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000f49000/0x18000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000001540)=[@msr={0x2, 0x20, {0x603000000013e666, 0x101}}, @smc={0x3, 0x40, {0x4, [0xe55, 0x1, 0x18, 0x1, 0x3]}}, @uexit={0x0, 0x18}, @smc={0x3, 0x40, {0x10, [0x7f336572, 0xffffffff7fffffff, 0x7, 0x80, 0x1]}}, @uexit={0x0, 0x18, 0x51}, @code={0x1, 0x6c, {"00c0641e00c8b02e40d39bd20040b8f2210080d2820180d2430180d2040180d2020000d4007008d50000189ee0f69cd200c0b8f2610080d2820180d2830080d2c40180d2020000d4000008d5000028d5000028d5007008d5"}}, @smc={0x3, 0x40, {0x4, [0x3, 0x6, 0x0, 0xb2, 0x101]}}, @code={0x1, 0x84, {"007008d5007008d50040202e1f00206b804184d200a0b0f2a10080d2620080d2630180d2e40080d2020000d4007008d5000008d5007008d5e04399d200c0b8f2410180d2020080d2230080d2640080d2020000d4008f85d20040b0f2210080d2020180d2e30080d2e40180d2020000d4"}}, @msr={0x2, 0x20, {0x603000000013df50, 0x8}}, @msr={0x2, 0x20, {0x603000000013c031, 0x90e1}}, @code={0x1, 0x84, {"e02b88d20000b8f2010080d2820180d2630180d2a40180d2020000d40010204e007008d5a0339fd20040b8f2210180d2620180d2430180d2640180d2020000d4008008d5008008d5000028d5007008d5000008d5206a85d200c0b8f2010080d2220080d2e30080d2c40080d2020000d4"}}, @smc={0x3, 0x40, {0x8, [0xfffffffffffffff7, 0x7ff, 0x1, 0x8000000000000000, 0xffffffffffffffff]}}, @code={0x1, 0xb4, {"0040800ca0f790d200a0b0f2210080d2220080d2e30080d2640080d2020000d40084c00d000008d5204d94d200c0b0f2c10080d2220180d2830080d2c40080d2020000d4e04a8ed20060b0f2a10180d2220180d2230080d2c40180d2020000d4a04587d20080b8f2410080d2220180d2230080d2e40180d2020000d40004c0da608f8fd20040b8f2810080d2820180d2630080d2840180d2020000d4000040d3"}}, @code={0x1, 0x84, {"008008d5008008d5a0ff98d200e0b0f2c10180d2220180d2430180d2a40080d2020000d40000003a008008d5207580d200a0b0f2210180d2220180d2030180d2c40180d2020000d4007008d5008008d500f4a00e004594d20020b8f2610180d2c20080d2c30080d2c40180d2020000d4"}}, @code={0x1, 0xb4, {"000028d5007787d200a0b0f2610180d2020180d2c30180d2e40080d2020000d40000800d000008d50008407800969ed20060b8f2410080d2620080d2030180d2e40080d2020000d400c090d200a0b8f2410080d2c20080d2830080d2c40080d2020000d4c08d8cd20060b0f2410080d2220080d2430180d2a40180d2020000d400b197d20020b0f2010080d2c20080d2a30180d2a40080d2020000d4000028d5"}}, @code={0x1, 0x9c, {"208393d200a0b0f2a10080d2a20080d2630080d2440180d2020000d4606f82d200e0b0f2c10080d2e20080d2630180d2640080d2020000d4a0de8ed200c0b0f2610180d2220180d2030080d2a40080d2020000d400082038008008d5c0909fd20020b8f2410180d2e20080d2030180d2040080d2020000d4007008d5007008d50080200e000c00b8"}}, @hvc={0x4, 0x40, {0x200, [0x7f, 0x8, 0x7, 0x2, 0x9]}}, @code={0x1, 0xb4, {"00a4e00d008008d50040000ce04c95d200a0b0f2810180d2a20080d2a30180d2840080d2020000d400769ad200a0b8f2a10080d2c20080d2a30080d2440180d2020000d4c0608ad20020b0f2410080d2e20080d2a30080d2840080d2020000d4805a97d200e0b0f2010180d2820080d2430080d2440080d2020000d4007008d580ed9bd200a0b0f2010180d2e20080d2c30080d2a40080d2020000d4007008d5"}}, @msr={0x2, 0x20, {0x6030000000138457, 0x6}}, @uexit={0x0, 0x18}, @code={0x1, 0x9c, {"a0be92d200e0b8f2210180d2c20180d2a30180d2a40180d2020000d4007008d5204792d20080b8f2610080d2620180d2c30080d2a40180d2020000d4000400b820cf97d20080b8f2810080d2e20080d2230080d2a40080d2020000d400b0004f007008d51f00006a800989d20080b0f2010080d2420080d2830080d2640080d2020000d4007008d5"}}, @uexit={0x0, 0x18, 0x664b}, @hvc={0x4, 0x40, {0x1000000, [0x6, 0x400, 0xffffffffffff653f, 0x9, 0x7d]}}, @hvc={0x4, 0x40, {0x6000000, [0x3e9, 0x2, 0x10, 0x3, 0x400]}}, @smc={0x3, 0x40, {0x4000, [0xffffffffffff9a1e, 0x200, 0x56, 0x3]}}, @hvc={0x4, 0x40, {0x200, [0x6, 0x3, 0x4, 0x1, 0xfffffffffffffff7]}}, @hvc={0x4, 0x40, {0x32000000, [0x8, 0x3, 0x3, 0xb, 0x2]}}], 0x8ac}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x428c01, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r9, 0x8040ae9f, &(0x7f0000000100))
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000200)={0x7})
r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(r8, r10, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000240)=[@msr={0x2, 0x20, {0x603000000013c708, 0x2}}, @uexit={0x0, 0x18, 0x401}, @msr={0x2, 0x20, {0x603000000013df58, 0x8}}, @hvc={0x4, 0x40, {0x2, [0x8, 0x5, 0x8, 0x0, 0xf4]}}, @code={0x1, 0x84, {"a00787d20000b8f2a10080d2020180d2a30180d2c40080d2020000d40050c01a000008d5007008d5008c000f007008d5c01685d20060b0f2210180d2e20080d2030180d2c40180d2020000d4000008d5000820f800d09ed20020b8f2c10080d2c20180d2e30080d2440080d2020000d4"}}, @code={0x1, 0x84, {"008008d500a8a17ec0e587d200c0b8f2210080d2c20080d2c30080d2240080d2020000d40070800c000008d500b8a15e20d097d20040b8f2810080d2620080d2a30180d2040180d2020000d40080009b007008d5405c85d20040b8f2e10180d2220080d2230080d2040080d2020000d4"}}, @code={0x1, 0x3c, {"007008d5000840b8008008d5007008d5007008d50074007f0078205e000028d50000401f0000005c"}}], 0x1dc}], 0x1, 0x0, &(0x7f0000000180)=[@featur2={0x1, 0x1}], 0x1)

30.569033399s ago: executing program 0 (id=79):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r2, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r2, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0)
r3 = syz_kvm_add_vcpu(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000740)=[@irq_setup={0x5, 0x18, {0x2, 0x305}}, @uexit={0x0, 0x18}, @irq_setup={0x5, 0x18, {0x63, 0x3b8}}, @code={0x1, 0x6c, {"60ac8fd20040b8f2010180d2620180d2830180d2c40180d2020000d4007008d5008008d500c0211e007008d5008008d5007e8dd20000b8f2a10080d2420180d2e30180d2c40180d2020000d40004002f007008d5007008d5"}}, @irq_setup={0x5, 0x18, {0x1, 0x85}}, @irq_setup={0x5, 0x18, {0x3, 0x269}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x4, 0xf23, 0xa}}, @hvc={0x4, 0x40, {0x84000007, [0x4, 0x4, 0x7, 0xffffffff, 0x9]}}, @hvc={0x4, 0x40, {0x100, [0x5, 0xb, 0x0, 0x4, 0xffffffff8954d5ee]}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x1a00, 0xba7, 0x4}}, @code={0x1, 0x54, {"000028d5000008d5007008d5007008d5007008d500e4002f0000249e00409bd20060b8f2810080d2820080d2230080d2e40080d2020000d4000480da007008d5"}}, @smc={0x3, 0x40, {0x70001009, [0x0, 0xfff, 0x9, 0x3, 0x7]}}, @msr={0x2, 0x20, {0x603000000013e535, 0x2}}, @irq_setup={0x5, 0x18, {0x3, 0x100}}, @uexit={0x0, 0x18, 0x200000000008}, @smc={0x3, 0x40, {0x8400000c, [0x3, 0x0, 0xffff, 0xff, 0x7d8]}}, @code={0x1, 0xb4, {"607398d200c0b0f2410180d2220180d2230180d2440180d2020000d400000088008182d20040b8f2810080d2820080d2a30080d2440180d2020000d4007008d5007008d5003c000e60229cd20000b0f2810080d2620180d2a30080d2640080d2020000d4a07592d200a0b0f2c10180d2020080d2430080d2440180d2020000d480748ad20000b8f2810180d2020080d2a30080d2e40180d2020000d4007008d5"}}, @msr={0x2, 0x20, {0x603000000013e2b0}}, @hvc={0x4, 0x40, {0x3000000, [0x0, 0xa6b, 0x59a20bad, 0x3, 0x8]}}, @uexit={0x0, 0x18, 0x8}, @msr={0x2, 0x20, {0x603000000013e536, 0x1}}, @hvc={0x4, 0x40, {0x86000001, [0xfffffffffffffff9, 0x3bb, 0x9, 0x43c7, 0x2]}}, @uexit={0x0, 0x18, 0x8}, @irq_setup={0x5, 0x18, {0x0, 0x14}}, @irq_setup={0x5, 0x18, {0x6, 0x14}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x800, 0x729, 0x9}}], 0x4ec}, &(0x7f0000000100)=[@featur1={0x1, 0x40}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r2, 0x3000000, 0x110, r3, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r2, 0x3000000, 0x110, r3, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
eventfd2(0x0, 0xc00)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
munmap(&(0x7f0000dcc000/0x3000)=nil, 0x3000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x48)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f000060d000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000000140)=[@featur2={0x1, 0x2}], 0x1) (async)
syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f000060d000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000000140)=[@featur2={0x1, 0x2}], 0x1)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_GET_TSC_KHZ(r8, 0xaea3)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000d09000/0x1000)=nil, 0x930, 0x2000008, 0x110, r8, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000d09000/0x1000)=nil, 0x930, 0x2000008, 0x110, r8, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)

22.80783884s ago: executing program 0 (id=81):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x141242, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r2, &(0x7f0000e10000/0x18000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae03, 0xbb)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x6030000000100016, &(0x7f0000000100)=0x95})

0s ago: executing program 1 (id=80):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x401c5820, 0x20000000) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x8) (async)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async, rerun: 64)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64)
r2 = mmap$KVM_VCPU(&(0x7f0000ff1000/0x1000)=nil, 0x0, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000340)={0x5, 0x8}) (async, rerun: 64)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (rerun: 64)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async, rerun: 64)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0x0, 0x0, 0x1e) (rerun: 64)
ioctl$KVM_GET_API_VERSION(r5, 0xae00, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
munmap(&(0x7f0000003000/0x1000)=nil, 0x1000) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
munmap(&(0x7f0000fe8000/0x3000)=nil, 0x3000)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x8000) (async)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000540)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000040)="a22309276cbdf073d2cfee9680489f1e80cef24c5013c2a5bd3f761ad06f3b19688f281a3346ab16e399b5b0d7aaca780bd92820ef814bf31eb8772f6616c6267464a2b2d93063ce", 0x0, 0x48)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_REGS(r3, 0x4360ae82, 0x0)

kernel console output (not intermixed with test programs):

[  536.790761][ T3110] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:33524' (ED25519) to the list of known hosts.
[  745.915614][   T24] audit: type=1400 audit(744.790:69): avc:  denied  { name_bind } for  pid=3265 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  747.914018][   T24] audit: type=1400 audit(746.800:70): avc:  denied  { execute } for  pid=3267 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  747.938151][   T24] audit: type=1400 audit(746.830:71): avc:  denied  { execute_no_trans } for  pid=3267 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  780.804034][   T24] audit: type=1400 audit(779.690:72): avc:  denied  { mounton } for  pid=3267 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  780.883477][   T24] audit: type=1400 audit(779.760:73): avc:  denied  { mount } for  pid=3267 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  780.987891][ T3267] cgroup: Unknown subsys name 'net'
[  781.055701][   T24] audit: type=1400 audit(779.950:74): avc:  denied  { unmount } for  pid=3267 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  781.817316][ T3267] cgroup: Unknown subsys name 'rlimit'
[  782.346082][   T24] audit: type=1400 audit(781.220:75): avc:  denied  { setattr } for  pid=3267 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  782.365908][   T24] audit: type=1400 audit(781.250:76): avc:  denied  { mounton } for  pid=3267 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  782.423086][   T24] audit: type=1400 audit(781.290:77): avc:  denied  { mount } for  pid=3267 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  783.876290][ T3271] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  783.919549][   T24] audit: type=1400 audit(782.780:78): avc:  denied  { relabelto } for  pid=3271 comm="mkswap" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  783.946099][   T24] audit: type=1400 audit(782.840:79): avc:  denied  { write } for  pid=3271 comm="mkswap" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  784.204918][   T24] audit: type=1400 audit(783.090:80): avc:  denied  { read } for  pid=3267 comm="syz-executor" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  784.250025][   T24] audit: type=1400 audit(783.090:81): avc:  denied  { open } for  pid=3267 comm="syz-executor" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  784.299870][ T3267] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  842.644054][   T24] audit: type=1400 audit(841.530:82): avc:  denied  { execmem } for  pid=3277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  847.574485][   T24] audit: type=1400 audit(846.460:83): avc:  denied  { read } for  pid=3279 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  847.653214][   T24] audit: type=1400 audit(846.490:84): avc:  denied  { open } for  pid=3279 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  847.773828][   T24] audit: type=1400 audit(846.650:85): avc:  denied  { mounton } for  pid=3279 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  851.033863][   T24] audit: type=1400 audit(849.910:86): avc:  denied  { mount } for  pid=3279 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  851.144198][   T24] audit: type=1400 audit(850.030:87): avc:  denied  { mounton } for  pid=3279 comm="syz-executor" path="/syzkaller.74ggRP/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  851.312789][   T24] audit: type=1400 audit(850.150:88): avc:  denied  { mount } for  pid=3279 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  851.487484][   T24] audit: type=1400 audit(850.380:89): avc:  denied  { mounton } for  pid=3279 comm="syz-executor" path="/syzkaller.74ggRP/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  851.575071][   T24] audit: type=1400 audit(850.460:90): avc:  denied  { mounton } for  pid=3280 comm="syz-executor" path="/syzkaller.JPB7W8/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2881 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  851.809513][   T24] audit: type=1400 audit(850.700:91): avc:  denied  { unmount } for  pid=3280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  851.920756][   T24] audit: type=1400 audit(850.810:92): avc:  denied  { mounton } for  pid=3279 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=1514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  852.049959][   T24] audit: type=1400 audit(850.930:94): avc:  denied  { mount } for  pid=3279 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  853.908469][   T24] kauditd_printk_skb: 4 callbacks suppressed
[  853.908813][   T24] audit: type=1400 audit(852.750:98): avc:  denied  { read write } for  pid=3279 comm="syz-executor" name="loop1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  853.946984][   T24] audit: type=1400 audit(852.790:100): avc:  denied  { ioctl } for  pid=3280 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  853.973187][   T24] audit: type=1400 audit(852.780:99): avc:  denied  { open } for  pid=3279 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  857.205125][   T24] audit: type=1400 audit(855.990:101): avc:  denied  { read append } for  pid=3282 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  857.233438][   T24] audit: type=1400 audit(856.120:102): avc:  denied  { open } for  pid=3282 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  857.659355][   T24] audit: type=1400 audit(856.550:103): avc:  denied  { ioctl } for  pid=3282 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  914.760793][   T24] audit: type=1400 audit(913.650:104): avc:  denied  { mount } for  pid=3321 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  919.235824][   T24] audit: type=1400 audit(918.110:105): avc:  denied  { write } for  pid=3326 comm="syz.1.10" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  927.875107][   T24] audit: type=1400 audit(926.760:106): avc:  denied  { execute } for  pid=3333 comm="syz.0.11" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3352 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1577.937351][ T3752] ------------[ cut here ]------------
[ 1577.940855][ T3752] WARNING: CPU: 0 PID: 3752 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 1577.944511][ T3752] Modules linked in:
[ 1577.946903][ T3752] CPU: 0 UID: 0 PID: 3752 Comm: syz.1.80 Not tainted 6.11.0-rc5-syzkaller-g17a000564499 #0
[ 1577.949206][ T3752] Hardware name: linux,dummy-virt (DT)
[ 1577.950948][ T3752] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1577.952878][ T3752] pc : kvm_timer_update_irq+0x21c/0x394
[ 1577.954468][ T3752] lr : kvm_timer_update_irq+0x21c/0x394
[ 1577.956050][ T3752] sp : ffff800089ee78f0
[ 1577.957293][ T3752] x29: ffff800089ee7900 x28: 00000000000003c5 x27: 43f000000fc29f18
[ 1577.959739][ T3752] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 1577.962003][ T3752] x23: 0000000000000000 x22: 08ff80008969d000 x21: 000000000000001e
[ 1577.964153][ T3752] x20: 43f000000fc29cb0 x19: 00000000fffffff0 x18: 0000000000000000
[ 1577.966407][ T3752] x17: 0000000000000000 x16: 0000000000000008 x15: a0f000000f9b0a80
[ 1577.968608][ T3752] x14: 0000000000000000 x13: 0000000000000003 x12: a0f000000f9b0000
[ 1577.970784][ T3752] x11: 08ff80008969d000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 1577.973008][ T3752] x8 : a0f000000f9b0000 x7 : 0000000000000000 x6 : 000000000000003f
[ 1577.975133][ T3752] x5 : 0000000000000040 x4 : 43f000000fc2b0b0 x3 : 0000000000000000
[ 1577.977350][ T3752] x2 : 000000000000001e x1 : 00000000fffffff0 x0 : 0000000000000000
[ 1577.979746][ T3752] Call trace:
[ 1577.980863][ T3752]  kvm_timer_update_irq+0x21c/0x394
[ 1577.982497][ T3752]  kvm_timer_vcpu_reset+0x158/0x684
[ 1577.983989][ T3752]  kvm_reset_vcpu+0x3b4/0x560
[ 1577.985368][ T3752]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 1577.986875][ T3752]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 1577.988289][ T3752]  __arm64_sys_ioctl+0x108/0x184
[ 1577.989717][ T3752]  invoke_syscall+0x78/0x1b8
[ 1577.991140][ T3752]  el0_svc_common+0xe8/0x1b0
[ 1577.992508][ T3752]  do_el0_svc+0x40/0x50
[ 1577.993909][ T3752]  el0_svc+0x54/0x14c
[ 1577.995209][ T3752]  el0t_64_sync_handler+0x84/0xfc
[ 1577.996670][ T3752]  el0t_64_sync+0x190/0x194
[ 1577.998254][ T3752] irq event stamp: 1832
[ 1577.999453][ T3752] hardirqs last  enabled at (1831): [<ffff80008393f920>] _raw_read_unlock_irqrestore+0x44/0x94
[ 1578.001570][ T3752] hardirqs last disabled at (1832): [<ffff800083924208>] el1_dbg+0x24/0x80
[ 1578.003453][ T3752] softirqs last  enabled at (1820): [<ffff80008015e900>] handle_softirqs+0x69c/0x700
[ 1578.005397][ T3752] softirqs last disabled at (1805): [<ffff800080010abc>] __do_softirq+0x14/0x20
[ 1578.007285][ T3752] ---[ end trace 0000000000000000 ]---
[ 1578.013834][ T3752] ------------[ cut here ]------------
[ 1578.015259][ T3752] WARNING: CPU: 0 PID: 3752 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 1578.017355][ T3752] Modules linked in:
[ 1578.019085][ T3752] CPU: 0 UID: 0 PID: 3752 Comm: syz.1.80 Tainted: G        W          6.11.0-rc5-syzkaller-g17a000564499 #0
[ 1578.021256][ T3752] Tainted: [W]=WARN
[ 1578.022434][ T3752] Hardware name: linux,dummy-virt (DT)
[ 1578.023739][ T3752] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1578.025415][ T3752] pc : kvm_timer_update_irq+0x21c/0x394
[ 1578.026998][ T3752] lr : kvm_timer_update_irq+0x21c/0x394
[ 1578.028489][ T3752] sp : ffff800089ee78f0
[ 1578.029700][ T3752] x29: ffff800089ee7900 x28: 00000000000003c5 x27: 43f000000fc29f18
[ 1578.031947][ T3752] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 1578.033873][ T3752] x23: 0000000000000000 x22: 08ff80008969d000 x21: 000000000000001b
[ 1578.036112][ T3752] x20: 43f000000fc29cb0 x19: 00000000fffffff0 x18: 0000000000000000
[ 1578.038388][ T3752] x17: 0000000000000000 x16: 0000000000000008 x15: a0f000000f9b0a80
[ 1578.040461][ T3752] x14: 0000000000000000 x13: 0000000000000003 x12: a0f000000f9b0000
[ 1578.042625][ T3752] x11: 08ff80008969d000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 1578.044829][ T3752] x8 : a0f000000f9b0000 x7 : 0000000000000000 x6 : 000000000000003f
[ 1578.046959][ T3752] x5 : 0000000000000040 x4 : 43f000000fc2b118 x3 : 0000000000000000
[ 1578.049126][ T3752] x2 : 000000000000001b x1 : 00000000fffffff0 x0 : 0000000000000000
[ 1578.051239][ T3752] Call trace:
[ 1578.052195][ T3752]  kvm_timer_update_irq+0x21c/0x394
[ 1578.053745][ T3752]  kvm_timer_vcpu_reset+0x178/0x684
[ 1578.055231][ T3752]  kvm_reset_vcpu+0x3b4/0x560
[ 1578.056531][ T3752]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 1578.057983][ T3752]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 1578.059209][ T3752]  __arm64_sys_ioctl+0x108/0x184
[ 1578.060624][ T3752]  invoke_syscall+0x78/0x1b8
[ 1578.062048][ T3752]  el0_svc_common+0xe8/0x1b0
[ 1578.063456][ T3752]  do_el0_svc+0x40/0x50
[ 1578.064885][ T3752]  el0_svc+0x54/0x14c
[ 1578.066057][ T3752]  el0t_64_sync_handler+0x84/0xfc
[ 1578.067486][ T3752]  el0t_64_sync+0x190/0x194
[ 1578.068849][ T3752] irq event stamp: 1848
[ 1578.070005][ T3752] hardirqs last  enabled at (1847): [<ffff8000839263dc>] exit_to_kernel_mode+0xdc/0x10c
[ 1578.071823][ T3752] hardirqs last disabled at (1848): [<ffff800083924208>] el1_dbg+0x24/0x80
[ 1578.073613][ T3752] softirqs last  enabled at (1846): [<ffff80008015e900>] handle_softirqs+0x69c/0x700
[ 1578.075519][ T3752] softirqs last disabled at (1835): [<ffff800080010abc>] __do_softirq+0x14/0x20
[ 1578.077269][ T3752] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

VM DIAGNOSIS:
01:19:10  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800083900524 X00=0000000000000075 X01=0000000000000075
X02=0000000000000001 X03=ffff800083900b0c X04=0000000000000ea8
X05=ffff800089ee711e X06=000000000000005d X07=fffffffffffd1a20
X08=ffff800089ee6f98 X09=efff800000000000 X10=0000000000ff0100
X11=0000000000ff0100 X12=a0f000000f9b0000 X13=0000000000000012
X14=0000000000000000 X15=0000000000000000 X16=00000000000000ff
X17=0000000000000000 X18=0000000000000000 X19=00000000ffffffe0
X20=efff800000000000 X21=ffff800089ee6fa8 X22=ffff800109ee711d
X23=0000000000000001 X24=ffff800089ee711e X25=0000000000000000
X26=0000000000000000 X27=ffff800084323a06 X28=ffff800084323a06
X29=ffff800089ee6e80 X30=ffff800083905004  SP=ffff800089ee6e40
PSTATE=604003c9 -ZC- EL2h  BTYPE=0     FPCR=00000000 FPSR=00000000
Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000
Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000
Q04=00524f5252450040:0000000000000000 Q05=00524f5252450040:0000000000000000
Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000
Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000
Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000
Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000
Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000
Q16=0000ffffd51a3460:0000ffffd51a3460 Q17=ffffff80ffffffd0:0000ffffd51a3430
Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000
Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000
Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000
Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000
Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000
Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000
Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000