last executing test programs:

1m2.155860517s ago: executing program 0 (id=927):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000000100000000000000aa0000000000000028000000000000000c00000000000400000000000000dfff00000000000000007209399ad3dc974d4bbac91caca7728a1e6cef247ec862b51948cc"], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000f58000/0x4000)=nil})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0xcd)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x83)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x8, 0xbc, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x8, 0x401, 0x2}})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xe7)
r9 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0xcb)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x5)
ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19})

50.290986631s ago: executing program 0 (id=929):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x101041, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
r3 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x1, 0x2001, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x4, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000140)={0x0, &(0x7f0000000180)=ANY=[], 0xe0}, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_GET_REG_LIST(r12, 0xc008aeb0, &(0x7f0000000000))
ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x128, &(0x7f0000000340)=0x8000000000000000}) (async)
close(0x4) (async)
close(0x5) (async)
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r13, 0x40a0ae49, &(0x7f0000000240)={0x10000, 0x7, 0xffff1000, 0x1000, &(0x7f0000e91000/0x1000)=nil, 0x400})

48.480612576s ago: executing program 1 (id=930):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x40)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f00000002c0)={0xffffffffffffffff, 0x1})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c03a, &(0x7f0000000140)=0x40000000026})

36.528081101s ago: executing program 1 (id=931):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2, 0x4102932, 0xffffffffffffffff, 0x0)
eventfd2(0x1, 0x80800)
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x121e82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0x18)
r3 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="fb4149dd033be3ac3bc4a22332fdaa8de0518df242008031d1dfd92f0000000001fff9ffdc9610fbff77521ce30d8f00", 0x0, 0xfcf7)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = eventfd2(0x80005ff, 0x1)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={0xffffffffffffffff, 0x3, 0x2, r5})
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000040)={0xfff, 0xeeee0000, 0x0, r5, 0x8})

36.450139831s ago: executing program 0 (id=932):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="3200000000000000400000000000000006000084000073e70de870d907b600000000000000000080000000000000000000000000000000000100000000000000ffc4e662949fd97868c6d7c4ee10b20f8dd36ba7f4dd585b9b5e89afc49cd958c9c4b4b58c28d283a0c3c871df496465ebf3506baf3f5dbf8358731d3cfc1de222f5deb5f2347fa3751ede8b91904806e1c09369c2f875adae428914173ff34d227b226139f766bd9149c3b97f7161bf86c59eae9ed0554740469fbda74069b9958b779fd9980cdaebc0d1a32689b33b88ec252d8f51f25d424b55644e951a0b92e511f0e1adf69f9fcad971f2b20000"], 0x40}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="820000000000000028000000000000000100000000000000040000000000000002000000000000008200000000000000280000000000000004"], 0x50}, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8200000000000000280000000000000001000000000000000400000000000000020000000000000082"], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r12, 0xae80, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bfd000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000b80)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1e00000000000000400000000000000004000084806d21c355a0bea6"], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r16=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r17 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000780)={0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000000000020840000000000000000fc209b000008d5e0888dd20060b8f2c10080d2620080d2a30180d2440080d2020000d4000000130000002b000008d50084202ea0a483d20000b8f2010080d2020080d2630180d2040580d2020000d4004d8fd20bc0b0f2e10080d2e20080d2030180d2040180da020000d4007008d5c0035fd689b49e06294a834118b4551f8aebf7d7e7934f41351812dbfb26a89e614189c4db772cf3179736f3"], 0x84}, &(0x7f00000007c0)=[@featur2={0x1, 0x4}], 0x1)
r18 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r18, 0xae03, 0xb2)
ioctl$KVM_RUN(r17, 0xae80, 0x0)

22.674125183s ago: executing program 1 (id=933):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x2, 0xffffffffffffffff, &(0x7f00000000c0)=0x88})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa001, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4208ae9b, 0xfffffffffffffffe)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)

22.310413548s ago: executing program 0 (id=934):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x18b080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, &(0x7f00000001c0)=ANY=[], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="820000000000000028"], 0x28}, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r9, 0x4020ae46, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000100000000000001000000000010000002", @ANYRES8=r8])
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000100)={0x1, 0x1ffc01, 0x400, 0x0})
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x4000, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000140)=[@featur1={0x1, 0x2}], 0x1)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000580)=@arm64_sve_vls={0x606000000015ffff, 0x0})

14.290782025s ago: executing program 1 (id=935):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f00000001c0)={0x5, 0x28})
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xfffffffffffffffa)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0)
ioctl$KVM_ARM_VCPU_FINALIZE(r3, 0x4004aec2, &(0x7f0000000040)=0x4)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xaa)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000ba4000/0x400000)=nil, &(0x7f0000000240)=[{0x0, &(0x7f0000000380)=ANY=[], 0x6dc}], 0x1, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x80}], 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x4000})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
munmap(&(0x7f0000f71000/0x6000)=nil, 0x6000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x800000000000)
ioctl$KVM_CAP_HALT_POLL(r7, 0x4068aea3, &(0x7f0000000400)={0xb6, 0x0, 0x3000000000000})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000180)={0x2, 0xc988}})
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000080)={0xeeef0000})

12.659402347s ago: executing program 0 (id=936):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000f31000/0x3000)=nil, 0x930, 0x100000a, 0x213011, r2, 0x4000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1b7400, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x109000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000003000000000000000200000000000000aa0000000000000028000000000000000e"], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r9, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8})
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)=0x75})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r13, 0x4008ae6a, &(0x7f0000000080)=ANY=[@ANYBLOB="02000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"])
r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r14, 0xae04)
r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r17, 0x4020ae46, &(0x7f0000000000)={0x1, 0x1, 0x5000, 0x1000, &(0x7f0000fa2000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r17, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r7, 0xc018aec0, &(0x7f0000000280)={0x9, 0xffffffffffffffff, 0x1})
r18 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r15, 0x1, 0x10010, r18, 0x0)

6.154821316s ago: executing program 1 (id=937):
r0 = mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0x18) (async)
munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) (async)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x12eeff265b2ad0b8, 0xffffffffffffffff, 0x1000000) (async)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)) (async)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000340)={0x0, &(0x7f0000000040)=[@code={0xa, 0xcc, {"a0c69ed20000b8f2010180d2420080d2430080d2040080d2020000d4000028d5408895d20020b0f2610080d2020180d2230080d2840080d2020000d4006e9fd20000b8f2410180d2420180d2430180d2c40080d2020000d4a0478ed20040b8f2c10180d2e20180d2a30180d2e40180d2020000d4003c000e40f698d20040b0f2e10080d2220080d2030080d2240080d2020000d40040200d007008d5601a8fd200c0b8f2210180d2220180d2e30080d2e40080d2020000d4"}}, @code={0xa, 0x84, {"0000681e000008d5007008d5a01b98d20040b0f2810080d2420080d2230080d2840080d2020000d4007008d5409d88d20040b8f2210180d2620080d2c30080d2840180d2020000d4007008d5407b99d200c0b8f2c10080d2c20080d2230080d2a40180d2020000d40050206e007008d5"}}, @code={0xa, 0x84, {"20398ed200c0b8f2810180d2a20080d2c30180d2840080d2020000d40000039e0020e00d005c202ec0279cd200e0b0f2c10180d2a20180d2230180d2a40180d2020000d40070200e000028d50008c05a007008d5809581d20060b8f2810080d2620180d2830080d2a40180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013e6c4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x800, 0x2, 0x8}}, @msr={0x14, 0x20, {0x603000000013c02d, 0x1}}, @irq_setup={0x46, 0x18, {0xa942, 0x2e9}}, @irq_setup={0x46, 0x18, {0x1, 0xb4}}, @hvc={0x32, 0x40, {0x400ffbd, [0x8, 0x7, 0xa927, 0x9, 0x169]}}, @smc={0x1e, 0x40, {0x10, [0x8, 0x7, 0x9, 0x618, 0x7]}}], 0x2ec}, &(0x7f0000000380)=[@featur2={0x1, 0x4c}], 0x1)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

549.271852ms ago: executing program 0 (id=938):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vm(r2, 0x4018aee2, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc1300000030d11b"], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000014000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060c7"], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
r9 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138012, 0x8000}}], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0) (async)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) (async)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r14, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="be0000000000000018000000000000001ac0"], 0x18}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 32)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (rerun: 32)

0s ago: executing program 1 (id=939):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0xeeef0000, 0x2000, &(0x7f0000239000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0xeeef0000, 0x2000, &(0x7f0000239000/0x2000)=nil})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x300, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000880)=@arm64={0xae, 0x5, 0x9, '\x00', 0x6}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000880)=@arm64={0xae, 0x5, 0x9, '\x00', 0x6})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
r5 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)

kernel console output (not intermixed with test programs):

[  384.029112][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0
[  433.505783][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:28899' (ED25519) to the list of known hosts.
[  597.581736][   T25] audit: type=1400 audit(596.690:60): avc:  denied  { name_bind } for  pid=3286 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  599.164166][   T25] audit: type=1400 audit(598.290:61): avc:  denied  { execute } for  pid=3287 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  599.187587][   T25] audit: type=1400 audit(598.300:62): avc:  denied  { execute_no_trans } for  pid=3287 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  620.375274][   T25] audit: type=1400 audit(619.490:63): avc:  denied  { mounton } for  pid=3287 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  620.403120][   T25] audit: type=1400 audit(619.520:64): avc:  denied  { mount } for  pid=3287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  620.487485][ T3287] cgroup: Unknown subsys name 'net'
[  620.538156][   T25] audit: type=1400 audit(619.660:65): avc:  denied  { unmount } for  pid=3287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  620.931796][ T3287] cgroup: Unknown subsys name 'cpuset'
[  621.035806][ T3287] cgroup: Unknown subsys name 'rlimit'
[  621.949925][   T25] audit: type=1400 audit(621.070:66): avc:  denied  { setattr } for  pid=3287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  621.969331][   T25] audit: type=1400 audit(621.090:67): avc:  denied  { mounton } for  pid=3287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  621.998601][   T25] audit: type=1400 audit(621.120:68): avc:  denied  { mount } for  pid=3287 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  623.223621][ T3290] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  623.245075][   T25] audit: type=1400 audit(622.360:69): avc:  denied  { relabelto } for  pid=3290 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  623.270252][   T25] audit: type=1400 audit(622.380:70): avc:  denied  { write } for  pid=3290 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  623.434721][   T25] audit: type=1400 audit(622.550:71): avc:  denied  { read } for  pid=3287 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  623.453776][   T25] audit: type=1400 audit(622.570:72): avc:  denied  { open } for  pid=3287 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  623.495553][ T3287] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  671.416116][   T25] audit: type=1400 audit(670.510:73): avc:  denied  { execmem } for  pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  674.985818][   T25] audit: type=1400 audit(674.110:74): avc:  denied  { read } for  pid=3293 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  675.002041][   T25] audit: type=1400 audit(674.120:75): avc:  denied  { open } for  pid=3293 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  675.095868][   T25] audit: type=1400 audit(674.220:76): avc:  denied  { mounton } for  pid=3293 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  675.376204][   T25] audit: type=1400 audit(674.490:77): avc:  denied  { module_request } for  pid=3293 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  676.488794][   T25] audit: type=1400 audit(675.610:78): avc:  denied  { sys_module } for  pid=3293 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  702.714817][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  703.275161][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  703.994197][ T3293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  704.576048][ T3293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  718.798853][ T3294] hsr_slave_0: entered promiscuous mode
[  718.840288][ T3294] hsr_slave_1: entered promiscuous mode
[  719.568053][ T3293] hsr_slave_0: entered promiscuous mode
[  719.605753][ T3293] hsr_slave_1: entered promiscuous mode
[  719.633406][ T3293] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  719.638021][ T3293] Cannot create hsr debugfs directory
[  725.163465][   T25] audit: type=1400 audit(724.280:79): avc:  denied  { create } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  725.194287][   T25] audit: type=1400 audit(724.310:80): avc:  denied  { write } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  725.266069][   T25] audit: type=1400 audit(724.390:81): avc:  denied  { read } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  725.422688][ T3294] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  725.793258][ T3294] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  726.133978][ T3294] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  726.428747][ T3294] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  727.947016][ T3293] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  728.139371][ T3293] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  728.269790][ T3293] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  728.458695][ T3293] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  740.804912][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.817597][ T3293] 8021q: adding VLAN 0 to HW filter on device bond0
[  799.608078][ T3294] veth0_vlan: entered promiscuous mode
[  800.166417][ T3294] veth1_vlan: entered promiscuous mode
[  801.944105][ T3294] veth0_macvtap: entered promiscuous mode
[  802.359781][ T3294] veth1_macvtap: entered promiscuous mode
[  802.949294][ T3293] veth0_vlan: entered promiscuous mode
[  803.869051][ T3293] veth1_vlan: entered promiscuous mode
[  804.520225][ T3294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  804.527226][ T3294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  804.544038][ T3294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  804.583055][ T3294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  807.307943][ T3293] veth0_macvtap: entered promiscuous mode
[  807.325436][   T25] audit: type=1400 audit(806.420:82): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  807.497141][   T25] audit: type=1400 audit(806.620:83): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.QiEgEX/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  807.578166][ T3293] veth1_macvtap: entered promiscuous mode
[  807.633953][   T25] audit: type=1400 audit(806.750:84): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  807.919786][   T25] audit: type=1400 audit(807.020:85): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.QiEgEX/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  808.008863][   T25] audit: type=1400 audit(807.130:86): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.QiEgEX/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3232 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  808.685056][   T25] audit: type=1400 audit(807.800:87): avc:  denied  { unmount } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  809.019155][   T25] audit: type=1400 audit(808.140:88): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  809.146881][   T25] audit: type=1400 audit(808.270:89): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="gadgetfs" ino=3241 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  809.515300][   T25] audit: type=1400 audit(808.630:90): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  809.576034][ T3293] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  809.583500][ T3293] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  809.602753][ T3293] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  809.613939][ T3293] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  809.623323][   T25] audit: type=1400 audit(808.690:91): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  811.295625][ T3294] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  812.643508][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  812.647076][   T25] audit: type=1400 audit(811.720:93): avc:  denied  { read write } for  pid=3294 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  812.669746][   T25] audit: type=1400 audit(811.780:94): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  812.722505][   T25] audit: type=1400 audit(811.820:95): avc:  denied  { ioctl } for  pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  815.650387][   T25] audit: type=1400 audit(814.770:96): avc:  denied  { read } for  pid=3446 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  815.698200][   T25] audit: type=1400 audit(814.820:97): avc:  denied  { open } for  pid=3446 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  816.317160][   T25] audit: type=1400 audit(815.430:98): avc:  denied  { ioctl } for  pid=3446 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  822.106983][   T25] audit: type=1400 audit(821.230:99): avc:  denied  { write } for  pid=3448 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  833.816193][   T25] audit: type=1400 audit(832.900:100): avc:  denied  { append } for  pid=3454 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  876.516193][   T25] audit: type=1400 audit(875.610:101): avc:  denied  { ioctl } for  pid=3481 comm="syz.1.12" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  878.355294][   T25] audit: type=1400 audit(877.390:102): avc:  denied  { execute } for  pid=3481 comm="syz.1.12" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4121 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  903.258479][ T3497] kvm [3497]: Failed to find VMA for hva 0x20c01000
[  963.135086][   T25] audit: type=1400 audit(962.250:103): avc:  denied  { map } for  pid=3536 comm="syz.0.27" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  985.215925][ T3555] kvm [3555]: Failed to find VMA for hva 0x20c01000
[ 1100.533656][ T3626] kvm [3626]: Failed to find VMA for hva 0x20c01000
[ 1198.845034][ T3703] kvm [3703]: Failed to find VMA for hva 0x20d8d000
[ 1299.393007][ T3770] kvm [3770]: Failed to find VMA for hva 0x20d8d000
[ 1299.494915][ T3771] kvm [3771]: Failed to find VMA for hva 0x20d8d000
[ 1648.842624][ T4005] kvm [4005]: Failed to find VMA for hva 0x21016000
[ 1651.224396][ T4007] irq bypass consumer (token 0000000035f5d779) registration fails: -16
[ 1656.076062][ T4010] KVM: debugfs: duplicate directory 4010-5
[ 1767.479769][ T4089] kvm [4089]: Failed to find VMA for hva 0x208a1000
[ 1989.127497][ T4255] kvm [4255]: Failed to find VMA for hva 0x21016000
[ 2234.909624][ T4407] kvm [4407]: Failed to find VMA for hva 0x20c01000
[ 2321.658624][ T4469] kvm [4469]: Failed to find VMA for hva 0x21016000
[ 2332.452958][ T4472] kvm [4472]: Failed to find VMA for hva 0x20d8d000
[ 2334.766743][ T4477] kvm [4477]: Failed to find VMA for hva 0x21016000
[ 2451.014322][   T25] audit: type=1400 audit(2450.140:104): avc:  denied  { execute } for  pid=4561 comm="syz.0.329" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2592.718066][ T4674] kvm [4674]: Failed to find VMA for hva 0x208a1000
[ 2723.480245][ T4764] KVM: debugfs: duplicate directory 4764-10
[ 2774.792749][   T25] audit: type=1400 audit(2773.900:105): avc:  denied  { execute } for  pid=4797 comm="syz.0.393" path=2F3139342F10FBFF67525673312B0104 dev="tmpfs" ino=993 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 2840.876967][ T4845] kvm [4845]: Failed to find VMA for hva 0x20c01000
[ 2906.357704][ T4887] kvm [4887]: Failed to find VMA for hva 0x20d8d000
[ 2906.409049][ T4890] kvm [4890]: Failed to find VMA for hva 0x20d8d000
[ 3032.537512][ T4983] kvm [4983]: Failed to find VMA for hva 0x20c01000
[ 3062.196187][   T25] audit: type=1400 audit(3061.220:106): avc:  denied  { setattr } for  pid=5001 comm="syz.0.454" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 3495.443040][ T5279] kvm [5279]: Failed to find VMA for hva 0x20c01000
[ 3614.343402][ T5354] kvm [5354]: Failed to find VMA for hva 0x20c01000
[ 3699.844879][ T5408] kvm [5408]: Failed to find VMA for hva 0x20d8d000
[ 3739.819538][ T5435] kvm [5435]: Failed to find VMA for hva 0x208a1000
[ 3775.946373][ T5456] kvm [5456]: Failed to find VMA for hva 0x20d8d000
[ 3800.548025][ T5469] KVM: debugfs: duplicate directory 5469-5
[ 3956.026818][ T5571] kvm [5571]: Failed to find VMA for hva 0x21016000
[ 4051.137331][ T5635] kvm [5635]: Failed to find VMA for hva 0x21016000
[ 4170.552636][ T5705] kvm [5705]: Failed to find VMA for hva 0x20d8d000
[ 4257.156226][ T5763] KVM: debugfs: duplicate directory 5763-9
[ 4326.576909][ T5809] debugfs: File 'vgic-its-state@8080000' in directory '5809-4' already present!
[ 4404.659193][ T5864] kvm [5862]: Unsupported guest access at: eeef0000
[ 4404.659193][ T5864]  { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write },
[ 4856.736683][ T6176] kvm [6176]: Failed to find VMA for hva 0x20c01000
[ 4868.727529][ T6182] kvm [6182]: Failed to find VMA for hva 0x21016000
[ 4868.867748][ T6182] kvm [6182]: Failed to find VMA for hva 0x21016000
[ 4885.296620][ T6194] kvm [6194]: Failed to find VMA for hva 0x208a1000
[ 5019.546236][ T6286] KVM: debugfs: duplicate directory 6286-7
[ 5068.022497][ T6309] kvm [6309]: Failed to find VMA for hva 0x20c01000
[ 5317.808762][ T6475] kvm [6475]: Failed to find VMA for hva 0x21016000
[ 5329.306147][ T6482] kvm [6482]: Failed to find VMA for hva 0x21016000
[ 5564.155019][ T6639] ------------[ cut here ]------------
[ 5564.155752][ T6639] WARNING: CPU: 0 PID: 6639 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac
[ 5564.159687][ T6639] Modules linked in:
[ 5564.162068][ T6639] CPU: 0 UID: 0 PID: 6639 Comm: syz.1.939 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 5564.163774][ T6639] Hardware name: linux,dummy-virt (DT)
[ 5564.165066][ T6639] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 5564.166346][ T6639] pc : pend_sync_exception+0x198/0x5ac
[ 5564.167297][ T6639] lr : pend_sync_exception+0x198/0x5ac
[ 5564.168237][ T6639] sp : ffff80008e4078c0
[ 5564.168981][ T6639] x29: ffff80008e4078c0 x28: 0000000000000001 x27: 01f000001d72a028
[ 5564.170748][ T6639] x26: 0000000000000001 x25: 0000000000000000 x24: 0000000000000000
[ 5564.172112][ T6639] x23: 0000000000000000 x22: 0000000000000001 x21: 01f000001d72ac01
[ 5564.173613][ T6639] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 5564.175089][ T6639] x17: 000000000000000a x16: ffff800080011d9c x15: 0000000020000880
[ 5564.176576][ T6639] x14: ffffffffffffffff x13: 0000000000000028 x12: 0000000000000048
[ 5564.177934][ T6639] x11: 48f000001d731564 x10: 0000000000ff0100 x9 : 0000000000000000
[ 5564.179501][ T6639] x8 : 48f000001d730000 x7 : ffff800080b08704 x6 : ffff80008e407a88
[ 5564.180963][ T6639] x5 : ffff80008e407a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 5564.182290][ T6639] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 5564.183984][ T6639] Call trace:
[ 5564.184930][ T6639]  pend_sync_exception+0x198/0x5ac (P)
[ 5564.186162][ T6639]  __kvm_inject_sea+0x268/0x96c
[ 5564.187212][ T6639]  kvm_inject_sea+0x98/0x72c
[ 5564.188062][ T6639]  __kvm_arm_vcpu_set_events+0x134/0x238
[ 5564.189032][ T6639]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 5564.189956][ T6639]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 5564.190865][ T6639]  __arm64_sys_ioctl+0x18c/0x244
[ 5564.191787][ T6639]  invoke_syscall+0x90/0x2b4
[ 5564.192662][ T6639]  el0_svc_common+0x180/0x2f4
[ 5564.193595][ T6639]  do_el0_svc+0x58/0x74
[ 5564.194482][ T6639]  el0_svc+0x58/0x160
[ 5564.195359][ T6639]  el0t_64_sync_handler+0x78/0x108
[ 5564.196289][ T6639]  el0t_64_sync+0x198/0x19c
[ 5564.197444][ T6639] irq event stamp: 2888
[ 5564.198164][ T6639] hardirqs last  enabled at (2887): [<ffff80008651a00c>] exit_to_kernel_mode+0xc0/0xf0
[ 5564.199477][ T6639] hardirqs last disabled at (2888): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 5564.200729][ T6639] softirqs last  enabled at (2864): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 5564.201922][ T6639] softirqs last disabled at (2862): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 5564.203389][ T6639] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5585.394830][ T4156] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5586.256459][ T4156] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5586.793952][ T4156] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5587.473975][ T4156] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

VM DIAGNOSIS:
08:00:19  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000800b9c58 X00=ffff80008707cef9 X01=0000000000000009
X02=0000000000000001 X03=ffff80008073ed78 X04=ffff80008e407070
X05=0000000000000020 X06=0000000000000000 X07=ffff80008047fe38
X08=48f000001d730000 X09=0000000000000000 X10=0000000000ff0100
X11=000000000000000a X12=0000000000000068 X13=000000000000001d
X14=000000000000000c X15=ffff800087f39a30 X16=0000000000000000
X17=000000000000000a X18=0000000000000000 X19=ffff80008707cef9
X20=efff800000000000 X21=000000000000001d X22=ffff80008e4078c0
X23=ffff8000801b9ba4 X24=ffff80008e407878 X25=00000000000000ff
X26=0000000000000000 X27=00000000000019ef X28=00000000000000ff
X29=ffff80008e407490 X30=ffff8000800b9ecc  SP=ffff80008e407490
PSTATE=804023c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2f2f2f2f2f2f2f2f:2f2f2f2f2f2f2f2f Z01=0000ffff00343739:2f68637461772f76
Z02=c0fc0000c0000000:3000000000003000 Z03=0000000000000000:ff0000000000ff00
Z04=3303330333033303:3303330333033303 Z05=bc00c00030000030:bc00c00030000030
Z06=0000000000000073:0000aaab0fd263e0 Z07=0000000000000074:0000aaab0fd23620
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffeb7ae220:0000ffffeb7ae220 Z17=ffffff80ffffffd8:0000ffffeb7ae1f0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000