last executing test programs:

1m2.60069737s ago: executing program 1 (id=963):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x9, 0x140)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013df60, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df61, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df62, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df63, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df64, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df65, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df7f, 0x8000}}], 0xe0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0x3, 0x11, r6, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r8, 0xffffffffffffffff)
syz_kvm_assert_reg(r6, 0x603000000013df60, 0x8000)
syz_kvm_assert_reg(r6, 0x603000000013df61, 0x8000)
syz_kvm_assert_reg(r6, 0x603000000013df62, 0x8000)
syz_kvm_assert_reg(r6, 0x603000000013df63, 0x8000)
syz_kvm_assert_reg(r6, 0x603000000013df64, 0x8000)
syz_kvm_assert_reg(r6, 0x603000000013df65, 0x8000)
syz_kvm_assert_reg(r6, 0x603000000013df7f, 0x8000)
r9 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r10 = syz_kvm_vgic_v3_setup(r9, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x3cc27b60, 0x3, 0x0})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000140)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000080)=0x10003})

52.126127535s ago: executing program 1 (id=966):
r0 = mmap$KVM_VCPU(&(0x7f0000f82000/0x3000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r3 = mmap$KVM_VCPU(&(0x7f0000f82000/0x1000)=nil, r2, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
eventfd2(0x5, 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(0xffffffffffffffff, 0x4010aeb5, &(0x7f0000000000)={0x9, 0x2})
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0xc}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
close(r1)
ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead)

41.734148093s ago: executing program 1 (id=968):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb})
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000200)=@arm64_extra={0x603000000013c03d, &(0x7f0000000000)=0x7})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f00000000c0))
r5 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r6 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x1, 0x1, 0x5000, 0x2000, &(0x7f0000fa2000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r8, 0xc018aec0, &(0x7f0000000040)={0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000040)={0x3, 0xeeee0000, 0x2, r12, 0x8})
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r12, 0x1})
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x1, r12, 0x1})
r13 = openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)

41.187344196s ago: executing program 0 (id=969):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000005, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5})
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000180)=@arm64_core={0x603000000010003e, &(0x7f0000000100)=0xc74d})
ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, 0x0)

35.387119385s ago: executing program 0 (id=970):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r4, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
r6 = eventfd2(0x0, 0x0)
close(r6)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r6, &(0x7f0000000180)=0x5, 0xfffffde3)
r7 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f0000002000/0x3000)=nil, r9, 0xa, 0x11, r8, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0)
eventfd2(0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x28a43, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)

26.196909727s ago: executing program 0 (id=971):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0) (async)
r2 = syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000200)=@attr_other={0x0, 0x3, 0x612, 0x0})

18.597051166s ago: executing program 1 (id=972):
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x86040, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x48ac1, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x0, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e0c000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ee2000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ca4000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e0b000/0x1000)=nil, 0x1000)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000240)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x5, 0x3, &(0x7f0000000200)=0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x0, 0x4, 0x0})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8000, 0x7fffffffffffffff, &(0x7f00000001c0)=0x8})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f00000001c0)=ANY=[], 0x40}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000c51000/0x3000)=nil, 0x0, 0x300000d, 0x100010, 0xffffffffffffffff, 0x0)

17.414281703s ago: executing program 0 (id=973):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000080)={0x0, 0x2}) (async)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x2, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async)
r5 = openat$kvm(0x0, &(0x7f0000000100), 0x82001, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x110, r5, 0x0)
mmap$KVM_VCPU(&(0x7f0000daf000/0x3000)=nil, 0x930, 0x3000007, 0x8a031, 0xffffffffffffffff, 0x0) (async)
r6 = mmap$KVM_VCPU(&(0x7f0000f82000/0x3000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x6923c4, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
r9 = mmap$KVM_VCPU(&(0x7f0000f82000/0x1000)=nil, r8, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async, rerun: 32)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async, rerun: 32)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) (async)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000140)={0x5, 0x0, 0x5000, 0x2000, &(0x7f0000002000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0xdddd1000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x10000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (rerun: 64)

10.252672052s ago: executing program 1 (id=974):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40401, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40401, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, 0xfffffffffffffffe) (async)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, 0xfffffffffffffffe)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_vgic_v3_setup(r3, 0x2, 0x2c0)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[], 0x20}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

8.473716138s ago: executing program 0 (id=975):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x4, 0x2, 0xd000, 0x1000, &(0x7f0000001000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x2})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000340)={0x5})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000080)={0x9, 0x3, 0x2}})
close(0x4)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000080)=@arm64_sys={0x603000000013c807, &(0x7f0000000000)=0xf})

1.580886977s ago: executing program 1 (id=976):
mmap$KVM_VCPU(&(0x7f0000daf000/0x3000)=nil, 0x930, 0x2000009, 0x8a031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x80040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r4 = syz_kvm_vgic_v3_setup(r3, 0x3, 0x40)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x7, 0x0, &(0x7f0000000200)=0x105b7})
ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f00000000c0)=0x401})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x20000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x80082, 0x0)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c024}}], 0x18}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r11, 0x2, 0x3c0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r8, 0x100000a, 0x12, r9, 0x100000)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r8, 0x1, 0x11, r9, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r8, 0x3000005, 0x20010, r14, 0x0)

0s ago: executing program 0 (id=977):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0x8000}) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000080)={0xe1, 0x0, 0x2000})
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) (async)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x0, 0x32f}}, @smc={0x1e, 0x40, {0x84000008, [0xfffffffffffffe00, 0x1, 0xfffffffffffffff7, 0x8]}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x16d}}, @msr={0x14, 0x20, {0x6030000000138080, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013df59}}, @uexit={0x0, 0x18, 0xf}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x3b9}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x6, 0x8356, 0x1, 0x3}}, @msr={0x14, 0x20, {0x6030000000139f80, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x1, 0x7, 0xffff, 0x9, 0x3}}, @msr={0x14, 0x20, {0x603000000013deb3}}, @mrs={0xbe, 0x18, {0x603000000013f099}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0xd, 0x1, 0x2}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x5}}, @uexit={0x0, 0x18, 0x7fff}, @uexit={0x0, 0x18, 0x6}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x16e}}, @mrs={0xbe, 0x18, {0x603000000013802d}}, @code={0xa, 0x6c, {"004e9ed20000b8f2a10180d2820180d2830080d2a40180d2020000d40000206a000000d1000008d500088078008008d50038207e008008d50018200e60b987d20040b0f2c10180d2620080d2030080d2840180d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013df40, 0xfffffffffffffff7}}, @irq_setup={0x46, 0x18, {0x2, 0x307}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x23}}, @uexit={0x0, 0x18, 0x98ff}, @uexit={0x0, 0x18, 0xfffffffffffffff7}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x3, 0x9, 0x3, 0x5, 0x3}}, @svc={0x122, 0x40, {0x1000, [0x8, 0x1, 0x7, 0x7, 0xf0]}}, @uexit={0x0, 0x18, 0x81}, @irq_setup={0x46, 0x18, {0x0, 0x3b4}}, @mrs={0xbe, 0x18, {0x603000000013c520}}], 0x41c}, &(0x7f0000000140)=[@featur2={0x1, 0x9d}], 0x1)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000200)=@arm64={0x4, 0x0, 0x0, '\x00', 0x101}) (async, rerun: 32)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (rerun: 32)

kernel console output (not intermixed with test programs):

[  381.250129][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0
[  417.292346][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:23372' (ED25519) to the list of known hosts.
[  595.252403][   T25] audit: type=1400 audit(594.380:60): avc:  denied  { name_bind } for  pid=3282 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  596.239312][   T25] audit: type=1400 audit(595.370:61): avc:  denied  { execute } for  pid=3283 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  596.260126][   T25] audit: type=1400 audit(595.380:62): avc:  denied  { execute_no_trans } for  pid=3283 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  619.090528][   T25] audit: type=1400 audit(618.200:63): avc:  denied  { mounton } for  pid=3283 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  619.144253][   T25] audit: type=1400 audit(618.270:64): avc:  denied  { mount } for  pid=3283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  619.339215][ T3283] cgroup: Unknown subsys name 'net'
[  619.442294][   T25] audit: type=1400 audit(618.570:65): avc:  denied  { unmount } for  pid=3283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  620.144337][ T3283] cgroup: Unknown subsys name 'cpuset'
[  620.371701][ T3283] cgroup: Unknown subsys name 'rlimit'
[  622.361087][   T25] audit: type=1400 audit(621.490:66): avc:  denied  { setattr } for  pid=3283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  622.403172][   T25] audit: type=1400 audit(621.530:67): avc:  denied  { mounton } for  pid=3283 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  622.437500][   T25] audit: type=1400 audit(621.560:68): avc:  denied  { mount } for  pid=3283 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  624.208566][ T3291] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  624.231892][   T25] audit: type=1400 audit(623.350:69): avc:  denied  { relabelto } for  pid=3291 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  624.251593][   T25] audit: type=1400 audit(623.380:70): avc:  denied  { write } for  pid=3291 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  624.428527][   T25] audit: type=1400 audit(623.550:71): avc:  denied  { read } for  pid=3283 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  624.451514][   T25] audit: type=1400 audit(623.580:72): avc:  denied  { open } for  pid=3283 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  624.498750][ T3283] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  672.791572][   T25] audit: type=1400 audit(671.920:73): avc:  denied  { execmem } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  676.463941][   T25] audit: type=1400 audit(675.590:74): avc:  denied  { read } for  pid=3294 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  676.494626][   T25] audit: type=1400 audit(675.620:75): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  676.567479][   T25] audit: type=1400 audit(675.690:76): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  676.836008][   T25] audit: type=1400 audit(675.960:77): avc:  denied  { module_request } for  pid=3295 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  678.031909][   T25] audit: type=1400 audit(677.130:78): avc:  denied  { sys_module } for  pid=3294 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  706.672087][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  707.163589][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  707.318072][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  708.019076][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  720.750852][ T3294] hsr_slave_0: entered promiscuous mode
[  720.779426][ T3294] hsr_slave_1: entered promiscuous mode
[  722.070070][ T3295] hsr_slave_0: entered promiscuous mode
[  722.102199][ T3295] hsr_slave_1: entered promiscuous mode
[  722.133338][ T3295] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  722.148944][ T3295] Cannot create hsr debugfs directory
[  727.174316][   T25] audit: type=1400 audit(726.300:79): avc:  denied  { create } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  727.216316][   T25] audit: type=1400 audit(726.340:80): avc:  denied  { write } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  727.288702][   T25] audit: type=1400 audit(726.380:81): avc:  denied  { read } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  727.383799][ T3294] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  727.887682][ T3294] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  728.169933][ T3294] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  728.444207][ T3294] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  729.974240][ T3295] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  730.160662][ T3295] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  730.303126][ T3295] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  730.494551][ T3295] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  743.383462][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0
[  745.600430][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0
[  803.021708][ T3294] veth0_vlan: entered promiscuous mode
[  803.557900][ T3294] veth1_vlan: entered promiscuous mode
[  805.622351][ T3294] veth0_macvtap: entered promiscuous mode
[  805.743455][ T3295] veth0_vlan: entered promiscuous mode
[  806.023813][ T3294] veth1_macvtap: entered promiscuous mode
[  806.703792][ T3295] veth1_vlan: entered promiscuous mode
[  808.250296][ T3294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  808.267234][ T3294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  808.286497][ T3294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  808.298163][ T3294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  809.394197][ T3295] veth0_macvtap: entered promiscuous mode
[  810.018520][ T3295] veth1_macvtap: entered promiscuous mode
[  810.980281][   T25] audit: type=1400 audit(810.070:82): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  811.112646][   T25] audit: type=1400 audit(810.240:83): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.JzJzkv/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  811.312768][   T25] audit: type=1400 audit(810.440:84): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  811.846026][   T25] audit: type=1400 audit(810.970:85): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.JzJzkv/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  812.077183][   T25] audit: type=1400 audit(811.200:86): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/syzkaller.JzJzkv/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3240 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  812.370246][ T3295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  812.390951][ T3295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  812.410587][ T3295] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  812.421920][ T3295] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  812.629561][   T25] audit: type=1400 audit(811.740:87): avc:  denied  { unmount } for  pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  812.840017][   T25] audit: type=1400 audit(811.960:88): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  812.966326][   T25] audit: type=1400 audit(812.080:89): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="gadgetfs" ino=3250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  813.436515][   T25] audit: type=1400 audit(812.460:90): avc:  denied  { mount } for  pid=3294 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  813.534402][   T25] audit: type=1400 audit(812.590:91): avc:  denied  { mounton } for  pid=3294 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  814.903991][ T3294] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  815.995939][   T25] kauditd_printk_skb: 2 callbacks suppressed
[  816.007720][   T25] audit: type=1400 audit(815.110:94): avc:  denied  { open } for  pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  816.058067][   T25] audit: type=1400 audit(815.170:95): avc:  denied  { ioctl } for  pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  819.970993][   T25] audit: type=1400 audit(818.980:96): avc:  denied  { read } for  pid=3446 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  820.016926][   T25] audit: type=1400 audit(819.140:97): avc:  denied  { open } for  pid=3446 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  820.936857][   T25] audit: type=1400 audit(820.040:98): avc:  denied  { ioctl } for  pid=3446 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  821.216208][   T25] audit: type=1400 audit(820.300:99): avc:  denied  { write } for  pid=3448 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  842.548091][   T25] audit: type=1400 audit(841.650:100): avc:  denied  { execute } for  pid=3462 comm="syz.0.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3512 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  845.799517][   T25] audit: type=1400 audit(844.920:101): avc:  denied  { append } for  pid=3465 comm="syz.1.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  888.499914][ T3492] kvm [3492]: Failed to find VMA for hva 0x20c01000
[  957.810007][   T25] audit: type=1400 audit(956.930:102): avc:  denied  { map } for  pid=3539 comm="syz.1.30" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1059.198599][ T3607] kvm [3607]: Failed to find VMA for hva 0x2101a000
[ 1230.744200][ T3717] kvm [3717]: Failed to find VMA for hva 0x21016000
[ 1275.518063][ T3738] kvm [3738]: Failed to find VMA for hva 0x20c01000
[ 1424.977040][   T25] audit: type=1400 audit(1424.090:103): avc:  denied  { ioctl } for  pid=3833 comm="syz.1.120" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1526.160199][ T3897] kvm [3897]: Failed to find VMA for hva 0x21016000
[ 1711.292085][   T25] audit: type=1400 audit(1710.420:104): avc:  denied  { setattr } for  pid=4010 comm="syz.1.176" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1722.621768][ T4019] kvm [4019]: Failed to find VMA for hva 0x20c01000
[ 1722.724459][ T4020] kvm [4020]: Failed to find VMA for hva 0x20c01000
[ 1854.951621][ T4109] kvm [4109]: Failed to find VMA for hva 0x20c01000
[ 1866.748775][ T4117] kvm [4117]: Failed to find VMA for hva 0x2101a000
[ 2031.971559][ T4238] kvm [4238]: Failed to find VMA for hva 0x20c01000
[ 2032.110448][ T4238] kvm [4238]: Failed to find VMA for hva 0x20c01000
[ 2070.758812][ T4261] kvm [4261]: Failed to find VMA for hva 0x20e8a000
[ 2071.069805][ T4261] kvm [4261]: Failed to find VMA for hva 0x20e8a000
[ 2125.337090][ T4301] kvm [4301]: Failed to find VMA for hva 0x20d8d000
[ 2265.690799][ T4386] kvm [4386]: Failed to find VMA for hva 0x21016000
[ 2265.731219][ T4390] kvm [4390]: Failed to find VMA for hva 0x21016000
[ 2277.724022][ T4392] kvm [4392]: Failed to find VMA for hva 0x20c01000
[ 2342.593397][ T4432] kvm [4432]: Failed to find VMA for hva 0x21016000
[ 2345.429861][ T4435] KVM: debugfs: duplicate directory 4435-4
[ 2579.543125][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 2579.543125][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2579.573615][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2579.573615][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2579.647446][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2579.647446][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2579.694507][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2579.694507][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2579.761657][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2579.761657][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2579.833673][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2579.833673][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2579.939245][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2579.939245][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2579.972376][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2579.972376][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2580.111180][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2580.111180][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2580.167743][ T4593] kvm [4592]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 2580.167743][ T4593]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 2613.372964][ T4619] kvm [4619]: Failed to find VMA for hva 0x21016000
[ 2679.090808][   T25] audit: type=1400 audit(2678.210:105): avc:  denied  { map } for  pid=4656 comm="syz.0.372" path="pipe:[2398]" dev="pipefs" ino=2398 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 2898.090867][ T4797] kvm [4797]: Failed to find VMA for hva 0x21016000
[ 3031.582023][ T4890] kvm [4890]: Failed to find VMA for hva 0x21016000
[ 3042.390421][ T4897] kvm [4897]: Failed to find VMA for hva 0x21016000
[ 3192.464269][ T4992] kvm [4992]: Failed to find VMA for hva 0x208a1000
[ 3702.273173][ T5314] FAULT_INJECTION: forcing a failure.
[ 3702.273173][ T5314] name failslab, interval 1, probability 0, space 0, times 0
[ 3702.331099][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.1.573 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 3702.331790][ T5314] Hardware name: linux,dummy-virt (DT)
[ 3702.332297][ T5314] Call trace:
[ 3702.332727][ T5314]  show_stack+0x2c/0x3c (C)
[ 3702.336573][ T5314]  __dump_stack+0x30/0x40
[ 3702.336874][ T5314]  dump_stack_lvl+0xd8/0x12c
[ 3702.337087][ T5314]  dump_stack+0x1c/0x28
[ 3702.337315][ T5314]  should_fail_ex+0x570/0x6e0
[ 3702.337561][ T5314]  should_failslab+0xb8/0xec
[ 3702.337785][ T5314]  kmem_cache_alloc_noprof+0x80/0x3f0
[ 3702.338082][ T5314]  mas_alloc_nodes+0x33c/0x9a8
[ 3702.338334][ T5314]  mas_preallocate+0x568/0x904
[ 3702.338543][ T5314]  mmap_region+0xb50/0x1e48
[ 3702.338832][ T5314]  do_mmap+0xa50/0xf64
[ 3702.339084][ T5314]  vm_mmap_pgoff+0x274/0x3cc
[ 3702.339361][ T5314]  ksys_mmap_pgoff+0x1d0/0x448
[ 3702.339607][ T5314]  __arm64_sys_mmap+0x13c/0x198
[ 3702.339903][ T5314]  invoke_syscall+0x90/0x2b4
[ 3702.340248][ T5314]  el0_svc_common+0x180/0x2f4
[ 3702.340544][ T5314]  do_el0_svc+0x58/0x74
[ 3702.340845][ T5314]  el0_svc+0x58/0x160
[ 3702.341087][ T5314]  el0t_64_sync_handler+0x78/0x108
[ 3702.341366][ T5314]  el0t_64_sync+0x198/0x19c
[ 3816.757765][ T5369] kvm [5369]: Failed to find VMA for hva 0x20d8d000
[ 3816.777291][ T5367] kvm [5367]: Failed to find VMA for hva 0x20a00000
[ 3929.051409][ T5446] kvm [5446]: Failed to find VMA for hva 0x20bfe000
[ 4015.418589][ T5494] kvm [5494]: Failed to find VMA for hva 0x20c01000
[ 4298.174427][ T5682] kvm [5682]: Failed to find VMA for hva 0x21016000
[ 4419.408498][ T5770] kvm [5770]: Failed to find VMA for hva 0x20d8d000
[ 4456.358332][ T5791] kvm [5791]: Failed to find VMA for hva 0x20d8d000
[ 4887.443241][ T6067] print_sys_reg_msg: 84 callbacks suppressed
[ 4887.486931][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 4887.486931][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4887.550821][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4887.550821][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4887.609791][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4887.609791][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4887.633109][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4887.633109][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4887.668378][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4887.668378][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4887.762854][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4887.762854][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4887.792100][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4887.792100][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4887.844333][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4887.844333][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4887.898849][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4887.898849][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4887.953520][ T6067] kvm [6065]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 4887.953520][ T6067]  { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read },
[ 4939.729661][ T6105] kvm [6105]: Failed to find VMA for hva 0x20d8d000
[ 5011.828110][ T6159] kvm [6159]: Failed to find VMA for hva 0x20d8d000
[ 5067.604315][ T6199] kvm [6199]: Failed to find VMA for hva 0x20d8d000
[ 5085.934312][ T6217] kvm [6217]: Failed to find VMA for hva 0x20e8a000
[ 5185.288219][ T6278] KVM: debugfs: duplicate directory 6278-5
[ 5444.052556][ T6450] KVM: debugfs: duplicate directory 6450-5
[ 5494.082246][ T6487] kvm [6487]: Failed to find VMA for hva 0x21016000
[ 5567.325783][ T6543] print_sys_reg_msg: 203 callbacks suppressed
[ 5567.340244][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001d3]
[ 5567.340244][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5567.380482][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 5567.380482][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5567.413119][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 5567.413119][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5567.437668][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 5567.437668][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5567.481298][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 5567.481298][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5567.502525][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 5567.502525][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5567.540726][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 5567.540726][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5567.592489][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 5567.592489][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5567.618258][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 5567.618258][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5567.641184][ T6543] kvm [6541]: Unsupported guest CP15 access at: 00000100 [000001db]
[ 5567.641184][ T6543]  { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read },
[ 5730.251983][ T6657] ------------[ cut here ]------------
[ 5730.252848][ T6657] WARNING: CPU: 0 PID: 6657 at arch/arm64/kvm/inject_fault.c:71 pend_serror_exception+0x19c/0x5ac
[ 5730.255576][ T6657] Modules linked in:
[ 5730.257806][ T6657] CPU: 0 UID: 0 PID: 6657 Comm: syz.0.977 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 5730.259406][ T6657] Hardware name: linux,dummy-virt (DT)
[ 5730.260685][ T6657] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 5730.262183][ T6657] pc : pend_serror_exception+0x19c/0x5ac
[ 5730.263317][ T6657] lr : pend_serror_exception+0x19c/0x5ac
[ 5730.264343][ T6657] sp : ffff80008ea27930
[ 5730.265289][ T6657] x29: ffff80008ea27930 x28: 7af000001d578028 x27: 0000000000000001
[ 5730.267396][ T6657] x26: 0000000000000000 x25: 0000000000000001 x24: 000000000000007a
[ 5730.269267][ T6657] x23: 7af000001d5782a8 x22: 000000000000007a x21: 7af000001d578e81
[ 5730.270960][ T6657] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 5730.272783][ T6657] x17: 0000000000000073 x16: ffff800080011d9c x15: 0000000020000200
[ 5730.274517][ T6657] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000cc
[ 5730.276327][ T6657] x11: ccf000001d576de4 x10: 0000000000ff0100 x9 : 0000000000000000
[ 5730.278252][ T6657] x8 : ccf000001d575880 x7 : ffff800080b08704 x6 : ffff80008ea27a88
[ 5730.279926][ T6657] x5 : ffff80008ea27a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 5730.281751][ T6657] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 5730.283654][ T6657] Call trace:
[ 5730.284602][ T6657]  pend_serror_exception+0x19c/0x5ac (P)
[ 5730.285720][ T6657]  kvm_inject_serror_esr+0x274/0xe40
[ 5730.286825][ T6657]  __kvm_arm_vcpu_set_events+0x1d4/0x238
[ 5730.287987][ T6657]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 5730.289100][ T6657]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 5730.290219][ T6657]  __arm64_sys_ioctl+0x18c/0x244
[ 5730.291308][ T6657]  invoke_syscall+0x90/0x2b4
[ 5730.292432][ T6657]  el0_svc_common+0x180/0x2f4
[ 5730.293440][ T6657]  do_el0_svc+0x58/0x74
[ 5730.294494][ T6657]  el0_svc+0x58/0x160
[ 5730.295491][ T6657]  el0t_64_sync_handler+0x78/0x108
[ 5730.296536][ T6657]  el0t_64_sync+0x198/0x19c
[ 5730.297694][ T6657] irq event stamp: 2746
[ 5730.298598][ T6657] hardirqs last  enabled at (2745): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 5730.300259][ T6657] hardirqs last disabled at (2746): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 5730.301663][ T6657] softirqs last  enabled at (2712): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 5730.303058][ T6657] softirqs last disabled at (2710): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 5730.304718][ T6657] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 5730.920268][ T6657] ------------[ cut here ]------------
[ 5730.920822][ T6657] WARNING: CPU: 0 PID: 6657 at arch/arm64/kvm/inject_fault.c:71 pend_serror_exception+0x19c/0x5ac
[ 5730.923311][ T6657] Modules linked in:
[ 5730.925034][ T6657] CPU: 0 UID: 0 PID: 6657 Comm: syz.0.977 Tainted: G        W           6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 5730.926971][ T6657] Tainted: [W]=WARN
[ 5730.927909][ T6657] Hardware name: linux,dummy-virt (DT)
[ 5730.929005][ T6657] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 5730.930324][ T6657] pc : pend_serror_exception+0x19c/0x5ac
[ 5730.931418][ T6657] lr : pend_serror_exception+0x19c/0x5ac
[ 5730.932522][ T6657] sp : ffff80008ea27930
[ 5730.933417][ T6657] x29: ffff80008ea27930 x28: 7af000001d578028 x27: 0000000000000001
[ 5730.935235][ T6657] x26: 0000000000000000 x25: 0000000000000001 x24: 000000000000007a
[ 5730.937005][ T6657] x23: 7af000001d5782a8 x22: 000000000000007a x21: 7af000001d578e81
[ 5730.938798][ T6657] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 5730.940544][ T6657] x17: 0000000000000073 x16: ffff800080011d9c x15: 0000000020000200
[ 5730.942394][ T6657] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000cc
[ 5730.944226][ T6657] x11: ccf000001d576de4 x10: 0000000000ff0100 x9 : 0000000000000000
[ 5730.945981][ T6657] x8 : ccf000001d575880 x7 : ffff800080b08704 x6 : ffff80008ea27a88
[ 5730.947669][ T6657] x5 : ffff80008ea27a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 5730.949456][ T6657] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 5730.951211][ T6657] Call trace:
[ 5730.951984][ T6657]  pend_serror_exception+0x19c/0x5ac (P)
[ 5730.953067][ T6657]  kvm_inject_serror_esr+0x274/0xe40
[ 5730.954223][ T6657]  __kvm_arm_vcpu_set_events+0x1d4/0x238
[ 5730.955362][ T6657]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 5730.956484][ T6657]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 5730.957521][ T6657]  __arm64_sys_ioctl+0x18c/0x244
[ 5730.958661][ T6657]  invoke_syscall+0x90/0x2b4
[ 5730.959773][ T6657]  el0_svc_common+0x180/0x2f4
[ 5730.960947][ T6657]  do_el0_svc+0x58/0x74
[ 5730.962028][ T6657]  el0_svc+0x58/0x160
[ 5730.963029][ T6657]  el0t_64_sync_handler+0x78/0x108
[ 5730.964213][ T6657]  el0t_64_sync+0x198/0x19c
[ 5730.965263][ T6657] irq event stamp: 2810
[ 5730.966084][ T6657] hardirqs last  enabled at (2809): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 5730.967666][ T6657] hardirqs last disabled at (2810): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 5730.969052][ T6657] softirqs last  enabled at (2786): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 5730.970514][ T6657] softirqs last disabled at (2784): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 5730.971879][ T6657] ---[ end trace 0000000000000000 ]---
[ 5731.708710][ T6657] ------------[ cut here ]------------
[ 5731.709267][ T6657] WARNING: CPU: 0 PID: 6657 at arch/arm64/kvm/inject_fault.c:71 pend_serror_exception+0x19c/0x5ac
[ 5731.711821][ T6657] Modules linked in:
[ 5731.713046][ T6657] CPU: 0 UID: 0 PID: 6657 Comm: syz.0.977 Tainted: G        W           6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 5731.714798][ T6657] Tainted: [W]=WARN
[ 5731.715648][ T6657] Hardware name: linux,dummy-virt (DT)
[ 5731.716667][ T6657] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 5731.717923][ T6657] pc : pend_serror_exception+0x19c/0x5ac
[ 5731.719023][ T6657] lr : pend_serror_exception+0x19c/0x5ac
[ 5731.720157][ T6657] sp : ffff80008ea27930
[ 5731.721027][ T6657] x29: ffff80008ea27930 x28: 7af000001d578028 x27: 0000000000000001
[ 5731.722788][ T6657] x26: 0000000000000000 x25: 0000000000000001 x24: 000000000000007a
[ 5731.724625][ T6657] x23: 7af000001d5782a8 x22: 000000000000007a x21: 7af000001d578e81
[ 5731.726357][ T6657] x20: 0000000000000007 x19: efff800000000000 x18: 00000000000000ff
[ 5731.728174][ T6657] x17: 0000000000000073 x16: ffff800080011d9c x15: 0000000020000200
[ 5731.729846][ T6657] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000cc
[ 5731.731720][ T6657] x11: ccf000001d576de4 x10: 0000000000ff0100 x9 : 0000000000000000
[ 5731.733584][ T6657] x8 : ccf000001d575880 x7 : ffff800080b08704 x6 : ffff80008ea27a88
[ 5731.735369][ T6657] x5 : ffff80008ea27a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 5731.737213][ T6657] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 5731.738879][ T6657] Call trace:
[ 5731.739658][ T6657]  pend_serror_exception+0x19c/0x5ac (P)
[ 5731.740843][ T6657]  kvm_inject_serror_esr+0x274/0xe40
[ 5731.741973][ T6657]  __kvm_arm_vcpu_set_events+0x1d4/0x238
[ 5731.743155][ T6657]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 5731.744309][ T6657]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 5731.745353][ T6657]  __arm64_sys_ioctl+0x18c/0x244
[ 5731.746439][ T6657]  invoke_syscall+0x90/0x2b4
[ 5731.747557][ T6657]  el0_svc_common+0x180/0x2f4
[ 5731.748665][ T6657]  do_el0_svc+0x58/0x74
[ 5731.749630][ T6657]  el0_svc+0x58/0x160
[ 5731.750648][ T6657]  el0t_64_sync_handler+0x78/0x108
[ 5731.751768][ T6657]  el0t_64_sync+0x198/0x19c
[ 5731.752847][ T6657] irq event stamp: 2912
[ 5731.753736][ T6657] hardirqs last  enabled at (2911): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 5731.755289][ T6657] hardirqs last disabled at (2912): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 5731.756671][ T6657] softirqs last  enabled at (2890): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 5731.758051][ T6657] softirqs last disabled at (2888): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 5731.759558][ T6657] ---[ end trace 0000000000000000 ]---
[ 5732.317295][ T6657] ------------[ cut here ]------------
[ 5732.317828][ T6657] WARNING: CPU: 0 PID: 6657 at arch/arm64/kvm/inject_fault.c:71 pend_serror_exception+0x19c/0x5ac
[ 5732.320306][ T6657] Modules linked in:
[ 5732.321468][ T6657] CPU: 0 UID: 0 PID: 6657 Comm: syz.0.977 Tainted: G        W           6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT 
[ 5732.323246][ T6657] Tainted: [W]=WARN
[ 5732.324109][ T6657] Hardware name: linux,dummy-virt (DT)
[ 5732.325097][ T6657] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 5732.326382][ T6657] pc : pend_serror_exception+0x19c/0x5ac
[ 5732.327491][ T6657] lr : pend_serror_exception+0x19c/0x5ac
[ 5732.328584][ T6657] sp : ffff80008ea27930
[ 5732.329455][ T6657] x29: ffff80008ea27930 x28: 7af000001d578028 x27: 0000000000000001
[ 5732.331276][ T6657] x26: 0000000000000000 x25: 0000000000000001 x24: 000000000000007a
[ 5732.333068][ T6657] x23: 7af000001d5782a8 x22: 000000000000007a x21: 7af000001d578e81
[ 5732.334939][ T6657] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000
[ 5732.336763][ T6657] x17: 0000000000000073 x16: ffff800080011d9c x15: 0000000020000200
[ 5732.338528][ T6657] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000cc
[ 5732.340399][ T6657] x11: ccf000001d576de4 x10: 0000000000ff0100 x9 : 0000000000000000
[ 5732.342168][ T6657] x8 : ccf000001d575880 x7 : ffff800080b08704 x6 : ffff80008ea27a88
[ 5732.343882][ T6657] x5 : ffff80008ea27a88 x4 : 0000000000000001 x3 : ffff8000801a2e80
[ 5732.345713][ T6657] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000
[ 5732.347516][ T6657] Call trace:
[ 5732.348325][ T6657]  pend_serror_exception+0x19c/0x5ac (P)
[ 5732.349482][ T6657]  kvm_inject_serror_esr+0x274/0xe40
[ 5732.350563][ T6657]  __kvm_arm_vcpu_set_events+0x1d4/0x238
[ 5732.351690][ T6657]  kvm_arch_vcpu_ioctl+0xed8/0x16b0
[ 5732.352843][ T6657]  kvm_vcpu_ioctl+0x5c4/0xc2c
[ 5732.353934][ T6657]  __arm64_sys_ioctl+0x18c/0x244
[ 5732.355019][ T6657]  invoke_syscall+0x90/0x2b4
[ 5732.356167][ T6657]  el0_svc_common+0x180/0x2f4
[ 5732.357295][ T6657]  do_el0_svc+0x58/0x74
[ 5732.358359][ T6657]  el0_svc+0x58/0x160
[ 5732.359407][ T6657]  el0t_64_sync_handler+0x78/0x108
[ 5732.360519][ T6657]  el0t_64_sync+0x198/0x19c
[ 5732.361537][ T6657] irq event stamp: 2980
[ 5732.362412][ T6657] hardirqs last  enabled at (2979): [<ffff80008653cb88>] _raw_read_unlock_irqrestore+0x44/0xbc
[ 5732.364024][ T6657] hardirqs last disabled at (2980): [<ffff800086517e08>] el1_dbg+0x24/0x80
[ 5732.365416][ T6657] softirqs last  enabled at (2962): [<ffff8000800c988c>] local_bh_enable+0x10/0x34
[ 5732.366762][ T6657] softirqs last disabled at (2960): [<ffff8000800c9858>] local_bh_disable+0x10/0x34
[ 5732.368281][ T6657] ---[ end trace 0000000000000000 ]---
[ 5745.843031][ T6146] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5746.732769][ T6146] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5747.390839][ T6146] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5747.808267][ T6146] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 5759.679837][ T6146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 5759.968986][ T6146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 5760.158867][ T6146] bond0 (unregistering): Released all slaves

VM DIAGNOSIS:
04:06:47  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000804516b8 X00=0000000000000000 X01=ffff8000872b1fa2
X02=0000000000000008 X03=0000000000000002 X04=0000000000000000
X05=0000000000000001 X06=0000000000000000 X07=ffff800080488668
X08=00000000000003c0 X09=0000000000000000 X10=00000000000000cc
X11=ffff800087f39a30 X12=fff000001d575888 X13=0000000000000003
X14=0000000000000000 X15=ffff800087f39a30 X16=ffff800080011d9c
X17=0000000000000073 X18=0000000000000000 X19=0000000000000000
X20=0000000000000000 X21=ffff800080488668 X22=ffff800087706128
X23=0000000000000002 X24=0000000000000000 X25=0000000000000001
X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000
X29=ffff80008ea27180 X30=ffff800080451698  SP=ffff80008ea27130
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:0000000000000006 Z01=0000000000274000:0000000000000000
Z02=0000ffffd09b33d0:ffffff80ffffffd8 Z03=0000ffffd09b3480:0000ffffd09b3480
Z04=0000ffffd09b3480:0000ffffad336d08 Z05=0000ffffd09b3450:0000ffffd09b3480
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffd09b36a0:0000ffffd09b36a0 Z17=ffffff80ffffffd0:0000ffffd09b3670
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000