last executing test programs:

1m23.643078417s ago: executing program 0 (id=826):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000000c0)={0x3f97664a, 0x3})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_kvm_vgic_v3_setup(r2, 0x4, 0x160)
openat$kvm(0x0, &(0x7f0000000080), 0x711000, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000200)=@arm64_core={0x6030000000100020, &(0x7f0000000240)=0xfffffffffffffa67})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000f17000/0x4000)=nil, 0x930, 0x100000a, 0xd4b0c6feafd89bb9, 0xffffffffffffffff, 0x200000000000000)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x19)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)

1m11.062134085s ago: executing program 1 (id=827):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000180)=0xffffffffffffffff})

1m8.909999387s ago: executing program 0 (id=828):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0), 0x140, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000000)={0x10000, 0x0, &(0x7f0000ffd000/0x2000)=nil})
r5 = syz_kvm_add_vcpu(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000700)=[@memwrite={0x6, 0x30, @vgic_gicr={0x80c0000, 0x414, 0x8, 0x1}}, @irq_setup={0x5, 0x18, {0x0, 0x1e}}, @msr={0x2, 0x20, {0x603000000013df4b}}, @code={0x1, 0x84, {"0030005f008008d5005c88d200c0b8f2810180d2c20080d2630180d2240080d2020000d4000028d5e0e68dd20060b0f2410180d2c20080d2830180d2a40080d2020000d40060000e007008d5e08d9bd200c0b0f2810080d2e20080d2030080d2c40080d2020000d4e003002a000480da"}}, @uexit={0x0, 0x18, 0x5}, @hvc={0x4, 0x40, {0x0, [0x2, 0xffffffffffff5cec, 0x3b, 0x7]}}, @msr={0x2, 0x20, {0x603000000013df01, 0x7fffffffffffffff}}, @code={0x1, 0x3c, {"0000719e00209f0c000080ad0068284e000028d50000004b007008d50040200e007008d5000008d5"}}, @hvc={0x4, 0x40, {0x40000000, [0x0, 0x5, 0x9, 0x8, 0x8]}}, @irq_setup={0x5, 0x18, {0xffff0000, 0x391}}, @code={0x1, 0x6c, {"008008d50080202e007008d5000080ad009c007f007008d5a0659cd20040b8f2e10080d2620180d2e30080d2e40180d2020000d4007008d520f191d20020b0f2610080d2a20180d2c30180d2240180d2020000d4007008d5"}}, @hvc={0x4, 0x40, {0x1, [0x40, 0x6, 0x8, 0x9aa, 0x3ff]}}, @irq_setup={0x5, 0x18, {0x0, 0x3cf}}, @smc={0x3, 0x40, {0x40000000, [0xb5, 0x3, 0x117da73f, 0x7ff, 0xb9]}}, @code={0x1, 0x6c, {"00f4200e000008d50040241e007008d5007008d50084e00d008008d50078205e807d9fd20040b8f2e10180d2c20180d2230080d2a40080d2020000d4c0789cd20000b8f2e10180d2620080d2a30180d2240080d2020000d4"}}, @irq_setup={0x5, 0x18, {0x2, 0x3ba}}, @irq_setup={0x5, 0x18, {0x4, 0xd3}}, @memwrite={0x6, 0x30, @generic={0x4, 0x781, 0x5, 0x1}}, @irq_setup={0x5, 0x18, {0x2, 0x1c4}}, @irq_setup={0x5, 0x18, {0x0, 0xff}}], 0x3f8}, &(0x7f0000000540)=[@featur2={0x1, 0x18}], 0x1)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000240)={0x2, 0x0, [{0x4, 0x2, 0x1, 0x0, @irqchip={0x9, 0x4}}, {0x4, 0x5, 0x0, 0x0, @sint={0x0, 0x8001}}]})
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x8040ae9f, &(0x7f0000000580)=@arm64)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x3, 0x1})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c01b, 0x0})
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r8, 0x4068aea3, &(0x7f0000000fc0)={0xbc, 0x700})

59.20985365s ago: executing program 1 (id=829):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x603000000013c029, &(0x7f00000002c0)=0x101})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xcd)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000002c0)={0x8})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x7fffffd) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x7fffffd)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r7, 0x1000000, 0xfd643ea91120c1bd, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r8, 0xc018aec0, 0x0)

46.862602219s ago: executing program 0 (id=830):
munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000)
eventfd2(0x6, 0x80801)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r3, 0x100000c, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_TRANSLATE(r5, 0xc018ae85, &(0x7f0000000080)={0x0, 0xf000, 0x3, 0x0, 0x8})
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f00000000c0)={0x200000000000100c, 0xf000, 0x3, 0xffffffffffffffff, 0x2})
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r12, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYRES16=r1])
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r12, 0x4068aea3, &(0x7f0000000100)={0xa4, 0x0, 0x1})
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x12, r8, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r3, 0x3, 0x1010, r8, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r13, 0x2, 0x8010, 0xffffffffffffffff, 0x1000000)

41.252015095s ago: executing program 1 (id=831):
openat$kvm(0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x200000, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x0, 0x0, 0x80010, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x80)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000040)={0x1})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100018, &(0x7f0000000180)=0x9})
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000001, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

32.322428134s ago: executing program 0 (id=832):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c17000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x20)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff99)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x2710, 0x3, 0x0, 0x2000, &(0x7f0000eb3000/0x2000)=nil})
syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e90000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0200000000000000200000000000000008f213000000306001000000000000000200000000000000200000000000000021da1300000030600900000000000000000000000000000018000000000000000a0000000900000000000000000000001800000000000000010000800000000004000000000000004000000000000000000000030000000002000000000000000000000000000080154d0000000000000400000000000000c063074100000000030000000000000040000500000000000000000000000000f403fdd10200000000000000c7b900000000000002000000000000000600000000000000167effffffffffff03000000000000004000000000"], 0x130}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x28)

25.106751267s ago: executing program 1 (id=833):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000180)=0xffffffffffffffff})

20.860279947s ago: executing program 0 (id=834):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x6, 0x40a8012, 0xffffffffffffffff, 0x2000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = eventfd2(0x0, 0x0)
close(r3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
mmap$KVM_VCPU(&(0x7f0000004000/0x4000)=nil, r4, 0x680000a, 0x11, r3, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r1, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0400008e000000004000000000000000050000840000000004000000000000000000000000000000db000000000000007f00000000000000000000000000001006000000000000003000000000000000000000080000000000180000000000000400000000000000060000000000000003000000000000004000000000000000200000c50000000001f8ffffffffffff07000000000000008709000000000000ffffffffffffffff0200000000000000"], 0xb0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

13.548969369s ago: executing program 1 (id=835):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000180), 0x450042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x930, 0x8, 0x8032, 0xffffffffffffffff, 0x0)
r2 = eventfd2(0x80000000, 0x80000)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0xd000, 0x0, 0x8, r2})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x5000, 0x4, 0x2, r2, 0x2})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x4aa283, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, 0x0, 0x2, 0x13, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x642000, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(0xffffffffffffffff, 0x4068aea3, 0x0)
close(0x4)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_syzos_vm(r7)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0)
munmap(&(0x7f0000c8f000/0x4000)=nil, 0x4000)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xb1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r4, 0x8008ae9d, &(0x7f00000001c0)=""/4086)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(0x4)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)

3.523128621s ago: executing program 0 (id=836):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
munmap(&(0x7f0000738000/0x3000)=nil, 0x3000)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000340)={0x5, 0x8}) (async, rerun: 32)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async, rerun: 32)
r5 = mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r1, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="e51b9ce9a032a1ca7079bce9b3cf3ba9c7fbc2e7ab457eacc044b677d9d49c274b8d12fb382e0520cadbc6763409ffdb41911831b85a42b40c1689a8bf14be81eda4bae2d8c28ef8", 0x0, 0x48)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
r8 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r7, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)

0s ago: executing program 1 (id=837):
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000c8f000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000d47000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000)
munmap(&(0x7f00006e2000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0xf, 0x4010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)

kernel console output (not intermixed with test programs):

[  536.756817][ T3116] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:22489' (ED25519) to the list of known hosts.
[  769.821124][   T24] audit: type=1400 audit(768.710:72): avc:  denied  { name_bind } for  pid=3271 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  771.709534][   T24] audit: type=1400 audit(770.600:73): avc:  denied  { execute } for  pid=3273 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  771.753789][   T24] audit: type=1400 audit(770.630:74): avc:  denied  { execute_no_trans } for  pid=3273 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  804.466792][   T24] audit: type=1400 audit(803.350:75): avc:  denied  { mounton } for  pid=3273 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  804.533613][   T24] audit: type=1400 audit(803.410:76): avc:  denied  { mount } for  pid=3273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  804.655610][ T3273] cgroup: Unknown subsys name 'net'
[  804.720337][   T24] audit: type=1400 audit(803.610:77): avc:  denied  { unmount } for  pid=3273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  805.361711][ T3273] cgroup: Unknown subsys name 'cpuset'
[  805.508860][ T3273] cgroup: Unknown subsys name 'rlimit'
[  806.516427][   T24] audit: type=1400 audit(805.390:78): avc:  denied  { setattr } for  pid=3273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  806.545988][   T24] audit: type=1400 audit(805.400:79): avc:  denied  { mounton } for  pid=3273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  806.577094][   T24] audit: type=1400 audit(805.450:80): avc:  denied  { mount } for  pid=3273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  808.111574][ T3277] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  808.162742][   T24] audit: type=1400 audit(807.030:81): avc:  denied  { relabelto } for  pid=3277 comm="mkswap" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  808.186671][   T24] audit: type=1400 audit(807.070:82): avc:  denied  { write } for  pid=3277 comm="mkswap" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  808.451385][   T24] audit: type=1400 audit(807.330:83): avc:  denied  { read } for  pid=3273 comm="syz-executor" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  808.479560][   T24] audit: type=1400 audit(807.350:84): avc:  denied  { open } for  pid=3273 comm="syz-executor" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  808.531862][ T3273] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  868.101859][   T24] audit: type=1400 audit(866.990:85): avc:  denied  { execmem } for  pid=3278 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  873.060812][   T24] audit: type=1400 audit(871.930:86): avc:  denied  { read } for  pid=3280 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  873.103446][   T24] audit: type=1400 audit(871.990:87): avc:  denied  { open } for  pid=3280 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  873.227473][   T24] audit: type=1400 audit(872.100:88): avc:  denied  { mounton } for  pid=3280 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  873.580972][   T24] audit: type=1400 audit(872.470:89): avc:  denied  { module_request } for  pid=3280 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  875.012202][   T24] audit: type=1400 audit(873.900:90): avc:  denied  { sys_module } for  pid=3281 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  912.191500][ T3281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  912.488106][ T3281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  913.183494][ T3280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  913.537655][ T3280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  928.753337][ T3281] hsr_slave_0: entered promiscuous mode
[  928.812601][ T3281] hsr_slave_1: entered promiscuous mode
[  929.899677][ T3280] hsr_slave_0: entered promiscuous mode
[  929.980391][ T3280] hsr_slave_1: entered promiscuous mode
[  930.048929][ T3280] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  930.053757][ T3280] Cannot create hsr debugfs directory
[  937.060335][   T24] audit: type=1400 audit(935.950:91): avc:  denied  { create } for  pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  937.149881][   T24] audit: type=1400 audit(936.030:92): avc:  denied  { write } for  pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  937.249517][   T24] audit: type=1400 audit(936.080:93): avc:  denied  { read } for  pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  937.460253][ T3281] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  938.112905][ T3281] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  938.411837][ T3281] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  938.650859][ T3281] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  941.360645][ T3280] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  941.767622][ T3280] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  942.067417][ T3280] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  942.318236][ T3280] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  966.161039][ T3281] 8021q: adding VLAN 0 to HW filter on device bond0
[  971.340957][ T3280] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1058.690745][ T3281] veth0_vlan: entered promiscuous mode
[ 1059.501456][ T3281] veth1_vlan: entered promiscuous mode
[ 1062.281648][ T3281] veth0_macvtap: entered promiscuous mode
[ 1062.880714][ T3281] veth1_macvtap: entered promiscuous mode
[ 1063.703681][ T3280] veth0_vlan: entered promiscuous mode
[ 1065.099517][ T3280] veth1_vlan: entered promiscuous mode
[ 1066.939897][ T3281] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1066.996504][ T3281] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1066.998979][ T3281] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1067.001152][ T3281] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1070.946621][ T3280] veth0_macvtap: entered promiscuous mode
[ 1072.137933][   T24] audit: type=1400 audit(1070.940:94): avc:  denied  { mount } for  pid=3281 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1072.217273][ T3280] veth1_macvtap: entered promiscuous mode
[ 1072.459674][   T24] audit: type=1400 audit(1071.330:95): avc:  denied  { mounton } for  pid=3281 comm="syz-executor" path="/syzkaller.IybWBk/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1072.926820][   T24] audit: type=1400 audit(1071.800:96): avc:  denied  { mount } for  pid=3281 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1073.727077][   T24] audit: type=1400 audit(1072.600:97): avc:  denied  { mounton } for  pid=3281 comm="syz-executor" path="/syzkaller.IybWBk/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1074.117541][   T24] audit: type=1400 audit(1072.910:98): avc:  denied  { mounton } for  pid=3281 comm="syz-executor" path="/syzkaller.IybWBk/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3611 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 1075.020138][   T24] audit: type=1400 audit(1073.830:99): avc:  denied  { unmount } for  pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1075.366283][   T24] audit: type=1400 audit(1074.120:100): avc:  denied  { mounton } for  pid=3281 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=1512 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 1076.038034][   T24] audit: type=1400 audit(1074.840:101): avc:  denied  { mount } for  pid=3281 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1076.237681][   T24] audit: type=1400 audit(1075.110:102): avc:  denied  { mounton } for  pid=3281 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 1076.569963][   T24] audit: type=1400 audit(1075.220:103): avc:  denied  { mount } for  pid=3281 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1076.672544][ T3280] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1076.756409][ T3280] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1076.758839][ T3280] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1076.761024][ T3280] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1079.750058][ T3281] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 1082.186378][   T24] audit: type=1400 audit(1081.030:104): avc:  denied  { mount } for  pid=3280 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1082.476948][   T24] audit: type=1400 audit(1081.350:105): avc:  denied  { read write } for  pid=3281 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1082.536700][   T24] audit: type=1400 audit(1081.390:106): avc:  denied  { open } for  pid=3281 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1082.663909][   T24] audit: type=1400 audit(1081.480:107): avc:  denied  { ioctl } for  pid=3281 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1089.018792][   T24] audit: type=1400 audit(1087.870:108): avc:  denied  { read } for  pid=3425 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1089.166974][   T24] audit: type=1400 audit(1088.030:109): avc:  denied  { open } for  pid=3425 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1090.616449][   T24] audit: type=1400 audit(1089.490:110): avc:  denied  { ioctl } for  pid=3425 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1111.332550][   T24] audit: type=1400 audit(1110.160:111): avc:  denied  { write } for  pid=3436 comm="syz.1.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1112.292367][   T24] audit: type=1400 audit(1111.180:112): avc:  denied  { execute } for  pid=3436 comm="syz.1.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3791 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1119.400913][   T24] audit: type=1400 audit(1118.290:113): avc:  denied  { append } for  pid=3438 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1714.872174][ T3725] kvm [3725]: Failed to find VMA for hva 0x20fcc000
[ 1823.102696][   T24] audit: type=1400 audit(1821.990:114): avc:  denied  { setattr } for  pid=3771 comm="syz.1.92" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2221.329578][ T3975] kvm [3975]: Failed to find VMA for hva 0x20fcc000
[ 2455.722531][ T4075] kvm [4075]: Failed to find VMA for hva 0x20fcc000
[ 2659.880211][ T4170] kvm [4170]: Failed to find VMA for hva 0x20c22000
[ 2885.972244][   T24] audit: type=1400 audit(2884.860:115): avc:  denied  { map } for  pid=4278 comm="syz.0.229" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 3693.393346][   T24] audit: type=1400 audit(3692.280:116): avc:  denied  { ioctl } for  pid=4693 comm="syz.0.336" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x54cf scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 3878.759984][ T4787] kvm [4787]: Failed to find VMA for hva 0x20ff4000
[ 4937.493528][ T5314] KVM: debugfs: duplicate directory 5314-4
[ 5403.221261][ T5551] kvm [5551]: Failed to find VMA for hva 0x20fcc000
[ 5614.289289][ T5655] KVM: debugfs: duplicate directory 5655-4
[ 6149.537506][   T24] audit: type=1400 audit(6148.410:117): avc:  denied  { execute } for  pid=5925 comm="syz.1.660" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 6718.603343][ T6227] kvm [6227]: Failed to find VMA for hva 0x20e9c000
[ 7307.791375][ T6525] FAULT_INJECTION: forcing a failure.
[ 7307.791375][ T6525] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 7307.818300][ T6525] CPU: 0 UID: 0 PID: 6525 Comm: syz.0.816 Not tainted 6.12.0-rc3-syzkaller-g2e5ea59d8ff4 #0
[ 7307.820802][ T6525] Hardware name: linux,dummy-virt (DT)
[ 7307.822488][ T6525] Call trace:
[ 7307.823661][ T6525]  dump_backtrace+0x1b8/0x1e4
[ 7307.826322][ T6525]  show_stack+0x2c/0x3c
[ 7307.827836][ T6525]  dump_stack_lvl+0xe4/0x150
[ 7307.829243][ T6525]  dump_stack+0x1c/0x28
[ 7307.830472][ T6525]  should_fail_ex+0x318/0x338
[ 7307.832017][ T6525]  should_fail_alloc_page+0x10c/0x124
[ 7307.833531][ T6525]  prepare_alloc_pages+0x164/0x2e8
[ 7307.835013][ T6525]  __alloc_pages_noprof+0xcc/0x388
[ 7307.836509][ T6525]  alloc_pages_mpol_noprof+0x268/0x3f0
[ 7307.837972][ T6525]  alloc_pages_noprof+0x124/0x144
[ 7307.839415][ T6525]  get_free_pages_noprof+0x14/0x78
[ 7307.840872][ T6525]  __kvm_mmu_topup_memory_cache+0x188/0x358
[ 7307.842531][ T6525]  kvm_mmu_topup_memory_cache+0x2c/0x3c
[ 7307.844133][ T6525]  kvm_handle_guest_abort+0xbe0/0x1c64
[ 7307.845560][ T6525]  handle_exit+0x1a0/0x274
[ 7307.847088][ T6525]  kvm_arch_vcpu_ioctl_run+0xb58/0x1560
[ 7307.848560][ T6525]  kvm_vcpu_ioctl+0x6b0/0xf74
[ 7307.850039][ T6525]  __arm64_sys_ioctl+0x108/0x184
[ 7307.851510][ T6525]  invoke_syscall+0x78/0x1b8
[ 7307.853046][ T6525]  el0_svc_common+0xe8/0x1b0
[ 7307.854581][ T6525]  do_el0_svc+0x40/0x50
[ 7307.856071][ T6525]  el0_svc+0x54/0x14c
[ 7307.857402][ T6525]  el0t_64_sync_handler+0x84/0xfc
[ 7307.858841][ T6525]  el0t_64_sync+0x190/0x194
[ 7459.752305][ T6599] ------------[ cut here ]------------
[ 7459.756027][ T6599] WARNING: CPU: 0 PID: 6599 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 7459.758512][ T6599] Modules linked in:
[ 7459.760465][ T6599] CPU: 0 UID: 0 PID: 6599 Comm: syz.0.836 Not tainted 6.12.0-rc3-syzkaller-g2e5ea59d8ff4 #0
[ 7459.762497][ T6599] Hardware name: linux,dummy-virt (DT)
[ 7459.764184][ T6599] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 7459.766060][ T6599] pc : kvm_timer_update_irq+0x21c/0x394
[ 7459.767727][ T6599] lr : kvm_timer_update_irq+0x21c/0x394
[ 7459.769390][ T6599] sp : ffff80008c2678f0
[ 7459.770645][ T6599] x29: ffff80008c267900 x28: 00000000000003c5 x27: f6f0000018400268
[ 7459.773203][ T6599] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 7459.775579][ T6599] x23: 0000000000000000 x22: 9eff80008c259000 x21: 000000000000001e
[ 7459.777884][ T6599] x20: f6f0000018400000 x19: 00000000fffffff0 x18: 0000000000000000
[ 7459.780222][ T6599] x17: 0000000000000000 x16: 000000000000009e x15: 71f000000a8d8a80
[ 7459.782474][ T6599] x14: 0000000000000000 x13: 0000000000000003 x12: 71f000000a8d8000
[ 7459.784804][ T6599] x11: 9eff80008c259000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 7459.787215][ T6599] x8 : 71f000000a8d8000 x7 : 0000000000000000 x6 : 000000000000003f
[ 7459.789506][ T6599] x5 : 0000000000000040 x4 : f6f0000018401400 x3 : 0000000000000000
[ 7459.791836][ T6599] x2 : 000000000000001e x1 : 00000000fffffff0 x0 : 0000000000000000
[ 7459.794260][ T6599] Call trace:
[ 7459.795363][ T6599]  kvm_timer_update_irq+0x21c/0x394
[ 7459.796944][ T6599]  kvm_timer_vcpu_reset+0x158/0x684
[ 7459.798636][ T6599]  kvm_reset_vcpu+0x3b4/0x560
[ 7459.800270][ T6599]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 7459.801818][ T6599]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 7459.803310][ T6599]  __arm64_sys_ioctl+0x108/0x184
[ 7459.804778][ T6599]  invoke_syscall+0x78/0x1b8
[ 7459.806320][ T6599]  el0_svc_common+0xe8/0x1b0
[ 7459.807864][ T6599]  do_el0_svc+0x40/0x50
[ 7459.809315][ T6599]  el0_svc+0x54/0x14c
[ 7459.810657][ T6599]  el0t_64_sync_handler+0x84/0xfc
[ 7459.812110][ T6599]  el0t_64_sync+0x190/0x194
[ 7459.813642][ T6599] irq event stamp: 1900
[ 7459.814900][ T6599] hardirqs last  enabled at (1899): [<ffff8000839e92cc>] _raw_read_unlock_irqrestore+0x44/0x94
[ 7459.816958][ T6599] hardirqs last disabled at (1900): [<ffff8000839d104c>] el1_dbg+0x24/0x80
[ 7459.818852][ T6599] softirqs last  enabled at (1882): [<ffff8000801635e4>] handle_softirqs+0x698/0x6fc
[ 7459.820807][ T6599] softirqs last disabled at (1873): [<ffff800080010a68>] __do_softirq+0x14/0x20
[ 7459.822883][ T6599] ---[ end trace 0000000000000000 ]---
[ 7459.831375][ T6599] ------------[ cut here ]------------
[ 7459.832756][ T6599] WARNING: CPU: 0 PID: 6599 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394
[ 7459.834889][ T6599] Modules linked in:
[ 7459.836705][ T6599] CPU: 0 UID: 0 PID: 6599 Comm: syz.0.836 Tainted: G        W          6.12.0-rc3-syzkaller-g2e5ea59d8ff4 #0
[ 7459.839052][ T6599] Tainted: [W]=WARN
[ 7459.840265][ T6599] Hardware name: linux,dummy-virt (DT)
[ 7459.841591][ T6599] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 7459.843366][ T6599] pc : kvm_timer_update_irq+0x21c/0x394
[ 7459.844960][ T6599] lr : kvm_timer_update_irq+0x21c/0x394
[ 7459.846576][ T6599] sp : ffff80008c2678f0
[ 7459.847767][ T6599] x29: ffff80008c267900 x28: 00000000000003c5 x27: f6f0000018400268
[ 7459.850004][ T6599] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 7459.852359][ T6599] x23: 0000000000000000 x22: 9eff80008c259000 x21: 000000000000001b
[ 7459.854677][ T6599] x20: f6f0000018400000 x19: 00000000fffffff0 x18: 0000000000000000
[ 7459.856913][ T6599] x17: 0000000000000000 x16: 000000000000009e x15: 71f000000a8d8a80
[ 7459.859195][ T6599] x14: 0000000000000000 x13: 0000000000000003 x12: 71f000000a8d8000
[ 7459.861396][ T6599] x11: 9eff80008c259000 x10: 0000000000ff0100 x9 : 0000000000000000
[ 7459.863711][ T6599] x8 : 71f000000a8d8000 x7 : 0000000000000000 x6 : 000000000000003f
[ 7459.865969][ T6599] x5 : 0000000000000040 x4 : f6f0000018401468 x3 : 0000000000000000
[ 7459.868284][ T6599] x2 : 000000000000001b x1 : 00000000fffffff0 x0 : 0000000000000000
[ 7459.870513][ T6599] Call trace:
[ 7459.871625][ T6599]  kvm_timer_update_irq+0x21c/0x394
[ 7459.873186][ T6599]  kvm_timer_vcpu_reset+0x178/0x684
[ 7459.874772][ T6599]  kvm_reset_vcpu+0x3b4/0x560
[ 7459.876227][ T6599]  kvm_arch_vcpu_ioctl+0x112c/0x1b3c
[ 7459.877690][ T6599]  kvm_vcpu_ioctl+0x4ec/0xf74
[ 7459.879183][ T6599]  __arm64_sys_ioctl+0x108/0x184
[ 7459.880642][ T6599]  invoke_syscall+0x78/0x1b8
[ 7459.882177][ T6599]  el0_svc_common+0xe8/0x1b0
[ 7459.883685][ T6599]  do_el0_svc+0x40/0x50
[ 7459.885176][ T6599]  el0_svc+0x54/0x14c
[ 7459.886494][ T6599]  el0t_64_sync_handler+0x84/0xfc
[ 7459.888020][ T6599]  el0t_64_sync+0x190/0x194
[ 7459.889451][ T6599] irq event stamp: 1954
[ 7459.890648][ T6599] hardirqs last  enabled at (1953): [<ffff8000839d3220>] exit_to_kernel_mode+0xdc/0x10c
[ 7459.892675][ T6599] hardirqs last disabled at (1954): [<ffff8000839d104c>] el1_dbg+0x24/0x80
[ 7459.894553][ T6599] softirqs last  enabled at (1952): [<ffff8000801635e4>] handle_softirqs+0x698/0x6fc
[ 7459.896388][ T6599] softirqs last disabled at (1903): [<ffff800080010a68>] __do_softirq+0x14/0x20
[ 7459.898314][ T6599] ---[ end trace 0000000000000000 ]---

VM DIAGNOSIS:
20:05:07  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000839ad684 X00=0000000000000000 X01=ffff80008c266f00
X02=0000000000000001 X03=ffff8000839ad6a0 X04=ffff80008440ad08
X05=ffff80008c267117 X06=000000000000002e X07=fffffffffffd3c28
X08=71f000000a8d8000 X09=0000000000000000 X10=0000000000ff0100
X11=0000000000000038 X12=71f000000a8d8000 X13=0000000000000058
X14=0000000000000000 X15=0000000000000000 X16=00000000000000ff
X17=0000000000000000 X18=0000000000000000 X19=00000000ffffffd8
X20=efff800000000000 X21=efff800000000000 X22=00000000ffff0a10
X23=ffff80008c266e60 X24=ffff0a1000000609 X25=00000000028f5c29
X26=00000000ffffff9c X27=00000000000b92f0 X28=0000000000000000
X29=ffff80008c266e80 X30=ffff8000839aeff4  SP=ffff80008c266e20
PSTATE=804003c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=1400000000000000:1400000000000000 Z01=0000001400000000:0000000000000000
Z02=0000000000000014:0000000000000000 Z03=00d000a800000000:0000000000000000
Z04=0000000000000000:0000000000000002 Z05=0000000000000014:0000000000000002
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffc1c28010:0000ffffc1c28010 Z17=ffffff80ffffffd0:0000ffffc1c27fe0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000