last executing test programs:

50.221967966s ago: executing program 0 (id=267):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x4, 0x1, 0x0, 0x1000, &(0x7f0000ee6000/0x1000)=nil})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x6, 0x7})
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@irq_setup={0x46, 0x18, {0x4, 0x214}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x9, 0x7}}, @hvc={0x32, 0x40, {0x84000012, [0x45, 0x9, 0x7, 0xd26d, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x9a, 0x4, 0x9, 0x7, 0x6, 0x2}}], 0xb0}, 0x0, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffb}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f00000000c0)=0x1})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000200)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c03a, 0x3}}], 0x20}, &(0x7f0000000240)=[@featur2={0x1, 0xa0}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x4, 0xa}}], 0x30}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x1, 0x100)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

44.431533962s ago: executing program 1 (id=269):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
munmap(&(0x7f00000be000/0x1000)=nil, 0xffffffffdff41fff) (async)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) (async, rerun: 64)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (rerun: 64)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000540)=[{0x0, 0x0, 0x51c}], 0x1, 0x0, 0x0, 0x0)

39.469387565s ago: executing program 0 (id=270):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x1, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x10)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x38)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000005c0)={0x1fe, 0x1, 0x1000, 0x1000, &(0x7f0000eaa000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000000)={0x33c, 0x2})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
close(r2)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c000})
r7 = syz_kvm_vgic_v3_setup(r1, 0x3, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000040)=@attr_other={0x0, 0x7, 0x4678, 0x0})
syz_kvm_vgic_v3_setup(r5, 0x0, 0x2c0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x3)
r8 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bff000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f0000000100)=[@memwrite={0x6e, 0x30, @generic={0x8000000, 0x995, 0x0, 0x5}}, @its_send_cmd={0xaa, 0x28, {0x2, 0x1, 0x1, 0x3, 0x2, 0x2}}, @eret={0xe6, 0x18, 0xffffffffffff5509}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0xe, 0x450c, 0x100, 0x4}}, @hvc={0x32, 0x40, {0xc5000021, [0x258b, 0x5, 0x4, 0x5, 0x9]}}, @uexit={0x0, 0x18, 0x81}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x239}}, @smc={0x1e, 0x40, {0x80003fff, [0xbb, 0x3a, 0x103b, 0x0, 0xfffffffffffffff9]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf00, 0x1c00000000000, 0x1}}, @eret={0xe6, 0x18, 0xffffffff}, @uexit={0x0, 0x18, 0x3a24}, @svc={0x122, 0x40, {0x80, [0x6, 0x8, 0x7, 0x9, 0xfffffffffffffff8]}}, @eret={0xe6, 0x18}, @uexit={0x0, 0x18, 0x80}, @uexit={0x0, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0x6, 0xfffffc01, 0x5000}}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0x22c, 0xe, 0x8}}, @eret={0xe6, 0x18, 0x3}, @smc={0x1e, 0x40, {0x400, [0x7f, 0x8, 0x94d2, 0x9, 0x9]}}, @mrs={0xbe, 0x18, {0x143150022352e800}}, @smc={0x1e, 0x40, {0x84000014, [0x5, 0x8, 0x7fffffff, 0x4ea, 0x4]}}, @svc={0x122, 0x40, {0x44000103, [0x80000001, 0xfffffffffffffff5, 0x6, 0x1, 0x2]}}, @hvc={0x32, 0x40, {0x84000052, [0x2, 0x4, 0xffffffff00000001, 0x7, 0xc]}}, @msr={0x14, 0x20, {0x603000000013c804, 0xf4}}, @irq_setup={0x46, 0x18, {0x3, 0x1c2}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x27e}}, @svc={0x122, 0x40, {0x1000, [0x5, 0x8000000000000000, 0x8, 0x5, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013e66f}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x1, 0xd, 0x90, 0x4, 0x1}}], 0x4a8}, &(0x7f0000000600)=[@featur2={0x1, 0x1}], 0x1)

37.661815926s ago: executing program 1 (id=271):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, 0x0, 0x0, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000100)="4bead90a8a524c79f126541ba60686d7378e2f7235828bcf3fa4a80d5e3c6753e0fbf42973da38e59cd4b2dc174f7f7ed37dd8abc6a52715ea2d8a070028857f943eed4506eaf7a1", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x151400, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x6)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0xd000})

31.476598581s ago: executing program 0 (id=272):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r2})
close(r1)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)

29.884976622s ago: executing program 1 (id=273):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x15)
ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f0000000000))
r1 = eventfd2(0xffffffff, 0x80800)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000080)={0x6, 0x8000000, 0x8, r1, 0xa})
ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f00000000c0)={0xb6, 0x0, 0x10000})
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x12)
ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f0000000140))
r3 = syz_kvm_vgic_v3_setup(r0, 0x4, 0x180)
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x80, 0x1, &(0x7f00000001c0)=0xb})
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r0, r4, &(0x7f0000bfd000/0x400000)=nil, &(0x7f00000007c0)=[{0x0, &(0x7f0000000240)=[@code={0xa, 0x84, {"000000aa20fc82d200e0b8f2410080d2620180d2830180d2640180d2020000d4000028d5007008d50094000f0004000f20d194d20040b8f2010080d2a20180d2e30180d2240180d2020000d4e0c386d20060b0f2010180d2020180d2030180d2440080d2020000d4007008d5008008d5"}}, @hvc={0x32, 0x40, {0x40, [0x2d5, 0xb, 0x4, 0x5, 0x9]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1c6}}, @smc={0x1e, 0x40, {0x800, [0x8, 0x2, 0x3, 0x4, 0x7fffffff]}}, @memwrite={0x6e, 0x30, @generic={0x8000000, 0x2aa, 0x800, 0x9}}, @hvc={0x32, 0x40, {0x8400000f, [0x8, 0x1, 0x9, 0x0, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0xffffffffffffff9d}}, @smc={0x1e, 0x40, {0x0, [0x8235, 0x92b, 0x6, 0x8, 0x9]}}, @mrs={0xbe, 0x18, {0x6030000000138036}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x0, 0x3, 0x2, 0x7ed, 0x3}}, @irq_setup={0x46, 0x18, {0x0, 0x290}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x9, 0x6}}, @code={0xa, 0x84, {"007008d520e894d20040b0f2810080d2020180d2230080d2c40180d2020000d4000040a9007008d5e03a86d200a0b8f2410080d2620080d2c30180d2a40180d2020000d440e991d20020b8f2010080d2c20180d2e30080d2840180d2020000d400b8310e007008d50000301e000080d2"}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x1b4}}, @smc={0x1e, 0x40, {0xc4000005, [0x1, 0xb, 0x3, 0xfffffffffffffffb, 0x6]}}, @svc={0x122, 0x40, {0x80000208, [0x4, 0xffffffff, 0x2, 0x5, 0x7186]}}, @irq_setup={0x46, 0x18, {0x3, 0x3d9}}, @hvc={0x32, 0x40, {0x80000000, [0xc, 0x7, 0x6, 0x6, 0x9]}}, @uexit={0x0, 0x18, 0x1e5e}, @code={0xa, 0x84, {"a0cf8dd200e0b8f2010080d2220080d2830080d2040080d2020000d4008008d5801f93d20000b8f2a10080d2a20180d2c30080d2440080d2020000d400a0002f0040bf0d007008d5804794d20020b8f2610180d2c20080d2430080d2c40080d2020000d40038201e007008d5007008d5"}}, @eret={0xe6, 0x18, 0x2}, @hvc={0x32, 0x40, {0x400, [0xfff, 0x2000000000, 0x2, 0x7fffffffffffffff, 0x6]}}, @svc={0x122, 0x40, {0x0, [0x3ff, 0x8000000000000000, 0x9, 0xffffffffffffff10, 0xaea]}}, @uexit={0x0, 0x18, 0xffffffffffffff81}, @uexit={0x0, 0x18, 0x1}], 0x57c}], 0x1, 0x0, &(0x7f0000000800), 0x1)
ioctl$KVM_GET_DEVICE_ATTR_vm(r2, 0x4018aee2, &(0x7f0000000880)=@attr_other={0x0, 0x8, 0xfffffffffffeffff, &(0x7f0000000840)=0x8})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000900)=@attr_arm64={0x0, 0x7, 0x3, &(0x7f00000008c0)=0xff})
r5 = eventfd2(0x10, 0x0)
write$eventfd(r1, &(0x7f0000000940)=0x8000000000000001, 0x8)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000980), 0x220200, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x3a)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000009c0)=@attr_pmu_init)
r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000c00)={0x0, &(0x7f0000000a00)=[@memwrite={0x6e, 0x30, @generic={0xeeee0000, 0x513, 0x7ff, 0x8}}, @msr={0x14, 0x20, {0x603000000013e6d1, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0xe3}}, @uexit={0x0, 0x18, 0x2}, @msr={0x14, 0x20, {0x603000000013803e, 0x6}}, @svc={0x122, 0x40, {0x0, [0xf, 0xd, 0x5fb4, 0x6, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x4, 0xc, 0x8, 0x1fffe0, 0x3}}, @uexit={0x0, 0x18, 0x9}, @uexit={0x0, 0x18, 0x86}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0xd, 0xe2, 0x0, 0x3}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x5c}}, @irq_setup={0x46, 0x18, {0x0, 0x3db}}, @msr={0x14, 0x20, {0x603000000013c666, 0xfffffffffffff868}}, @irq_setup={0x46, 0x18, {0x2, 0x20e}}], 0x1e8}, &(0x7f0000000c40)=[@featur2={0x1, 0x4}], 0x1)
ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000c80)={0x4})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000cc0)={0x1, 0x0, [{0x6, 0x2, 0x1, 0x0, @sint={0x400, 0x3ff}}]})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f0000000d00))
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000d80)={r1, 0x8ad00000, 0x3, r5})
ioctl$KVM_GET_REG_LIST(r7, 0xc008aeb0, &(0x7f0000000dc0)={0x1, [0x8000]})
eventfd2(0x8, 0x800)
ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r0, 0x4068aea3, &(0x7f0000000e00))
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000ec0)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000e80)=0x6})
ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000f00)={0x800, 0x400})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r2, 0x4018aee3, &(0x7f0000000f80)=@attr_other={0x0, 0x81, 0x5, &(0x7f0000000f40)=0x4})

24.61660631s ago: executing program 1 (id=274):
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x2})
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000080)={0x0, <r6=>0xffffffffffffffff, 0x1})
r7 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
r8 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000200)=@attr_arm64={0x0, 0x4, 0x0, &(0x7f0000000140)})
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
r10 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r9, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f00000001c0)=[@uexit={0x0, 0x18}], 0x18}], 0x1, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000e49000/0x3000)=nil, r9, 0x1, 0x2010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)

22.461452889s ago: executing program 0 (id=275):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x5, &(0x7f00000000c0)=0x5})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x8040aeb6, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0xffffffff, 0x80000000, 0x2}})

14.667273573s ago: executing program 0 (id=276):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x92000, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r7, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1)
ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0xffff, 0x3ff, &(0x7f0000000140)=0x1001})
r13 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r12, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r15, 0x4040ae79, &(0x7f0000000000)={0x0, 0xf000, 0x1, 0xffffffffffffffff, 0x20})
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408)
munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2c)

7.604577123s ago: executing program 1 (id=277):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0x8000000000000000})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x0, 0x0, 0x6, 0x2, 0x4}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
ioctl$KVM_CAP_ARM_USER_IRQ(r1, 0x4068aea3, &(0x7f0000000140))

1.578672647s ago: executing program 0 (id=278):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0xfffffffa, 0x80001)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r4})
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8})
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x800)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000180)={0x10000, 0x4000})
r7 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r9 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x40)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0)
r12 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r12, 0xb})
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r12, 0x3})
ioctl$KVM_GET_DEVICE_ATTR(r9, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x9, 0x5660b638, &(0x7f0000000000)=0x4})

0s ago: executing program 1 (id=279):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000000100)={0xb6, 0x0, 0x81})
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000001c0)={0x1, 0x0, [{0x101, 0x1, 0x1, 0x0, @msi={0x3, 0xfffffeff, 0x28a, 0x3}}]})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
write$eventfd(r7, &(0x7f00000001c0)=0x7ffffff, 0xfdef)
syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000140)=[@featur2={0x1, 0xe1}], 0x1)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x21)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r10, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x7f, &(0x7f0000000340)=0x8})

kernel console output (not intermixed with test programs):

[  440.791746][ T3143] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:61023' (ED25519) to the list of known hosts.
[  618.721198][   T25] audit: type=1400 audit(617.900:60): avc:  denied  { name_bind } for  pid=3301 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  619.688942][   T25] audit: type=1400 audit(618.870:61): avc:  denied  { execute } for  pid=3302 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  619.711571][   T25] audit: type=1400 audit(618.890:62): avc:  denied  { execute_no_trans } for  pid=3302 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  645.293263][   T25] audit: type=1400 audit(644.480:63): avc:  denied  { mounton } for  pid=3302 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  645.329110][   T25] audit: type=1400 audit(644.510:64): avc:  denied  { mount } for  pid=3302 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  645.410972][ T3302] cgroup: Unknown subsys name 'net'
[  645.462720][   T25] audit: type=1400 audit(644.650:65): avc:  denied  { unmount } for  pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  645.861406][ T3302] cgroup: Unknown subsys name 'cpuset'
[  645.967750][ T3302] cgroup: Unknown subsys name 'rlimit'
[  646.902391][   T25] audit: type=1400 audit(646.090:66): avc:  denied  { setattr } for  pid=3302 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  646.931633][   T25] audit: type=1400 audit(646.110:67): avc:  denied  { mounton } for  pid=3302 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  646.950314][   T25] audit: type=1400 audit(646.130:68): avc:  denied  { mount } for  pid=3302 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  648.173613][ T3305] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  648.196584][   T25] audit: type=1400 audit(647.380:69): avc:  denied  { relabelto } for  pid=3305 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  648.221114][   T25] audit: type=1400 audit(647.410:70): avc:  denied  { write } for  pid=3305 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  648.448329][   T25] audit: type=1400 audit(647.630:71): avc:  denied  { read } for  pid=3302 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  648.472495][   T25] audit: type=1400 audit(647.650:72): avc:  denied  { open } for  pid=3302 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  648.513918][ T3302] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  696.780604][   T25] audit: type=1400 audit(695.970:73): avc:  denied  { execmem } for  pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  704.719915][   T25] audit: type=1400 audit(703.890:74): avc:  denied  { read } for  pid=3308 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  704.734379][   T25] audit: type=1400 audit(703.920:75): avc:  denied  { open } for  pid=3308 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  704.823958][   T25] audit: type=1400 audit(704.010:76): avc:  denied  { mounton } for  pid=3308 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  705.102094][   T25] audit: type=1400 audit(704.290:77): avc:  denied  { module_request } for  pid=3309 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  705.149643][   T25] audit: type=1400 audit(704.340:78): avc:  denied  { module_request } for  pid=3308 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  706.288475][   T25] audit: type=1400 audit(705.470:79): avc:  denied  { sys_module } for  pid=3309 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  731.683123][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  731.932970][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  732.159261][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  732.537201][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  744.793959][ T3308] hsr_slave_0: entered promiscuous mode
[  744.822179][ T3308] hsr_slave_1: entered promiscuous mode
[  745.762037][ T3309] hsr_slave_0: entered promiscuous mode
[  745.801395][ T3309] hsr_slave_1: entered promiscuous mode
[  745.834271][ T3309] debugfs: 'hsr0' already exists in 'hsr'
[  745.857792][ T3309] Cannot create hsr debugfs directory
[  751.307753][   T25] audit: type=1400 audit(750.490:80): avc:  denied  { create } for  pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  751.353562][   T25] audit: type=1400 audit(750.540:81): avc:  denied  { write } for  pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  751.384309][   T25] audit: type=1400 audit(750.570:82): avc:  denied  { read } for  pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  751.523438][ T3308] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  752.027965][ T3308] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  752.271260][ T3308] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  752.574853][ T3308] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  754.167863][ T3309] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  754.304068][ T3309] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  754.483598][ T3309] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  754.777557][ T3309] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  772.679260][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0
[  775.530774][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0
[  833.671495][ T3308] veth0_vlan: entered promiscuous mode
[  834.359753][ T3308] veth1_vlan: entered promiscuous mode
[  836.530996][ T3309] veth0_vlan: entered promiscuous mode
[  837.622752][ T3308] veth0_macvtap: entered promiscuous mode
[  837.710271][ T3309] veth1_vlan: entered promiscuous mode
[  838.170694][ T3308] veth1_macvtap: entered promiscuous mode
[  840.080205][ T3309] veth0_macvtap: entered promiscuous mode
[  840.401523][ T3353] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  840.503200][ T3353] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  840.511909][ T3353] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  840.628322][ T3353] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  840.667990][ T3309] veth1_macvtap: entered promiscuous mode
[  843.323855][   T25] audit: type=1400 audit(842.510:83): avc:  denied  { mount } for  pid=3308 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  843.462838][   T25] audit: type=1400 audit(842.650:84): avc:  denied  { mounton } for  pid=3308 comm="syz-executor" path="/syzkaller.sbwJDy/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  843.583677][   T21] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  843.588827][   T21] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  843.594747][   T21] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  843.642056][   T21] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  843.769637][   T25] audit: type=1400 audit(842.920:85): avc:  denied  { mount } for  pid=3308 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  844.052766][   T25] audit: type=1400 audit(843.240:86): avc:  denied  { mounton } for  pid=3308 comm="syz-executor" path="/syzkaller.sbwJDy/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  844.202623][   T25] audit: type=1400 audit(843.390:87): avc:  denied  { mounton } for  pid=3308 comm="syz-executor" path="/syzkaller.sbwJDy/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3784 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  845.007735][   T25] audit: type=1400 audit(844.190:88): avc:  denied  { unmount } for  pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  845.228495][   T25] audit: type=1400 audit(844.400:89): avc:  denied  { mounton } for  pid=3308 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  845.341584][   T25] audit: type=1400 audit(844.480:90): avc:  denied  { mount } for  pid=3308 comm="syz-executor" name="/" dev="gadgetfs" ino=3796 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  845.732438][   T25] audit: type=1400 audit(844.920:91): avc:  denied  { mount } for  pid=3308 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  845.837075][   T25] audit: type=1400 audit(844.990:92): avc:  denied  { mounton } for  pid=3308 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  846.930359][ T3308] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  856.913123][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  856.922719][   T25] audit: type=1400 audit(856.100:97): avc:  denied  { read } for  pid=3462 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  857.001670][   T25] audit: type=1400 audit(856.190:98): avc:  denied  { open } for  pid=3462 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  857.040472][   T25] audit: type=1400 audit(856.230:99): avc:  denied  { ioctl } for  pid=3462 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae04 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  872.240123][   T25] audit: type=1400 audit(871.430:100): avc:  denied  { append } for  pid=3478 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  893.786322][   T25] audit: type=1400 audit(892.910:101): avc:  denied  { setattr } for  pid=3494 comm="syz.0.10" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  893.856913][   T25] audit: type=1400 audit(893.030:102): avc:  denied  { execute } for  pid=3494 comm="syz.0.10" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4149 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  906.670040][   T25] audit: type=1400 audit(905.820:103): avc:  denied  { write } for  pid=3503 comm="syz.1.13" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1109.079602][ T3622] kvm [3622]: Failed to find VMA for hva 0x20dd0000
[ 1386.996965][   T25] audit: type=1400 audit(1386.180:104): avc:  denied  { ioctl } for  pid=3784 comm="syz.1.100" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1483.419834][ T3833] kvm [3833]: Failed to find VMA for hva 0x20c01000
[ 1505.690954][   T25] audit: type=1400 audit(1504.850:105): avc:  denied  { map } for  pid=3844 comm="syz.1.116" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1505.793973][   T25] audit: type=1400 audit(1504.930:106): avc:  denied  { execute } for  pid=3844 comm="syz.1.116" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1715.469756][ T3966] kvm [3966]: Failed to find VMA for hva 0x20c01000
[ 1715.650423][ T3966] kvm [3966]: Failed to find VMA for hva 0x20c01000
[ 1953.873651][ T4120] debugfs: 'vgic-its-state@8080000' already exists in '4120-4'
[ 2233.562415][ T4293] kvm [4293]: Failed to find VMA for hva 0x20c01000
[ 2245.039520][ T4299] kvm [4299]: Failed to find VMA for hva 0x20df4000
[ 2357.721887][ T4358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5f906
[ 2357.768482][ T4358] flags: 0x1ffdc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x70)
[ 2357.788766][ T4358] raw: 01ffdc0000000000 ffffc1ffc07e5808 ffffc1ffc07e8088 0000000000000000
[ 2357.816436][ T4358] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2357.828432][ T4358] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[ 2357.851630][ T4358] ------------[ cut here ]------------
[ 2357.851913][ T4358] kernel BUG at ./include/linux/mm.h:1036!
[ 2357.853674][ T4358] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
[ 2357.858616][ T4358] Modules linked in:
[ 2357.860725][ T4358] CPU: 0 UID: 0 PID: 4358 Comm: syz.0.278 Not tainted syzkaller #0 PREEMPT 
[ 2357.862305][ T4358] Hardware name: linux,dummy-virt (DT)
[ 2357.863562][ T4358] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 2357.864849][ T4358] pc : kvm_s2_put_page+0x374/0x3a0
[ 2357.867109][ T4358] lr : kvm_s2_put_page+0x374/0x3a0
[ 2357.868134][ T4358] sp : ffff80008e857570
[ 2357.868894][ T4358] x29: ffff80008e857570 x28: 47f000001fa02000 x27: 47f000001fa02000
[ 2357.870539][ T4358] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000
[ 2357.871966][ T4358] x23: ffffc1ffc07e4188 x22: 0000000000000000 x21: ffffc1ffc07e41b4
[ 2357.873379][ T4358] x20: 0000000000000000 x19: ffffc1ffc07e4180 x18: 0000000005ca255a
[ 2357.874821][ T4358] x17: 00000000042740b7 x16: 0000000005c9f71a x15: 00000000aac21f58
[ 2357.876292][ T4358] x14: ffffffffffffffff x13: fff000000dc23b08 x12: 0000000000000001
[ 2357.877702][ T4358] x11: 0000000000080000 x10: 000000000006bad0 x9 : 81480be2da13a800
[ 2357.879163][ T4358] x8 : 81480be2da13a800 x7 : ffff8000803a03c8 x6 : 0000000000000000
[ 2357.880531][ T4358] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008074b7f8
[ 2357.881905][ T4358] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003e
[ 2357.883499][ T4358] Call trace:
[ 2357.884427][ T4358]  kvm_s2_put_page+0x374/0x3a0 (P)
[ 2357.885702][ T4358]  stage2_free_walker+0x1b0/0x264
[ 2357.886756][ T4358]  __kvm_pgtable_walk+0x7d8/0xa68
[ 2357.887733][ T4358]  kvm_pgtable_walk+0x294/0x468
[ 2357.888698][ T4358]  kvm_pgtable_stage2_destroy_range+0x60/0xb4
[ 2357.889809][ T4358]  kvm_free_stage2_pgd+0x198/0x28c
[ 2357.890797][ T4358]  kvm_uninit_stage2_mmu+0x20/0x38
[ 2357.891775][ T4358]  kvm_arch_flush_shadow_all+0x1a8/0x1e0
[ 2357.892826][ T4358]  kvm_mmu_notifier_release+0x48/0xa8
[ 2357.893834][ T4358]  mmu_notifier_unregister+0x128/0x42c
[ 2357.894860][ T4358]  kvm_put_kvm+0x6a0/0xfa8
[ 2357.895703][ T4358]  kvm_vcpu_release+0x70/0x9c
[ 2357.896657][ T4358]  __fput+0x4ac/0x980
[ 2357.897466][ T4358]  ____fput+0x20/0x58
[ 2357.898302][ T4358]  task_work_run+0x1bc/0x254
[ 2357.899194][ T4358]  get_signal+0x13ec/0x1554
[ 2357.900191][ T4358]  do_signal+0x23c/0x4dd0
[ 2357.901159][ T4358]  do_notify_resume+0xb0/0x270
[ 2357.902132][ T4358]  el0_svc+0xb8/0x164
[ 2357.903053][ T4358]  el0t_64_sync_handler+0x84/0x12c
[ 2357.904003][ T4358]  el0t_64_sync+0x198/0x19c
[ 2357.905552][ T4358] Code: d0037581 9126fc21 aa1303e0 97f9c9f2 (d4210000) 
[ 2357.907442][ T4358] ---[ end trace 0000000000000000 ]---
[ 2357.909035][ T4358] Kernel panic - not syncing: Oops - BUG: Fatal exception
[ 2357.911047][ T4358] Kernel Offset: disabled
[ 2357.911816][ T4358] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 2357.912941][ T4358] Memory Limit: none
[ 2357.914625][ T4358] Rebooting in 86400 seconds..

VM DIAGNOSIS:
09:26:32  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008049067c X00=0000000000000001 X01=0000000000000000
X02=0000000000000001 X03=ffff80008048d0ac X04=0000000000000000
X05=0000000000000000 X06=ffff80008048b334 X07=ffff800080015834
X08=000000000006cd89 X09=78ff80008f099000 X10=000000000006cd88
X11=0000000000080000 X12=0000000000000000 X13=00000000ffffffff
X14=0000000000000002 X15=ffff800087f83a20 X16=0000000000000000
X17=00000000042740b7 X18=0000000005ca255a X19=00000000000003cf
X20=efff800000000000 X21=ffff80008795f110 X22=00000000000003ce
X23=00000000000000ff X24=ffff80008795f110 X25=00000000000003ce
X26=5ef000000dc23b10 X27=00000000000003c0 X28=ffff800087735000
X29=ffff80008e856fd0 X30=ffff80008049067c  SP=ffff80008e856f90
PSTATE=804023c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0a0a0a0a0a0a0a0a:0a0a0a0a0a0a0a0a Z01=3030303030300000:2930203d3d202965
Z02=635f6665725f6567:617028454741505f Z03=000000000000ffff:0000000000000000
Z04=0000000000000000:000000ff00000000 Z05=5f65676170284547:41505f4e4f5f4755
Z06=3a746e756f637061:6d20303a746e756f Z07=3030303030303a67:6e697070616d2030
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffe68167a0:0000ffffe68167a0 Z17=ffffff80ffffffd8:0000ffffe6816770
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000