last executing test programs:

45.332478164s ago: executing program 1 (id=12):
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (rerun: 64)
openat$kvm(0x0, 0x0, 0x4f0000, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x300000f, 0x40010, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=[@code={0xa, 0xcc, {"e0ef9ad200c0b8f2410080d2e20080d2430080d2e40180d2020000d4e0be9cd20040b0f2210080d2620080d2630180d2840180d2020000d40000681e0000000b0000399e003c202ea04c8ad200e0b0f2610180d2c20180d2a30080d2640180d2020000d4c0ed81d20000b8f2810180d2820180d2a30180d2640080d2020000d4a0a189d20060b0f2410180d2820180d2230080d2240180d2020000d4804e82d20020b0f2810180d2020180d2830180d2a40080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x4, 0x0, 0x9, 0xe}}, @hvc={0x32, 0x40, {0x6000000, [0x0, 0x78f7, 0x8, 0x3, 0x9]}}, @smc={0x1e, 0x40, {0x84000009, [0x5, 0x10, 0xd7f, 0x1000, 0x5]}}, @irq_setup={0x46, 0x18, {0x0, 0x5a}}, @mrs={0xbe, 0x18, {0x6030000000139828}}, @msr={0x14, 0x20, {0x603000000013c085, 0x100000001}}, @hvc={0x32, 0x40, {0x8400000b, [0x4, 0x8, 0x6, 0x6, 0xdd]}}, @mrs={0xbe, 0x18, {0x77fe}}], 0x21c}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000be1000/0x400000)=nil) (async)
munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x28031, r1, 0x0) (async)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x2010, 0xffffffffffffffff, 0x0)

35.006905403s ago: executing program 1 (id=14):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_assert_reg(0xffffffffffffffff, 0x603000000013df11, 0x8000)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000040)="338800073dbd4d13980fb50c313261739245a26e04c3cef2d7910fbc221b669b6a1ea97274971ed1490b0b2d5ea8ffe58af68f225b78f3267838ba12cee3a8ee59534b82474904a6", 0x0, 0x48)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x4000, 0x2})

32.990603935s ago: executing program 0 (id=15):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)

27.476411126s ago: executing program 1 (id=16):
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
munmap(&(0x7f000000f000/0x2000)=nil, 0x2000)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, &(0x7f0000000100)=@attr_other={0x0, 0xeb5b, 0x2, &(0x7f00000000c0)=0x6})
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x410002, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, <r5=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x400454cb, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r2, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r9, 0x603020000013df12, 0x8000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r2, 0x3, 0x8032, 0xffffffffffffffff, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x3)
ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1})
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013d801, &(0x7f0000000000)=0x2})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
mmap$KVM_VCPU(&(0x7f000063c000/0x2000)=nil, r13, 0x6000002, 0x40010, r12, 0x0)

27.136543275s ago: executing program 0 (id=17):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = eventfd2(0x0, 0x80000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x2, 0x100)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r1, 0x3})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x80040, 0x0)
ioctl$KVM_CREATE_VM(r0, 0x5452, 0xa00000000000000)

20.016254283s ago: executing program 0 (id=18):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x401c5820, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)=0x6})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x40200, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xc0189436, 0x33)

18.921820737s ago: executing program 1 (id=19):
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r4, 0x4018aee3, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0x4d6a, 0xff}})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r5, 0x0)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0)

12.719866548s ago: executing program 0 (id=20):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000000c0)=0x8})

11.698217196s ago: executing program 1 (id=21):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x301081, 0x0)
r1 = mmap$KVM_VCPU(&(0x7f0000ff1000/0xf000)=nil, 0x0, 0x1000000, 0x8010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000040)="e4d0ed456172233a8b25281c3fb3965889558926597bdaa0", 0x0, 0x18)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x5)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x1, 0x4, 0xdddd0000, 0x1000, &(0x7f0000ff3000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3)
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f00000000c0)={0x4, 0x0, [{0xfffffffd, 0x5, 0x1, 0x0, @sint={0x3}}, {0x7, 0x1, 0x0, 0x0, @msi={0x2, 0xfffffffb, 0x7fff, 0xa}}, {0x100, 0x2, 0x1, 0x0, @sint={0x5, 0xf492}}, {0x2, 0x5, 0x0, 0x0, @msi={0x3, 0x6, 0x5, 0x9}}]})
r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000800)={0x0, &(0x7f00000001c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1200, 0x7}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x1, 0x4, 0x3, 0x5, 0x4}}, @irq_setup={0x46, 0x18, {0x0, 0x353}}, @hvc={0x32, 0x40, {0xc4000004, [0x3, 0x7, 0x5, 0x5, 0x80000001]}}, @code={0xa, 0x3c, {"008c004f003c000e0048202e007008d5007008d5000008d5007008d5000028d50014007f0008403a"}}, @svc={0x122, 0x40, {0x84000007, [0x9, 0x0, 0x0, 0x5, 0x6]}}, @smc={0x1e, 0x40, {0x80000002, [0x1, 0x7fffffffffffffff, 0xb, 0xa]}}, @msr={0x14, 0x20, {0x6556, 0x1}}, @svc={0x122, 0x40, {0x80000002, [0x6, 0x40, 0x400, 0x1, 0x37]}}, @irq_setup={0x46, 0x18, {0x3, 0x1}}, @eret={0xe6, 0x18, 0xc6c3}, @svc={0x122, 0x40, {0x8, [0xffffffff7fffffff, 0x0, 0xb6, 0x1, 0xa00e]}}, @mrs={0xbe, 0x18}, @hvc={0x32, 0x40, {0x84000001, [0x19e, 0x9, 0x6, 0x3, 0x2]}}, @code={0xa, 0x9c, {"806495d200e0b0f2a10080d2220080d2230080d2a40180d2020000d4005f96d20000b8f2610080d2220180d2430080d2240180d2020000d4007008d500008012007008d560b385d20000b8f2410080d2020080d2c30180d2840180d2020000d4000028d5007008d5a04697d20080b8f2a10180d2820180d2c30180d2240180d2020000d4000028d5"}}, @mrs={0xbe, 0x18, {0x603000000013e66f}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18, 0x6}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x6, 0x10, 0x3, 0x4}}, @hvc={0x32, 0x40, {0x4080, [0xffffffff, 0x2, 0x3ff, 0x7, 0x4]}}, @smc={0x1e, 0x40, {0x4000, [0x6, 0x9032, 0x800, 0x4f, 0x401]}}, @irq_setup={0x46, 0x18, {0x2, 0x43}}, @irq_setup={0x46, 0x18, {0x1, 0x1f6}}, @its_send_cmd={0xaa, 0x28, {0x661060815464a7e5, 0x1, 0x1, 0x2, 0x3, 0xa25e}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xd00, 0x7, 0x8}}, @smc={0x1e, 0x40, {0x2, [0x518, 0x1, 0x40, 0x7, 0x200]}}, @code={0xa, 0x6c, {"003883d20000b0f2c10080d2220180d2c30080d2840180d2020000d4007008d5000028d5400c91d200e0b8f2410080d2220080d2230180d2840080d2020000d4007008d50004c0780080c00d0028217e00d8217e008008d5"}}, @svc={0x122, 0x40, {0x8400000c, [0x1ff, 0x8, 0x77e9, 0x200, 0x2]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xe00, 0x5, 0x9}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x82}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x1d4}}], 0x62c}, &(0x7f0000000840)=[@featur2={0x1, 0xed}], 0x1)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000880)=@attr_pmu_init)
r5 = ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_S390_VCPU_FAULT(r5, 0x4008ae52, &(0x7f00000008c0)=0xddea)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000900)={0xdf, 0x0, 0x4000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xb6a)
syz_kvm_setup_cpu$arm64(r2, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000b80)=[{0x0, &(0x7f0000000980)=[@msr={0x14, 0x20, {0x603000000013c2a6, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x80, 0x0, 0x9}}, @svc={0x122, 0x40, {0xc4000053, [0x5, 0xa00000000000, 0x9, 0x7, 0x4]}}, @smc={0x1e, 0x40, {0x2000, [0x2, 0x10000, 0x200, 0x2, 0x6]}}, @msr={0x14, 0x20, {0x603000000013df65, 0x9}}, @eret={0xe6, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x3d}}, @mrs={0xbe, 0x18, {0x603000000013e2b0}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x33a}}, @hvc={0x32, 0x40, {0x84000009, [0x5, 0x7, 0x5, 0xc53, 0x3]}}, @smc={0x1e, 0x40, {0x2000000, [0x1, 0x1, 0x2, 0x8, 0x81]}}], 0x1f0}], 0x1, 0x0, &(0x7f0000000bc0)=[@featur1={0x1, 0x61}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000c40)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000c00)=0x10})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80), 0x4002, 0x0)
ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
r8 = ioctl$KVM_GET_STATS_FD_cpu(r6, 0xaece)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_ARM_PREFERRED_TARGET(r6, 0x8020aeaf, &(0x7f0000000cc0))
eventfd2(0xffffffff, 0x80001)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x1c)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2b)
syz_kvm_vgic_v3_setup(r9, 0x3, 0x100)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000d40)=@arm64_fp={0x60400000001000b1, &(0x7f0000000d00)=0x47b})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000d80), 0x800, 0x0)

6.083096117s ago: executing program 1 (id=22):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x0, 0x100000d, 0x12, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c6f000/0x3000)=nil, 0x0, 0x14, 0x13, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2f)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013df62, 0xc00000}}], 0x20}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r5 = mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x10, r4, 0x40000)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, 0x0})
r14 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x28)
r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r13, 0x4040aea0, &(0x7f00000011c0)=@arm64={0x5, 0x4, 0x8, '\x00', 0x7ff800000000000})
syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
r16 = syz_kvm_vgic_v3_setup(r7, 0x2, 0x80)
ioctl$KVM_GET_DEVICE_ATTR(r16, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x1, 0x3, 0x0})
ioctl$KVM_GET_DEVICE_ATTR(r16, 0x4018aee2, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000080)=0x8})
syz_memcpy_off$KVM_EXIT_MMIO(r5, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18)

5.416229015s ago: executing program 0 (id=23):
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r0, 0x4, 0x12, r1, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xdddd1000, 0x100000})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r0, 0x2000008, 0x11, r1, 0x0) (async)
r2 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x8, 0xffffffffffffffff, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000080)=0x8}) (async)
r3 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece)
close(r3)
ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000100)={0xb6, 0x0, 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000180)={0x6, 0x0, [{0x6a0, 0x4, 0x1, 0x0, @msi={0x0, 0x40, 0xffff8000, 0x1}}, {0x6, 0x4, 0x0, 0x0, @irqchip={0x5, 0x3}}, {0xa1b9, 0x3, 0x1, 0x0, @adapter={0x0, 0x3, 0x8, 0xfffffffa, 0x5fc1}}, {0x2, 0x3, 0x1, 0x0, @msi={0x3, 0xf362, 0x7af9, 0x6000000}}, {0xd, 0x1, 0x1, 0x0, @adapter={0x0, 0x200, 0x2, 0x7, 0x3f0}}, {0x9, 0x3, 0x1, 0x0, @adapter={0x6, 0x8e3c, 0x3, 0x6, 0x1}}]}) (async)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f00000002c0)={0x2713, 0x0, &(0x7f0000400000/0xc00000)=nil})
close(r3) (async)
ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000340)=@arm64_sve={0x608000000015021d, &(0x7f0000000300)=0x7}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000003c0)=@attr_other={0x0, 0x9, 0x4, &(0x7f0000000380)=0x8}) (async, rerun: 64)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 64)
r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000640)={0x0, &(0x7f0000000400)=[@msr={0x14, 0x20, {0x603000000013df4d, 0xf3}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff4, 0xd8, 0x6}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x2, 0x3, 0x1, 0x6, 0x4}}, @msr={0x14, 0x20, {0x603000000013e64d, 0x2}}, @uexit={0x0, 0x18, 0x10000000000000}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x4, 0xc, 0xfffffffa, 0x0, 0x3}}, @hvc={0x32, 0x40, {0x80003fff, [0x1, 0xe76, 0x8, 0x5523f316, 0x3]}}, @eret={0xe6, 0x18, 0xffffffffffffff9c}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x1, 0xf, 0x80000000, 0x8, 0x2}}, @irq_setup={0x46, 0x18, {0x1, 0xa9}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0x4, 0xb, 0x4, 0x3}}, @msr={0x14, 0x20, {0x60300000001383c6, 0x9}}, @code={0xa, 0x84, {"0000001b007008d5007008d5c09c94d20020b8f2610080d2a20180d2a30180d2840080d2020000d4000028d540ff9fd20040b8f2a10080d2a20080d2a30180d2640080d2020000d4000028d5000008d50000009160ab89d200c0b0f2210080d2c20080d2830080d2640180d2020000d4"}}], 0x23c}, &(0x7f0000000680)=[@featur1={0x1, 0x45}], 0x1)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r0, 0x200000d, 0x40010, r5, 0x0) (async)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000ac0)={0x3, 0x300, 0x0, &(0x7f00000006c0)=[0x7, 0x2, 0x8, 0x1e, 0x9, 0x2202, 0x7ff, 0xbd, 0x71, 0x8, 0x9, 0x7, 0x129e, 0x6, 0xfe, 0x9, 0x9, 0x4, 0xc29, 0xb, 0x0, 0x0, 0x3ff, 0x101, 0x6, 0xbfdc, 0x2, 0x4, 0x109, 0xffffffffffffff40, 0x5, 0x16, 0x100000000, 0xfc32, 0x61c, 0x890, 0x6dde9816, 0x1, 0xfffffffffffffff8, 0x4, 0xa3a7, 0x0, 0x0, 0x200, 0x10, 0x10, 0x3, 0xffff, 0x7, 0x6e80, 0xffffffffffffffff, 0xe1, 0x6, 0x100000001, 0x8, 0xdd2, 0x7ff, 0x2, 0x4, 0x1, 0x8000, 0x2, 0x6, 0x0, 0x9ed9, 0x0, 0x7, 0x7fffffffffffffff, 0xfffffffffffffffb, 0x298, 0xffffffffffff4463, 0x1, 0x8ba, 0x7fffffffffffffff, 0xc, 0xc1e, 0x2, 0x0, 0x8, 0x1, 0x10001, 0x0, 0x3, 0x40, 0x5, 0x6, 0x7, 0x2, 0x3, 0x8, 0x5, 0x401, 0x2, 0x1, 0x8, 0x9, 0x7fffffff, 0x0, 0x40, 0x4bfc, 0x8, 0x0, 0x3, 0x3, 0x6, 0x2b82034e, 0x1, 0x5, 0x5, 0xfffffffffffffffc, 0x7, 0x0, 0xa5a, 0x8, 0x40000000800, 0x7, 0x0, 0xc, 0x7fff, 0x7, 0x9, 0x2, 0x2, 0x1050, 0x0, 0x4, 0x0, 0xd]})
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000b00)={0x5, 0x7ff})
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000b80)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000b40)=0x400}) (async)
ioctl$KVM_GET_SREGS(r1, 0x8000ae83, &(0x7f0000000bc0)) (async)
ioctl$KVM_RUN(r1, 0xae80, 0x0) (async, rerun: 32)
ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000d00)={0x1000, 0xa7006, 0x3, 0x1, 0x9}) (rerun: 32)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000d40), 0xa8e00, 0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000d80)={r3, 0x9, 0x2})

0s ago: executing program 0 (id=24):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xffffffffffffffff)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@mrs={0xbe, 0x18, {0x603000000013df61}}], 0x18}, &(0x7f0000000000)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20)
syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@hvc={0x32, 0x40, {0xc400000c, [0xfffffffffffffff9, 0x8000, 0xffffffffffffffff, 0xfffffffffffffff9, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013800d}}, @svc={0x122, 0x40, {0xc4000012, [0x6, 0x8000000000000000, 0x81, 0x3ff, 0x481]}}, @code={0xa, 0xb4, {"0040c00d00e4202e00c0202e1f00206b40b495d200c0b0f2210180d2020180d2e30180d2e40080d2020000d4c00992d20060b8f2410180d2a20180d2230180d2e40080d2020000d400418fd20060b8f2e10180d2620080d2430080d2e40080d2020000d440a886d20000b0f2010180d2420180d2c30180d2c40080d2020000d4206882d20080b8f2e10080d2e20180d2430180d2840080d2020000d4007008d5"}}, @uexit={0x0, 0x18, 0x9a7}, @mrs={0xbe, 0x18, {0x603000000013e090}}, @smc={0x1e, 0x40, {0x84000051, [0x3ff, 0x0, 0x101, 0x100, 0x1]}}], 0x1bc}, &(0x7f00000001c0)=[@featur1={0x1, 0x80}], 0x1)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000a67000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil)
r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f00000006c0)=[@hvc={0x32, 0x40, {0xc5000021, [0xfffffffffffffde5, 0x3ff, 0x1, 0x7, 0x9]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
r16 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
r18 = syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil)
r19 = syz_kvm_add_vcpu$arm64(r18, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
syz_kvm_vgic_v3_setup(r17, 0x0, 0x3c0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r19, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
syz_kvm_assert_reg(r15, 0x603000000053c4f1, 0x8800)
ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100014, &(0x7f0000000100)=0xffffffffffffffff})

kernel console output (not intermixed with test programs):

[  381.343909][ T3157] 8021q: adding VLAN 0 to HW filter on device bond0
[  440.814881][ T3157] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:8559' (ED25519) to the list of known hosts.
[  593.447726][   T25] audit: type=1400 audit(592.630:61): avc:  denied  { name_bind } for  pid=3314 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  594.417506][   T25] audit: type=1400 audit(593.600:62): avc:  denied  { execute } for  pid=3315 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  594.447423][   T25] audit: type=1400 audit(593.620:63): avc:  denied  { execute_no_trans } for  pid=3315 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  617.508401][   T25] audit: type=1400 audit(616.690:64): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  617.547764][   T25] audit: type=1400 audit(616.730:65): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  617.629393][ T3315] cgroup: Unknown subsys name 'net'
[  617.684277][   T25] audit: type=1400 audit(616.860:66): avc:  denied  { unmount } for  pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  618.098078][ T3315] cgroup: Unknown subsys name 'cpuset'
[  618.199475][ T3315] cgroup: Unknown subsys name 'rlimit'
[  619.119291][   T25] audit: type=1400 audit(618.300:67): avc:  denied  { setattr } for  pid=3315 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  619.138842][   T25] audit: type=1400 audit(618.320:68): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  619.166326][   T25] audit: type=1400 audit(618.340:69): avc:  denied  { mount } for  pid=3315 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  620.343797][ T3318] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  620.363978][   T25] audit: type=1400 audit(619.540:70): avc:  denied  { relabelto } for  pid=3318 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  620.389664][   T25] audit: type=1400 audit(619.570:71): avc:  denied  { write } for  pid=3318 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  620.569426][   T25] audit: type=1400 audit(619.750:72): avc:  denied  { read } for  pid=3315 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  620.587052][   T25] audit: type=1400 audit(619.770:73): avc:  denied  { open } for  pid=3315 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  620.634896][ T3315] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  671.121246][   T25] audit: type=1400 audit(670.280:74): avc:  denied  { execmem } for  pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  675.806956][   T25] audit: type=1400 audit(674.990:75): avc:  denied  { read } for  pid=3322 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  675.821834][   T25] audit: type=1400 audit(675.000:76): avc:  denied  { read } for  pid=3321 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  675.845984][   T25] audit: type=1400 audit(675.030:77): avc:  denied  { open } for  pid=3321 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  675.912160][   T25] audit: type=1400 audit(675.090:78): avc:  denied  { mounton } for  pid=3321 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  676.154718][   T25] audit: type=1400 audit(675.330:79): avc:  denied  { module_request } for  pid=3322 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  677.252969][   T25] audit: type=1400 audit(676.430:80): avc:  denied  { sys_module } for  pid=3322 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  703.549709][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  703.786970][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  706.185706][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  706.413034][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  718.739559][ T3322] hsr_slave_0: entered promiscuous mode
[  718.808306][ T3322] hsr_slave_1: entered promiscuous mode
[  720.474604][ T3321] hsr_slave_0: entered promiscuous mode
[  720.497979][ T3321] hsr_slave_1: entered promiscuous mode
[  720.517784][ T3321] debugfs: 'hsr0' already exists in 'hsr'
[  720.523939][ T3321] Cannot create hsr debugfs directory
[  725.622062][   T25] audit: type=1400 audit(724.800:81): avc:  denied  { create } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  725.693520][   T25] audit: type=1400 audit(724.860:82): avc:  denied  { write } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  725.709665][   T25] audit: type=1400 audit(724.890:83): avc:  denied  { read } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  725.849190][ T3322] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  726.183190][ T3322] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  726.454510][ T3322] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  726.599507][ T3322] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  728.283783][ T3321] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  728.469551][ T3321] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  728.674151][ T3321] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  728.828681][ T3321] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  741.258916][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.368019][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0
[  799.595080][ T3322] veth0_vlan: entered promiscuous mode
[  800.048385][ T3322] veth1_vlan: entered promiscuous mode
[  801.674943][ T3321] veth0_vlan: entered promiscuous mode
[  802.498890][ T3321] veth1_vlan: entered promiscuous mode
[  802.643672][ T3322] veth0_macvtap: entered promiscuous mode
[  803.046493][ T3322] veth1_macvtap: entered promiscuous mode
[  805.156518][ T3321] veth0_macvtap: entered promiscuous mode
[  805.258348][   T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  805.353237][   T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  805.357835][   T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  805.372571][   T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  805.804409][ T3321] veth1_macvtap: entered promiscuous mode
[  807.823792][   T25] audit: type=1400 audit(807.000:84): avc:  denied  { mount } for  pid=3322 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  808.074479][   T25] audit: type=1400 audit(807.240:85): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/syzkaller.OZ00Yh/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  808.305521][   T25] audit: type=1400 audit(807.470:86): avc:  denied  { mount } for  pid=3322 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  808.536633][ T2112] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  808.542471][ T2112] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  808.585448][   T25] audit: type=1400 audit(807.770:87): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/syzkaller.OZ00Yh/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  808.632877][   T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  808.637998][   T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  808.738734][   T25] audit: type=1400 audit(807.920:88): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/syzkaller.OZ00Yh/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  809.497065][   T25] audit: type=1400 audit(808.680:89): avc:  denied  { unmount } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  809.722028][   T25] audit: type=1400 audit(808.890:90): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  809.805761][   T25] audit: type=1400 audit(808.980:91): avc:  denied  { mount } for  pid=3322 comm="syz-executor" name="/" dev="gadgetfs" ino=3777 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  810.138825][   T25] audit: type=1400 audit(809.320:92): avc:  denied  { mount } for  pid=3322 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  810.209667][   T25] audit: type=1400 audit(809.390:93): avc:  denied  { mounton } for  pid=3322 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  811.534969][ T3322] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  824.112282][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  824.113144][   T25] audit: type=1400 audit(823.290:98): avc:  denied  { read } for  pid=3474 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  824.241190][   T25] audit: type=1400 audit(823.410:99): avc:  denied  { open } for  pid=3474 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  824.421457][   T25] audit: type=1400 audit(823.590:100): avc:  denied  { ioctl } for  pid=3474 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  826.052525][   T25] audit: type=1400 audit(825.220:101): avc:  denied  { write } for  pid=3476 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  843.926509][   T25] audit: type=1400 audit(843.110:102): avc:  denied  { append } for  pid=3488 comm="syz.1.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  870.656018][   T25] audit: type=1400 audit(869.830:103): avc:  denied  { execute } for  pid=3502 comm="syz.1.8" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4358 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  934.907286][ T3542] ==================================================================
[  934.907916][ T3542] BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x8e4/0xa68
[  934.909651][ T3542] Read of size 8 at addr c5f000001e32c000 by task syz.1.22/3542
[  934.909896][ T3542] Pointer tag: [c5], memory tag: [fe]
[  934.910018][ T3542] 
[  934.910998][ T3542] CPU: 0 UID: 0 PID: 3542 Comm: syz.1.22 Not tainted syzkaller #0 PREEMPT 
[  934.911534][ T3542] Hardware name: linux,dummy-virt (DT)
[  934.911995][ T3542] Call trace:
[  934.912384][ T3542]  show_stack+0x2c/0x3c (C)
[  934.912967][ T3542]  __dump_stack+0x30/0x40
[  934.913241][ T3542]  dump_stack_lvl+0xd8/0x12c
[  934.913461][ T3542]  print_address_description+0xac/0x288
[  934.913718][ T3542]  print_report+0x84/0xa0
[  934.913957][ T3542]  kasan_report+0xb0/0x110
[  934.914179][ T3542]  kasan_tag_mismatch+0x28/0x3c
[  934.914416][ T3542]  __hwasan_tag_mismatch+0x30/0x60
[  934.914692][ T3542]  __kvm_pgtable_walk+0x8e4/0xa68
[  934.914955][ T3542]  kvm_pgtable_walk+0x294/0x468
[  934.915221][ T3542]  kvm_pgtable_stage2_destroy_range+0x60/0xb4
[  934.915514][ T3542]  kvm_free_stage2_pgd+0x198/0x28c
[  934.915812][ T3542]  kvm_uninit_stage2_mmu+0x20/0x38
[  934.916073][ T3542]  kvm_arch_flush_shadow_all+0x1a8/0x1e0
[  934.916377][ T3542]  kvm_mmu_notifier_release+0x48/0xa8
[  934.916646][ T3542]  mmu_notifier_unregister+0x128/0x42c
[  934.916895][ T3542]  kvm_put_kvm+0x6a0/0xfa8
[  934.917088][ T3542]  kvm_vm_release+0x58/0x78
[  934.917354][ T3542]  __fput+0x4ac/0x980
[  934.917554][ T3542]  ____fput+0x20/0x58
[  934.917743][ T3542]  task_work_run+0x1bc/0x254
[  934.917956][ T3542]  do_notify_resume+0x1bc/0x270
[  934.918202][ T3542]  el0_svc+0xb8/0x164
[  934.918446][ T3542]  el0t_64_sync_handler+0x84/0x12c
[  934.918676][ T3542]  el0t_64_sync+0x198/0x19c
[  934.919176][ T3542] 
[  934.919360][ T3542] The buggy address belongs to the physical page:
[  934.920469][ T3542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e32c
[  934.920833][ T3542] flags: 0x1ffce8000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x3a)
[  934.921967][ T3542] raw: 01ffce8000000000 ffffc1ffc079f908 ffffc1ffc0631f88 0000000000000000
[  934.922210][ T3542] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  934.922420][ T3542] page dumped because: kasan: bad access detected
[  934.922544][ T3542] 
[  934.922632][ T3542] Memory state around the buggy address:
[  934.922970][ T3542]  fff000001e32be00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  934.923169][ T3542]  fff000001e32bf00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  934.923369][ T3542] >fff000001e32c000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  934.923508][ T3542]                    ^
[  934.923768][ T3542]  fff000001e32c100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  934.923951][ T3542]  fff000001e32c200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  934.924164][ T3542] ==================================================================
[  935.201216][ T3542] Disabling lock debugging due to kernel taint
[  935.202051][ T3542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e32c
[  935.202504][ T3542] flags: 0x1ffce8000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x3a)
[  935.202924][ T3542] raw: 01ffce8000000000 ffffc1ffc079f908 ffffc1ffc0631f88 0000000000000000
[  935.203255][ T3542] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  935.203523][ T3542] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[  935.204592][ T3542] ------------[ cut here ]------------
[  935.204737][ T3542] kernel BUG at ./include/linux/mm.h:1036!
[  935.205621][ T3542] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
[  935.215009][ T3542] Modules linked in:
[  935.216770][ T3542] CPU: 0 UID: 0 PID: 3542 Comm: syz.1.22 Tainted: G    B               syzkaller #0 PREEMPT 
[  935.218233][ T3542] Tainted: [B]=BAD_PAGE
[  935.218856][ T3542] Hardware name: linux,dummy-virt (DT)
[  935.219839][ T3542] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[  935.221058][ T3542] pc : kvm_s2_put_page+0x374/0x3a0
[  935.222012][ T3542] lr : kvm_s2_put_page+0x374/0x3a0
[  935.222952][ T3542] sp : ffff8000a3ee7830
[  935.223651][ T3542] x29: ffff8000a3ee7830 x28: c5f000001e32c000 x27: c5f000001e32c000
[  935.225218][ T3542] x26: 00000000000000ff x25: ffff800087396000 x24: ffffc1ffc0000000
[  935.226517][ T3542] x23: ffffc1ffc078cb08 x22: 0000000000000000 x21: ffffc1ffc078cb34
[  935.227822][ T3542] x20: 0000000000000000 x19: ffffc1ffc078cb00 x18: 0000000000001b80
[  935.229011][ T3542] x17: 00000000052d8ec5 x16: 000000002b9cd33c x15: fff0000072d7e404
[  935.230271][ T3542] x14: 0000000000000000 x13: fff00000172a3b08 x12: 0000000000000001
[  935.231541][ T3542] x11: 0000000000000000 x10: 0000000000ff0100 x9 : 353b739b5e4d3700
[  935.232953][ T3542] x8 : 353b739b5e4d3700 x7 : 0000000000000000 x6 : ffff80008048ab34
[  935.234262][ T3542] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008074aff8
[  935.235542][ T3542] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e
[  935.236931][ T3542] Call trace:
[  935.237590][ T3542]  kvm_s2_put_page+0x374/0x3a0 (P)
[  935.238573][ T3542]  stage2_free_walker+0xdc/0x264
[  935.239417][ T3542]  __kvm_pgtable_walk+0x7d8/0xa68
[  935.240349][ T3542]  kvm_pgtable_walk+0x294/0x468
[  935.241193][ T3542]  kvm_pgtable_stage2_destroy_range+0x60/0xb4
[  935.242197][ T3542]  kvm_free_stage2_pgd+0x198/0x28c
[  935.243087][ T3542]  kvm_uninit_stage2_mmu+0x20/0x38
[  935.244015][ T3542]  kvm_arch_flush_shadow_all+0x1a8/0x1e0
[  935.244977][ T3542]  kvm_mmu_notifier_release+0x48/0xa8
[  935.245930][ T3542]  mmu_notifier_unregister+0x128/0x42c
[  935.246869][ T3542]  kvm_put_kvm+0x6a0/0xfa8
[  935.247657][ T3542]  kvm_vm_release+0x58/0x78
[  935.248532][ T3542]  __fput+0x4ac/0x980
[  935.249270][ T3542]  ____fput+0x20/0x58
[  935.250008][ T3542]  task_work_run+0x1bc/0x254
[  935.250851][ T3542]  do_notify_resume+0x1bc/0x270
[  935.251782][ T3542]  el0_svc+0xb8/0x164
[  935.252584][ T3542]  el0t_64_sync_handler+0x84/0x12c
[  935.253468][ T3542]  el0t_64_sync+0x198/0x19c
[  935.254806][ T3542] Code: 900377c1 910e9421 aa1303e0 97f9c9f2 (d4210000) 
[  935.256537][ T3542] ---[ end trace 0000000000000000 ]---
[  935.258031][ T3542] Kernel panic - not syncing: Oops - BUG: Fatal exception
[  935.260050][ T3542] Kernel Offset: disabled
[  935.260768][ T3542] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[  935.261840][ T3542] Memory Limit: none
[  935.263472][ T3542] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:51:42  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800082159154 X00=0000000000000003 X01=0000000000000002
X02=0000000000000001 X03=ffff800082159050 X04=0000000000000001
X05=0000000000000001 X06=0000000000000000 X07=ffff800081f1ef70
X08=adf000000d9b9d80 X09=0000000000000000 X10=0000000000ff0100
X11=00000000000000fe X12=0000000000000002 X13=0000000000000002
X14=0000000000000000 X15=0000000064190505 X16=000000007edefdce
X17=0000000000000000 X18=000000007edf379e X19=efff800000000000
X20=08f000000dcb4880 X21=e5ff80008c4bb018 X22=0000000000000002
X23=08f000000dcb497c X24=0000000000000008 X25=08f000000dcb4ac8
X26=08f000000dcb48c8 X27=0000000000000008 X28=0000000000000008
X29=ffff80008c4f7b40 X30=ffff800082159154  SP=ffff80008c4f7b30
PSTATE=814020c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0700000000000000:0700000000000000 Z01=0000000700000000:0000000000000000
Z02=0000000000000007:0000000000000000 Z03=00d000a800000000:0000000000000000
Z04=0000000000000000:0000000000000002 Z05=0000000000000007:0000000000000002
Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffdb725f60:0000ffffdb725f60 Z17=ffffff80ffffffd0:0000ffffdb725f30
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000