last executing test programs:

56.169079096s ago: executing program 0 (id=80):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x10, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000ab8000/0x400000)=nil)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001})

49.826756877s ago: executing program 0 (id=82):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) (async)
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0)
openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xc0189436, 0x20004000)
r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000280)=@arm64_fp={0x60400000001000ba, &(0x7f0000000240)=0x6}) (async)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000280)=@arm64_fp={0x60400000001000ba, &(0x7f0000000240)=0x6})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0)
r9 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
eventfd2(0x8, 0x80800) (async)
r12 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r12, 0x3})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0xf0780000002e2172, 0x0})
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r13, 0x5460, 0x0) (async)
ioctl$KVM_CREATE_VM(r13, 0x5460, 0x0)
ioctl$KVM_CREATE_VM(r9, 0x401c5820, 0x20000001)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

43.88997762s ago: executing program 1 (id=83):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0xfffffffa, 0x80001)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r2})

38.571249747s ago: executing program 0 (id=84):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x78)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, <r8=>0xffffffffffffffff, 0x1})
write$eventfd(r8, &(0x7f00000001c0)=0xffffff7f, 0xff25)
r9 = openat$kvm(0x0, &(0x7f00000000c0), 0xc0980, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
close(r11)
r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x12)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000000)={0x10001, 0x3, 0x6000, 0x2000, &(0x7f00006b2000/0x2000)=nil})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x200000f, 0x40010, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0xe)

34.639167267s ago: executing program 1 (id=85):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc044842da01000000000000004c24501958da2e2c18b875c2357c6ed600", 0x0, 0x48)
r2 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x7d7b465c1d30afba, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000002c0)={0x7, <r4=>0xffffffffffffffff, 0x1})
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, 0xffffffffffffffff, 0x3})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27)
write$eventfd(r4, &(0x7f00000001c0)=0xffffff7f, 0xff25)
syz_kvm_vgic_v3_setup(r1, 0x3, 0x200)

23.310006705s ago: executing program 0 (id=86):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x101300, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000280)=0x400000080a0000}) (async)
r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r7, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48)
r9 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2c)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x603000000013c00a, &(0x7f0000000140)=0x20000000009}) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) (async)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0) (async)
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x381800, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, <r15=>0xffffffffffffffff, 0x1})
write$eventfd(r15, &(0x7f00000001c0), 0xf001) (async)
r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_kvm_assert_reg(0xffffffffffffffff, 0x603000000013dce8, 0x8000) (async)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000180)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000000)=0x10}) (async)
mmap$KVM_VCPU(&(0x7f0000f38000/0x2000)=nil, 0x0, 0x3000005, 0x100010, r16, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r17=>0xffffffffffffffff, 0x1})
write$eventfd(r17, &(0x7f00000000c0)=0x8, 0x8)

23.162125398s ago: executing program 1 (id=87):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0x8, 0x80800)
r4 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x7ffffffffffffffe, 0xeeee0000, 0x8, r4})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r3, 0x2})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x4, r3, 0x3})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffffffd)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
r10 = openat$kvm(0x0, &(0x7f00000002c0), 0x4d0800, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_IRQ_LINE(r11, 0x4008ae61, &(0x7f0000000000)={0x1, 0xe59b8351})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r11, 0x4008ae73, &(0x7f0000000140)={0x4, 0x3})
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r13, r14, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0)
r15 = ioctl$KVM_GET_STATS_FD_vm(r13, 0xaece)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r15, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x1})
ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f0000000100)=@arm64_fp={0x60400000001001a4, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION2(r11, 0x40a0ae49, &(0x7f0000000200)={0x2, 0x2, 0x3000, 0x2000, &(0x7f0000fe9000/0x2000)=nil, 0xb, r15})
syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xa}}], 0x30}, 0x0, 0x0)
ioctl$KVM_RUN(r14, 0xae80, 0x0)

14.121179946s ago: executing program 0 (id=88):
r0 = syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000440)=[@featur1={0x1, 0x2a}], 0x1)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x84000003, [0x99a, 0x7, 0xaca, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, r0, 0x0)

13.932795963s ago: executing program 1 (id=89):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000000)=0x7})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd}}], 0x50}, 0x0, 0x0)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_vgic_v3_setup(r5, 0x1, 0x100)
ioctl$KVM_GET_SREGS(0xffffffffffffffff, 0x8000ae83, &(0x7f0000000240))
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, <r8=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async)
ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

7.042189955s ago: executing program 0 (id=90):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x33)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@eret={0xe6, 0x18, 0x100000001}], 0x18}, 0x0, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r10, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000080)="fb0149dd033be3ac4e37c4005a9614fbff67521ce16f8f09449a7a836b73312954000000000000000000000000000000000000000000000000000000dc6900", 0x0, 0x2e)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x5a17f2, 0x1f01)
r12 = eventfd2(0x0, 0x0)
close(r12)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0)
mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x2000004, 0x2011, r12, 0x0)
syz_kvm_vgic_v3_setup(r5, 0x4, 0x220)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, <r13=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, <r14=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5.992469411s ago: executing program 1 (id=91):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x2})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x185800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1}) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xdf) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c807, &(0x7f0000000280)=0x1}) (async)
ioctl$KVM_CREATE_VM(r2, 0x400454d1, 0x110c330021)

0s ago: executing program 1 (id=92):
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xd, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r1, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000007000/0x3000)=nil, 0x3000)

kernel console output (not intermixed with test programs):

[  376.525905][ T3156] 8021q: adding VLAN 0 to HW filter on device bond0
[  436.856108][ T3156] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:23564' (ED25519) to the list of known hosts.
[  588.449602][   T25] audit: type=1400 audit(587.680:61): avc:  denied  { name_bind } for  pid=3310 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  589.370279][   T25] audit: type=1400 audit(588.600:62): avc:  denied  { execute } for  pid=3311 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  589.389934][   T25] audit: type=1400 audit(588.620:63): avc:  denied  { execute_no_trans } for  pid=3311 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  612.278092][   T25] audit: type=1400 audit(611.510:64): avc:  denied  { mounton } for  pid=3311 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  612.316431][   T25] audit: type=1400 audit(611.540:65): avc:  denied  { mount } for  pid=3311 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  612.403524][ T3311] cgroup: Unknown subsys name 'net'
[  612.450239][   T25] audit: type=1400 audit(611.680:66): avc:  denied  { unmount } for  pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  612.844637][ T3311] cgroup: Unknown subsys name 'cpuset'
[  612.947600][ T3311] cgroup: Unknown subsys name 'rlimit'
[  613.868074][   T25] audit: type=1400 audit(613.100:67): avc:  denied  { setattr } for  pid=3311 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  613.896218][   T25] audit: type=1400 audit(613.130:68): avc:  denied  { mounton } for  pid=3311 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  613.914356][   T25] audit: type=1400 audit(613.140:69): avc:  denied  { mount } for  pid=3311 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  615.124706][ T3314] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  615.145122][   T25] audit: type=1400 audit(614.370:70): avc:  denied  { relabelto } for  pid=3314 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  615.169293][   T25] audit: type=1400 audit(614.390:71): avc:  denied  { write } for  pid=3314 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  615.330817][   T25] audit: type=1400 audit(614.560:72): avc:  denied  { read } for  pid=3311 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  615.357928][   T25] audit: type=1400 audit(614.580:73): avc:  denied  { open } for  pid=3311 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  615.398886][ T3311] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  665.029495][   T25] audit: type=1400 audit(664.260:74): avc:  denied  { execmem } for  pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  669.708141][   T25] audit: type=1400 audit(668.940:75): avc:  denied  { read } for  pid=3318 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  669.736796][   T25] audit: type=1400 audit(668.970:76): avc:  denied  { open } for  pid=3317 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  669.756561][   T25] audit: type=1400 audit(668.990:77): avc:  denied  { open } for  pid=3318 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  669.820771][   T25] audit: type=1400 audit(669.050:78): avc:  denied  { mounton } for  pid=3318 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  670.059984][   T25] audit: type=1400 audit(669.290:79): avc:  denied  { module_request } for  pid=3318 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  670.079025][   T25] audit: type=1400 audit(669.310:80): avc:  denied  { module_request } for  pid=3317 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  671.164012][   T25] audit: type=1400 audit(670.390:81): avc:  denied  { sys_module } for  pid=3317 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  694.569374][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  694.794322][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  695.484739][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  695.620737][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  712.358003][ T3318] hsr_slave_0: entered promiscuous mode
[  712.387146][ T3318] hsr_slave_1: entered promiscuous mode
[  713.425503][ T3317] hsr_slave_0: entered promiscuous mode
[  713.457468][ T3317] hsr_slave_1: entered promiscuous mode
[  713.499719][ T3317] debugfs: 'hsr0' already exists in 'hsr'
[  713.514484][ T3317] Cannot create hsr debugfs directory
[  718.569208][   T25] audit: type=1400 audit(717.800:82): avc:  denied  { create } for  pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  718.626504][   T25] audit: type=1400 audit(717.840:83): avc:  denied  { write } for  pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  718.664402][   T25] audit: type=1400 audit(717.890:84): avc:  denied  { read } for  pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  718.825573][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  719.276261][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  719.516986][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  719.803226][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  721.068337][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  721.234748][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  721.353562][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  721.557387][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  734.155890][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0
[  736.224558][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0
[  790.998017][ T3318] veth0_vlan: entered promiscuous mode
[  791.430590][ T3318] veth1_vlan: entered promiscuous mode
[  793.029204][ T3317] veth0_vlan: entered promiscuous mode
[  793.795236][ T3317] veth1_vlan: entered promiscuous mode
[  794.016158][ T3318] veth0_macvtap: entered promiscuous mode
[  794.470362][ T3318] veth1_macvtap: entered promiscuous mode
[  795.954249][ T3317] veth0_macvtap: entered promiscuous mode
[  796.427435][ T3317] veth1_macvtap: entered promiscuous mode
[  796.758208][ T3368] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  796.815600][ T3368] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  796.830217][ T3368] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  796.840012][ T3368] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  799.296078][   T25] audit: type=1400 audit(798.520:85): avc:  denied  { mount } for  pid=3318 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  799.407088][ T3456] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  799.414694][ T3456] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  799.423027][ T3456] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  799.426520][ T3456] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  799.454393][   T25] audit: type=1400 audit(798.680:86): avc:  denied  { mounton } for  pid=3318 comm="syz-executor" path="/syzkaller.YtB1hB/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  799.727593][   T25] audit: type=1400 audit(798.940:87): avc:  denied  { mount } for  pid=3318 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  800.006334][   T25] audit: type=1400 audit(799.230:88): avc:  denied  { mounton } for  pid=3318 comm="syz-executor" path="/syzkaller.YtB1hB/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  800.116701][   T25] audit: type=1400 audit(799.350:89): avc:  denied  { mounton } for  pid=3318 comm="syz-executor" path="/syzkaller.YtB1hB/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3755 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  800.978945][   T25] audit: type=1400 audit(800.150:90): avc:  denied  { unmount } for  pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  801.145979][   T25] audit: type=1400 audit(800.380:91): avc:  denied  { mounton } for  pid=3318 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  801.340664][   T25] audit: type=1400 audit(800.570:92): avc:  denied  { mount } for  pid=3318 comm="syz-executor" name="/" dev="gadgetfs" ino=3769 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  801.633976][   T25] audit: type=1400 audit(800.860:93): avc:  denied  { mount } for  pid=3318 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  801.676167][   T25] audit: type=1400 audit(800.910:94): avc:  denied  { mounton } for  pid=3318 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  802.660490][ T3318] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  812.353394][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  812.358780][   T25] audit: type=1400 audit(811.580:99): avc:  denied  { read } for  pid=3470 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  812.438605][   T25] audit: type=1400 audit(811.650:100): avc:  denied  { open } for  pid=3470 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  812.543987][   T25] audit: type=1400 audit(811.710:101): avc:  denied  { ioctl } for  pid=3470 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  850.153568][   T25] audit: type=1400 audit(849.380:102): avc:  denied  { append } for  pid=3489 comm="syz.1.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  862.186665][   T25] audit: type=1400 audit(861.420:103): avc:  denied  { execute } for  pid=3499 comm="syz.0.9" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4145 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  870.647072][   T25] audit: type=1400 audit(869.870:104): avc:  denied  { write } for  pid=3506 comm="syz.0.10" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  872.409991][   T25] audit: type=1400 audit(871.640:105): avc:  denied  { map } for  pid=3506 comm="syz.0.10" path="/" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  918.966096][   T25] audit: type=1400 audit(918.190:106): avc:  denied  { setattr } for  pid=3532 comm="syz.1.17" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  961.889762][ T3559] debugfs: 'vgic-its-state@8080000' already exists in '3559-12'
[  984.638178][ T3573] kvm [3573]: Failed to find VMA for hva 0x21016000
[  984.707436][ T3573] kvm [3573]: Failed to find VMA for hva 0x21016000
[  984.855516][ T3573] kvm [3573]: Failed to find VMA for hva 0x21016000
[  984.949556][ T3573] kvm [3573]: Failed to find VMA for hva 0x21016000
[  985.094725][ T3573] kvm [3573]: Failed to find VMA for hva 0x21016000
[  985.136699][ T3573] kvm [3573]: Failed to find VMA for hva 0x21016000
[  985.215616][ T3573] kvm [3573]: Failed to find VMA for hva 0x21016000
[ 1205.204723][ T3691] kvm [3691]: Failed to find VMA for hva 0x20d8d000
[ 1285.930085][   T25] audit: type=1400 audit(1285.140:107): avc:  denied  { execute } for  pid=3734 comm="syz.0.86" path=2F34342F707CD24B7EEBB207 dev="tmpfs" ino=240 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1287.345586][ T3738] kvm [3738]: Failed to find VMA for hva 0x21016000
[ 1310.138175][ T3747] ==================================================================
[ 1310.138808][ T3747] BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x8e4/0xa68
[ 1310.140510][ T3747] Read of size 8 at addr e1f0000018d78000 by task syz.0.90/3747
[ 1310.140765][ T3747] Pointer tag: [e1], memory tag: [fe]
[ 1310.140897][ T3747] 
[ 1310.141934][ T3747] CPU: 0 UID: 0 PID: 3747 Comm: syz.0.90 Not tainted syzkaller #0 PREEMPT 
[ 1310.142466][ T3747] Hardware name: linux,dummy-virt (DT)
[ 1310.142930][ T3747] Call trace:
[ 1310.143303][ T3747]  show_stack+0x2c/0x3c (C)
[ 1310.143935][ T3747]  __dump_stack+0x30/0x40
[ 1310.144223][ T3747]  dump_stack_lvl+0xd8/0x12c
[ 1310.144448][ T3747]  print_address_description+0xac/0x288
[ 1310.144752][ T3747]  print_report+0x84/0xa0
[ 1310.145016][ T3747]  kasan_report+0xb0/0x110
[ 1310.145263][ T3747]  kasan_tag_mismatch+0x28/0x3c
[ 1310.145508][ T3747]  __hwasan_tag_mismatch+0x30/0x60
[ 1310.145832][ T3747]  __kvm_pgtable_walk+0x8e4/0xa68
[ 1310.146114][ T3747]  kvm_pgtable_walk+0x294/0x468
[ 1310.146378][ T3747]  kvm_pgtable_stage2_destroy_range+0x60/0xb4
[ 1310.146673][ T3747]  kvm_free_stage2_pgd+0x198/0x28c
[ 1310.146974][ T3747]  kvm_uninit_stage2_mmu+0x20/0x38
[ 1310.147239][ T3747]  kvm_arch_flush_shadow_all+0x1a8/0x1e0
[ 1310.147521][ T3747]  kvm_mmu_notifier_release+0x48/0xa8
[ 1310.147812][ T3747]  mmu_notifier_unregister+0x128/0x42c
[ 1310.148074][ T3747]  kvm_put_kvm+0x6a0/0xfa8
[ 1310.148272][ T3747]  kvm_vcpu_release+0x70/0x9c
[ 1310.148530][ T3747]  __fput+0x4ac/0x980
[ 1310.148737][ T3747]  ____fput+0x20/0x58
[ 1310.148950][ T3747]  task_work_run+0x1bc/0x254
[ 1310.149171][ T3747]  get_signal+0x13ec/0x1554
[ 1310.149466][ T3747]  do_signal+0x23c/0x4dd0
[ 1310.149786][ T3747]  do_notify_resume+0xb0/0x270
[ 1310.150035][ T3747]  el0_svc+0xb8/0x164
[ 1310.150268][ T3747]  el0t_64_sync_handler+0x84/0x12c
[ 1310.150503][ T3747]  el0t_64_sync+0x198/0x19c
[ 1310.151007][ T3747] 
[ 1310.151176][ T3747] The buggy address belongs to the physical page:
[ 1310.152249][ T3747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58d78
[ 1310.152609][ T3747] flags: 0x1ffc78000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x1e)
[ 1310.153786][ T3747] raw: 01ffc78000000000 ffffc1ffc07b6408 ffffc1ffc07b3cc8 0000000000000000
[ 1310.154032][ T3747] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1310.154232][ T3747] page dumped because: kasan: bad access detected
[ 1310.154358][ T3747] 
[ 1310.154449][ T3747] Memory state around the buggy address:
[ 1310.154806][ T3747]  fff0000018d77e00: b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5
[ 1310.155000][ T3747]  fff0000018d77f00: b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5 b5
[ 1310.155178][ T3747] >fff0000018d78000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 1310.155309][ T3747]                    ^
[ 1310.155541][ T3747]  fff0000018d78100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 1310.155724][ T3747]  fff0000018d78200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 1310.155935][ T3747] ==================================================================
[ 1310.486130][ T3747] Disabling lock debugging due to kernel taint
[ 1310.492669][ T3747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58d78
[ 1310.493284][ T3747] flags: 0x1ffc78000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x1e)
[ 1310.493773][ T3747] raw: 01ffc78000000000 ffffc1ffc07b6408 fff0000072d7e420 0000000000000000
[ 1310.494113][ T3747] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1310.494350][ T3747] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[ 1310.495413][ T3747] ------------[ cut here ]------------
[ 1310.495562][ T3747] kernel BUG at ./include/linux/mm.h:1036!
[ 1310.496455][ T3747] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
[ 1310.506198][ T3747] Modules linked in:
[ 1310.507947][ T3747] CPU: 0 UID: 0 PID: 3747 Comm: syz.0.90 Tainted: G    B               syzkaller #0 PREEMPT 
[ 1310.509436][ T3747] Tainted: [B]=BAD_PAGE
[ 1310.510142][ T3747] Hardware name: linux,dummy-virt (DT)
[ 1310.511159][ T3747] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1310.512374][ T3747] pc : kvm_s2_put_page+0x374/0x3a0
[ 1310.513365][ T3747] lr : kvm_s2_put_page+0x374/0x3a0
[ 1310.514304][ T3747] sp : ffff8000a9237570
[ 1310.514977][ T3747] x29: ffff8000a9237570 x28: e1f0000018d78000 x27: e1f0000018d78000
[ 1310.516525][ T3747] x26: 00000000000000ff x25: ffff800087396000 x24: ffffc1ffc0000000
[ 1310.517815][ T3747] x23: ffffc1ffc0635e08 x22: 0000000000000000 x21: ffffc1ffc0635e34
[ 1310.519116][ T3747] x20: 0000000000000000 x19: ffffc1ffc0635e00 x18: 0000000000001b80
[ 1310.520406][ T3747] x17: 0000000002a02dff x16: 00000000acd3950b x15: fff0000072d7e404
[ 1310.521790][ T3747] x14: 0000000000000002 x13: fff000001e473b08 x12: 0000000000000001
[ 1310.523003][ T3747] x11: 0000000000080000 x10: 000000000007ffff x9 : ba3529e44262c800
[ 1310.524407][ T3747] x8 : ba3529e44262c800 x7 : 0000000000000000 x6 : ffff80008048ab34
[ 1310.526015][ T3747] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008074aff8
[ 1310.527354][ T3747] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e
[ 1310.528814][ T3747] Call trace:
[ 1310.529535][ T3747]  kvm_s2_put_page+0x374/0x3a0 (P)
[ 1310.530584][ T3747]  stage2_free_walker+0xdc/0x264
[ 1310.531594][ T3747]  __kvm_pgtable_walk+0x7d8/0xa68
[ 1310.532585][ T3747]  kvm_pgtable_walk+0x294/0x468
[ 1310.533538][ T3747]  kvm_pgtable_stage2_destroy_range+0x60/0xb4
[ 1310.534546][ T3747]  kvm_free_stage2_pgd+0x198/0x28c
[ 1310.535526][ T3747]  kvm_uninit_stage2_mmu+0x20/0x38
[ 1310.536570][ T3747]  kvm_arch_flush_shadow_all+0x1a8/0x1e0
[ 1310.537675][ T3747]  kvm_mmu_notifier_release+0x48/0xa8
[ 1310.538702][ T3747]  mmu_notifier_unregister+0x128/0x42c
[ 1310.539763][ T3747]  kvm_put_kvm+0x6a0/0xfa8
[ 1310.540604][ T3747]  kvm_vcpu_release+0x70/0x9c
[ 1310.541570][ T3747]  __fput+0x4ac/0x980
[ 1310.542384][ T3747]  ____fput+0x20/0x58
[ 1310.543153][ T3747]  task_work_run+0x1bc/0x254
[ 1310.544011][ T3747]  get_signal+0x13ec/0x1554
[ 1310.544927][ T3747]  do_signal+0x23c/0x4dd0
[ 1310.545890][ T3747]  do_notify_resume+0xb0/0x270
[ 1310.546780][ T3747]  el0_svc+0xb8/0x164
[ 1310.547588][ T3747]  el0t_64_sync_handler+0x84/0x12c
[ 1310.548435][ T3747]  el0t_64_sync+0x198/0x19c
[ 1310.549863][ T3747] Code: 900377c1 910e9421 aa1303e0 97f9c9f2 (d4210000) 
[ 1310.551670][ T3747] ---[ end trace 0000000000000000 ]---
[ 1310.553307][ T3747] Kernel panic - not syncing: Oops - BUG: Fatal exception
[ 1310.555263][ T3747] Kernel Offset: disabled
[ 1310.555969][ T3747] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 1310.557020][ T3747] Memory Limit: none
[ 1310.558661][ T3747] Rebooting in 86400 seconds..

VM DIAGNOSIS:
00:14:31  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800082159154 X00=0000000000000003 X01=0000000000000002
X02=0000000000000001 X03=ffff800082159050 X04=0000000000000001
X05=0000000000000001 X06=0000000000000000 X07=ffff800081f1ef70
X08=69f000000d9b9d80 X09=0000000000000000 X10=0000000000ff0100
X11=00000000000000fe X12=0000000000000002 X13=0000000000000002
X14=0000000000000000 X15=fff0000072d78de8 X16=000000000000003e
X17=000000000000003e X18=00000000000000ff X19=efff800000000000
X20=f0f000000dcb4880 X21=dfff80008c4bb018 X22=0000000000000002
X23=f0f000000dcb497c X24=00000000000000f0 X25=f0f000000dcb4ac8
X26=f0f000000dcb48c8 X27=00000000000000f0 X28=00000000000000f0
X29=ffff80008c4f7b40 X30=ffff800082159154  SP=ffff80008c4f7b30
PSTATE=814020c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=65642f000a732520:7325207334362e25
Z02=3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z03=000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:000f00f00f00000f Z05=3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d
Z06=3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z07=3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000fffff1f95150:0000fffff1f95150 Z17=ffffff80ffffffd0:0000fffff1f95120
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000