last executing test programs:

49.905172172s ago: executing program 0 (id=70):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xf3)
mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)

44.203012928s ago: executing program 0 (id=72):
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454d0, 0x7ffffffd)
r3 = openat$kvm(0x0, &(0x7f0000000000), 0x121000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x3, 0xfffffffd, 0xb}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r4, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

37.283415692s ago: executing program 1 (id=73):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x0, 0x1000000, 0x10, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2d)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
close(r1)
r3 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xfe00000000000)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead)
ioctl$KVM_ARM_VCPU_FINALIZE(r1, 0x4004aec2, &(0x7f0000000040)=0x4)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000080)={0x1000, 0x13000, 0x1})
ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)={0xe7}})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2)
ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4208ae9b, &(0x7f0000000140)={0x3, 0x0, [0x9, 0x1, 0x91ed, 0x6, 0x4, 0x5, 0x7fffffff, 0x1000]})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2d)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x24)
syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f00000001c0)={0x1000, "8e73f969f80e95fd41a772fc5acc31dfa792f0b225c020fe44a64050e03731b52f354ba13a2fc38851611f8949319914b5ac99b1d3f87bebe49da78f46b2bdad5b5a9ca21039db1c49da4890e32e7c46b246bc6c937483f491876a48c8275cae5c44df9d9d5244642b5c5cce9b0d02460c6e235434b168c1db5d5da7301dd58f252f515dac12d2b0e556ebdb1923dc4c5c02e97f74059aee76779e6f71c9c16e0e75b35301a3bed7bfb523ac40718891d6a2846a9dfd3775f4632df3c84210bf856c5fe67ab03ecf109c04658453ab10197e5e2ae75ff06480c1f6495d11249a438ec7dbd4da7c215ce85cbeaaeafbdcab3f3e5a90cbacf4dc7aa71d7dc2ba534d46989db04f277bae00d447b5060e409cf6241b13d4a44c2a10817990788b32eb2b32447ee0079ba6ec3ab099e916ca6f8d08f94ce663b9e94f6ab18ffebddbabfe3ebd33f9a6d324d1fe28578d2e24b7c1cf1fc47b67c1107b605e5cf6147885a8ec2a39e62247b7e891ecd91392fb63c45a99f555b8054b1926cfb6e68a5280d0f06b9d8eeda69eaef933faa61ad91c1c749cdfabbdab1c978a5334fdd3bcb55e8f0ea655c97309ac6022cdfe8ff263c610f466b9a35ba83167d0e26ed2de0f74e700a97931fed7ffe8b46aacbe85e68d623d217dd2560ac9fd8406495ce74f3eb1782d1f1241237b1010ae10bacf7657a69d75f00c6f9572713f83363a259a040bfb23e842862828ec67b95b9f2fb68065d1eeca57a81824d716f6071af93c59f7adb67252ec307bc2fc8fcb6762d255d31ce91eb04f2562658f34d41ac7204cf202d1ac26911225f72f5f830f4f4615f99034a4f9b4e0921a0c59da0dbc98b02bc82e5978a8688278ba2b8ed5bc0a765b12eb59e467eef73971230bc8c131ae6594c9b8de0a676ba36f0150fa40ff1981c4631879d244463e3fe6b8547634b8be84d6bbc7068565286d81b144850372cb22832a4a5afb73f5284929acec364263ae47ab1ecfb704ff02dee4b4df4c32c91bb1123b0d5c35a718d1403be4b437ea0e50f42eb7adf6a516a8e395b8ea39be267dc70e89b9c1ea81da6f7fc94429aaa74033c8cc24b91fb1b10cc810c71f6fa8f95a5e37e9551cb4aac91b249c1566e0812c9968451c8a5c6aa21834789a84de0ca6d6d2ae26c5200eb366abf09930a8f6653f0d3781210f7930b1c5065fa683ce7da0020cba4275f219d75d95deb2a9e05b20a8b4b5dacf12671aaab3bdcc3e9cd2a6a3b8e9fb0933b7c0c1e73dbadaf3f3f48b5428a8d25a3ad5384e3aa8b17b2c72c859d11d326dbe2ba53f3ed7b5be0aec9ea3426e96cd14dc0b3804d882ff3e7cd882e6c485649629ca2eef9c0509a57101438c5fce3cdc2410b090dc590400b069e9ddd4b6e8693734af3d9e66a99fb8d9bc5568a2bfec1a580028d4caba0d9f4b4e3749d9147b9f4a177947657c473b173619e3b8806a61e290541e1061e48e71fd8c89011f84ead785ae2018222b593636d10a8760694f01b1ff53885e5383a43142a191a5c68967722913b2fe1fe8fa4dbe367330c883dc029737a69903d5d57fa8c1a546b4554cca115bca6b1003c92bf821fcd191498dddfbb0a173370438cc8cccd1d72c615704aa6a82b1eebfd61e7be68ad49b199216bb59a3f8a4421aedb9b7dda77501f684413d795da1be85ed51017cb67c0d71ba38ce0b5ab7becd31be4ec770dad175bb63cc06dc78e6e45afaa0ef13395334408901885eed0d5ff87cfe82d9049d56be1524a512e30a18d48c4dd506e2a9364e3101027f2371fc20fa954e5a13634f11beacab85821425b076a5cb8b5801a3bce39ccb8fc6a2368b2b422de12d569725f40366bb7fb44576fd8e68e6d463370a4ecad22a5d38b56bddeadcc79c4d03399c0da37c8c0a309ad6584a743b7f74a0315091790da9a1bb384010e2af92c706ac3f77d962d0f98e9e5a73b10fc51d6c39ba5425c947ec1e47acccc6ecb6e6a343db31ce0c9f495556e83673ef60d9f18889772988c16dfce39bf43e3a460a2c4764500937b17a9c0fc9310d593b07562bc40bf6fea4ca3f30c6f3968edaa3506de1af677a5f73830b8d602f8b85843287a269d9821c9fce5603d3a7d3fa3b71fb63f47b53786188a14f59bcaf3cec9066c7a0d284ab64e9f1bfba933188e97525e6bf0d6bc1153f8e916262371e9b53ea41ace9015a960b75fb0962b4232f9259e8a57100c8e6c2eaf97e09063d0628014d07666ce99d234ab377d11d081274a9b57371e237f40ad480aac9e2f54d2b0e67c8b01cd85967e4b06dc5148696eee896cdd9b524dfbb9ff0c17a4492221c25bda05c67d3cd86189f7af79be74acc8c51dd7f7e007ebe29ce0d3515ee67e5f6cc3a8451b1d08bf7e78efcfd57d303053a889711820e2c3357ccbdc11748a164edfd53de0d30225eb410e662a50519b1f62f1cf9c7cfc3612c9785e01cb79e000e55e66cb32cff4fdc658d90e2892f9c0a535798583b1ab4e1d86ec06611f6ca9f5c98bd6e661a407ef7cebea6c12dcde02542910999b6ea6e7637a1a3432144314177cc39f2d38e56023d34acdaff20f01d24cfe6b591ac640f43b5e963b994e246937e60c162c16dd282a75cfc1c4da75fea7185bd2a711fba5a7a54574476ab3497e3df57ef9f23dabd2c31070cd8b9ec4ac54288d00daf3bc5c7b7437a8ab325947becaf0afdccd2eed1dcb7161f8b791f10ad49cb1480854e5ad2f198965e7c3ab8336c5ca90596aa83182804f39949c68f814ba7e4425cc97b71f7055496b49540b33d476d443a7b4f891df5e0dbc76023d89bcf7dd1661fab7f113fd4061bf964e6e6166f2df2843bc6bffb7a32dc6186b50982e7855054ee6ad411b81433db1905551fb5a92013b5ca93595b1aa8944a370a76e4728b500ac6fcedf2d8d623e65b48c97cde05041144f4b003f399bbd63fbcfe61ee858dc2b8de61a189c99f416fb50b957f0be33ef05a5f1d895d9a0cdfe962b21a2a81bf94ec63e4ed7ae496d66eafea2cb3ece264c97c2b35b9a059f91ee681028611dbc885f14d84a2eea55c4dfecc1611f0e8f64a9d623025265c62ae9a037bd6d82cd804b96426f2e508aed1937f8b51a3576d479a4e0ad05f72ad3e40dc53cf78a0d143366bbb4a659ee8e92f575107704f125fe09b216f6aba1f6fdd382ebf7e0e72a542b280382e33f15eb46ff7c90106f54b9d91b28599fae2a50fe57d630772a3acb5c7b4b72e125741016a75824dabc16dd94c41ab455d273288768266e12afe6cf747596e87a17b5a692bf458edf510dfade321f5d0ebb51faaf61463e620c9e2f5bf58d9056f033e0cdbc67c166f4ce77b6cf5e162f87c8a6aed6eeecc4950e725fe79221b0873fa29e0a9e9e92781c1b943092f0ced2f8c591e6063549025860dae6cac85d94ccdac3c833fbabeb5c7a5e26aa972d55aedf962db5ac7d94cb0df7fa9c4a3871dc47008d6fe7d3428f55161c411636ac6d942b339e5ccf8aeb2bd4682a1b33eca9dde63b710fbaaa7dd1cf058060fa727b9f6df9317cf28928cea94c1b5eb5669296ca90a1d905bc589c4ce2ba049dc7cbd7335f54524d4f88ee1fc0ded3ecc663f4e157b28e6209ba89f4f107b46af5efe2643c63ffebfa3c7c26f01d7ebf99b6f9fccb0fdb66b48f34cd30eb992603d4ad83b9113036d074fb4b4fe1b59b7d1cc8ed8e9989faddfc45d279bba5fba798526912b1b6a80435ea08fa0d1fa684d9b40130d81a397dca9423fa70d6c5313e9de9b6bf9f3af246fb3921a2d156836f909382464759884d68901472883c4964a2e9bc21102729c17692fac0aebe28a6683796ebe98b834accd68dd43d083707f778a3358be11218bd93fdca8a739d976c36e6625c830c22addf3ff23faac5db01ee0e9c8ecc32f992aa19247ab6bf525850df18300c5722fef1bb9e7124d05042de880e24a685f7fedebc011a9f7ad103cff87989c911c93dceccc6d5feb0ba61ca1e4f3c8b864d1135a99761a2f988e56784b368e111f8462e3de6b910a6878a7ce8c2f0c29108ba6cd0b3dec84bff1bacf049219f8b9a5e1663998153c5ce1b10c3bf00b4359958c12dfc9cdb7fc7bef9c1479c72cee1daae13ae62f229ad512c27aefaca103d3f19cae2eaee7ae7c14d3f359ee048fd252d588ea18cb87e1f01d9b0b843f7b7a95e2da4c988603a226f518d8814e5917835f110e02676cf453f1683b07e89f59aa468bf84c437e996020741c8040d3dacfe36ee896d7c6339523d2bab5eeb6cfd94aa085fc467909eca220a386a28bd57c954b051d0559ee886067b85d4d7652ae98df5d6f3012750c03e7fd17725db1e0b2fd247c70d1efc375e553914b44dad95f8e80ab2988e909d3b2e09e709580c16c60a81d42e88f6dea901a5e209e09182399cac1fa34d522b1ec1c8ad2b2d559d26e541969413227af15286711879ba1ef5378657b7caaf62c342210a6ebf8e49d8e25792cb522beb5db12386af3b08cabb825dfcb913aa2c3bf305af59550a60055418feb3286b8a5e6f7c7f654438651f1e2a2ea9816b9d9b63bb86403d8a2309d3a06110c2a3451108359c5acfaa723300b764f03ac0860720cd2e492e2985154f84c5f2d5c35cc1968cba4af876de9108450cdd1cf6bba8848523ac440d02072244a9391a8a5afb3221523b9f505289f36e7a76bdc68f71fff7091fa43ba8bdbb0e0dfb089ff3f5ca60f38fe37f0bd5ba45e56e7945e299bae84537621cdd982882d09d9a7caf39b9fa4cd0abf2154b40c1413686d9c5f6e91e0d1508d25d20bac18c6fe61bea2943685ea51a0c11ae4184cc7797d32ae48b1ba84a563876e5cb3647022984cda20fdda7478ff537e13a85512ba0c9b0aec692457ee56946b164a30484339082ef2cc5a6b803b1eb23d42c54edded56bc3800ef809b35aac0e9061ffecb4a22f4c9c27e11f990eb81fa6bf1038cfcc648cad7af48e257dbe1095f2e1125156e824f1faed6b8837e478003e0fbdc42302926086c5a77015df5d32950d7aec1ed07c50c87cdb45923ab6c0bab4d35b79dbd8734716f3b3d541637a19d539cbecdd03326e810eaa48a468428f35e7910a9745bdce6e313cd1a5fa5f27c24897cb830e3519c3b224f6b6e5f7fcfa612c649ea9722412fa386556d59d1116d01f1ce0317cbde5623ff25042f7adc2a3b0b65a6a0aba9e39c3253be3e60881db73cf31801d9fdfe5e7ec315ee08dced592c6bffbabe6e6ff5396bb42631ea3da128f62b244b8ac261077a2e36d744641e66ebf54b7d9e0c40da0e8c0757ab0681049c6be5a012771b3c25fe384e829ba9c1775717da69690ade2d79a67497a7254bb1a15b0342a3f86e039407e92ac04bc8d82eb3a91443275e84d4880fee138194e81720edfec09efd534ed87613e8ed689aa4427d718ba6568ac0e6731cb7786909ae40e1f91e69e2618422aef0a1ffa41f40dc050b7af383f6de3ed18721bbafddc3dc2781966b80b62be3f5bf4df4f5364078368b607cf36fde92a912614fb876fc0dac45fb24a8aff4a341797d496ae8ed02885dd89ade8a01b50f5a8cb43b4ac24cb0e3a71a8cefae639cb770b215668fc6862c73202c58459e1b11b694231f079e5f8c782f178e1fc03b4452ab3d8764bc051cdb4f86d986da4e9e43c6dc097f2bd068efad02f5f2a5531e2584b3b2e51d9f24b7dba2aa82b19cbfa433f69c9755f24fe1695d5c4022fc8651b3c1559e0b7f5a31f98dda19de38326efa53f7cbfa0d15957f4511c1164d5ecc00d8512017106e99f649"})
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x28)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000001200)={0x10000, 0x1000, 0x1})
ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, &(0x7f0000001240)={0x54, "33cd6e0ee2fcfc4d000340ba9f9fdbe93ef74819ed76fe317e1c813879bfe7954194153c173b1c14ea99477d24240f29a96ed39d5eafa69e3394f67434eb95a0dfc141ec6a464ae062c14fc28c9ab7c56ec2247d"})
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x11)
ioctl$KVM_CAP_DIRTY_LOG_RING(r7, 0x4068aea3, &(0x7f00000012c0))
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_SET_MP_STATE(r8, 0x4004ae99, &(0x7f0000001340)=0x6)
r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1c)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000f3e000/0x2000)=nil, r4, 0x100000a, 0x10010, r3, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r10, 0x4208ae9b, &(0x7f0000001380)={0x10002, 0x0, [0x9, 0x40, 0x6, 0x800, 0x1, 0x2180000000000000, 0x101, 0x3]})

35.979067673s ago: executing program 0 (id=74):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100042, &(0x7f00000000c0)})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x4})
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000000c0)={0x4})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f00000001c0)=@arm64={0xdb, 0x8, 0x3, '\x00', 0x1})

27.457422136s ago: executing program 1 (id=75):
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000000)=0xc)
r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r0, 0x100000a, 0x1010, r1, 0x0)
ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000040)={0x8, [0xe, 0x0, 0x6, 0x9, 0x1, 0xffffffffffffffff, 0x200, 0xd409]}) (async)
ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000040)={0x8, [0xe, 0x0, 0x6, 0x9, 0x1, 0xffffffffffffffff, 0x200, 0xd409]})
r2 = eventfd2(0x5, 0x80800)
close(r2)
ioctl$KVM_GET_VCPU_EVENTS(r1, 0x8040ae9f, &(0x7f00000000c0))
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3c) (async)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3c)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000440)=[{0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x0, 0x1de}}, @eret={0xe6, 0x18, 0x8}, @hvc={0x32, 0x40, {0xc4000007, [0x3ff, 0x2, 0x3, 0x5, 0x3ff]}}, @svc={0x122, 0x40, {0x80000000, [0x4, 0x7f, 0x4, 0x8001, 0xc]}}, @smc={0x1e, 0x40, {0x4007db3, [0x852, 0x4, 0x100, 0x5, 0x8001]}}, @code={0xa, 0x6c, {"000028d5007008d5000008d50094202e00a4002f0020400de0819fd200c0b0f2610180d2020080d2e30180d2c40080d2020000d40000309e80b890d20040b0f2010080d2020080d2230180d2e40180d2020000d40098202e"}}, @code={0xa, 0xb4, {"00a896d20060b0f2a10180d2420080d2230080d2440180d2020000d40014200e00a0c00d00d8a17ec01981d20000b0f2e10080d2420180d2a30080d2640180d2020000d4c0409ad20020b0f2410080d2020180d2430180d2c40180d2020000d4e0ca8cd200c0b0f2610080d2420180d2c30180d2a40080d2020000d420bc88d20000b8f2010080d2e20080d2a30180d2840080d2020000d4e0039f5a007008d5"}}, @code={0xa, 0x54, {"0064002f007008d5000008d5c0eb88d20080b8f2810080d2620080d2630080d2040180d2020000d4000008d50034005f007c200e00c0671e000008d50100a0d4"}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0x993, 0xd, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x1, 0x1, 0x2, 0x5, 0x5, 0x4}}, @mrs={0xbe, 0x18, {0x6030000000138012}}, @svc={0x122, 0x40, {0xc4000007, [0x1, 0xffffffffffffff55, 0x8a, 0xd, 0x8]}}, @eret={0xe6, 0x18, 0x2}], 0x32c}], 0x1, 0x0, &(0x7f0000000480)=[@featur2], 0x1)
mmap$KVM_VCPU(&(0x7f0000e3d000/0x3000)=nil, r0, 0x2000004, 0x8010, r1, 0x0)
syz_kvm_vgic_v3_setup(r3, 0x3, 0x300) (async)
syz_kvm_vgic_v3_setup(r3, 0x3, 0x300)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x40)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000004c0)={0xeeee0000, 0x101000, 0x1}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000004c0)={0xeeee0000, 0x101000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000500)={0xeeef0000, 0x4000})
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000540)={0x2, 0x40}) (async)
ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000540)={0x2, 0x40})
eventfd2(0xffffff80, 0x0) (async)
r6 = eventfd2(0xffffff80, 0x0)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000580)={r2, 0x2, 0x1, r6})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f00000005c0)={0x8080000, 0x0, 0x1}) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f00000005c0)={0x8080000, 0x0, 0x1})
r7 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000970000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000700)={0x0, &(0x7f0000000600)=[@smc={0x1e, 0x40, {0x4, [0x9, 0x2, 0x5, 0x2, 0x9]}}, @eret={0xe6, 0x18, 0x6}, @code={0xa, 0x6c, {"40108fd20020b8f2210080d2a20180d2630080d2e40080d2020000d4007008d50008a038000040fd000040b960439dd200a0b8f2410180d2c20080d2a30080d2640080d2020000d40000221e0004002f00609f0d007008d5"}}], 0xc4}, &(0x7f0000000740)=[@featur2={0x1, 0x21}], 0x1)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000a40)={0x0, &(0x7f0000000780)=[@its_setup={0x82, 0x28, {0x0, 0x4, 0x6e}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x4, 0x10, 0x5, 0x1, 0x2}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x3e2}}, @irq_setup={0x46, 0x18, {0x1, 0x118}}, @uexit={0x0, 0x18, 0x6}, @smc={0x1e, 0x40, {0x84000001, [0x6, 0x3, 0x5481, 0xe381, 0x1]}}, @uexit={0x0, 0x18, 0xfffffffffffffff1}, @smc={0x1e, 0x40, {0x84000014, [0x1, 0x4f8, 0xb80, 0x6, 0x80000000]}}, @msr={0x14, 0x20, {0x603000000013da11, 0x1}}, @irq_setup={0x46, 0x18, {0x2, 0x2ac}}, @eret={0xe6, 0x18, 0x4}, @code={0xa, 0xcc, {"60ee83d20080b0f2610180d2020180d2030180d2640080d2020000d4007008d5803086d200e0b0f2810180d2620180d2430080d2a40080d2020000d40000239e007008d520c289d200e0b8f2810080d2220080d2e30180d2640080d2020000d4403b86d200e0b8f2810080d2220080d2030180d2040180d2020000d4409482d20020b0f2810180d2420080d2230180d2e40080d2020000d420468ad20080b0f2c10080d2220180d2030080d2640080d2020000d41820601e"}}, @svc={0x122, 0x40, {0x3000000, [0x7, 0x8, 0x6, 0x1, 0x4]}}], 0x29c}, &(0x7f0000000a80)=[@featur2={0x1, 0x96}], 0x1)
ioctl$KVM_ARM_VCPU_FINALIZE(r8, 0x4004aec2, &(0x7f0000000ac0)=0x3)
ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000b00)={0x1, [0x59]})
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x22)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000b40)={0x9, 0xffffffffffffffff, 0x1}) (async)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000b40)={0x9, 0xffffffffffffffff, 0x1})
write$eventfd(r2, &(0x7f0000000b80)=0x3ff, 0x8) (async)
write$eventfd(r2, &(0x7f0000000b80)=0x3ff, 0x8)
munmap(&(0x7f0000b6c000/0x1000)=nil, 0x1000)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)

26.903245333s ago: executing program 0 (id=76):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async)
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0x4, 0x80a, 0x1}}) (async)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) (async)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async)
r7 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, <r11=>0xffffffffffffffff, 0x1})
r12 = ioctl$KVM_CREATE_VM(r11, 0x894c, 0x0)
ioctl$KVM_CREATE_VCPU(r12, 0x8008b705, 0x0) (async)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async)
r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)
r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r14, r15, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000280)=0x3}) (async)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)

20.85099633s ago: executing program 1 (id=77):
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f0000000040)=@attr_other={0x0, 0x1, 0x8, &(0x7f0000000080)=0x14})

14.512970605s ago: executing program 0 (id=78):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f00000001c0)={0x10001, 0x0, &(0x7f0000eca000/0x4000)=nil})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x80000028)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x66)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x7})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x4, <r9=>0xffffffffffffffff})
r10 = syz_kvm_vgic_v3_setup(r8, 0x4, 0x280)
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000000)=@attr_other={0x0, 0x1, 0x10, 0x0})
ioctl$KVM_GET_DEVICE_ATTR(r9, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x0, 0x2, &(0x7f00000000c0)=0xb})
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r12, 0x4010aeb5, &(0x7f0000000000)={0x100000000, 0x7})
r13 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r14 = ioctl$KVM_CREATE_VM(r13, 0x894c, 0x100000008000)
ioctl$KVM_CREATE_VCPU(r14, 0xb702, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000007, 0x4f833, 0xffffffffffffffff, 0x0)

13.575545094s ago: executing program 1 (id=79):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x35)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x2})
close(r0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x3, 0x2, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x3, 0x2, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f00000000c0)={0xdddd1000, 0x18000, 0x1})
r1 = ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000100)={0x7aae, 0x7})
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f0000000140)={0x10002, 0x0, 0x4, 0x2000, &(0x7f0000ffb000/0x2000)=nil, 0x766, r1})
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil)
r2 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000240)=@attr_arm64={0x0, 0x8, 0x3, &(0x7f0000000200)=0x9}) (async)
ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000240)=@attr_arm64={0x0, 0x8, 0x3, &(0x7f0000000200)=0x9})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4000ae84, &(0x7f0000000280)={{0x4000, 0xdddd1000, 0x4, 0x7, 0x6, 0x9, 0x4, 0x6, 0xa, 0x0, 0x2, 0x7}, {0x8080000, 0x1000, 0x10, 0x5, 0x9b, 0x9, 0x3, 0x8, 0x4, 0xcb, 0x40}, {0x4, 0xeeee0000, 0x10, 0x0, 0x3, 0x4, 0x5, 0xf, 0xfa, 0xfa, 0x4, 0xc6}, {0xeeee8000, 0xeeef0000, 0xa, 0xe3, 0x4, 0xec, 0x95, 0x5, 0x3, 0x4, 0x8, 0x1}, {0x0, 0x80a0000, 0x6, 0x7, 0x40, 0x6, 0x3f, 0x6, 0x3, 0x1, 0x4, 0x8}, {0x2000, 0x0, 0xe, 0x48, 0xb, 0x9, 0x1, 0x6, 0x9, 0x3c, 0x3, 0x8}, {0x1000, 0xdddd0000, 0x0, 0x4b, 0xfc, 0x40, 0x40, 0x0, 0x0, 0xf, 0x5, 0x5}, {0xeeef0000, 0x8000000, 0x0, 0x9, 0x7, 0xf7, 0x81, 0x5, 0x8, 0x6, 0x0, 0x3}, {0x80a0000}, {0xd000, 0x3}, 0x18, 0x0, 0x33333000, 0x400, 0xf, 0x100, 0x4, [0x8, 0xff, 0x1ff, 0xb]}) (async)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4000ae84, &(0x7f0000000280)={{0x4000, 0xdddd1000, 0x4, 0x7, 0x6, 0x9, 0x4, 0x6, 0xa, 0x0, 0x2, 0x7}, {0x8080000, 0x1000, 0x10, 0x5, 0x9b, 0x9, 0x3, 0x8, 0x4, 0xcb, 0x40}, {0x4, 0xeeee0000, 0x10, 0x0, 0x3, 0x4, 0x5, 0xf, 0xfa, 0xfa, 0x4, 0xc6}, {0xeeee8000, 0xeeef0000, 0xa, 0xe3, 0x4, 0xec, 0x95, 0x5, 0x3, 0x4, 0x8, 0x1}, {0x0, 0x80a0000, 0x6, 0x7, 0x40, 0x6, 0x3f, 0x6, 0x3, 0x1, 0x4, 0x8}, {0x2000, 0x0, 0xe, 0x48, 0xb, 0x9, 0x1, 0x6, 0x9, 0x3c, 0x3, 0x8}, {0x1000, 0xdddd0000, 0x0, 0x4b, 0xfc, 0x40, 0x40, 0x0, 0x0, 0xf, 0x5, 0x5}, {0xeeef0000, 0x8000000, 0x0, 0x9, 0x7, 0xf7, 0x81, 0x5, 0x8, 0x6, 0x0, 0x3}, {0x80a0000}, {0xd000, 0x3}, 0x18, 0x0, 0x33333000, 0x400, 0xf, 0x100, 0x4, [0x8, 0xff, 0x1ff, 0xb]})
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f00000003c0)={0x6, 0x5001, 0x0, r2, 0x2})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r2, 0x4068aea3, &(0x7f0000000400)={0xe4, 0x0, 0x8})
ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r2, 0x4068aea3, &(0x7f0000000480)={0xe4, 0x0, 0x1})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xb)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000900)={0x10002, 0x280, 0x40, &(0x7f0000000500)=[0x5, 0x90e5, 0x2, 0xd980, 0x6, 0x8000000000000000, 0x768f2580, 0x742, 0x4, 0x800, 0x1, 0x8000000000000000, 0x9, 0xc3b7d2d, 0x1, 0x0, 0x7, 0xffffffffffffffff, 0x800, 0x3, 0xe, 0x0, 0x8000, 0x7fffffffffffffff, 0x1ea, 0x0, 0x80, 0x0, 0xff, 0x876, 0x3, 0xe6d, 0x8, 0x7ff, 0x7, 0x1, 0x8, 0x7fc7a2c6, 0x7, 0x1ff, 0x83, 0x5, 0x4, 0xc, 0x1f, 0x8000000000000000, 0x6, 0xfffffffffffffffb, 0x272, 0xa8, 0x1, 0x3, 0x2eac, 0x1, 0x7, 0x84b, 0x7, 0xe2, 0xffffffff80000001, 0x7, 0x9, 0x7f, 0x1, 0x9, 0x6, 0x1, 0xffffffffffffff61, 0xc, 0x1, 0x2, 0x8, 0x6, 0x7, 0x200, 0x3, 0x200, 0x7ff, 0xb619, 0x0, 0x3, 0x1, 0x106c, 0x100000001, 0x0, 0x0, 0x25d, 0x8, 0x3, 0xc, 0x8, 0x7f, 0x2, 0x1, 0xffffffffffff542b, 0x4, 0xe, 0xab67, 0x0, 0x81, 0xffffffff, 0x1, 0x7, 0x80, 0x8000000000000000, 0x800, 0x54c92191, 0x7, 0x6, 0x9, 0x5ada431, 0x401, 0x6, 0x8d, 0x800, 0x1, 0x3, 0x4829, 0xffffffffffffffff, 0x874, 0x80, 0x5, 0x6, 0x8, 0x4, 0x2, 0x5, 0x3e60, 0x7]}) (async)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000900)={0x10002, 0x280, 0x40, &(0x7f0000000500)=[0x5, 0x90e5, 0x2, 0xd980, 0x6, 0x8000000000000000, 0x768f2580, 0x742, 0x4, 0x800, 0x1, 0x8000000000000000, 0x9, 0xc3b7d2d, 0x1, 0x0, 0x7, 0xffffffffffffffff, 0x800, 0x3, 0xe, 0x0, 0x8000, 0x7fffffffffffffff, 0x1ea, 0x0, 0x80, 0x0, 0xff, 0x876, 0x3, 0xe6d, 0x8, 0x7ff, 0x7, 0x1, 0x8, 0x7fc7a2c6, 0x7, 0x1ff, 0x83, 0x5, 0x4, 0xc, 0x1f, 0x8000000000000000, 0x6, 0xfffffffffffffffb, 0x272, 0xa8, 0x1, 0x3, 0x2eac, 0x1, 0x7, 0x84b, 0x7, 0xe2, 0xffffffff80000001, 0x7, 0x9, 0x7f, 0x1, 0x9, 0x6, 0x1, 0xffffffffffffff61, 0xc, 0x1, 0x2, 0x8, 0x6, 0x7, 0x200, 0x3, 0x200, 0x7ff, 0xb619, 0x0, 0x3, 0x1, 0x106c, 0x100000001, 0x0, 0x0, 0x25d, 0x8, 0x3, 0xc, 0x8, 0x7f, 0x2, 0x1, 0xffffffffffff542b, 0x4, 0xe, 0xab67, 0x0, 0x81, 0xffffffff, 0x1, 0x7, 0x80, 0x8000000000000000, 0x800, 0x54c92191, 0x7, 0x6, 0x9, 0x5ada431, 0x401, 0x6, 0x8d, 0x800, 0x1, 0x3, 0x4829, 0xffffffffffffffff, 0x874, 0x80, 0x5, 0x6, 0x8, 0x4, 0x2, 0x5, 0x3e60, 0x7]})
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000a52000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000a52000/0x400000)=nil)
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
eventfd2(0xfffeffff, 0x801) (async)
r4 = eventfd2(0xfffeffff, 0x801)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000940)={0xffffffffffffffff, 0x3ff, 0x1, r4})
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000980)) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000980))
r5 = eventfd2(0x550891bd, 0x100000)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000a00)={0x6, 0x8080000, 0x8, r5, 0xc}) (async)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000a00)={0x6, 0x8080000, 0x8, r5, 0xc})
r6 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000a40)={0x2, 0x1000, 0x0, r4, 0x2})
eventfd2(0x3, 0x800) (async)
eventfd2(0x3, 0x800)
close(r0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000a80)={0xff, 0x8000})
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000b00)=@attr_other={0x0, 0x1, 0x5, &(0x7f0000000ac0)=0x7}) (async)
ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000b00)=@attr_other={0x0, 0x1, 0x5, &(0x7f0000000ac0)=0x7})

7.130023781s ago: executing program 1 (id=80):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8})
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000280)={0x100000, 0x6000})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x3)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x0, 0xdddd1000, 0x8, 0xffffffffffffffff, 0x724c296f918c7431})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8}) (async)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000280)={0x100000, 0x6000}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x3) (async)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x0, 0xdddd1000, 0x8, 0xffffffffffffffff, 0x724c296f918c7431}) (async)

3.079659817s ago: executing program 0 (id=81):
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x40480, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_other={0x0, 0x0, 0x1000, &(0x7f00000000c0)=0x3})
r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil})
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x20080, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x29)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100050, &(0x7f00000000c0)=0x9})
r11 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000003c0)=[@hvc={0x32, 0x40, {0x86000001, [0xc, 0x5, 0x2, 0x0, 0x52]}}], 0x40}, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)

0s ago: executing program 1 (id=82):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d5, &(0x7f0000000100)=0x10000})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$arm64(r4, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000640)=@arm64_sys={0x603000000013c028, &(0x7f0000000600)=0x5d70})
ioctl$KVM_GET_REG_LIST(r8, 0xc008aeb0, &(0x7f0000000000)={0x3, [0x10001, 0x3, 0x2]})

kernel console output (not intermixed with test programs):

[  385.499624][ T3150] 8021q: adding VLAN 0 to HW filter on device bond0
[  438.610962][ T3150] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:29349' (ED25519) to the list of known hosts.
[  603.310072][   T25] audit: type=1400 audit(602.530:60): avc:  denied  { name_bind } for  pid=3308 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  604.262082][   T25] audit: type=1400 audit(603.480:61): avc:  denied  { execute } for  pid=3309 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  604.290643][   T25] audit: type=1400 audit(603.500:62): avc:  denied  { execute_no_trans } for  pid=3309 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  626.085637][   T25] audit: type=1400 audit(625.300:63): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  626.119010][   T25] audit: type=1400 audit(625.340:64): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  626.208575][ T3309] cgroup: Unknown subsys name 'net'
[  626.260111][   T25] audit: type=1400 audit(625.480:65): avc:  denied  { unmount } for  pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  626.636455][ T3309] cgroup: Unknown subsys name 'cpuset'
[  626.736859][ T3309] cgroup: Unknown subsys name 'rlimit'
[  627.647703][   T25] audit: type=1400 audit(626.870:66): avc:  denied  { setattr } for  pid=3309 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  627.666204][   T25] audit: type=1400 audit(626.880:67): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  627.695850][   T25] audit: type=1400 audit(626.910:68): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  629.270327][ T3312] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  629.290292][   T25] audit: type=1400 audit(628.510:69): avc:  denied  { relabelto } for  pid=3312 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  629.316537][   T25] audit: type=1400 audit(628.530:70): avc:  denied  { write } for  pid=3312 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  629.500897][   T25] audit: type=1400 audit(628.720:71): avc:  denied  { read } for  pid=3309 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  629.526899][   T25] audit: type=1400 audit(628.730:72): avc:  denied  { open } for  pid=3309 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  629.568237][ T3309] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  679.527855][   T25] audit: type=1400 audit(678.750:73): avc:  denied  { execmem } for  pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  683.908386][   T25] audit: type=1400 audit(683.130:74): avc:  denied  { read } for  pid=3315 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  683.941382][   T25] audit: type=1400 audit(683.160:75): avc:  denied  { open } for  pid=3315 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  684.028019][   T25] audit: type=1400 audit(683.250:76): avc:  denied  { mounton } for  pid=3315 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  684.299125][   T25] audit: type=1400 audit(683.520:77): avc:  denied  { module_request } for  pid=3316 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  685.408081][   T25] audit: type=1400 audit(684.620:78): avc:  denied  { sys_module } for  pid=3316 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  714.197024][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  714.757217][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  714.846359][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  715.188438][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  727.089613][ T3316] hsr_slave_0: entered promiscuous mode
[  727.117450][ T3316] hsr_slave_1: entered promiscuous mode
[  727.781873][ T3315] hsr_slave_0: entered promiscuous mode
[  727.820956][ T3315] hsr_slave_1: entered promiscuous mode
[  727.851588][ T3315] debugfs: 'hsr0' already exists in 'hsr'
[  727.857720][ T3315] Cannot create hsr debugfs directory
[  733.366176][   T25] audit: type=1400 audit(732.580:79): avc:  denied  { create } for  pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  733.417650][   T25] audit: type=1400 audit(732.630:80): avc:  denied  { write } for  pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  733.469713][   T25] audit: type=1400 audit(732.690:81): avc:  denied  { read } for  pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  733.598654][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  733.893196][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  734.328045][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  734.649282][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  736.162127][ T3315] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  736.332024][ T3315] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  736.480207][ T3315] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  736.641076][ T3315] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  749.316833][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0
[  751.390514][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0
[  807.438460][ T3316] veth0_vlan: entered promiscuous mode
[  807.822863][ T3316] veth1_vlan: entered promiscuous mode
[  809.604154][ T3315] veth0_vlan: entered promiscuous mode
[  810.227551][ T3316] veth0_macvtap: entered promiscuous mode
[  810.673003][ T3316] veth1_macvtap: entered promiscuous mode
[  810.760277][ T3315] veth1_vlan: entered promiscuous mode
[  812.797663][ T3396] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  812.818522][ T3396] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  812.947180][ T3396] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  812.955861][ T3396] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  813.348532][ T3315] veth0_macvtap: entered promiscuous mode
[  813.788090][ T3315] veth1_macvtap: entered promiscuous mode
[  815.545704][   T25] audit: type=1400 audit(814.750:82): avc:  denied  { mount } for  pid=3316 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  815.846193][   T25] audit: type=1400 audit(815.000:83): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/syzkaller.NNYK11/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  816.012946][   T25] audit: type=1400 audit(815.230:84): avc:  denied  { mount } for  pid=3316 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  816.331050][   T51] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  816.337570][   T51] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  816.355171][   T51] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  816.364830][   T51] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  816.400003][   T25] audit: type=1400 audit(815.620:85): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/syzkaller.NNYK11/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  816.508841][   T25] audit: type=1400 audit(815.710:86): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/syzkaller.NNYK11/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  817.468906][   T25] audit: type=1400 audit(816.550:87): avc:  denied  { unmount } for  pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  817.847182][   T25] audit: type=1400 audit(816.950:88): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  817.937133][   T25] audit: type=1400 audit(817.150:89): avc:  denied  { mount } for  pid=3316 comm="syz-executor" name="/" dev="gadgetfs" ino=3794 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  818.515169][   T25] audit: type=1400 audit(817.680:90): avc:  denied  { mount } for  pid=3316 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  818.615591][   T25] audit: type=1400 audit(817.820:91): avc:  denied  { mounton } for  pid=3316 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  820.139664][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  820.969346][   T25] kauditd_printk_skb: 1 callbacks suppressed
[  820.974350][   T25] audit: type=1400 audit(820.190:93): avc:  denied  { read write } for  pid=3316 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  821.065584][   T25] audit: type=1400 audit(820.230:94): avc:  denied  { open } for  pid=3316 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  821.124466][   T25] audit: type=1400 audit(820.330:95): avc:  denied  { ioctl } for  pid=3316 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  832.401686][   T25] audit: type=1400 audit(831.460:96): avc:  denied  { read } for  pid=3469 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  832.403007][   T25] audit: type=1400 audit(831.620:97): avc:  denied  { open } for  pid=3469 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  832.560184][   T25] audit: type=1400 audit(831.780:98): avc:  denied  { write } for  pid=3469 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  832.715375][   T25] audit: type=1400 audit(831.930:99): avc:  denied  { ioctl } for  pid=3469 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0x1500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  850.208605][   T25] audit: type=1400 audit(849.350:100): avc:  denied  { execute } for  pid=3488 comm="syz.0.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4102 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1082.469387][   T25] audit: type=1400 audit(1081.690:101): avc:  denied  { setattr } for  pid=3624 comm="syz.1.40" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1137.714830][   T25] audit: type=1400 audit(1136.930:102): avc:  denied  { append } for  pid=3640 comm="syz.0.43" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1342.799827][ T3772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e61b
[ 1342.818528][ T3772] flags: 0x1ffe48000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x92)
[ 1342.835910][ T3772] raw: 01ffe48000000000 ffffc1ffc07908c8 ffffc1ffc0799e88 0000000000000000
[ 1342.866658][ T3772] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1342.874922][ T3772] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[ 1342.908370][ T3772] ------------[ cut here ]------------
[ 1342.908643][ T3772] kernel BUG at ./include/linux/mm.h:1036!
[ 1342.910402][ T3772] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
[ 1342.915554][ T3772] Modules linked in:
[ 1342.917626][ T3772] CPU: 0 UID: 0 PID: 3772 Comm: syz.0.81 Not tainted syzkaller #0 PREEMPT 
[ 1342.919194][ T3772] Hardware name: linux,dummy-virt (DT)
[ 1342.920486][ T3772] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1342.921818][ T3772] pc : kvm_s2_put_page+0x374/0x3a0
[ 1342.924156][ T3772] lr : kvm_s2_put_page+0x374/0x3a0
[ 1342.925115][ T3772] sp : ffff8000a8ca7570
[ 1342.925915][ T3772] x29: ffff8000a8ca7570 x28: 02f000001e67a000 x27: 02f000001e67a000
[ 1342.927582][ T3772] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000
[ 1342.928990][ T3772] x23: ffffc1ffc07986c8 x22: 0000000000000000 x21: ffffc1ffc07986f4
[ 1342.930414][ T3772] x20: 0000000000000000 x19: ffffc1ffc07986c0 x18: 00000000235d1215
[ 1342.931802][ T3772] x17: 000000000369b900 x16: 0000000022827ab7 x15: 00000000f0f0d25e
[ 1342.933255][ T3772] x14: ffffffffffffffff x13: fff000001e389d88 x12: 0000000000000001
[ 1342.934451][ T3772] x11: 0000000000080000 x10: 0000000000046b0c x9 : ff21dcdcc6a61800
[ 1342.935918][ T3772] x8 : ff21dcdcc6a61800 x7 : ffff80008039ebc8 x6 : 0000000000000000
[ 1342.937368][ T3772] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010
[ 1342.938740][ T3772] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e
[ 1342.940367][ T3772] Call trace:
[ 1342.941328][ T3772]  kvm_s2_put_page+0x374/0x3a0 (P)
[ 1342.942667][ T3772]  stage2_free_walker+0x1b0/0x264
[ 1342.943760][ T3772]  __kvm_pgtable_walk+0x7d8/0xa68
[ 1342.944769][ T3772]  kvm_pgtable_walk+0x294/0x468
[ 1342.945736][ T3772]  kvm_pgtable_stage2_destroy_range+0x60/0xb4
[ 1342.946852][ T3772]  kvm_free_stage2_pgd+0x198/0x28c
[ 1342.947856][ T3772]  kvm_uninit_stage2_mmu+0x20/0x38
[ 1342.948847][ T3772]  kvm_arch_flush_shadow_all+0x1a8/0x1e0
[ 1342.949917][ T3772]  kvm_mmu_notifier_release+0x48/0xa8
[ 1342.950903][ T3772]  mmu_notifier_unregister+0x128/0x42c
[ 1342.951993][ T3772]  kvm_put_kvm+0x6a0/0xfa8
[ 1342.952865][ T3772]  kvm_vcpu_release+0x70/0x9c
[ 1342.953828][ T3772]  __fput+0x4ac/0x980
[ 1342.954678][ T3772]  ____fput+0x20/0x58
[ 1342.955604][ T3772]  task_work_run+0x1bc/0x254
[ 1342.956390][ T3772]  get_signal+0x13ec/0x1554
[ 1342.957284][ T3772]  do_signal+0x23c/0x4dd0
[ 1342.958187][ T3772]  do_notify_resume+0xb0/0x270
[ 1342.959143][ T3772]  el0_svc+0xb8/0x164
[ 1342.960003][ T3772]  el0t_64_sync_handler+0x84/0x12c
[ 1342.960973][ T3772]  el0t_64_sync+0x198/0x19c
[ 1342.962499][ T3772] Code: f00375a1 91112021 aa1303e0 97f9ca6f (d4210000) 
[ 1342.964342][ T3772] ---[ end trace 0000000000000000 ]---
[ 1342.965927][ T3772] Kernel panic - not syncing: Oops - BUG: Fatal exception
[ 1342.967925][ T3772] Kernel Offset: disabled
[ 1342.968673][ T3772] CPU features: 0x000000,0000d180,2fbe33e1,057ffe1f
[ 1342.969820][ T3772] Memory Limit: none
[ 1342.971522][ T3772] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:45:02  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800080492458 X00=0000000000000000 X01=0000000000000080
X02=0000000000000001 X03=ffff8000804923a8 X04=ffff8000871760f9
X05=ffff8000a8ca6fb8 X06=ffff800080362394 X07=ffff800080015834
X08=00000000000003c0 X09=a7ff80008f0d9000 X10=0000000000047d65
X11=0000000000080000 X12=00000000000000fe X13=00000138ac012b4b
X14=0000000000000002 X15=ffff800087f699e0 X16=0000000000000000
X17=000000000369b900 X18=00000000235d1215 X19=efff800000000000
X20=ffff8000a8ca7020 X21=00000000000000ff X22=00000000000003c0
X23=00000000ffffe3c4 X24=40000000ffffe3c4 X25=00000000000003c0
X26=0000000000000000 X27=0000000000000000 X28=0000000000000013
X29=ffff8000a8ca6ef0 X30=ffff800080492434  SP=ffff8000a8ca6ee0
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=6572207265767265:730073250a0d0a0d
Z02=635f6665725f6567:617028454741505f Z03=0000000000000000:00ff00ff00000000
Z04=0000000000000000:000000000f0f0000 Z05=5f65676170284547:41505f4e4f5f4755
Z06=3a746e756f637061:6d20303a746e756f Z07=3030303030303a67:6e697070616d2030
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffc3382a80:0000ffffc3382a80 Z17=ffffff80ffffffd8:0000ffffc3382a50
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000