last executing test programs:

1m8.31438603s ago: executing program 1 (id=426):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})

1m7.53576331s ago: executing program 0 (id=427):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x541001, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0)
r3 = eventfd2(0x6, 0x800)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000280)={r3, 0x9})
ioctl$KVM_IRQFD(r2, 0x4020ae76, 0x0)
close(r2)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6000000000110003, 0x0})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20881, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_GUEST_DEBUG_arm64(r6, 0x4208ae9b, &(0x7f00000001c0)={0x30001, 0x0, {[0x2, 0x3, 0x1e, 0x27e, 0x7, 0x5, 0x40, 0xc1, 0x5, 0x8, 0x7, 0xff, 0x1, 0x7, 0x5, 0x7], [0x2, 0x1, 0x182, 0x8, 0x8, 0x0, 0x812, 0x400, 0x9, 0x4, 0x8, 0x7, 0x10, 0x2, 0x4, 0xb3], [0x3, 0x100000001, 0x7, 0xc18, 0x1, 0xfffffffc00000000, 0x4, 0x0, 0x3, 0x7fff, 0x3, 0x2, 0x0, 0x200, 0x7, 0x2ee7a627], [0x0, 0xed, 0x5, 0x100000001, 0x6e, 0xfffffffffffffff8, 0x7fffffffffffffff, 0x2000000, 0x8, 0x0, 0x3, 0x9, 0x80000000, 0x4, 0x9, 0x800]}})
r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000000)={0x800035a3, 0x9})
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r11 = syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, 0x0)
ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, 0x0)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CAP_PTP_KVM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080))
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0)
r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r13, 0x6000007, 0x4047813, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
ioctl$KVM_CREATE_VM(r12, 0xae01, 0x4)

57.903390745s ago: executing program 0 (id=428):
r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)=[@irq_setup={0x46, 0x18, {0x0, 0x218}}], 0x18}, &(0x7f0000000140)=[@featur2={0x1, 0x81}], 0x1) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000bfd000/0x400000)=nil) (async)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async, rerun: 32)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) (rerun: 32)
r9 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r8, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x40086602, 0x110e227ffe)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0xfffffffa, 0x80001) (async)
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r10, 0x40086602, 0x110e227ffe)
mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x0, 0x1000003, 0x4010, r10, 0x0) (async)
r11 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000000)={0x0, 0x0, 0x2e}, &(0x7f00000000c0), 0x1)
ioctl$KVM_RUN(r11, 0xae80, 0x0)

28.946141934s ago: executing program 1 (id=429):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x0, 0x2010, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)

28.085140783s ago: executing program 0 (id=430):
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r1, 0x4068aea3, 0xfffffffffffffffe)
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0)

23.097844617s ago: executing program 1 (id=431):
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0})
r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0)
syz_kvm_assert_reg(r3, 0x603000000013dce5, 0x8000)
syz_kvm_assert_reg(r3, 0x603000000013dce9, 0x8000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = eventfd2(0x8, 0x80800)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f00000000c0)={0x7ffffffffffffffe, 0xeeee0000, 0x8, r8})
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_vgic_v3_setup(r10, 0x2, 0x100)
r11 = eventfd2(0x1, 0x80001)
ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000000)={r11, 0x26df8})
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r8, 0x10001, 0x1, r11})
r12 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@mrs={0xbe, 0x18, {0x603000000013df61}}], 0x18}, &(0x7f0000000000)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r16=>0xffffffffffffffff, 0x1})
r17 = ioctl$KVM_CREATE_VM(r16, 0x894c, 0x0)
close(r17)

21.588356173s ago: executing program 0 (id=432):
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000000, 0x4f831, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x0, &(0x7f0000000000)=0x10})
r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0)
r7 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x100)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0xfffffff7, 0xb, &(0x7f0000000140)=0x3})
ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000100)={0x55})
ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000000)={0xa000000000000, 0x8})

16.392744909s ago: executing program 1 (id=433):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2)
syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r7 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0x40086602, 0x110e227ffe)
r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, <r10=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

15.70253106s ago: executing program 0 (id=434):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x3, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013c081, 0x2}}], 0x20}, 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0) (async, rerun: 64)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) (rerun: 64)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000140)={0xdf, 0x0, 0x2000}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

8.078685527s ago: executing program 0 (id=435):
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31)
r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000080)=@arm64_sys={0x603000000013e641, 0x0})
r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@msr={0x14, 0x20, {0x603000000013e281, 0xc22c}}, @uexit={0x0, 0x18, 0xfffffffffffffffc}, @irq_setup={0x46, 0x18, {0x1, 0x12c}}, @hvc={0x32, 0x40, {0x84000010, [0x39f20336, 0x3b863f65, 0x8, 0x1, 0x103ff]}}, @uexit={0x0, 0x18, 0x1}, @svc={0x122, 0x40, {0x8400000e, [0x121d, 0x1, 0xff, 0x3, 0x8]}}, @smc={0x1e, 0x40, {0x8400000e, [0x9, 0x2, 0x4, 0xa, 0x3]}}, @svc={0x122, 0x40, {0xbacbba797e4d244a, [0x6, 0x40, 0x4, 0xe34b, 0x7]}}, @uexit={0x0, 0x18, 0x624}, @hvc={0x32, 0x40, {0x2000003, [0x3, 0x8, 0x7, 0x4, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x2, 0xc, 0x2, 0x5, 0x1}}], 0x1e8}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r2, 0x1, 0x100)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2f)
r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil)
r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000100)=@arm64_sve={0x60800000001505b6, &(0x7f0000000140)=0x4})
mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r10, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_GET_REG_LIST(r14, 0xc008aeb0, &(0x7f00000000c0)={0x1, [0x8]})
r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r15, 0xae04)

7.677046568s ago: executing program 1 (id=436):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, r2, 0x0) (async, rerun: 32)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x4, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000000)=@attr_other={0x0, 0x1, 0x10, 0x0}) (async)
r10 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x20)
r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000a67000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0xfffffffffffffe1f)
ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010001c, &(0x7f0000000080)=0x40})
r13 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x2}) (async)
r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f00005e1000/0x3000)=nil, r14, 0x2000009, 0x213011, r2, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

0s ago: executing program 1 (id=437):
r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r1 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x2})
ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f00000000c0)=@arm64_fw={0x6030000000140002, &(0x7f0000000080)=0x7e3e5192}) (async)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000100)={0x7, <r2=>0xffffffffffffffff, 0x3})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x6, 0x3, &(0x7f0000000140)=0x10}) (async)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000001c0)={r1, 0x2, 0x7, r0}) (async)
ioctl$KVM_GET_REGS(r1, 0x8360ae81, &(0x7f0000000200)) (async, rerun: 64)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000002c0)={0x2710, 0x0, &(0x7f0000ffe000/0x1000)=nil}) (rerun: 64)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000300)={0x1fd, 0x6, 0xffff1000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x103880, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x3a) (async)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000380)=@arm64={0x6, 0x8, 0x6, '\x00', 0x9})
r5 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000003c0)={0x101ff, 0x1, 0xa35539bbfa026075, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_DIRTY_TLB(r5, 0x4010aeaa, &(0x7f0000000400)={0x2, 0x24})
ioctl$KVM_CLEAR_DIRTY_LOG(r4, 0xc018aec0, &(0x7f0000000840)={0x1fe, 0x40, 0x340, &(0x7f0000000440)=[0xfffffffffffffffc, 0x55e0cdc2, 0x1, 0x2, 0x8000000000000001, 0x80000001, 0x9a, 0x0, 0x8, 0xb7d, 0x1, 0xff, 0x3, 0x0, 0x3, 0x80, 0x6, 0x6, 0x9, 0xfffffffffffffffa, 0x3, 0x9, 0x5, 0x5, 0x80000000, 0xffff, 0x4, 0x4, 0xe, 0x7, 0x4, 0x1, 0x0, 0x400, 0x81, 0x80, 0x1, 0x1, 0x5, 0x1, 0x4, 0x80, 0x8, 0x8, 0x1, 0x3, 0x720b, 0x5, 0x8000000000000001, 0x167, 0xa5, 0x5, 0x0, 0x7, 0x8, 0xa, 0x6, 0x2cc1, 0x3, 0xc97a00, 0x3, 0x484, 0x1, 0xb1d, 0xf8, 0x8, 0xb, 0x9, 0x10, 0x4107e35a, 0x5, 0x3, 0x8, 0xfff00000000, 0x4, 0x8, 0x6, 0x9, 0x1, 0x2, 0x8, 0x0, 0x21b, 0x8, 0x2, 0x5, 0x0, 0x401, 0xfffffffffffff706, 0x6, 0x5, 0x6, 0x10001, 0x7fff, 0x100000001, 0x72b, 0x0, 0x2, 0x2, 0x401, 0x3ff, 0xe, 0x7, 0x7, 0x8000000000000001, 0x7, 0x7, 0x0, 0x8, 0x392, 0x9, 0x3000000000000, 0x5, 0xcdec, 0xffffffff, 0x5, 0xc4d5, 0x9, 0xffff, 0x63, 0x3, 0x4, 0x3, 0x6, 0x8, 0x100, 0x1, 0xaf]}) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x40240, 0x0) (async)
syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000c40)={0x0, &(0x7f00000008c0)=[@its_setup={0x82, 0x28, {0x4, 0x3, 0x1b7}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x2, 0x9, 0xffffff99, 0x7, 0x4}}, @eret={0xe6, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x4, 0x10, 0x3, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0x7, 0xe}}, @hvc={0x32, 0x40, {0x4, [0xfffffffffffffffb, 0x8000000000000001, 0x68, 0x8, 0x9]}}, @msr={0x14, 0x20, {0x603000000013f088, 0x800}}, @mrs={0xbe, 0x18, {0x603000000013e208}}, @eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0x10, [0x1, 0x7, 0x5, 0xde21, 0x6]}}, @eret={0xe6, 0x18, 0x40}, @msr={0x14, 0x20, {0x6030000000138035, 0x2b4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x4, 0xd, 0x105, 0x8, 0x2}}, @smc={0x1e, 0x40, {0x1000, [0x2, 0x2, 0x3, 0xffffffffffffe6b8, 0x9]}}, @code={0xa, 0x6c, {"007008d50028285e007008d50084bf0de0358ad20060b0f2c10180d2e20180d2a30180d2640080d2020000d4008008d5807096d20040b0f2e10180d2020080d2e30080d2c40180d2020000d40064007f000000fa007008d5"}}, @svc={0x122, 0x40, {0x400, [0x1, 0x2, 0x6, 0x9, 0x401]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x1, 0xc, 0xa4, 0x7fff, 0x2}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x235}}, @smc={0x1e, 0x40, {0x40, [0x885, 0xd, 0x3, 0x6, 0x4]}}], 0x36c}, &(0x7f0000000c80)=[@featur2={0x1, 0x40}], 0x1) (async)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000cc0)={0x80000001, 0xf0}) (async, rerun: 32)
ioctl$KVM_CAP_ARM_USER_IRQ(r0, 0x4068aea3, &(0x7f0000000d00)) (rerun: 32)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2f)
ioctl$KVM_GET_DEVICE_ATTR_vm(r7, 0x4018aee2, &(0x7f0000000dc0)=@attr_other={0x0, 0x7, 0x8001, &(0x7f0000000d80)=0x5}) (async)
ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r4, 0x4068aea3, &(0x7f0000000e00)) (async)
r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r8, 0x0, 0x4010, r1, 0x0) (async, rerun: 64)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x8) (async, rerun: 64)
r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1a)
ioctl$KVM_RESET_DIRTY_RINGS(r9, 0xaec7) (async)
eventfd2(0x7ff, 0x800)

kernel console output (not intermixed with test programs):

[  387.693821][   T25] audit: type=1400 audit(386.890:60): avc:  denied  { read } for  pid=3144 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  405.529115][ T3144] 8021q: adding VLAN 0 to HW filter on device bond0
[  455.791166][ T3144] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:59324' (ED25519) to the list of known hosts.
[  623.717950][   T25] audit: type=1400 audit(622.920:61): avc:  denied  { name_bind } for  pid=3300 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  625.814306][   T25] audit: type=1400 audit(625.010:62): avc:  denied  { execute } for  pid=3301 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  625.840145][   T25] audit: type=1400 audit(625.040:63): avc:  denied  { execute_no_trans } for  pid=3301 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  654.599585][   T25] audit: type=1400 audit(653.800:64): avc:  denied  { mounton } for  pid=3301 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  654.635060][   T25] audit: type=1400 audit(653.830:65): avc:  denied  { mount } for  pid=3301 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  654.716676][ T3301] cgroup: Unknown subsys name 'net'
[  654.773968][   T25] audit: type=1400 audit(653.970:66): avc:  denied  { unmount } for  pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  655.188032][ T3301] cgroup: Unknown subsys name 'cpuset'
[  655.295611][ T3301] cgroup: Unknown subsys name 'rlimit'
[  656.248187][   T25] audit: type=1400 audit(655.450:67): avc:  denied  { setattr } for  pid=3301 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  656.267617][   T25] audit: type=1400 audit(655.470:68): avc:  denied  { mounton } for  pid=3301 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  656.294902][   T25] audit: type=1400 audit(655.490:69): avc:  denied  { mount } for  pid=3301 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  657.514793][ T3305] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  657.535028][   T25] audit: type=1400 audit(656.730:70): avc:  denied  { relabelto } for  pid=3305 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  657.560471][   T25] audit: type=1400 audit(656.750:71): avc:  denied  { write } for  pid=3305 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  657.746952][   T25] audit: type=1400 audit(656.950:72): avc:  denied  { read } for  pid=3301 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  657.767406][   T25] audit: type=1400 audit(656.960:73): avc:  denied  { open } for  pid=3301 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  657.814686][ T3301] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  710.358951][   T25] audit: type=1400 audit(709.560:74): avc:  denied  { execmem } for  pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  715.408230][   T25] audit: type=1400 audit(714.610:75): avc:  denied  { read } for  pid=3308 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  715.440237][   T25] audit: type=1400 audit(714.620:76): avc:  denied  { open } for  pid=3308 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  715.503361][   T25] audit: type=1400 audit(714.700:77): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  715.768165][   T25] audit: type=1400 audit(714.960:78): avc:  denied  { module_request } for  pid=3309 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  715.784959][   T25] audit: type=1400 audit(714.980:79): avc:  denied  { module_request } for  pid=3308 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  716.947912][   T25] audit: type=1400 audit(716.150:80): avc:  denied  { sys_module } for  pid=3309 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  742.088179][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  742.507579][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  742.577397][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  742.819360][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  756.031137][ T3309] hsr_slave_0: entered promiscuous mode
[  756.083307][ T3309] hsr_slave_1: entered promiscuous mode
[  756.928121][ T3308] hsr_slave_0: entered promiscuous mode
[  756.975321][ T3308] hsr_slave_1: entered promiscuous mode
[  757.004471][ T3308] debugfs: 'hsr0' already exists in 'hsr'
[  757.009374][ T3308] Cannot create hsr debugfs directory
[  763.694041][   T25] audit: type=1400 audit(762.870:81): avc:  denied  { create } for  pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  763.791311][   T25] audit: type=1400 audit(762.900:82): avc:  denied  { write } for  pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  763.804680][   T25] audit: type=1400 audit(763.000:83): avc:  denied  { read } for  pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  764.010712][ T3309] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  764.429986][ T3309] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  764.896405][ T3309] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  765.636679][ T3309] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  768.166467][ T3308] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  768.447178][ T3308] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  768.765855][ T3308] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  769.033509][ T3308] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  785.160565][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0
[  787.661270][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0
[  847.241025][ T3309] veth0_vlan: entered promiscuous mode
[  847.775699][ T3309] veth1_vlan: entered promiscuous mode
[  849.786381][ T3309] veth0_macvtap: entered promiscuous mode
[  850.190163][ T3308] veth0_vlan: entered promiscuous mode
[  850.311476][ T3309] veth1_macvtap: entered promiscuous mode
[  851.297028][ T3308] veth1_vlan: entered promiscuous mode
[  852.505175][ T3389] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  852.526352][ T3389] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  852.545507][ T3389] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  852.558928][ T3389] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  854.480724][ T3308] veth0_macvtap: entered promiscuous mode
[  855.111418][   T25] audit: type=1400 audit(854.310:84): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  855.128455][ T3308] veth1_macvtap: entered promiscuous mode
[  855.346482][   T25] audit: type=1400 audit(854.510:85): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/syzkaller.hL3fyr/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  855.503757][   T25] audit: type=1400 audit(854.700:86): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  855.904970][   T25] audit: type=1400 audit(855.100:87): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/syzkaller.hL3fyr/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  856.218804][   T25] audit: type=1400 audit(855.370:88): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/syzkaller.hL3fyr/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3755 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  856.896315][   T25] audit: type=1400 audit(856.090:89): avc:  denied  { unmount } for  pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  857.069483][   T25] audit: type=1400 audit(856.270:90): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  857.167243][   T25] audit: type=1400 audit(856.370:91): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="gadgetfs" ino=3765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  857.178517][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  857.203004][   T21] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  857.204151][   T21] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  857.204944][   T21] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  857.604025][   T25] audit: type=1400 audit(856.790:92): avc:  denied  { mount } for  pid=3309 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  857.704559][   T25] audit: type=1400 audit(856.880:93): avc:  denied  { mounton } for  pid=3309 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  859.369967][ T3309] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  860.537388][   T25] kauditd_printk_skb: 2 callbacks suppressed
[  860.553092][   T25] audit: type=1400 audit(859.740:96): avc:  denied  { read write } for  pid=3309 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  860.614490][   T25] audit: type=1400 audit(859.800:97): avc:  denied  { open } for  pid=3309 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  860.616759][   T25] audit: type=1400 audit(859.810:98): avc:  denied  { ioctl } for  pid=3309 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  869.848804][   T25] audit: type=1400 audit(869.050:99): avc:  denied  { read } for  pid=3461 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  869.884154][   T25] audit: type=1400 audit(869.080:100): avc:  denied  { open } for  pid=3461 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  872.423044][   T25] audit: type=1400 audit(871.580:101): avc:  denied  { write } for  pid=3463 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  872.778204][   T25] audit: type=1400 audit(871.980:102): avc:  denied  { ioctl } for  pid=3463 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  907.693389][   T25] audit: type=1400 audit(906.880:103): avc:  denied  { append } for  pid=3491 comm="syz.1.9" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  967.486091][   T25] audit: type=1400 audit(966.680:104): avc:  denied  { execute } for  pid=3530 comm="syz.1.20" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4668 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1236.705448][   T25] audit: type=1400 audit(1235.840:105): avc:  denied  { setattr } for  pid=3701 comm="syz.1.73" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1274.751461][   T25] audit: type=1400 audit(1273.950:106): avc:  denied  { map } for  pid=3717 comm="syz.1.78" path="pipe:[2783]" dev="pipefs" ino=2783 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1387.795308][ T3785] kvm [3785]: Failed to find VMA for hva 0x20c01000
[ 1452.626941][   T25] audit: type=1400 audit(1451.760:107): avc:  denied  { map } for  pid=3828 comm="syz.1.111" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1714.201378][   T25] audit: type=1400 audit(1713.400:108): avc:  denied  { ioctl } for  pid=4019 comm="syz.0.166" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1847.797932][ T4129] kvm [4129]: Failed to find VMA for hva 0x20c01000
[ 2014.966206][   T25] audit: type=1400 audit(2014.150:109): avc:  denied  { execute } for  pid=4232 comm="syz.0.231" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2249.937370][ T4379] FAULT_INJECTION: forcing a failure.
[ 2249.937370][ T4379] name failslab, interval 1, probability 0, space 0, times 1
[ 2249.964067][ T4379] CPU: 0 UID: 0 PID: 4379 Comm: syz.0.275 Not tainted syzkaller #0 PREEMPT 
[ 2249.964773][ T4379] Hardware name: linux,dummy-virt (DT)
[ 2249.965274][ T4379] Call trace:
[ 2249.965701][ T4379]  show_stack+0x2c/0x3c (C)
[ 2249.967627][ T4379]  __dump_stack+0x30/0x40
[ 2249.967906][ T4379]  dump_stack_lvl+0xd8/0x12c
[ 2249.968162][ T4379]  dump_stack+0x1c/0x28
[ 2249.968379][ T4379]  should_fail_ex+0x570/0x6e0
[ 2249.968631][ T4379]  should_failslab+0xb8/0xec
[ 2249.968893][ T4379]  __kmalloc_cache_noprof+0x80/0x404
[ 2249.969162][ T4379]  vgic_allocate_private_irqs_locked+0x10c/0x624
[ 2249.969515][ T4379]  kvm_vgic_create+0x47c/0x8c4
[ 2249.969840][ T4379]  vgic_create+0x58/0x78
[ 2249.970149][ T4379]  kvm_ioctl_create_device+0x18c/0x718
[ 2249.970446][ T4379]  kvm_vm_ioctl+0x6dc/0x944
[ 2249.970745][ T4379]  __arm64_sys_ioctl+0x18c/0x244
[ 2249.971051][ T4379]  invoke_syscall+0x90/0x2b4
[ 2249.971387][ T4379]  el0_svc_common+0x180/0x2f4
[ 2249.971694][ T4379]  do_el0_svc+0x58/0x74
[ 2249.972003][ T4379]  el0_svc+0x58/0x164
[ 2249.972301][ T4379]  el0t_64_sync_handler+0x84/0x12c
[ 2249.972569][ T4379]  el0t_64_sync+0x198/0x19c
[ 2420.417166][ T4480] kvm [4480]: Failed to find VMA for hva 0x20dd3000
[ 2433.970297][ T4489] kvm [4489]: Failed to find VMA for hva 0x20c01000
[ 2570.847192][ T4581] kvm [4581]: Failed to find VMA for hva 0x21016000
[ 2570.996146][ T4581] kvm [4581]: Failed to find VMA for hva 0x21016000
[ 2835.786942][ T4743] kvm [4743]: Failed to find VMA for hva 0x21016000
[ 2835.937177][ T4743] kvm [4743]: Failed to find VMA for hva 0x21016000
[ 2926.717942][ T4793] kvm [4793]: Failed to find VMA for hva 0x20e8b000
[ 3117.247766][ T4902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60438
[ 3117.277681][ T4902] flags: 0x1ffcd4000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x35)
[ 3117.295954][ T4902] raw: 01ffcd4000000000 ffffc1ffc0810e48 ffffc1ffc0813388 0000000000000000
[ 3117.319630][ T4902] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 3117.349946][ T4902] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[ 3117.375284][ T4902] ------------[ cut here ]------------
[ 3117.375544][ T4902] kernel BUG at ./include/linux/mm.h:1036!
[ 3117.377289][ T4902] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
[ 3117.382461][ T4902] Modules linked in:
[ 3117.383969][ T4902] CPU: 0 UID: 0 PID: 4902 Comm: syz.0.435 Not tainted syzkaller #0 PREEMPT 
[ 3117.385427][ T4902] Hardware name: linux,dummy-virt (DT)
[ 3117.386683][ T4902] pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 3117.388067][ T4902] pc : kvm_s2_put_page+0x374/0x3a0
[ 3117.389293][ T4902] lr : kvm_s2_put_page+0x374/0x3a0
[ 3117.390405][ T4902] sp : ffff80008ed47570
[ 3117.391246][ T4902] x29: ffff80008ed47570 x28: c7f00000204ce000 x27: c7f00000204ce000
[ 3117.393026][ T4902] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000
[ 3117.394431][ T4902] x23: ffffc1ffc0810e08 x22: 0000000000000000 x21: ffffc1ffc0810e34
[ 3117.395918][ T4902] x20: 0000000000000000 x19: ffffc1ffc0810e00 x18: 00000000114989f1
[ 3117.397449][ T4902] x17: 0000000004b7248a x16: 0000000010c6564a x15: 000000007605f9b3
[ 3117.398930][ T4902] x14: ffffffffffffffff x13: fff000001e40bb08 x12: 0000000000000001
[ 3117.400355][ T4902] x11: 0000000000080000 x10: 0000000000057fa2 x9 : beb41334f1450800
[ 3117.402038][ T4902] x8 : beb41334f1450800 x7 : ffff8000803a03c8 x6 : 0000000000000000
[ 3117.403491][ T4902] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010
[ 3117.404867][ T4902] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e
[ 3117.406458][ T4902] Call trace:
[ 3117.407257][ T4902]  kvm_s2_put_page+0x374/0x3a0 (P)
[ 3117.408361][ T4902]  stage2_free_walker+0x1b0/0x264
[ 3117.409424][ T4902]  __kvm_pgtable_walk+0x7d8/0xa68
[ 3117.410374][ T4902]  kvm_pgtable_walk+0x294/0x468
[ 3117.411409][ T4902]  kvm_pgtable_stage2_destroy_range+0x60/0xb4
[ 3117.412562][ T4902]  kvm_free_stage2_pgd+0x198/0x28c
[ 3117.413622][ T4902]  kvm_uninit_stage2_mmu+0x20/0x38
[ 3117.414694][ T4902]  kvm_arch_flush_shadow_all+0x1a8/0x1e0
[ 3117.415800][ T4902]  kvm_mmu_notifier_release+0x48/0xa8
[ 3117.416865][ T4902]  mmu_notifier_unregister+0x128/0x42c
[ 3117.417927][ T4902]  kvm_put_kvm+0x6a0/0xfa8
[ 3117.418837][ T4902]  kvm_vcpu_release+0x70/0x9c
[ 3117.419862][ T4902]  __fput+0x4ac/0x980
[ 3117.420739][ T4902]  ____fput+0x20/0x58
[ 3117.421639][ T4902]  task_work_run+0x1bc/0x254
[ 3117.422611][ T4902]  get_signal+0x13ec/0x1554
[ 3117.423635][ T4902]  do_signal+0x23c/0x4dd0
[ 3117.424656][ T4902]  do_notify_resume+0xb0/0x270
[ 3117.425636][ T4902]  el0_svc+0xb8/0x164
[ 3117.426552][ T4902]  el0t_64_sync_handler+0x84/0x12c
[ 3117.427587][ T4902]  el0t_64_sync+0x198/0x19c
[ 3117.429043][ T4902] Code: d0037581 9126fc21 aa1303e0 97f9c9f2 (d4210000) 
[ 3117.431027][ T4902] ---[ end trace 0000000000000000 ]---
[ 3117.432671][ T4902] Kernel panic - not syncing: Oops - BUG: Fatal exception
[ 3117.434741][ T4902] Kernel Offset: disabled
[ 3117.435553][ T4902] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 3117.436763][ T4902] Memory Limit: none
[ 3117.438513][ T4902] Rebooting in 86400 seconds..

VM DIAGNOSIS:
07:42:58  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800080493c64 X00=0000000000000000 X01=0000000000000080
X02=0000000000000001 X03=ffff800080493bb4 X04=ffff80008717352c
X05=ffff80008ed46fb8 X06=ffff800080363b94 X07=ffff800080015834
X08=00000000000003c0 X09=eaff80008f089000 X10=00000000000591fd
X11=0000000000080000 X12=00000000000000fe X13=000002d5d2796747
X14=0000000000000002 X15=ffff800087f83a20 X16=0000000000000000
X17=0000000004b7248a X18=00000000114989f1 X19=efff800000000000
X20=ffff80008ed47020 X21=00000000000000ff X22=00000000000003c0
X23=00000000ffffe3ec X24=40000000ffffe3ec X25=00000000000003c0
X26=0000000000000000 X27=0000000000000000 X28=0000000000000013
X29=ffff80008ed46ef0 X30=ffff800080493c40  SP=ffff80008ed46ee0
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=2525252525252525:2525252525252525 Z01=6572207265767265:730073250a0d0a0d
Z02=635f6665725f6567:617028454741505f Z03=0000000000000000:00ff00ff00000000
Z04=0000000000000000:000000000f0f0000 Z05=5f65676170284547:41505f4e4f5f4755
Z06=3a746e756f637061:6d20303a746e756f Z07=3030303030303a67:6e697070616d2030
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffd86684a0:0000ffffd86684a0 Z17=ffffff80ffffffd8:0000ffffd8668470
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000