last executing test programs:

1m18.948524802s ago: executing program 1 (id=60):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000})
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0xfffffffffffffd8e)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000980)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, 0x0}, 0x0, 0x0)

1m4.308059591s ago: executing program 1 (id=61):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28)
ioctl$KVM_PPC_ALLOCATE_HTAB(r1, 0xc004aea7, &(0x7f0000000140)=0x7)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000100)=[@featur2={0x1, 0x2}], 0x1)
ioctl$KVM_GET_REGS(r3, 0x8360ae81, 0x0)
eventfd2(0x0, 0x800) (async)
r4 = eventfd2(0x0, 0x800)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x0, 0x1000004, 0x11, r4, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x5d)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31) (async)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31)
ioctl$KVM_KVMCLOCK_CTRL(r3, 0xaead)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async)
syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) (async)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x34)
syz_kvm_vgic_v3_setup(r13, 0x40000000000003, 0x280)
r14 = eventfd2(0x6, 0x800)
ioctl$KVM_IRQFD(r13, 0x4020ae76, &(0x7f0000000280)={r14, 0x9})
ioctl$KVM_IRQFD(r13, 0x4020ae76, 0x0)
close(r13)
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, 0xfffffffffffffffe) (async)
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, 0xfffffffffffffffe)
r15 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x2b) (async)
ioctl$KVM_CREATE_VM(r15, 0xae01, 0x2b)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x90840, 0x0)

59.104801985s ago: executing program 0 (id=63):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x7})
ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bde000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
r6 = syz_kvm_vgic_v3_setup(r3, 0x4, 0x220)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8})
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29)
mmap$KVM_VCPU(&(0x7f0000bfa000/0x2000)=nil, 0x0, 0x1000001, 0x12, r9, 0x0)
r11 = eventfd2(0x0, 0x0)
close(r11)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
r12 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0, 0x2010, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x4006, 0x3a6, &(0x7f00000001c0)=0x2})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x603000000010000e})

27.914224983s ago: executing program 1 (id=64):
munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000e7f000/0x4000)=nil, r2, 0x1000008, 0x12, 0xffffffffffffffff, 0x0)

27.913100904s ago: executing program 0 (id=65):
r0 = eventfd2(0x0, 0x801)
close(r0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0)
mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x6000004, 0x2011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000040)={0x0, 0x0}, 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x4, 0x20)
r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@eret={0xe6, 0x18, 0x1000}, @uexit={0x0, 0x18, 0x7fff}, @hvc={0x32, 0x40, {0x3000000, [0x7fffffffffffffff, 0x1, 0x1, 0x8, 0x9]}}], 0x70}, 0x0, 0x0)
syz_kvm_vgic_v3_setup(r6, 0x3, 0x320)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000000)={0x7})
r13 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r13})
ioctl$KVM_REGISTER_COALESCED_MMIO(r12, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000})
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f00000000c0)={0x8})
ioctl$KVM_SIGNAL_MSI(r12, 0x4020aea5, &(0x7f0000000000)={0x6000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

21.859964409s ago: executing program 1 (id=66):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105})
ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}})
r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil)
r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x20)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0)
r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef)
close(r1)

18.178715988s ago: executing program 0 (id=67):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x13, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0xe)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000000)=@arm64_ccsidr={0x6020000000110004, 0x0})

12.745836413s ago: executing program 0 (id=68):
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x30, 0xffffffffffffffff, 0x0)

7.99686991s ago: executing program 0 (id=69):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013c023, &(0x7f0000000000)=0x2})
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x8, <r6=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000180)=@attr_arm64={0x0, 0x4, 0x2, &(0x7f0000000080)=0xd450})

5.780821508s ago: executing program 1 (id=70):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x189400, 0x0)
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8, <r3=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, 0xffffffffffffffff)

718.873709ms ago: executing program 0 (id=71):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c)
r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c528}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x0, 0x7, 0x9, 0x3e6, 0x1}}, @eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0xc4000003, [0x401, 0x8, 0x3b2, 0x5, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013e092}}, @uexit={0x0, 0x18, 0x7}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x100, 0x8, 0x4}}, @irq_setup={0x46, 0x18, {0x1, 0x217}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0xdf}}, @uexit={0x0, 0x18, 0x8b}, @svc={0x122, 0x40, {0x800, [0x4, 0x3, 0x8, 0x8, 0x40]}}, @code={0xa, 0xb4, {"c0c780d20000b8f2610180d2c20180d2230080d2c40180d2020000d4a07990d200e0b8f2610080d2820180d2630080d2240180d2020000d4805297d200c0b8f2a10180d2420080d2630180d2240180d2020000d4000c205e000040b3e04484d200a0b8f2210180d2e20180d2830180d2040080d2020000d460c08ed200a0b8f2810080d2820180d2a30180d2e40180d2020000d400b8310e000040c8e003007a"}}, @msr={0x14, 0x20, {0x0, 0x7}}, @code={0xa, 0x6c, {"0004200e007008d50084004f000028d5000008d5e00300eb007008d5008008d5c0089dd20060b0f2010080d2820080d2e30180d2e40080d2020000d4603096d20000b8f2c10080d2620180d2830180d2a40080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0xf, 0xffff, 0x2ae, 0x1}}, @hvc={0x32, 0x40, {0x80007fff, [0x10, 0x0, 0x7, 0x7, 0x8001]}}, @mrs={0xbe, 0x18, {0x603000000013801e}}, @code={0xa, 0xb4, {"20d19cd20000b0f2c10080d2c20180d2630080d2840080d2020000d440738fd200e0b0f2c10180d2020180d2630180d2640080d2020000d4000000cb0000200e002789d20080b0f2010180d2020080d2e30180d2640180d2020000d420be82d200e0b8f2a10180d2620180d2a30180d2440080d2020000d40004801a0030200e0020400c60a283d20000b8f2c10180d2620180d2030080d2040080d2020000d4"}}, @smc={0x1e, 0x40, {0x80000000, [0x4, 0xa, 0x2, 0xe, 0x6]}}, @svc={0x122, 0x40, {0x0, [0x3, 0x0, 0x21, 0x1ff, 0x5]}}, @irq_setup={0x46, 0x18, {0x2, 0x161}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x14, 0xf22, 0x2}}, @smc={0x1e, 0x40, {0x1000000, [0x1ff, 0x316d, 0x1, 0xfffffffffffffffe, 0x6]}}, @smc={0x1e, 0x40, {0x86000001, [0x2, 0x4d4, 0x8000000000000000, 0x9, 0x81]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x39e}}, @irq_setup={0x46, 0x18, {0x0, 0x54}}, @irq_setup={0x46, 0x18, {0x1, 0x2a1}}], 0x5a4}, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x8010, 0xffffffffffffffff, 0x20000000)
syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, 0xffffffffffffffff, 0x0)

0s ago: executing program 1 (id=72):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000000)={0x10002, 0x180, 0x300, &(0x7f0000000380)=[0x6, 0x80, 0x8001, 0x40, 0x0, 0x8000, 0x40, 0x8, 0xfffffffffffffffd, 0x40, 0xeeac, 0x6, 0x421c, 0x6, 0x9, 0x7, 0x98, 0x1004, 0x100, 0x100000001, 0x3, 0x2, 0x9, 0x3, 0x9, 0x7, 0x3ff, 0x6, 0x76, 0x5414d2c8, 0x6, 0x5, 0x6, 0x9, 0x200, 0x0, 0x401, 0x8, 0x9, 0x8000000000000000, 0x3, 0x8, 0x10, 0x5, 0xba, 0x4, 0xffffffffffffff8b, 0xb, 0x2, 0x3, 0x5, 0x4, 0x400, 0x1, 0x5, 0x1, 0x9, 0x5, 0x1000, 0x1, 0xfd1, 0x3, 0x4692, 0x5, 0x7, 0xc, 0x6, 0xdfd7, 0x555d, 0x7, 0x95b, 0x2, 0x7f, 0x7, 0x8, 0x7, 0x5ac5, 0xffffffffffffff80, 0xffffffffffffffff, 0x1000, 0xfffffffffffffff8, 0x76, 0xe, 0x0, 0xd, 0xda, 0x0, 0x2, 0x5, 0xf, 0xffff, 0x1, 0x40, 0x1, 0x0, 0x6, 0x4, 0xffffffffffffffc8, 0x8, 0x8000000000000000, 0x4, 0x24, 0x1, 0x7031f79f, 0x5, 0x0, 0x8, 0x4, 0xffffffff, 0x5, 0x5, 0xb, 0x5, 0x10, 0x0, 0x7, 0x7e766286, 0x5, 0x9, 0xbb, 0xfffffffffffffff9, 0x8, 0x7fffffffffffffff, 0x5, 0x8000, 0x3, 0x80000000, 0x9]})
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0)
r6 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454d0, 0x1)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, <r9=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r9, 0x400454d0, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$arm64(r3, r5, &(0x7f00009a7000/0x400000)=nil, &(0x7f0000000300)=[{0x0, &(0x7f0000000c00)=[@its_setup={0x82, 0x28, {0x0, 0x4, 0x44}}, @eret={0xe6, 0x18, 0xfff}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x200}}, @svc={0x122, 0x40, {0x86000001, [0x240000000000, 0x2, 0x9, 0x40, 0x40]}}, @mrs={0xbe, 0x18, {0x603000000013c200}}, @irq_setup={0x46, 0x18, {0x3, 0x114}}, @smc={0x1e, 0x40, {0x8, [0x7, 0xb, 0x0, 0x2, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x300, 0x401, 0x1}}, @smc={0x1e, 0x40, {0x10800000d, [0x9a0, 0x0, 0xfff, 0xe400, 0x5]}}, @smc={0x1e, 0x40, {0x80008053, [0x5, 0x40, 0x3ff, 0xd9ef]}}, @mrs={0xbe, 0x18, {0x603000000013d801}}], 0x1e0}], 0x1, 0x0, &(0x7f0000000340)=[@featur2={0x1, 0x1}], 0x1)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x8, <r12=>0xffffffffffffffff})
ioctl$KVM_GET_DEVICE_ATTR(r12, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x8, 0x4, 0x0})
r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0xf9, 0xc000000, &(0x7f0000000180)=0xd2e})
r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil)
r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013df40}}], 0x18}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init)
r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r17 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r16, 0x3, 0x11, r15, 0x0)
ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_RUN(r15, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$arm64(r17, 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

[  413.260457][ T3155] 8021q: adding VLAN 0 to HW filter on device bond0
[  442.799844][ T3155] eql: remember to turn off Van-Jacobson compression on your slave devices
Warning: Permanently added '[localhost]:6180' (ED25519) to the list of known hosts.
[  593.468383][   T25] audit: type=1400 audit(592.670:61): avc:  denied  { name_bind } for  pid=3311 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  594.487483][   T25] audit: type=1400 audit(593.690:62): avc:  denied  { execute } for  pid=3312 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  594.513486][   T25] audit: type=1400 audit(593.710:63): avc:  denied  { execute_no_trans } for  pid=3312 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  617.443461][   T25] audit: type=1400 audit(616.650:64): avc:  denied  { mounton } for  pid=3312 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  617.478928][   T25] audit: type=1400 audit(616.690:65): avc:  denied  { mount } for  pid=3312 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  617.561828][ T3312] cgroup: Unknown subsys name 'net'
[  617.617481][   T25] audit: type=1400 audit(616.830:66): avc:  denied  { unmount } for  pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  617.979562][ T3312] cgroup: Unknown subsys name 'cpuset'
[  618.079462][ T3312] cgroup: Unknown subsys name 'rlimit'
[  619.018566][   T25] audit: type=1400 audit(618.230:67): avc:  denied  { setattr } for  pid=3312 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  619.038533][   T25] audit: type=1400 audit(618.240:68): avc:  denied  { mounton } for  pid=3312 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  619.066970][   T25] audit: type=1400 audit(618.270:69): avc:  denied  { mount } for  pid=3312 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  620.239451][ T3315] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[  620.260168][   T25] audit: type=1400 audit(619.470:70): avc:  denied  { relabelto } for  pid=3315 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  620.295747][   T25] audit: type=1400 audit(619.490:71): avc:  denied  { write } for  pid=3315 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[  620.466887][   T25] audit: type=1400 audit(619.670:72): avc:  denied  { read } for  pid=3312 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  620.488462][   T25] audit: type=1400 audit(619.690:73): avc:  denied  { open } for  pid=3312 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  620.535010][ T3312] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  674.618289][   T25] audit: type=1400 audit(673.830:74): avc:  denied  { execmem } for  pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  679.295322][   T25] audit: type=1400 audit(678.500:75): avc:  denied  { read } for  pid=3323 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  679.327681][   T25] audit: type=1400 audit(678.520:76): avc:  denied  { open } for  pid=3323 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  679.398620][   T25] audit: type=1400 audit(678.590:77): avc:  denied  { mounton } for  pid=3324 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  679.640758][   T25] audit: type=1400 audit(678.850:78): avc:  denied  { module_request } for  pid=3323 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  680.757450][   T25] audit: type=1400 audit(679.960:79): avc:  denied  { sys_module } for  pid=3324 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  709.828956][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  710.116828][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  710.467072][ T3324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  710.721533][ T3324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  722.431399][ T3323] hsr_slave_0: entered promiscuous mode
[  722.462475][ T3323] hsr_slave_1: entered promiscuous mode
[  723.373486][ T3324] hsr_slave_0: entered promiscuous mode
[  723.418515][ T3324] hsr_slave_1: entered promiscuous mode
[  723.447340][ T3324] debugfs: 'hsr0' already exists in 'hsr'
[  723.451391][ T3324] Cannot create hsr debugfs directory
[  728.752751][   T25] audit: type=1400 audit(727.960:80): avc:  denied  { create } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  728.816012][   T25] audit: type=1400 audit(728.020:81): avc:  denied  { write } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  728.817231][   T25] audit: type=1400 audit(728.020:82): avc:  denied  { read } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  729.016526][ T3323] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  729.420647][ T3323] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  729.712434][ T3323] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  730.026388][ T3323] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  731.510844][ T3324] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  731.681816][ T3324] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  731.869521][ T3324] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  732.061303][ T3324] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  744.487738][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0
[  746.960105][ T3324] 8021q: adding VLAN 0 to HW filter on device bond0
[  802.483326][ T3323] veth0_vlan: entered promiscuous mode
[  802.988071][ T3323] veth1_vlan: entered promiscuous mode
[  804.856494][ T3324] veth0_vlan: entered promiscuous mode
[  805.087944][ T3323] veth0_macvtap: entered promiscuous mode
[  805.607333][ T3323] veth1_macvtap: entered promiscuous mode
[  805.767238][ T3324] veth1_vlan: entered promiscuous mode
[  807.973394][   T42] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  808.009833][   T42] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  808.019142][   T42] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  808.029215][   T42] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  808.252881][ T3324] veth0_macvtap: entered promiscuous mode
[  809.069327][ T3324] veth1_macvtap: entered promiscuous mode
[  810.468009][   T25] audit: type=1400 audit(809.670:83): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  810.680800][   T25] audit: type=1400 audit(809.860:84): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/syzkaller.T7vnXA/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  810.918092][   T25] audit: type=1400 audit(810.120:85): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  811.231906][   T25] audit: type=1400 audit(810.440:86): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/syzkaller.T7vnXA/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  811.381200][   T25] audit: type=1400 audit(810.590:87): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/syzkaller.T7vnXA/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3763 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  811.487466][ T3361] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  811.491541][ T3361] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  811.522284][ T3361] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  811.527896][ T3361] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  812.007968][   T25] audit: type=1400 audit(811.150:88): avc:  denied  { unmount } for  pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  812.221873][   T25] audit: type=1400 audit(811.430:89): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  812.366405][   T25] audit: type=1400 audit(811.560:90): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="gadgetfs" ino=3775 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  812.657844][   T25] audit: type=1400 audit(811.860:91): avc:  denied  { mount } for  pid=3323 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  812.780788][   T25] audit: type=1400 audit(811.990:92): avc:  denied  { mounton } for  pid=3323 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  814.153148][ T3323] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  826.199581][   T25] kauditd_printk_skb: 4 callbacks suppressed
[  826.214955][   T25] audit: type=1400 audit(825.410:97): avc:  denied  { read append } for  pid=3477 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  826.312125][   T25] audit: type=1400 audit(825.500:98): avc:  denied  { open } for  pid=3477 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  826.524768][   T25] audit: type=1400 audit(825.730:99): avc:  denied  { ioctl } for  pid=3477 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  838.305562][   T25] audit: type=1400 audit(837.510:100): avc:  denied  { write } for  pid=3487 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  911.730371][   T25] audit: type=1400 audit(910.910:101): avc:  denied  { ioctl } for  pid=3537 comm="syz.0.17" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  918.485219][   T25] audit: type=1400 audit(917.690:102): avc:  denied  { execute } for  pid=3543 comm="syz.0.19" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4820 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  965.166055][   T25] audit: type=1400 audit(964.360:103): avc:  denied  { setattr } for  pid=3571 comm="syz.1.27" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  984.586248][   T25] audit: type=1400 audit(983.770:104): avc:  denied  { map } for  pid=3577 comm="syz.0.28" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  984.630630][   T25] audit: type=1400 audit(983.820:105): avc:  denied  { execute } for  pid=3577 comm="syz.0.28" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1223.821949][ T3710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x5e345
[ 1223.866232][ T3710] flags: 0x1fff1c000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xc7)
[ 1223.909627][ T3710] raw: 01fff1c000000000 ffffc1ffc0794ac8 ffffc1ffc0797808 0000000000000000
[ 1223.921966][ T3710] raw: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000
[ 1223.956326][ T3710] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[ 1223.966370][ T3710] ------------[ cut here ]------------
[ 1223.966629][ T3710] kernel BUG at ./include/linux/mm.h:1036!
[ 1223.968370][ T3710] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
[ 1223.973851][ T3710] Modules linked in:
[ 1223.975887][ T3710] CPU: 0 UID: 0 PID: 3710 Comm: syz.0.71 Not tainted syzkaller #0 PREEMPT 
[ 1223.977367][ T3710] Hardware name: linux,dummy-virt (DT)
[ 1223.978551][ T3710] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 1223.979806][ T3710] pc : kvm_s2_put_page+0x374/0x3a0
[ 1223.982048][ T3710] lr : kvm_s2_put_page+0x374/0x3a0
[ 1223.982994][ T3710] sp : ffff8000a8ed7570
[ 1223.983722][ T3710] x29: ffff8000a8ed7570 x28: 74f000001e5e0000 x27: 74f000001e5e0000
[ 1223.985303][ T3710] x26: 00000000000000ff x25: ffff800087396000 x24: ffffc1ffc0000000
[ 1223.986610][ T3710] x23: ffffc1ffc078d148 x22: 0000000000000000 x21: ffffc1ffc078d174
[ 1223.987927][ T3710] x20: 0000000000000000 x19: ffffc1ffc078d140 x18: 0000000091b0c73f
[ 1223.989259][ T3710] x17: 000000000482376a x16: 0000000091b092e7 x15: 00000000752362cb
[ 1223.990607][ T3710] x14: ffffffffffffffff x13: fff000001e295888 x12: 0000000000000001
[ 1223.991934][ T3710] x11: 0000000000080000 x10: 0000000000049ba9 x9 : ada549466d45f200
[ 1223.993318][ T3710] x8 : ada549466d45f200 x7 : ffff80008039fbc8 x6 : 0000000000000000
[ 1223.994554][ T3710] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010
[ 1223.995852][ T3710] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e
[ 1223.997339][ T3710] Call trace:
[ 1223.998206][ T3710]  kvm_s2_put_page+0x374/0x3a0 (P)
[ 1223.999452][ T3710]  stage2_free_walker+0x1b0/0x264
[ 1224.000482][ T3710]  __kvm_pgtable_walk+0x7d8/0xa68
[ 1224.001459][ T3710]  kvm_pgtable_walk+0x294/0x468
[ 1224.002383][ T3710]  kvm_pgtable_stage2_destroy_range+0x60/0xb4
[ 1224.003376][ T3710]  kvm_free_stage2_pgd+0x198/0x28c
[ 1224.004373][ T3710]  kvm_uninit_stage2_mmu+0x20/0x38
[ 1224.005313][ T3710]  kvm_arch_flush_shadow_all+0x1a8/0x1e0
[ 1224.006323][ T3710]  kvm_mmu_notifier_release+0x48/0xa8
[ 1224.007263][ T3710]  mmu_notifier_unregister+0x128/0x42c
[ 1224.008217][ T3710]  kvm_put_kvm+0x6a0/0xfa8
[ 1224.009035][ T3710]  kvm_vcpu_release+0x70/0x9c
[ 1224.009924][ T3710]  __fput+0x4ac/0x980
[ 1224.010696][ T3710]  ____fput+0x20/0x58
[ 1224.011446][ T3710]  task_work_run+0x1bc/0x254
[ 1224.012281][ T3710]  get_signal+0x13ec/0x1554
[ 1224.013159][ T3710]  do_signal+0x23c/0x4dd0
[ 1224.013983][ T3710]  do_notify_resume+0xb0/0x270
[ 1224.014815][ T3710]  el0_svc+0xb8/0x164
[ 1224.015584][ T3710]  el0t_64_sync_handler+0x84/0x12c
[ 1224.016506][ T3710]  el0t_64_sync+0x198/0x19c
[ 1224.018019][ T3710] Code: 900377c1 910e9421 aa1303e0 97f9c9f2 (d4210000) 
[ 1224.019848][ T3710] ---[ end trace 0000000000000000 ]---
[ 1224.021383][ T3710] Kernel panic - not syncing: Oops - BUG: Fatal exception
[ 1224.023332][ T3710] Kernel Offset: disabled
[ 1224.024051][ T3710] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f
[ 1224.025150][ T3710] Memory Limit: none
[ 1224.028640][ T3710] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:27:45  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000800202a4 X00=0000000000000000 X01=ffff80008712372d
X02=0000000000000000 X03=0000000000000002 X04=0000000000000000
X05=0000000000000000 X06=ffff800080536e64 X07=ffff800080015834
X08=0000000000000000 X09=ada549466d45f200 X10=0fff000001e29588
X11=0000000000080000 X12=0fff000001e295c8 X13=fff000001e295888
X14=0000000000000002 X15=ffff800087fe5a20 X16=0000000000000000
X17=000000000482376a X18=0000000091b0c73f X19=efff800000000000
X20=ffff8000801b05a0 X21=ffff80008787e7a8 X22=ffff80008787e7a8
X23=0000000000008001 X24=00000000000000ff X25=ffff800087396000
X26=00000000000000ff X27=74f000001e5e0000 X28=caf000001e295880
X29=ffff8000a8ed72a0 X30=ffff80008002022c  SP=ffff8000a8ed7270
PSTATE=604023c9 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000
P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000
FFR=0000
Z00=0000000000000000:6d766b2f7665642f Z01=ffffffffffffffff:0000000000000000
Z02=0000000000000000:ffffffff00000000 Z03=ff00ff0000000000:ffffffffffffff00
Z04=0000000000000000:f0f00000fffffff0 Z05=0000000000000000:ccccccccccccf000
Z06=0000000000000073:0000aaaae72db3c0 Z07=0000000000000074:0000aaaae72d8600
Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000
Z16=0000ffffdbfffd20:0000ffffdbfffd20 Z17=ffffff80ffffffd0:0000ffffdbfffcf0
Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000