, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1538.694625][T15595] FAULT_INJECTION: forcing a failure.
[ 1538.694625][T15595] name failslab, interval 1, probability 0, space 0, times 0
[ 1538.717914][T15595] CPU: 1 PID: 15595 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1538.728477][T15595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1538.739085][T15595] Call Trace:
[ 1538.742389][T15595]  <TASK>
[ 1538.745433][T15595]  dump_stack_lvl+0x136/0x150
[ 1538.750169][T15595]  should_fail_ex+0x4a3/0x5b0
[ 1538.754890][T15595]  should_failslab+0x9/0x20
[ 1538.759420][T15595]  kmem_cache_alloc+0x63/0x3b0
[ 1538.764227][T15595]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1538.771097][T15595]  mmu_topup_memory_caches+0x1f/0xd0
[ 1538.776394][T15595]  kvm_mmu_load+0xd6/0x2140
[ 1538.780918][T15595]  ? vmx_flush_tlb_all+0x62/0x2e0
[ 1538.785961][T15595]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1538.791612][T15595]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1538.797535][T15595]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1538.802669][T15595]  ? invept_error+0xb0/0xb0
[ 1538.807276][T15595]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1538.812318][T15595]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1538.817362][T15595]  ? lock_sync+0x190/0x190
[ 1538.821796][T15595]  ? kvm_check_nested_events+0xf0/0xf0
[ 1538.827307][T15595]  ? mark_held_locks+0x9f/0xe0
[ 1538.832085][T15595]  ? __local_bh_enable_ip+0xa4/0x130
[ 1538.837382][T15595]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1538.842591][T15595]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1538.847973][T15595]  ? __local_bh_enable_ip+0xa4/0x130
[ 1538.853283][T15595]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1538.859028][T15595]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1538.864596][T15595]  kvm_vcpu_ioctl+0x574/0xea0
[ 1538.871367][T15595]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1538.876146][T15595]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1538.882234][T15595]  ? __fget_files+0x26a/0x480
[ 1538.886937][T15595]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1538.891896][T15595]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1538.896668][T15595]  __x64_sys_ioctl+0x197/0x210
[ 1538.901452][T15595]  do_syscall_64+0x39/0xb0
[ 1538.905884][T15595]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1538.911796][T15595] RIP: 0033:0x7f4a5d88c169
[ 1538.916314][T15595] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1538.935945][T15595] RSP: 002b:00007f4a5c3fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1538.944370][T15595] RAX: ffffffffffffffda RBX: 00007f4a5d9abf80 RCX: 00007f4a5d88c169
[ 1538.952346][T15595] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1538.960320][T15595] RBP: 00007f4a5c3fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1538.968305][T15595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1538.976294][T15595] R13: 00007f4a5dacfb1f R14: 00007f4a5c3fe300 R15: 0000000000022000
[ 1538.984296][T15595]  </TASK>
22:30:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:01 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 15)

22:30:01 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:01 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

[ 1539.183172][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1539.191358][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
22:30:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:01 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x5000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text16={0x10, &(0x7f0000000080)="f30f1ef766b9140a000066b84200000066ba000000000f30670f5177a666b9ec08000066b87f61000066ba000000000f300f21db0f1f1d0f798092a72ed975b1e0c70fc768bc", 0x46}], 0x1, 0x34, &(0x7f0000001240), 0x0)
r5 = open_tree(r3, &(0x7f0000001240)='./file0\x00', 0x0) (async)
r6 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000001380)=[@text16={0x10, &(0x7f0000001300)="66b9360a000066b80000000066ba000000000f300fc7714bf30fc737baf80c66b8d04e718e66efbafc0cec0f38f9516c670fc72bf30f2b9c0c0026660f3882060070c7410400006766c74424000b0000006766c744240286b727736766c744240600000000670f011424", 0x6a}], 0x1, 0x25, &(0x7f00000013c0)=[@dstype0={0x6, 0x9}], 0x1)

[ 1539.474545][T15631] FAULT_INJECTION: forcing a failure.
[ 1539.474545][T15631] name failslab, interval 1, probability 0, space 0, times 0
[ 1539.556004][T15631] CPU: 1 PID: 15631 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1539.566483][T15631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1539.576748][T15631] Call Trace:
[ 1539.580060][T15631]  <TASK>
[ 1539.583103][T15631]  dump_stack_lvl+0x136/0x150
[ 1539.587853][T15631]  should_fail_ex+0x4a3/0x5b0
[ 1539.592593][T15631]  should_failslab+0x9/0x20
[ 1539.597135][T15631]  kmem_cache_alloc+0x63/0x3b0
[ 1539.601966][T15631]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1539.608090][T15631]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1539.614214][T15631]  mmu_topup_memory_caches+0x1f/0xd0
[ 1539.619546][T15631]  kvm_mmu_load+0xd6/0x2140
[ 1539.624105][T15631]  ? find_held_lock+0x2d/0x110
[ 1539.628924][T15631]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1539.634433][T15631]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1539.640104][T15631]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1539.646042][T15631]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1539.651200][T15631]  ? invept_error+0xb0/0xb0
[ 1539.655741][T15631]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1539.660793][T15631]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1539.665861][T15631]  ? lock_sync+0x190/0x190
[ 1539.670298][T15631]  ? kvm_check_nested_events+0xf0/0xf0
[ 1539.675776][T15631]  ? mark_held_locks+0x9f/0xe0
[ 1539.680556][T15631]  ? __local_bh_enable_ip+0xa4/0x130
[ 1539.685871][T15631]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1539.691080][T15631]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1539.696460][T15631]  ? __local_bh_enable_ip+0xa4/0x130
[ 1539.701793][T15631]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1539.707543][T15631]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1539.713130][T15631]  kvm_vcpu_ioctl+0x574/0xea0
[ 1539.717921][T15631]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1539.722717][T15631]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1539.728807][T15631]  ? __fget_files+0x26a/0x480
[ 1539.733510][T15631]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1539.738464][T15631]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1539.743241][T15631]  __x64_sys_ioctl+0x197/0x210
[ 1539.748121][T15631]  do_syscall_64+0x39/0xb0
[ 1539.752652][T15631]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1539.758564][T15631] RIP: 0033:0x7f4a5d88c169
[ 1539.762997][T15631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1539.783231][T15631] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1539.791738][T15631] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1539.799712][T15631] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1539.807777][T15631] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1539.815925][T15631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1539.824013][T15631] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1539.843203][T15631]  </TASK>
22:30:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:01 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x5000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text16={0x10, &(0x7f0000000080)="f30f1ef766b9140a000066b84200000066ba000000000f30670f5177a666b9ec08000066b87f61000066ba000000000f300f21db0f1f1d0f798092a72ed975b1e0c70fc768bc", 0x46}], 0x1, 0x34, &(0x7f0000001240), 0x0) (async)
r5 = open_tree(r3, &(0x7f0000001240)='./file0\x00', 0x0) (async)
r6 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000001380)=[@text16={0x10, &(0x7f0000001300)="66b9360a000066b80000000066ba000000000f300fc7714bf30fc737baf80c66b8d04e718e66efbafc0cec0f38f9516c670fc72bf30f2b9c0c0026660f3882060070c7410400006766c74424000b0000006766c744240286b727736766c744240600000000670f011424", 0x6a}], 0x1, 0x25, &(0x7f00000013c0)=[@dstype0={0x6, 0x9}], 0x1)

22:30:01 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:02 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 16)

22:30:02 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0x941c, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x30801, 0x11)
ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r3, 0x4068aea3, &(0x7f0000000040))
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mount(&(0x7f0000000180)=@filename='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='hpfs\x00', 0x3000411, &(0x7f0000000240)='/dev/kvm\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x101ff, 0x0, 0x10000, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x2, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

22:30:02 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:02 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1540.549238][T15685] FAULT_INJECTION: forcing a failure.
[ 1540.549238][T15685] name failslab, interval 1, probability 0, space 0, times 0
[ 1540.570435][T15685] CPU: 0 PID: 15685 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1540.581250][T15685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1540.591361][T15685] Call Trace:
[ 1540.595205][T15685]  <TASK>
[ 1540.598176][T15685]  dump_stack_lvl+0x136/0x150
[ 1540.602915][T15685]  should_fail_ex+0x4a3/0x5b0
[ 1540.607664][T15685]  should_failslab+0x9/0x20
[ 1540.612208][T15685]  kmem_cache_alloc+0x63/0x3b0
[ 1540.617127][T15685]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1540.623074][T15685]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1540.629228][T15685]  mmu_topup_memory_caches+0x1f/0xd0
[ 1540.634805][T15685]  kvm_mmu_load+0xd6/0x2140
[ 1540.639332][T15685]  ? find_held_lock+0x2d/0x110
[ 1540.644121][T15685]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1540.649775][T15685]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1540.655423][T15685]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1540.661334][T15685]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1540.667071][T15685]  ? invept_error+0xb0/0xb0
[ 1540.671592][T15685]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1540.676662][T15685]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1540.681719][T15685]  ? lock_sync+0x190/0x190
[ 1540.686154][T15685]  ? kvm_check_nested_events+0xf0/0xf0
[ 1540.691627][T15685]  ? mark_held_locks+0x9f/0xe0
[ 1540.696407][T15685]  ? __local_bh_enable_ip+0xa4/0x130
[ 1540.701707][T15685]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1540.706919][T15685]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1540.712307][T15685]  ? __local_bh_enable_ip+0xa4/0x130
[ 1540.717697][T15685]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1540.723525][T15685]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1540.729121][T15685]  kvm_vcpu_ioctl+0x574/0xea0
[ 1540.733835][T15685]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1540.738625][T15685]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1540.744719][T15685]  ? __fget_files+0x26a/0x480
[ 1540.749424][T15685]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1540.754472][T15685]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1540.759257][T15685]  __x64_sys_ioctl+0x197/0x210
[ 1540.764041][T15685]  do_syscall_64+0x39/0xb0
[ 1540.768479][T15685]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1540.774393][T15685] RIP: 0033:0x7f4a5d88c169
[ 1540.778824][T15685] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1540.798529][T15685] RSP: 002b:00007f4a5c3fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1540.807045][T15685] RAX: ffffffffffffffda RBX: 00007f4a5d9abf80 RCX: 00007f4a5d88c169
[ 1540.815055][T15685] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1540.823035][T15685] RBP: 00007f4a5c3fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1540.831014][T15685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1540.838999][T15685] R13: 00007f4a5dacfb1f R14: 00007f4a5c3fe300 R15: 0000000000022000
[ 1540.846994][T15685]  </TASK>
22:30:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

[ 1540.850140][    C0] vkms_vblank_simulate: vblank timer overrun
22:30:02 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 17)

22:30:03 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:03 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:03 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0x941c, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async, rerun: 32)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (rerun: 32)
r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x30801, 0x11)
ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r3, 0x4068aea3, &(0x7f0000000040))
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mount(&(0x7f0000000180)=@filename='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='hpfs\x00', 0x3000411, &(0x7f0000000240)='/dev/kvm\x00') (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x101ff, 0x0, 0x10000, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x2, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

[ 1541.263534][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1541.271894][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1541.295425][T15717] FAULT_INJECTION: forcing a failure.
[ 1541.295425][T15717] name failslab, interval 1, probability 0, space 0, times 0
[ 1541.308769][T15717] CPU: 1 PID: 15717 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1541.319318][T15717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1541.329485][T15717] Call Trace:
[ 1541.332778][T15717]  <TASK>
[ 1541.335717][T15717]  dump_stack_lvl+0x136/0x150
[ 1541.340426][T15717]  should_fail_ex+0x4a3/0x5b0
[ 1541.345160][T15717]  should_failslab+0x9/0x20
[ 1541.349674][T15717]  kmem_cache_alloc+0x63/0x3b0
[ 1541.354572][T15717]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1541.360484][T15717]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1541.366569][T15717]  mmu_topup_memory_caches+0x1f/0xd0
[ 1541.372042][T15717]  kvm_mmu_load+0xd6/0x2140
[ 1541.376564][T15717]  ? find_held_lock+0x2d/0x110
[ 1541.381341][T15717]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1541.386815][T15717]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1541.392665][T15717]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1541.398593][T15717]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1541.403721][T15717]  ? invept_error+0xb0/0xb0
[ 1541.408238][T15717]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1541.413280][T15717]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1541.418339][T15717]  ? lock_sync+0x190/0x190
[ 1541.422773][T15717]  ? kvm_check_nested_events+0xf0/0xf0
[ 1541.428237][T15717]  ? mark_held_locks+0x9f/0xe0
[ 1541.433021][T15717]  ? __local_bh_enable_ip+0xa4/0x130
[ 1541.438319][T15717]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1541.443529][T15717]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1541.448941][T15717]  ? __local_bh_enable_ip+0xa4/0x130
[ 1541.454249][T15717]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1541.459977][T15717]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1541.465551][T15717]  kvm_vcpu_ioctl+0x574/0xea0
[ 1541.470237][T15717]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1541.475019][T15717]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1541.481109][T15717]  ? __fget_files+0x26a/0x480
[ 1541.485807][T15717]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1541.490797][T15717]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1541.495570][T15717]  __x64_sys_ioctl+0x197/0x210
[ 1541.500363][T15717]  do_syscall_64+0x39/0xb0
[ 1541.504886][T15717]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1541.510796][T15717] RIP: 0033:0x7f4a5d88c169
[ 1541.515223][T15717] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1541.534838][T15717] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1541.543348][T15717] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1541.551321][T15717] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1541.559300][T15717] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1541.567273][T15717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1541.575261][T15717] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1541.583252][T15717]  </TASK>
22:30:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:03 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:03 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:03 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 18)

22:30:03 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0x941c, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async)
r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x30801, 0x11)
ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r3, 0x4068aea3, &(0x7f0000000040))
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mount(&(0x7f0000000180)=@filename='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='hpfs\x00', 0x3000411, &(0x7f0000000240)='/dev/kvm\x00') (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x101ff, 0x0, 0x10000, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x2, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

22:30:03 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:04 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:04 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

[ 1542.277509][T15764] FAULT_INJECTION: forcing a failure.
[ 1542.277509][T15764] name failslab, interval 1, probability 0, space 0, times 0
[ 1542.303371][T15764] CPU: 0 PID: 15764 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1542.314021][T15764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1542.324115][T15764] Call Trace:
22:30:04 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

[ 1542.327420][T15764]  <TASK>
[ 1542.330379][T15764]  dump_stack_lvl+0x136/0x150
[ 1542.335284][T15764]  should_fail_ex+0x4a3/0x5b0
[ 1542.340004][T15764]  should_failslab+0x9/0x20
[ 1542.344534][T15764]  kmem_cache_alloc+0x63/0x3b0
[ 1542.349433][T15764]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1542.355376][T15764]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1542.361672][T15764]  mmu_topup_memory_caches+0x1f/0xd0
[ 1542.367003][T15764]  kvm_mmu_load+0xd6/0x2140
[ 1542.371564][T15764]  ? find_held_lock+0x2d/0x110
[ 1542.376377][T15764]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1542.381889][T15764]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1542.387570][T15764]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1542.393516][T15764]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1542.398682][T15764]  ? invept_error+0xb0/0xb0
[ 1542.403231][T15764]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1542.408299][T15764]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1542.413359][T15764]  ? mark_held_locks+0x9f/0xe0
[ 1542.418160][T15764]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1542.424367][T15764]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1542.430575][T15764]  ? kvm_check_nested_events+0xf0/0xf0
[ 1542.436071][T15764]  ? vmx_emulation_required_with_pending_exception+0xc/0x1e0
[ 1542.443492][T15764]  ? vmx_emulation_required_with_pending_exception+0x28/0x1e0
[ 1542.451006][T15764]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1542.456770][T15764]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1542.462377][T15764]  kvm_vcpu_ioctl+0x574/0xea0
[ 1542.467095][T15764]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1542.471904][T15764]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1542.478025][T15764]  ? __fget_files+0x26a/0x480
[ 1542.482759][T15764]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1542.487741][T15764]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1542.492550][T15764]  __x64_sys_ioctl+0x197/0x210
[ 1542.497368][T15764]  do_syscall_64+0x39/0xb0
[ 1542.501839][T15764]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1542.507777][T15764] RIP: 0033:0x7f4a5d88c169
[ 1542.512219][T15764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1542.531963][T15764] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1542.540444][T15764] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1542.548455][T15764] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1542.556467][T15764] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1542.564473][T15764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1542.572474][T15764] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1542.580502][T15764]  </TASK>
[ 1542.583558][    C0] vkms_vblank_simulate: vblank timer overrun
22:30:04 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:04 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)

22:30:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:04 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:04 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:04 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 19)

22:30:04 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

[ 1543.188935][T15822] FAULT_INJECTION: forcing a failure.
[ 1543.188935][T15822] name failslab, interval 1, probability 0, space 0, times 0
[ 1543.215079][T15822] CPU: 0 PID: 15822 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1543.225565][T15822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1543.235667][T15822] Call Trace:
[ 1543.238970][T15822]  <TASK>
[ 1543.241914][T15822]  dump_stack_lvl+0x136/0x150
[ 1543.246648][T15822]  should_fail_ex+0x4a3/0x5b0
[ 1543.251334][T15822]  should_failslab+0x9/0x20
[ 1543.255836][T15822]  kmem_cache_alloc+0x63/0x3b0
[ 1543.260622][T15822]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1543.266573][T15822]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1543.272676][T15822]  mmu_topup_memory_caches+0x1f/0xd0
[ 1543.277978][T15822]  kvm_mmu_load+0xd6/0x2140
[ 1543.282526][T15822]  ? find_held_lock+0x2d/0x110
[ 1543.287297][T15822]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1543.292766][T15822]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1543.298402][T15822]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1543.304297][T15822]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1543.309525][T15822]  ? invept_error+0xb0/0xb0
[ 1543.314062][T15822]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1543.319211][T15822]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1543.324262][T15822]  ? lock_sync+0x190/0x190
[ 1543.329050][T15822]  ? kvm_check_nested_events+0xf0/0xf0
[ 1543.334605][T15822]  ? mark_held_locks+0x9f/0xe0
[ 1543.339383][T15822]  ? __local_bh_enable_ip+0xa4/0x130
[ 1543.344686][T15822]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1543.349898][T15822]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1543.355277][T15822]  ? __local_bh_enable_ip+0xa4/0x130
[ 1543.360577][T15822]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1543.363323][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1543.366289][T15822]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1543.374420][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1543.379874][T15822]  kvm_vcpu_ioctl+0x574/0xea0
[ 1543.392612][T15822]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1543.397394][T15822]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1543.403512][T15822]  ? __fget_files+0x26a/0x480
[ 1543.408209][T15822]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1543.413163][T15822]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1543.417934][T15822]  __x64_sys_ioctl+0x197/0x210
[ 1543.422813][T15822]  do_syscall_64+0x39/0xb0
[ 1543.427256][T15822]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1543.433167][T15822] RIP: 0033:0x7f4a5d88c169
[ 1543.437585][T15822] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1543.457374][T15822] RSP: 002b:00007f4a5c3fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1543.465971][T15822] RAX: ffffffffffffffda RBX: 00007f4a5d9abf80 RCX: 00007f4a5d88c169
[ 1543.474122][T15822] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1543.482102][T15822] RBP: 00007f4a5c3fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1543.490073][T15822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1543.498056][T15822] R13: 00007f4a5dacfb1f R14: 00007f4a5c3fe300 R15: 0000000000022000
[ 1543.506058][T15822]  </TASK>
[ 1543.509147][    C0] vkms_vblank_simulate: vblank timer overrun
22:30:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:05 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:05 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:05 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 20)

22:30:05 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:05 executing program 2:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='ufshcd_auto_bkops_state\x00'}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_open_procfs(0x0, &(0x7f0000000380)='net/rfcomm\x00')
openat$vcsa(0xffffffffffffff9c, &(0x7f00000003c0), 0x200841, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
pipe2(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x880)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000580)="0f218bb8010000000f01d9660f38820cfcf3410fc7b4730c000000c7442400ec000000c74424024bf40000ff1df124672467f80cb8b8e3bd84ef66bafc0cb8c5887058ef440f20c0350f000000440f22c00f22c2c441f9e664cd002ef040f797ffb90000", 0x64}], 0x1, 0x8, &(0x7f00000001c0), 0x0)
r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r6, &(0x7f0000001280)=[{&(0x7f0000000440)=""/227, 0xe3}, {&(0x7f00000012c0)=""/4090, 0xffa}], 0x2, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, r5, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f00000000c0)="0f01c9660f78c0000534c166b9080900000f320f01366bb63e260f01cf0f01c2baf80c66b8cc11068066efbafc0c66ed650ff9e7660f7f6b20", 0x3b}], 0x17b, 0x0, &(0x7f0000000340)=[@flags={0x3, 0x220310}, @dstype3={0x7, 0xe}], 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r7 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
flock(r7, 0x8)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000000540)=0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000001200)=@usbdevfs_connect)

22:30:06 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:06 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

[ 1544.135203][T15859] FAULT_INJECTION: forcing a failure.
[ 1544.135203][T15859] name failslab, interval 1, probability 0, space 0, times 0
[ 1544.218935][T15859] CPU: 1 PID: 15859 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1544.229430][T15859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1544.239507][T15859] Call Trace:
[ 1544.242793][T15859]  <TASK>
[ 1544.245728][T15859]  dump_stack_lvl+0x136/0x150
[ 1544.250438][T15859]  should_fail_ex+0x4a3/0x5b0
[ 1544.255139][T15859]  should_failslab+0x9/0x20
[ 1544.259653][T15859]  kmem_cache_alloc+0x63/0x3b0
[ 1544.264449][T15859]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1544.270444][T15859]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1544.276619][T15859]  mmu_topup_memory_caches+0x1f/0xd0
[ 1544.281914][T15859]  kvm_mmu_load+0xd6/0x2140
[ 1544.287655][T15859]  ? find_held_lock+0x2d/0x110
[ 1544.292437][T15859]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1544.297922][T15859]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1544.303584][T15859]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1544.309502][T15859]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1544.314632][T15859]  ? invept_error+0xb0/0xb0
[ 1544.319162][T15859]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1544.324203][T15859]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1544.329250][T15859]  ? lock_sync+0x190/0x190
[ 1544.333682][T15859]  ? kvm_check_nested_events+0xf0/0xf0
[ 1544.339149][T15859]  ? mark_held_locks+0x9f/0xe0
[ 1544.343927][T15859]  ? __local_bh_enable_ip+0xa4/0x130
[ 1544.349240][T15859]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1544.354455][T15859]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1544.359832][T15859]  ? __local_bh_enable_ip+0xa4/0x130
[ 1544.365134][T15859]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1544.370860][T15859]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1544.376426][T15859]  kvm_vcpu_ioctl+0x574/0xea0
[ 1544.381114][T15859]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1544.385892][T15859]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1544.391983][T15859]  ? __fget_files+0x26a/0x480
[ 1544.396685][T15859]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1544.401649][T15859]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1544.406560][T15859]  __x64_sys_ioctl+0x197/0x210
[ 1544.411342][T15859]  do_syscall_64+0x39/0xb0
[ 1544.415778][T15859]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1544.421691][T15859] RIP: 0033:0x7f4a5d88c169
[ 1544.426111][T15859] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1544.445812][T15859] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1544.454331][T15859] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1544.462309][T15859] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
22:30:06 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

[ 1544.470286][T15859] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1544.478266][T15859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1544.486238][T15859] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1544.494228][T15859]  </TASK>
22:30:06 executing program 2:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='ufshcd_auto_bkops_state\x00'}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
syz_open_procfs(0x0, &(0x7f0000000380)='net/rfcomm\x00')
openat$vcsa(0xffffffffffffff9c, &(0x7f00000003c0), 0x200841, 0x0) (async)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
pipe2(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x880)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000580)="0f218bb8010000000f01d9660f38820cfcf3410fc7b4730c000000c7442400ec000000c74424024bf40000ff1df124672467f80cb8b8e3bd84ef66bafc0cb8c5887058ef440f20c0350f000000440f22c00f22c2c441f9e664cd002ef040f797ffb90000", 0x64}], 0x1, 0x8, &(0x7f00000001c0), 0x0) (async)
r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r6, &(0x7f0000001280)=[{&(0x7f0000000440)=""/227, 0xe3}, {&(0x7f00000012c0)=""/4090, 0xffa}], 0x2, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(r6, r5, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f00000000c0)="0f01c9660f78c0000534c166b9080900000f320f01366bb63e260f01cf0f01c2baf80c66b8cc11068066efbafc0c66ed650ff9e7660f7f6b20", 0x3b}], 0x17b, 0x0, &(0x7f0000000340)=[@flags={0x3, 0x220310}, @dstype3={0x7, 0xe}], 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r7 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
flock(r7, 0x8)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000000540)=0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000001200)=@usbdevfs_connect)

22:30:06 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:06 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 21)

22:30:07 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:07 executing program 2:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='ufshcd_auto_bkops_state\x00'}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_open_procfs(0x0, &(0x7f0000000380)='net/rfcomm\x00') (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000003c0), 0x200841, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
pipe2(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x880)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000580)="0f218bb8010000000f01d9660f38820cfcf3410fc7b4730c000000c7442400ec000000c74424024bf40000ff1df124672467f80cb8b8e3bd84ef66bafc0cb8c5887058ef440f20c0350f000000440f22c00f22c2c441f9e664cd002ef040f797ffb90000", 0x64}], 0x1, 0x8, &(0x7f00000001c0), 0x0)
r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r6, &(0x7f0000001280)=[{&(0x7f0000000440)=""/227, 0xe3}, {&(0x7f00000012c0)=""/4090, 0xffa}], 0x2, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(r6, r5, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f00000000c0)="0f01c9660f78c0000534c166b9080900000f320f01366bb63e260f01cf0f01c2baf80c66b8cc11068066efbafc0c66ed650ff9e7660f7f6b20", 0x3b}], 0x17b, 0x0, &(0x7f0000000340)=[@flags={0x3, 0x220310}, @dstype3={0x7, 0xe}], 0x2) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r7 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
flock(r7, 0x8) (async)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000000540)=0x2) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000001200)=@usbdevfs_connect)

22:30:07 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:07 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1545.309408][T15904] FAULT_INJECTION: forcing a failure.
[ 1545.309408][T15904] name failslab, interval 1, probability 0, space 0, times 0
[ 1545.351379][T15904] CPU: 1 PID: 15904 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1545.361857][T15904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1545.371945][T15904] Call Trace:
[ 1545.375241][T15904]  <TASK>
[ 1545.378183][T15904]  dump_stack_lvl+0x136/0x150
[ 1545.383084][T15904]  should_fail_ex+0x4a3/0x5b0
[ 1545.387812][T15904]  should_failslab+0x9/0x20
[ 1545.392353][T15904]  kmem_cache_alloc+0x63/0x3b0
[ 1545.397167][T15904]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1545.403102][T15904]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1545.409217][T15904]  mmu_topup_memory_caches+0x1f/0xd0
[ 1545.414544][T15904]  kvm_mmu_load+0xd6/0x2140
[ 1545.419092][T15904]  ? find_held_lock+0x2d/0x110
[ 1545.423909][T15904]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1545.429411][T15904]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1545.435068][T15904]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1545.440990][T15904]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1545.446257][T15904]  ? invept_error+0xb0/0xb0
[ 1545.450782][T15904]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1545.455824][T15904]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1545.460876][T15904]  ? lock_sync+0x190/0x190
[ 1545.465314][T15904]  ? kvm_check_nested_events+0xf0/0xf0
[ 1545.470780][T15904]  ? mark_held_locks+0x9f/0xe0
[ 1545.475559][T15904]  ? __local_bh_enable_ip+0xa4/0x130
[ 1545.480857][T15904]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1545.486069][T15904]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1545.491446][T15904]  ? __local_bh_enable_ip+0xa4/0x130
[ 1545.496836][T15904]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1545.502566][T15904]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1545.508129][T15904]  kvm_vcpu_ioctl+0x574/0xea0
[ 1545.512925][T15904]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1545.517729][T15904]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1545.524173][T15904]  ? __fget_files+0x26a/0x480
[ 1545.528960][T15904]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1545.533916][T15904]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1545.538779][T15904]  __x64_sys_ioctl+0x197/0x210
[ 1545.543567][T15904]  do_syscall_64+0x39/0xb0
[ 1545.548016][T15904]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1545.553926][T15904] RIP: 0033:0x7f4a5d88c169
[ 1545.558362][T15904] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1545.577975][T15904] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1545.586396][T15904] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1545.594371][T15904] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1545.602345][T15904] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1545.610324][T15904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1545.618312][T15904] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1545.626315][T15904]  </TASK>
[ 1545.629654][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1545.638090][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
22:30:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:07 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
r2 = signalfd(r1, &(0x7f0000000000)={[0x3]}, 0x8)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f00000012c0)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYRES32=r3, @ANYBLOB="01000000000000002e2f66696c653000d4eaabaccf43523ee6d7db2c4b4f2ad659b44ad1fc94fc7978b52b3c57e7ac7b6818084d3956b08ef9f303e254a5734ee56a9343e1cb59a0b4fdd917fe56057e6cdbfde859fcb985dc894d50aafb8d177a09836a5d548df567ea1b9078bba7f9df6b747eb44a21c7ecde6f78437e4c055b38379691419c49d6df9591e0f40235e3e2c8dc5c448a6da271c0dca04bc33f4e857752875a063c1582b43c27bcc61447dfd9e8afade31e959868863a8523c46108fc15ee2b1cc38db71b76606a4ec94fac4a5a901928b0d4844d3528b4b9fe91293e680eeb6a2ee45d958c190a43aa9a81390f3f50c27030eba6b26d37aa2e10b2cb97721522cd4dac5982de5b0b1e272faa03fb3b91b37061cc3ee8e3d68f60ad881c831f06e9f24653e7645a8aad349da4d09aa76654d62eeeebc674be9b46acb358283a04da78012e2c395d27aac1871156baef9303ff1b7b00710a0ecc563fe5edefc8f5d0382d2af844421913f3fd5c74cd5a21315a3c7b7af0ca42baa2d68d71b1f822864f817999dc1574c874"])
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000040)={0x9, <r4=>r1, 0x80000})
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000080))

22:30:07 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 22)

22:30:07 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:07 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

[ 1545.975007][ T1216] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.981483][ T1216] ieee802154 phy1 wpan1: encryption failed: -22
22:30:08 executing program 2:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
signalfd(r1, &(0x7f0000000000)={[0x3]}, 0x8) (async)
r2 = signalfd(r1, &(0x7f0000000000)={[0x3]}, 0x8)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f00000012c0)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYRES32=r3, @ANYBLOB="01000000000000002e2f66696c653000d4eaabaccf43523ee6d7db2c4b4f2ad659b44ad1fc94fc7978b52b3c57e7ac7b6818084d3956b08ef9f303e254a5734ee56a9343e1cb59a0b4fdd917fe56057e6cdbfde859fcb985dc894d50aafb8d177a09836a5d548df567ea1b9078bba7f9df6b747eb44a21c7ecde6f78437e4c055b38379691419c49d6df9591e0f40235e3e2c8dc5c448a6da271c0dca04bc33f4e857752875a063c1582b43c27bcc61447dfd9e8afade31e959868863a8523c46108fc15ee2b1cc38db71b76606a4ec94fac4a5a901928b0d4844d3528b4b9fe91293e680eeb6a2ee45d958c190a43aa9a81390f3f50c27030eba6b26d37aa2e10b2cb97721522cd4dac5982de5b0b1e272faa03fb3b91b37061cc3ee8e3d68f60ad881c831f06e9f24653e7645a8aad349da4d09aa76654d62eeeebc674be9b46acb358283a04da78012e2c395d27aac1871156baef9303ff1b7b00710a0ecc563fe5edefc8f5d0382d2af844421913f3fd5c74cd5a21315a3c7b7af0ca42baa2d68d71b1f822864f817999dc1574c874"])
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000040)={0x9, <r4=>r1, 0x80000})
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000080)) (async)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000080))

22:30:08 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

[ 1546.427541][T15940] FAULT_INJECTION: forcing a failure.
[ 1546.427541][T15940] name failslab, interval 1, probability 0, space 0, times 0
[ 1546.466017][T15940] CPU: 1 PID: 15940 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1546.476667][T15940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1546.486755][T15940] Call Trace:
[ 1546.490051][T15940]  <TASK>
[ 1546.493007][T15940]  dump_stack_lvl+0x136/0x150
[ 1546.497765][T15940]  should_fail_ex+0x4a3/0x5b0
[ 1546.502491][T15940]  should_failslab+0x9/0x20
[ 1546.507092][T15940]  kmem_cache_alloc+0x63/0x3b0
[ 1546.511881][T15940]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1546.517891][T15940]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1546.524013][T15940]  mmu_topup_memory_caches+0x1f/0xd0
[ 1546.529470][T15940]  kvm_mmu_load+0xd6/0x2140
[ 1546.534023][T15940]  ? find_held_lock+0x2d/0x110
[ 1546.538927][T15940]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1546.544524][T15940]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1546.550299][T15940]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1546.556247][T15940]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1546.561409][T15940]  ? invept_error+0xb0/0xb0
[ 1546.565957][T15940]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1546.571032][T15940]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1546.576113][T15940]  ? lock_sync+0x190/0x190
[ 1546.580574][T15940]  ? kvm_check_nested_events+0xf0/0xf0
[ 1546.586063][T15940]  ? mark_held_locks+0x9f/0xe0
[ 1546.590872][T15940]  ? __local_bh_enable_ip+0xa4/0x130
[ 1546.596199][T15940]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1546.601434][T15940]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1546.606845][T15940]  ? __local_bh_enable_ip+0xa4/0x130
[ 1546.612273][T15940]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1546.618037][T15940]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1546.623647][T15940]  kvm_vcpu_ioctl+0x574/0xea0
[ 1546.628386][T15940]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1546.633204][T15940]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1546.639344][T15940]  ? __fget_files+0x26a/0x480
[ 1546.644077][T15940]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1546.649066][T15940]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1546.654046][T15940]  __x64_sys_ioctl+0x197/0x210
[ 1546.658864][T15940]  do_syscall_64+0x39/0xb0
[ 1546.663329][T15940]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1546.669271][T15940] RIP: 0033:0x7f4a5d88c169
[ 1546.673721][T15940] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1546.693393][T15940] RSP: 002b:00007f4a5c3fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1546.701937][T15940] RAX: ffffffffffffffda RBX: 00007f4a5d9abf80 RCX: 00007f4a5d88c169
[ 1546.710211][T15940] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1546.718745][T15940] RBP: 00007f4a5c3fe1d0 R08: 0000000000000000 R09: 0000000000000000
22:30:08 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1546.726806][T15940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1546.735602][T15940] R13: 00007f4a5dacfb1f R14: 00007f4a5c3fe300 R15: 0000000000022000
[ 1546.743851][T15940]  </TASK>
22:30:08 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async, rerun: 32)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (rerun: 32)
r2 = signalfd(r1, &(0x7f0000000000)={[0x3]}, 0x8) (async)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f00000012c0)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYRES32=r3, @ANYBLOB="01000000000000002e2f66696c653000d4eaabaccf43523ee6d7db2c4b4f2ad659b44ad1fc94fc7978b52b3c57e7ac7b6818084d3956b08ef9f303e254a5734ee56a9343e1cb59a0b4fdd917fe56057e6cdbfde859fcb985dc894d50aafb8d177a09836a5d548df567ea1b9078bba7f9df6b747eb44a21c7ecde6f78437e4c055b38379691419c49d6df9591e0f40235e3e2c8dc5c448a6da271c0dca04bc33f4e857752875a063c1582b43c27bcc61447dfd9e8afade31e959868863a8523c46108fc15ee2b1cc38db71b76606a4ec94fac4a5a901928b0d4844d3528b4b9fe91293e680eeb6a2ee45d958c190a43aa9a81390f3f50c27030eba6b26d37aa2e10b2cb97721522cd4dac5982de5b0b1e272faa03fb3b91b37061cc3ee8e3d68f60ad881c831f06e9f24653e7645a8aad349da4d09aa76654d62eeeebc674be9b46acb358283a04da78012e2c395d27aac1871156baef9303ff1b7b00710a0ecc563fe5edefc8f5d0382d2af844421913f3fd5c74cd5a21315a3c7b7af0ca42baa2d68d71b1f822864f817999dc1574c874"]) (async)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000040)={0x9, <r4=>r1, 0x80000})
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000080))

22:30:08 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:08 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:08 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 23)

22:30:09 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x60000, 0x158)
write$6lowpan_enable(r1, &(0x7f0000000040)='0', 0x1)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:30:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

[ 1547.441576][T15994] FAULT_INJECTION: forcing a failure.
[ 1547.441576][T15994] name failslab, interval 1, probability 0, space 0, times 0
[ 1547.473291][T15994] CPU: 0 PID: 15994 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1547.484986][T15994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1547.495511][T15994] Call Trace:
[ 1547.498839][T15994]  <TASK>
[ 1547.501871][T15994]  dump_stack_lvl+0x136/0x150
[ 1547.506855][T15994]  should_fail_ex+0x4a3/0x5b0
[ 1547.511612][T15994]  should_failslab+0x9/0x20
[ 1547.517465][T15994]  kmem_cache_alloc+0x63/0x3b0
[ 1547.522551][T15994]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1547.528765][T15994]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1547.534981][T15994]  mmu_topup_memory_caches+0x1f/0xd0
[ 1547.540569][T15994]  kvm_mmu_load+0xd6/0x2140
[ 1547.545100][T15994]  ? find_held_lock+0x2d/0x110
[ 1547.549886][T15994]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1547.555369][T15994]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1547.561019][T15994]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1547.566930][T15994]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1547.572059][T15994]  ? invept_error+0xb0/0xb0
[ 1547.577448][T15994]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1547.583363][T15994]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1547.588416][T15994]  ? lock_sync+0x190/0x190
[ 1547.592851][T15994]  ? kvm_check_nested_events+0xf0/0xf0
[ 1547.598499][T15994]  ? mark_held_locks+0x9f/0xe0
[ 1547.603718][T15994]  ? __local_bh_enable_ip+0xa4/0x130
[ 1547.609367][T15994]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1547.614579][T15994]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1547.619962][T15994]  ? __local_bh_enable_ip+0xa4/0x130
[ 1547.625268][T15994]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1547.630995][T15994]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1547.636659][T15994]  kvm_vcpu_ioctl+0x574/0xea0
[ 1547.641351][T15994]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1547.646147][T15994]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1547.653372][T15994]  ? __fget_files+0x26a/0x480
[ 1547.658178][T15994]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1547.663136][T15994]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1547.667916][T15994]  __x64_sys_ioctl+0x197/0x210
[ 1547.673083][T15994]  do_syscall_64+0x39/0xb0
[ 1547.677871][T15994]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1547.683873][T15994] RIP: 0033:0x7f4a5d88c169
[ 1547.688559][T15994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1547.709195][T15994] RSP: 002b:00007f4a5c3fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1547.718142][T15994] RAX: ffffffffffffffda RBX: 00007f4a5d9abf80 RCX: 00007f4a5d88c169
[ 1547.727427][T15994] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1547.737662][T15994] RBP: 00007f4a5c3fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1547.746164][T15994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1547.754318][T15994] R13: 00007f4a5dacfb1f R14: 00007f4a5c3fe300 R15: 0000000000022000
[ 1547.763532][T15994]  </TASK>
[ 1547.766777][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1547.773828][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1547.782205][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
22:30:09 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x60000, 0x158)
write$6lowpan_enable(r1, &(0x7f0000000040)='0', 0x1) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:30:09 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:09 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:09 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:10 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x60000, 0x158)
write$6lowpan_enable(r1, &(0x7f0000000040)='0', 0x1) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4) (async)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:30:10 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 24)

22:30:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

[ 1548.348718][T16029] FAULT_INJECTION: forcing a failure.
[ 1548.348718][T16029] name failslab, interval 1, probability 0, space 0, times 0
[ 1548.363364][T16029] CPU: 1 PID: 16029 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1548.375056][T16029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1548.385251][T16029] Call Trace:
[ 1548.388571][T16029]  <TASK>
[ 1548.392308][T16029]  dump_stack_lvl+0x136/0x150
[ 1548.397036][T16029]  should_fail_ex+0x4a3/0x5b0
[ 1548.401853][T16029]  should_failslab+0x9/0x20
[ 1548.406392][T16029]  kmem_cache_alloc+0x63/0x3b0
[ 1548.411294][T16029]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1548.417346][T16029]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1548.423462][T16029]  mmu_topup_memory_caches+0x1f/0xd0
[ 1548.429377][T16029]  kvm_mmu_load+0xd6/0x2140
[ 1548.433930][T16029]  ? find_held_lock+0x2d/0x110
[ 1548.438729][T16029]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1548.444488][T16029]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1548.450150][T16029]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1548.456160][T16029]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1548.461296][T16029]  ? invept_error+0xb0/0xb0
[ 1548.466082][T16029]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1548.471229][T16029]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1548.476301][T16029]  ? lock_sync+0x190/0x190
[ 1548.481101][T16029]  ? kvm_check_nested_events+0xf0/0xf0
[ 1548.486572][T16029]  ? mark_held_locks+0x9f/0xe0
[ 1548.491874][T16029]  ? __local_bh_enable_ip+0xa4/0x130
[ 1548.497609][T16029]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1548.502831][T16029]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1548.508385][T16029]  ? __local_bh_enable_ip+0xa4/0x130
[ 1548.513774][T16029]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1548.519596][T16029]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1548.525510][T16029]  kvm_vcpu_ioctl+0x574/0xea0
[ 1548.530288][T16029]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1548.535148][T16029]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1548.541437][T16029]  ? __fget_files+0x26a/0x480
[ 1548.546414][T16029]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1548.551367][T16029]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1548.556489][T16029]  __x64_sys_ioctl+0x197/0x210
[ 1548.561538][T16029]  do_syscall_64+0x39/0xb0
[ 1548.566324][T16029]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1548.572235][T16029] RIP: 0033:0x7f4a5d88c169
[ 1548.576660][T16029] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
22:30:10 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="0f01cf400f01df3e6566440fc730f3a5420f019af3000000b805000000b9c128b8010f01d90fc7ac6600980000b9600200000f322e470f01c3c4a2593a9603000000", 0x42}], 0x1, 0x71, &(0x7f00000000c0)=[@cr0={0x0, 0x40040020}, @dstype0={0x6, 0x4}], 0x2)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)

[ 1548.596711][T16029] RSP: 002b:00007f4a5c3fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1548.605133][T16029] RAX: ffffffffffffffda RBX: 00007f4a5d9abf80 RCX: 00007f4a5d88c169
[ 1548.613395][T16029] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1548.621632][T16029] RBP: 00007f4a5c3fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1548.629711][T16029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1548.637775][T16029] R13: 00007f4a5dacfb1f R14: 00007f4a5c3fe300 R15: 0000000000022000
[ 1548.645767][T16029]  </TASK>
22:30:10 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:10 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 25)

22:30:10 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="0f01cf400f01df3e6566440fc730f3a5420f019af3000000b805000000b9c128b8010f01d90fc7ac6600980000b9600200000f322e470f01c3c4a2593a9603000000", 0x42}], 0x1, 0x71, &(0x7f00000000c0)=[@cr0={0x0, 0x40040020}, @dstype0={0x6, 0x4}], 0x2)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)

22:30:11 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:11 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:11 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

[ 1549.085133][T16066] FAULT_INJECTION: forcing a failure.
[ 1549.085133][T16066] name failslab, interval 1, probability 0, space 0, times 0
[ 1549.108913][T16066] CPU: 1 PID: 16066 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1549.119706][T16066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1549.130844][T16066] Call Trace:
[ 1549.134160][T16066]  <TASK>
[ 1549.137114][T16066]  dump_stack_lvl+0x136/0x150
[ 1549.141850][T16066]  should_fail_ex+0x4a3/0x5b0
[ 1549.146579][T16066]  should_failslab+0x9/0x20
[ 1549.151107][T16066]  kmem_cache_alloc+0x63/0x3b0
[ 1549.156086][T16066]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1549.162003][T16066]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1549.168098][T16066]  mmu_topup_memory_caches+0x1f/0xd0
[ 1549.173494][T16066]  kvm_mmu_load+0xd6/0x2140
[ 1549.178016][T16066]  ? find_held_lock+0x2d/0x110
[ 1549.182801][T16066]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1549.188289][T16066]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1549.193936][T16066]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1549.199875][T16066]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1549.205004][T16066]  ? invept_error+0xb0/0xb0
[ 1549.209528][T16066]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1549.214571][T16066]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1549.219656][T16066]  ? lock_sync+0x190/0x190
[ 1549.224262][T16066]  ? kvm_check_nested_events+0xf0/0xf0
[ 1549.229730][T16066]  ? mark_held_locks+0x9f/0xe0
[ 1549.234511][T16066]  ? __local_bh_enable_ip+0xa4/0x130
[ 1549.239814][T16066]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1549.245026][T16066]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1549.250405][T16066]  ? __local_bh_enable_ip+0xa4/0x130
[ 1549.255726][T16066]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1549.261458][T16066]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1549.267048][T16066]  kvm_vcpu_ioctl+0x574/0xea0
[ 1549.271768][T16066]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1549.276549][T16066]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1549.282647][T16066]  ? __fget_files+0x26a/0x480
[ 1549.287347][T16066]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1549.292298][T16066]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1549.297090][T16066]  __x64_sys_ioctl+0x197/0x210
[ 1549.301876][T16066]  do_syscall_64+0x39/0xb0
[ 1549.306313][T16066]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1549.312231][T16066] RIP: 0033:0x7f4a5d88c169
[ 1549.316653][T16066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1549.336277][T16066] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1549.344699][T16066] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1549.352674][T16066] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1549.360669][T16066] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1549.368643][T16066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1549.376621][T16066] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1549.384616][T16066]  </TASK>
22:30:11 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:11 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 26)

22:30:11 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="0f01cf400f01df3e6566440fc730f3a5420f019af3000000b805000000b9c128b8010f01d90fc7ac6600980000b9600200000f322e470f01c3c4a2593a9603000000", 0x42}], 0x1, 0x71, &(0x7f00000000c0)=[@cr0={0x0, 0x40040020}, @dstype0={0x6, 0x4}], 0x2)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="0f01cf400f01df3e6566440fc730f3a5420f019af3000000b805000000b9c128b8010f01d90fc7ac6600980000b9600200000f322e470f01c3c4a2593a9603000000", 0x42}], 0x1, 0x71, &(0x7f00000000c0)=[@cr0={0x0, 0x40040020}, @dstype0={0x6, 0x4}], 0x2) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async)

[ 1549.813079][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1549.821371][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
22:30:11 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:11 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:11 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

[ 1549.889090][T16103] FAULT_INJECTION: forcing a failure.
[ 1549.889090][T16103] name failslab, interval 1, probability 0, space 0, times 0
[ 1549.942719][T16103] CPU: 1 PID: 16103 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1549.953371][T16103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1549.963465][T16103] Call Trace:
[ 1549.966773][T16103]  <TASK>
[ 1549.969732][T16103]  dump_stack_lvl+0x136/0x150
[ 1549.974473][T16103]  should_fail_ex+0x4a3/0x5b0
[ 1549.979213][T16103]  should_failslab+0x9/0x20
[ 1549.983757][T16103]  kmem_cache_alloc+0x63/0x3b0
[ 1549.988587][T16103]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1549.994527][T16103]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1550.000654][T16103]  mmu_topup_memory_caches+0x1f/0xd0
[ 1550.005987][T16103]  kvm_mmu_load+0xd6/0x2140
[ 1550.010551][T16103]  ? find_held_lock+0x2d/0x110
[ 1550.015372][T16103]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1550.020872][T16103]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1550.026541][T16103]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1550.032470][T16103]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1550.037615][T16103]  ? invept_error+0xb0/0xb0
[ 1550.042138][T16103]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1550.047213][T16103]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1550.052281][T16103]  ? lock_sync+0x190/0x190
[ 1550.056732][T16103]  ? kvm_check_nested_events+0xf0/0xf0
[ 1550.062218][T16103]  ? mark_held_locks+0x9f/0xe0
[ 1550.067005][T16103]  ? __local_bh_enable_ip+0xa4/0x130
[ 1550.072305][T16103]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1550.077519][T16103]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1550.082904][T16103]  ? __local_bh_enable_ip+0xa4/0x130
[ 1550.088202][T16103]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1550.093945][T16103]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1550.099513][T16103]  kvm_vcpu_ioctl+0x574/0xea0
[ 1550.104209][T16103]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1550.108990][T16103]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1550.115084][T16103]  ? __fget_files+0x26a/0x480
[ 1550.119787][T16103]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1550.124740][T16103]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1550.129690][T16103]  __x64_sys_ioctl+0x197/0x210
[ 1550.134478][T16103]  do_syscall_64+0x39/0xb0
[ 1550.138915][T16103]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1550.144826][T16103] RIP: 0033:0x7f4a5d88c169
[ 1550.149257][T16103] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1550.168872][T16103] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1550.177487][T16103] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
22:30:12 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x84800, 0x0)
fcntl$dupfd(r2, 0x406, r3)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

[ 1550.185462][T16103] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1550.194828][T16103] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1550.202800][T16103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1550.211038][T16103] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1550.219028][T16103]  </TASK>
22:30:12 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 27)

22:30:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:12 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, 0xffffffffffffffff, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:12 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

[ 1550.755905][T16139] FAULT_INJECTION: forcing a failure.
[ 1550.755905][T16139] name failslab, interval 1, probability 0, space 0, times 0
[ 1550.782514][T16139] CPU: 1 PID: 16139 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1550.792990][T16139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1550.803071][T16139] Call Trace:
[ 1550.806359][T16139]  <TASK>
[ 1550.809302][T16139]  dump_stack_lvl+0x136/0x150
[ 1550.814011][T16139]  should_fail_ex+0x4a3/0x5b0
[ 1550.818717][T16139]  should_failslab+0x9/0x20
[ 1550.823231][T16139]  kmem_cache_alloc+0x63/0x3b0
[ 1550.828024][T16139]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1550.833951][T16139]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1550.840043][T16139]  mmu_topup_memory_caches+0x1f/0xd0
[ 1550.845339][T16139]  kvm_mmu_load+0xd6/0x2140
[ 1550.849858][T16139]  ? find_held_lock+0x2d/0x110
[ 1550.854640][T16139]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1550.860127][T16139]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1550.865774][T16139]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1550.871690][T16139]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1550.876824][T16139]  ? invept_error+0xb0/0xb0
[ 1550.881355][T16139]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1550.886396][T16139]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1550.891457][T16139]  ? lock_sync+0x190/0x190
[ 1550.895895][T16139]  ? kvm_check_nested_events+0xf0/0xf0
[ 1550.901374][T16139]  ? mark_held_locks+0x9f/0xe0
[ 1550.906154][T16139]  ? __local_bh_enable_ip+0xa4/0x130
[ 1550.911466][T16139]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1550.916679][T16139]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1550.922057][T16139]  ? __local_bh_enable_ip+0xa4/0x130
[ 1550.927622][T16139]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1550.933437][T16139]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1550.939180][T16139]  kvm_vcpu_ioctl+0x574/0xea0
[ 1550.943874][T16139]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1550.948654][T16139]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1550.955089][T16139]  ? __fget_files+0x26a/0x480
[ 1550.959790][T16139]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1550.964741][T16139]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1550.970210][T16139]  __x64_sys_ioctl+0x197/0x210
[ 1550.974999][T16139]  do_syscall_64+0x39/0xb0
[ 1550.979434][T16139]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1550.985345][T16139] RIP: 0033:0x7f4a5d88c169
[ 1550.989766][T16139] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1551.009639][T16139] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1551.018060][T16139] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1551.026045][T16139] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1551.034019][T16139] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1551.041993][T16139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1551.049971][T16139] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1551.057966][T16139]  </TASK>
22:30:13 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, 0xffffffffffffffff, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:13 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x84800, 0x0)
fcntl$dupfd(r2, 0x406, r3) (async)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

22:30:13 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:13 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 28)

22:30:13 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:13 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x84800, 0x0)
fcntl$dupfd(r2, 0x406, r3)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
preadv(r2, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x84800, 0x0) (async)
fcntl$dupfd(r2, 0x406, r3) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)

[ 1551.795711][T16182] FAULT_INJECTION: forcing a failure.
[ 1551.795711][T16182] name failslab, interval 1, probability 0, space 0, times 0
[ 1551.821102][T16182] CPU: 1 PID: 16182 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1551.831573][T16182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1551.841659][T16182] Call Trace:
[ 1551.844963][T16182]  <TASK>
[ 1551.847914][T16182]  dump_stack_lvl+0x136/0x150
[ 1551.852641][T16182]  should_fail_ex+0x4a3/0x5b0
[ 1551.857366][T16182]  should_failslab+0x9/0x20
[ 1551.861903][T16182]  kmem_cache_alloc+0x63/0x3b0
[ 1551.866710][T16182]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1551.872646][T16182]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1551.879026][T16182]  mmu_topup_memory_caches+0x1f/0xd0
[ 1551.884354][T16182]  kvm_mmu_load+0xd6/0x2140
[ 1551.889075][T16182]  ? find_held_lock+0x2d/0x110
[ 1551.893887][T16182]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1551.899402][T16182]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1551.905079][T16182]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1551.911007][T16182]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1551.916140][T16182]  ? invept_error+0xb0/0xb0
[ 1551.920660][T16182]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1551.925731][T16182]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1551.930868][T16182]  ? lock_sync+0x190/0x190
[ 1551.935390][T16182]  ? kvm_check_nested_events+0xf0/0xf0
[ 1551.940859][T16182]  ? mark_held_locks+0x9f/0xe0
[ 1551.945638][T16182]  ? __local_bh_enable_ip+0xa4/0x130
[ 1551.950950][T16182]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1551.956230][T16182]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1551.961694][T16182]  ? __local_bh_enable_ip+0xa4/0x130
[ 1551.967017][T16182]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1551.972745][T16182]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1551.978314][T16182]  kvm_vcpu_ioctl+0x574/0xea0
[ 1551.983005][T16182]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1551.987888][T16182]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1551.994001][T16182]  ? __fget_files+0x26a/0x480
[ 1551.998711][T16182]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1552.003669][T16182]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1552.008446][T16182]  __x64_sys_ioctl+0x197/0x210
[ 1552.013240][T16182]  do_syscall_64+0x39/0xb0
[ 1552.017680][T16182]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1552.023603][T16182] RIP: 0033:0x7f4a5d88c169
[ 1552.028027][T16182] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1552.047644][T16182] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1552.056075][T16182] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1552.064053][T16182] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1552.072027][T16182] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1552.080089][T16182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1552.088065][T16182] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
22:30:14 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

[ 1552.096059][T16182]  </TASK>
[ 1552.099438][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1552.107633][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
22:30:14 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000080)="f043003f262643dbe20f79810500000048b800000000008000000f23c00f21f835000000000f23f866b851008ed0f40fb6182e6466f245e100450f7865340f01ca", 0x41}], 0x1, 0x2, &(0x7f0000001240)=[@dstype3={0x7, 0x1}, @cstype3={0x5, 0x8}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x2, 0x1000, &(0x7f0000000000/0x1000)=nil})

22:30:14 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, 0xffffffffffffffff, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:14 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:14 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 29)

22:30:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:14 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:14 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r0, 0x0)
r1 = dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r2, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1552.840587][T16221] FAULT_INJECTION: forcing a failure.
[ 1552.840587][T16221] name failslab, interval 1, probability 0, space 0, times 0
[ 1552.900474][T16221] CPU: 0 PID: 16221 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1552.911645][T16221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1552.922457][T16221] Call Trace:
[ 1552.925808][T16221]  <TASK>
[ 1552.928896][T16221]  dump_stack_lvl+0x136/0x150
[ 1552.933638][T16221]  should_fail_ex+0x4a3/0x5b0
[ 1552.938376][T16221]  should_failslab+0x9/0x20
[ 1552.942931][T16221]  kmem_cache_alloc+0x63/0x3b0
[ 1552.947754][T16221]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1552.953714][T16221]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1552.959861][T16221]  mmu_topup_memory_caches+0x1f/0xd0
[ 1552.965200][T16221]  kvm_mmu_load+0xd6/0x2140
[ 1552.969759][T16221]  ? find_held_lock+0x2d/0x110
[ 1552.974579][T16221]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1552.980085][T16221]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1552.985753][T16221]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1552.991679][T16221]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1552.996808][T16221]  ? invept_error+0xb0/0xb0
[ 1553.001331][T16221]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1553.006406][T16221]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1553.011457][T16221]  ? lock_sync+0x190/0x190
[ 1553.015992][T16221]  ? kvm_check_nested_events+0xf0/0xf0
[ 1553.021547][T16221]  ? mark_held_locks+0x9f/0xe0
[ 1553.026330][T16221]  ? __local_bh_enable_ip+0xa4/0x130
[ 1553.031674][T16221]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1553.036895][T16221]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1553.042273][T16221]  ? __local_bh_enable_ip+0xa4/0x130
[ 1553.047573][T16221]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1553.053479][T16221]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1553.059129][T16221]  kvm_vcpu_ioctl+0x574/0xea0
[ 1553.063838][T16221]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1553.068627][T16221]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1553.074718][T16221]  ? __fget_files+0x26a/0x480
[ 1553.079416][T16221]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1553.084369][T16221]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1553.089141][T16221]  __x64_sys_ioctl+0x197/0x210
[ 1553.094095][T16221]  do_syscall_64+0x39/0xb0
[ 1553.098527][T16221]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1553.104785][T16221] RIP: 0033:0x7f4a5d88c169
[ 1553.109294][T16221] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1553.128996][T16221] RSP: 002b:00007f4a5c3fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1553.137416][T16221] RAX: ffffffffffffffda RBX: 00007f4a5d9abf80 RCX: 00007f4a5d88c169
22:30:15 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r0, 0x0)
r1 = dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r2, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1553.145478][T16221] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1553.153464][T16221] RBP: 00007f4a5c3fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1553.161704][T16221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1553.170026][T16221] R13: 00007f4a5dacfb1f R14: 00007f4a5c3fe300 R15: 0000000000022000
[ 1553.178015][T16221]  </TASK>
[ 1553.181198][    C0] vkms_vblank_simulate: vblank timer overrun
22:30:15 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000080)="f043003f262643dbe20f79810500000048b800000000008000000f23c00f21f835000000000f23f866b851008ed0f40fb6182e6466f245e100450f7865340f01ca", 0x41}], 0x1, 0x2, &(0x7f0000001240)=[@dstype3={0x7, 0x1}, @cstype3={0x5, 0x8}], 0x2) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x2, 0x1000, &(0x7f0000000000/0x1000)=nil})

22:30:15 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:15 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 30)

22:30:15 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r0, 0x0)
r1 = dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r2, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:15 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:15 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async, rerun: 64)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (rerun: 64)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 32)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32)
preadv(r3, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000080)="f043003f262643dbe20f79810500000048b800000000008000000f23c00f21f835000000000f23f866b851008ed0f40fb6182e6466f245e100450f7865340f01ca", 0x41}], 0x1, 0x2, &(0x7f0000001240)=[@dstype3={0x7, 0x1}, @cstype3={0x5, 0x8}], 0x2) (async, rerun: 32)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x2, 0x1000, &(0x7f0000000000/0x1000)=nil}) (rerun: 32)

22:30:15 executing program 3:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r1, 0x0)
r2 = dup(r0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1553.717160][T16263] FAULT_INJECTION: forcing a failure.
[ 1553.717160][T16263] name failslab, interval 1, probability 0, space 0, times 0
[ 1553.730283][T16263] CPU: 1 PID: 16263 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1553.740738][T16263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1553.750913][T16263] Call Trace:
[ 1553.754220][T16263]  <TASK>
[ 1553.758036][T16263]  dump_stack_lvl+0x136/0x150
[ 1553.762770][T16263]  should_fail_ex+0x4a3/0x5b0
[ 1553.767859][T16263]  should_failslab+0x9/0x20
[ 1553.772395][T16263]  kmem_cache_alloc+0x63/0x3b0
[ 1553.777211][T16263]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1553.783138][T16263]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1553.789241][T16263]  mmu_topup_memory_caches+0x1f/0xd0
[ 1553.794568][T16263]  kvm_mmu_load+0xd6/0x2140
[ 1553.799115][T16263]  ? find_held_lock+0x2d/0x110
[ 1553.803923][T16263]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1553.809435][T16263]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1553.815109][T16263]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1553.821051][T16263]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1553.826209][T16263]  ? invept_error+0xb0/0xb0
[ 1553.830773][T16263]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1553.835844][T16263]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1553.840930][T16263]  ? lock_sync+0x190/0x190
[ 1553.845386][T16263]  ? kvm_check_nested_events+0xf0/0xf0
[ 1553.850884][T16263]  ? mark_held_locks+0x9f/0xe0
[ 1553.855704][T16263]  ? __local_bh_enable_ip+0xa4/0x130
[ 1553.861036][T16263]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1553.866276][T16263]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1553.871690][T16263]  ? __local_bh_enable_ip+0xa4/0x130
[ 1553.877019][T16263]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1553.882776][T16263]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1553.888373][T16263]  kvm_vcpu_ioctl+0x574/0xea0
[ 1553.893097][T16263]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1553.897916][T16263]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1553.904049][T16263]  ? __fget_files+0x26a/0x480
[ 1553.908784][T16263]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1553.913788][T16263]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1553.918609][T16263]  __x64_sys_ioctl+0x197/0x210
[ 1553.923519][T16263]  do_syscall_64+0x39/0xb0
[ 1553.928161][T16263]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1553.934191][T16263] RIP: 0033:0x7f4a5d88c169
[ 1553.938638][T16263] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1553.958290][T16263] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1553.966755][T16263] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1553.974795][T16263] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1553.982813][T16263] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1553.990830][T16263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1553.998836][T16263] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1554.006863][T16263]  </TASK>
22:30:16 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:16 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

[ 1554.133080][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1554.141340][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
22:30:16 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:16 executing program 3:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r1, 0x0)
r2 = dup(r0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:16 executing program 3:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r1, 0x0)
r2 = dup(r0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:16 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:16 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 31)

22:30:16 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1554.714164][T16308] FAULT_INJECTION: forcing a failure.
[ 1554.714164][T16308] name failslab, interval 1, probability 0, space 0, times 0
[ 1554.737884][T16308] CPU: 1 PID: 16308 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1554.748351][T16308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1554.758415][T16308] Call Trace:
[ 1554.761709][T16308]  <TASK>
[ 1554.764757][T16308]  dump_stack_lvl+0x136/0x150
[ 1554.769461][T16308]  should_fail_ex+0x4a3/0x5b0
[ 1554.774163][T16308]  should_failslab+0x9/0x20
[ 1554.778678][T16308]  kmem_cache_alloc+0x63/0x3b0
[ 1554.783463][T16308]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1554.789368][T16308]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1554.796058][T16308]  mmu_topup_memory_caches+0x1f/0xd0
[ 1554.801357][T16308]  kvm_mmu_load+0xd6/0x2140
[ 1554.805875][T16308]  ? find_held_lock+0x2d/0x110
[ 1554.810658][T16308]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1554.816133][T16308]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1554.821778][T16308]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1554.827684][T16308]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1554.832820][T16308]  ? invept_error+0xb0/0xb0
[ 1554.837332][T16308]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1554.842377][T16308]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1554.847423][T16308]  ? lock_sync+0x190/0x190
[ 1554.851849][T16308]  ? kvm_check_nested_events+0xf0/0xf0
[ 1554.857322][T16308]  ? mark_held_locks+0x9f/0xe0
[ 1554.862116][T16308]  ? __local_bh_enable_ip+0xa4/0x130
[ 1554.867412][T16308]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1554.872619][T16308]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1554.877998][T16308]  ? __local_bh_enable_ip+0xa4/0x130
[ 1554.883294][T16308]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1554.889017][T16308]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1554.894578][T16308]  kvm_vcpu_ioctl+0x574/0xea0
[ 1554.899290][T16308]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1554.904069][T16308]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1554.912259][T16308]  ? __fget_files+0x26a/0x480
[ 1554.917041][T16308]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1554.921995][T16308]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1554.927149][T16308]  __x64_sys_ioctl+0x197/0x210
[ 1554.931954][T16308]  do_syscall_64+0x39/0xb0
[ 1554.936580][T16308]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1554.942499][T16308] RIP: 0033:0x7f4a5d88c169
[ 1554.946916][T16308] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1554.966624][T16308] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1554.975042][T16308] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1554.983193][T16308] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1554.991168][T16308] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1554.999145][T16308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1555.007213][T16308] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1555.015522][T16308]  </TASK>
22:30:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:17 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0x0, 0x800, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:17 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 32)

22:30:17 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:17 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

22:30:17 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})

22:30:17 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:17 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

[ 1555.528547][T16339] FAULT_INJECTION: forcing a failure.
[ 1555.528547][T16339] name failslab, interval 1, probability 0, space 0, times 0
[ 1555.614893][T16339] CPU: 0 PID: 16339 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1555.625641][T16339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1555.636340][T16339] Call Trace:
[ 1555.640007][T16339]  <TASK>
[ 1555.643489][T16339]  dump_stack_lvl+0x136/0x150
[ 1555.648239][T16339]  should_fail_ex+0x4a3/0x5b0
[ 1555.653425][T16339]  should_failslab+0x9/0x20
[ 1555.657968][T16339]  kmem_cache_alloc+0x63/0x3b0
[ 1555.662788][T16339]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1555.668730][T16339]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1555.674846][T16339]  mmu_topup_memory_caches+0x1f/0xd0
[ 1555.680259][T16339]  kvm_mmu_load+0xd6/0x2140
[ 1555.684809][T16339]  ? find_held_lock+0x2d/0x110
[ 1555.689621][T16339]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1555.696347][T16339]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1555.702119][T16339]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1555.708073][T16339]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1555.713329][T16339]  ? invept_error+0xb0/0xb0
[ 1555.718673][T16339]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1555.723820][T16339]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1555.728989][T16339]  ? lock_sync+0x190/0x190
[ 1555.734212][T16339]  ? kvm_check_nested_events+0xf0/0xf0
[ 1555.739695][T16339]  ? mark_held_locks+0x9f/0xe0
[ 1555.744474][T16339]  ? __local_bh_enable_ip+0xa4/0x130
[ 1555.750120][T16339]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1555.755447][T16339]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1555.760825][T16339]  ? __local_bh_enable_ip+0xa4/0x130
[ 1555.766214][T16339]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1555.772207][T16339]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1555.778033][T16339]  kvm_vcpu_ioctl+0x574/0xea0
[ 1555.782725][T16339]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1555.787604][T16339]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1555.793704][T16339]  ? __fget_files+0x26a/0x480
[ 1555.798408][T16339]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1555.803365][T16339]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1555.809877][T16339]  __x64_sys_ioctl+0x197/0x210
[ 1555.815714][T16339]  do_syscall_64+0x39/0xb0
[ 1555.820151][T16339]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1555.826065][T16339] RIP: 0033:0x7f4a5d88c169
[ 1555.830490][T16339] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1555.850193][T16339] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
22:30:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

[ 1555.858704][T16339] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1555.866857][T16339] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1555.874836][T16339] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1555.882814][T16339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1555.891745][T16339] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1555.900088][T16339]  </TASK>
[ 1555.903206][    C0] vkms_vblank_simulate: vblank timer overrun
22:30:18 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0x0, 0x800, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:18 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 33)

22:30:18 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r1, 0x0)
r2 = dup(r0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:18 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, 0x0)

[ 1556.213465][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1556.221700][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
22:30:18 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r1, 0x0)
r2 = dup(r0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1556.445060][T16383] FAULT_INJECTION: forcing a failure.
[ 1556.445060][T16383] name failslab, interval 1, probability 0, space 0, times 0
[ 1556.487029][T16383] CPU: 1 PID: 16383 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1556.497857][T16383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1556.507948][T16383] Call Trace:
[ 1556.511271][T16383]  <TASK>
[ 1556.514238][T16383]  dump_stack_lvl+0x136/0x150
[ 1556.518971][T16383]  should_fail_ex+0x4a3/0x5b0
[ 1556.523720][T16383]  should_failslab+0x9/0x20
[ 1556.528261][T16383]  kmem_cache_alloc+0x63/0x3b0
[ 1556.533080][T16383]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1556.539026][T16383]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1556.545161][T16383]  mmu_topup_memory_caches+0x1f/0xd0
[ 1556.550492][T16383]  kvm_mmu_load+0xd6/0x2140
[ 1556.555043][T16383]  ? find_held_lock+0x2d/0x110
[ 1556.559863][T16383]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1556.565375][T16383]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1556.571050][T16383]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1556.576996][T16383]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1556.582163][T16383]  ? invept_error+0xb0/0xb0
[ 1556.586713][T16383]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1556.591787][T16383]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1556.596873][T16383]  ? lock_sync+0x190/0x190
[ 1556.601344][T16383]  ? kvm_check_nested_events+0xf0/0xf0
[ 1556.606846][T16383]  ? mark_held_locks+0x9f/0xe0
[ 1556.611660][T16383]  ? __local_bh_enable_ip+0xa4/0x130
[ 1556.616995][T16383]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1556.622234][T16383]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1556.628854][T16383]  ? __local_bh_enable_ip+0xa4/0x130
[ 1556.634187][T16383]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1556.639945][T16383]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1556.645545][T16383]  kvm_vcpu_ioctl+0x574/0xea0
[ 1556.650254][T16383]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1556.655067][T16383]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1556.661196][T16383]  ? __fget_files+0x26a/0x480
[ 1556.665943][T16383]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1556.670934][T16383]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1556.675743][T16383]  __x64_sys_ioctl+0x197/0x210
[ 1556.680554][T16383]  do_syscall_64+0x39/0xb0
[ 1556.685106][T16383]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1556.691045][T16383] RIP: 0033:0x7f4a5d88c169
[ 1556.695503][T16383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1556.715226][T16383] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1556.723792][T16383] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
22:30:18 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

[ 1556.732309][T16383] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1556.740376][T16383] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1556.748525][T16383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1556.756504][T16383] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1556.764762][T16383]  </TASK>
22:30:18 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x0, 0x0, 0x800, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:18 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = syz_io_uring_setup(0x2be, &(0x7f0000000000)={0x0, 0x67ae, 0x400, 0x1, 0x30d}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000001c0))
ioctl$EXT4_IOC_SETFSUUID(r3, 0x4008662c, &(0x7f0000000140)={0x10, 0x0, "49014b7e49a9d079383e0ee95f2bf8d1"})

22:30:19 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r1, 0x0)
r2 = dup(r0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:19 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 34)

22:30:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:19 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, 0x0)

[ 1557.362572][T16410] FAULT_INJECTION: forcing a failure.
[ 1557.362572][T16410] name failslab, interval 1, probability 0, space 0, times 0
[ 1557.375606][T16410] CPU: 0 PID: 16410 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1557.386065][T16410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1557.396155][T16410] Call Trace:
[ 1557.399463][T16410]  <TASK>
[ 1557.402421][T16410]  dump_stack_lvl+0x136/0x150
[ 1557.407150][T16410]  should_fail_ex+0x4a3/0x5b0
22:30:19 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
r3 = syz_io_uring_setup(0x2be, &(0x7f0000000000)={0x0, 0x67ae, 0x400, 0x1, 0x30d}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000001c0))
ioctl$EXT4_IOC_SETFSUUID(r3, 0x4008662c, &(0x7f0000000140)={0x10, 0x0, "49014b7e49a9d079383e0ee95f2bf8d1"})

[ 1557.412140][T16410]  should_failslab+0x9/0x20
[ 1557.416682][T16410]  kmem_cache_alloc+0x63/0x3b0
[ 1557.421509][T16410]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1557.427549][T16410]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1557.433668][T16410]  mmu_topup_memory_caches+0x1f/0xd0
[ 1557.438987][T16410]  kvm_mmu_load+0xd6/0x2140
[ 1557.443517][T16410]  ? find_held_lock+0x2d/0x110
[ 1557.448305][T16410]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1557.453784][T16410]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1557.459430][T16410]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1557.465339][T16410]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1557.470476][T16410]  ? invept_error+0xb0/0xb0
[ 1557.474999][T16410]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1557.480038][T16410]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1557.485090][T16410]  ? lock_sync+0x190/0x190
[ 1557.489530][T16410]  ? kvm_check_nested_events+0xf0/0xf0
[ 1557.494999][T16410]  ? mark_held_locks+0x9f/0xe0
[ 1557.499779][T16410]  ? __local_bh_enable_ip+0xa4/0x130
[ 1557.505771][T16410]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1557.510983][T16410]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1557.516360][T16410]  ? __local_bh_enable_ip+0xa4/0x130
[ 1557.521671][T16410]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1557.527409][T16410]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1557.533108][T16410]  kvm_vcpu_ioctl+0x574/0xea0
[ 1557.538150][T16410]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1557.543021][T16410]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1557.549202][T16410]  ? __fget_files+0x26a/0x480
[ 1557.554012][T16410]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1557.558984][T16410]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1557.563781][T16410]  __x64_sys_ioctl+0x197/0x210
[ 1557.568565][T16410]  do_syscall_64+0x39/0xb0
[ 1557.573004][T16410]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1557.579442][T16410] RIP: 0033:0x7f4a5d88c169
[ 1557.583863][T16410] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1557.604607][T16410] RSP: 002b:00007f4a5c3fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
22:30:19 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

[ 1557.613383][T16410] RAX: ffffffffffffffda RBX: 00007f4a5d9abf80 RCX: 00007f4a5d88c169
[ 1557.621375][T16410] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1557.629436][T16410] RBP: 00007f4a5c3fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1557.637413][T16410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1557.645735][T16410] R13: 00007f4a5dacfb1f R14: 00007f4a5c3fe300 R15: 0000000000022000
[ 1557.653728][T16410]  </TASK>
[ 1557.656866][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1557.689849][T16431] workqueue: Failed to create a rescuer kthread for wq "kvm": -EINTR
22:30:19 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = syz_io_uring_setup(0x2be, &(0x7f0000000000)={0x0, 0x67ae, 0x400, 0x1, 0x30d}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000001c0))
ioctl$EXT4_IOC_SETFSUUID(r3, 0x4008662c, &(0x7f0000000140)={0x10, 0x0, "49014b7e49a9d079383e0ee95f2bf8d1"})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_io_uring_setup(0x2be, &(0x7f0000000000)={0x0, 0x67ae, 0x400, 0x1, 0x30d}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000001c0)) (async)
ioctl$EXT4_IOC_SETFSUUID(r3, 0x4008662c, &(0x7f0000000140)={0x10, 0x0, "49014b7e49a9d079383e0ee95f2bf8d1"}) (async)

22:30:19 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 35)

22:30:19 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, 0x0)

22:30:19 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x0, 0x0, 0x800, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:19 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

[ 1557.703800][T16424] workqueue: Failed to create a rescuer kthread for wq "kvm": -EINTR
[ 1558.046094][T16452] workqueue: Failed to create a rescuer kthread for wq "kvm": -EINTR
[ 1558.204702][T16448] FAULT_INJECTION: forcing a failure.
[ 1558.204702][T16448] name failslab, interval 1, probability 0, space 0, times 0
[ 1558.232517][T16448] CPU: 1 PID: 16448 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1558.246237][T16448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1558.260303][T16448] Call Trace:
[ 1558.263740][T16448]  <TASK>
[ 1558.266834][T16448]  dump_stack_lvl+0x136/0x150
[ 1558.271635][T16448]  should_fail_ex+0x4a3/0x5b0
[ 1558.277040][T16448]  should_failslab+0x9/0x20
[ 1558.281652][T16448]  kmem_cache_alloc+0x63/0x3b0
[ 1558.286615][T16448]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1558.292612][T16448]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1558.298787][T16448]  mmu_topup_memory_caches+0x1f/0xd0
[ 1558.304088][T16448]  kvm_mmu_load+0xd6/0x2140
[ 1558.308607][T16448]  ? find_held_lock+0x2d/0x110
[ 1558.313400][T16448]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1558.318877][T16448]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1558.324523][T16448]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1558.330522][T16448]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1558.335824][T16448]  ? invept_error+0xb0/0xb0
[ 1558.340339][T16448]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1558.345390][T16448]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1558.352083][T16448]  ? lock_sync+0x190/0x190
[ 1558.358389][T16448]  ? kvm_check_nested_events+0xf0/0xf0
[ 1558.364123][T16448]  ? mark_held_locks+0x9f/0xe0
[ 1558.368899][T16448]  ? __local_bh_enable_ip+0xa4/0x130
[ 1558.374203][T16448]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1558.379413][T16448]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1558.384793][T16448]  ? __local_bh_enable_ip+0xa4/0x130
[ 1558.390788][T16448]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1558.396538][T16448]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1558.402101][T16448]  kvm_vcpu_ioctl+0x574/0xea0
[ 1558.406786][T16448]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1558.411571][T16448]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1558.418361][T16448]  ? __fget_files+0x26a/0x480
[ 1558.423064][T16448]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1558.428020][T16448]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1558.432795][T16448]  __x64_sys_ioctl+0x197/0x210
[ 1558.437579][T16448]  do_syscall_64+0x39/0xb0
[ 1558.442105][T16448]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1558.448016][T16448] RIP: 0033:0x7f4a5d88c169
[ 1558.452438][T16448] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1558.474311][T16448] RSP: 002b:00007f4a5c3fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1558.482741][T16448] RAX: ffffffffffffffda RBX: 00007f4a5d9abf80 RCX: 00007f4a5d88c169
[ 1558.490805][T16448] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1558.499307][T16448] RBP: 00007f4a5c3fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1558.507977][T16448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1558.516346][T16448] R13: 00007f4a5dacfb1f R14: 00007f4a5c3fe300 R15: 0000000000022000
[ 1558.524961][T16448]  </TASK>
[ 1558.528355][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1558.537076][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
22:30:20 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
preadv(r1, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_S390_UCAS_UNMAP(r2, 0x4018ae51, &(0x7f0000000040)={0x2, 0x5, 0x2})

22:30:20 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 36)

22:30:20 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x0, 0x0, 0x800, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:20 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:20 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41]})

[ 1558.995732][T16494] FAULT_INJECTION: forcing a failure.
[ 1558.995732][T16494] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.019958][T16494] CPU: 1 PID: 16494 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1559.030526][T16494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1559.040705][T16494] Call Trace:
[ 1559.044101][T16494]  <TASK>
[ 1559.047070][T16494]  dump_stack_lvl+0x136/0x150
[ 1559.051819][T16494]  should_fail_ex+0x4a3/0x5b0
[ 1559.061849][T16494]  should_failslab+0x9/0x20
[ 1559.066570][T16494]  kmem_cache_alloc+0x63/0x3b0
[ 1559.072869][T16494]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1559.080299][T16494]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1559.087053][T16494]  mmu_topup_memory_caches+0x1f/0xd0
[ 1559.092402][T16494]  kvm_mmu_load+0xd6/0x2140
[ 1559.097302][T16494]  ? find_held_lock+0x2d/0x110
[ 1559.102379][T16494]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1559.109127][T16494]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1559.115421][T16494]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1559.122063][T16494]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1559.127916][T16494]  ? invept_error+0xb0/0xb0
[ 1559.133509][T16494]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1559.139083][T16494]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1559.144656][T16494]  ? lock_sync+0x190/0x190
[ 1559.151233][T16494]  ? kvm_check_nested_events+0xf0/0xf0
[ 1559.156789][T16494]  ? mark_held_locks+0x9f/0xe0
[ 1559.161839][T16494]  ? __local_bh_enable_ip+0xa4/0x130
[ 1559.167892][T16494]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1559.173262][T16494]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1559.178758][T16494]  ? __local_bh_enable_ip+0xa4/0x130
[ 1559.184156][T16494]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1559.190064][T16494]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1559.195632][T16494]  kvm_vcpu_ioctl+0x574/0xea0
[ 1559.200327][T16494]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1559.205205][T16494]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1559.211305][T16494]  ? __fget_files+0x26a/0x480
[ 1559.216005][T16494]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1559.220958][T16494]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1559.225732][T16494]  __x64_sys_ioctl+0x197/0x210
[ 1559.230518][T16494]  do_syscall_64+0x39/0xb0
[ 1559.234956][T16494]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1559.240868][T16494] RIP: 0033:0x7f4a5d88c169
[ 1559.245298][T16494] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1559.264913][T16494] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1559.273428][T16494] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1559.281406][T16494] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1559.289390][T16494] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1559.297373][T16494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1559.305437][T16494] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1559.313430][T16494]  </TASK>
22:30:21 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:21 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 37)

22:30:21 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000022c0)={[0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x0, 0x1, 0x0, 0x800, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x1, 0x7, 0x0, 0x4, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000a1a000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000280)="c4e1677cf30fc77a000f0666b808008ee80f0048db0f01d1d9e10f22150f20d835200000000f22d8b8010000000f01c1", 0x30}], 0x1, 0x36, &(0x7f0000001200)=[@cr4, @dstype0={0x6, 0xd}], 0x2)

22:30:21 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0) (async)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
preadv(r1, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
r2 = openat$cgroup_ro(r1, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x0, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_S390_UCAS_UNMAP(r2, 0x4018ae51, &(0x7f0000000040)={0x2, 0x5, 0x2})

22:30:21 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001240)=[0x0]})

22:30:21 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x2, 0x8000, 0x0, 0x1, 0x8, 0xfe, 0x3, 0x0, 0x3, 0x3, 0x2, 0x46a4d053, 0x34b, 0x8, 0x8, 0x6a41]})

22:30:21 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0) (async)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
preadv(r1, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0) (async)
r2 = openat$cgroup_ro(r1, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x0, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4) (async)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_S390_UCAS_UNMAP(r2, 0x4018ae51, &(0x7f0000000040)={0x2, 0x5, 0x2})

[ 1559.935713][T16542] FAULT_INJECTION: forcing a failure.
[ 1559.935713][T16542] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.961353][T16542] CPU: 1 PID: 16542 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1559.971828][T16542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1559.982002][T16542] Call Trace:
[ 1559.985318][T16542]  <TASK>
[ 1559.988261][T16542]  dump_stack_lvl+0x136/0x150
[ 1559.992973][T16542]  should_fail_ex+0x4a3/0x5b0
[ 1559.997678][T16542]  should_failslab+0x9/0x20
[ 1560.002190][T16542]  kmem_cache_alloc+0x63/0x3b0
[ 1560.006977][T16542]  __kvm_mmu_topup_memory_cache+0x19c/0x490
[ 1560.013151][T16542]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1560.019253][T16542]  mmu_topup_memory_caches+0x1f/0xd0
[ 1560.024551][T16542]  kvm_mmu_load+0xd6/0x2140
[ 1560.029066][T16542]  ? find_held_lock+0x2d/0x110
[ 1560.033853][T16542]  ? kvm_hv_setup_tsc_page+0x2a0/0x910
[ 1560.039344][T16542]  ? kvm_mmu_after_set_cpuid+0x430/0x430
[ 1560.044993][T16542]  ? __report_tpr_access.isra.0+0x160/0x160
[ 1560.050997][T16542]  ? vmx_flush_tlb_all+0x154/0x2e0
[ 1560.056128][T16542]  ? invept_error+0xb0/0xb0
[ 1560.060646][T16542]  ? vmx_get_nmi_mask+0x131/0x1c0
[ 1560.065683][T16542]  vcpu_enter_guest+0x3d27/0x5ff0
[ 1560.070729][T16542]  ? lock_sync+0x190/0x190
[ 1560.075158][T16542]  ? kvm_check_nested_events+0xf0/0xf0
[ 1560.080628][T16542]  ? mark_held_locks+0x9f/0xe0
[ 1560.085408][T16542]  ? __local_bh_enable_ip+0xa4/0x130
[ 1560.090705][T16542]  ? lockdep_hardirqs_on+0x7d/0x100
[ 1560.095916][T16542]  ? fpu_swap_kvm_fpstate+0x1aa/0x400
[ 1560.101407][T16542]  ? __local_bh_enable_ip+0xa4/0x130
[ 1560.106709][T16542]  ? kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1560.112439][T16542]  kvm_arch_vcpu_ioctl_run+0xa35/0x2820
[ 1560.118007][T16542]  kvm_vcpu_ioctl+0x574/0xea0
[ 1560.122695][T16542]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1560.127475][T16542]  ? wait_for_completion_io_timeout+0x20/0x20
[ 1560.133577][T16542]  ? __fget_files+0x26a/0x480
[ 1560.138799][T16542]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1560.143753][T16542]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1560.148527][T16542]  __x64_sys_ioctl+0x197/0x210
[ 1560.153404][T16542]  do_syscall_64+0x39/0xb0
[ 1560.157925][T16542]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1560.163841][T16542] RIP: 0033:0x7f4a5d88c169
[ 1560.168269][T16542] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1560.187970][T16542] RSP: 002b:00007f4a5c3dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1560.196391][T16542] RAX: ffffffffffffffda RBX: 00007f4a5d9ac050 RCX: 00007f4a5d88c169
[ 1560.204633][T16542] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1560.212620][T16542] RBP: 00007f4a5c3dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1560.220604][T16542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1560.228576][T16542] R13: 00007f4a5dacfb1f R14: 00007f4a5c3dd300 R15: 0000000000022000
[ 1560.236566][T16542]  </TASK>
22:30:22 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="7beb323fd6c7d64b4af6f322c5225f65ffabef1c09a8954a0917cbd00d0f"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000000c0)="0f22a40f9b2a0f01ca0f008400b00f00df64f8660f5d410066b9a00d000066b8f8ffffff66ba000000000f300f01c4d9f1", 0x31}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000012c0)={[0xffffffff, 0x1, 0x81, 0x3, 0x7fff, 0x20, 0x1000, 0x4, 0x7ff, 0x8, 0x0, 0x9, 0xe55, 0xb0, 0x0, 0x9, 0x8, 0xfffff801, 0x9, 0x3, 0xbfc, 0x7, 0x3, 0x7, 0x1c, 0x7, 0xffff875d, 0x1, 0x5, 0x7, 0x1ff, 0x9, 0x10000, 0x3, 0x1, 0x1000, 0x3ff, 0xfff, 0x6, 0x2, 0xfffff000, 0x28, 0x3, 0x9, 0x4, 0x3, 0x8, 0xe55, 0x1, 0x0, 0x4a17, 0x0, 0x2, 0x7, 0x6, 0x35dac1b9, 0xf7, 0x5, 0x3, 0x80000000, 0x8, 0x65b7, 0x7fffffff, 0x8, 0x8, 0xbb8, 0x7, 0x100, 0x3ce, 0x7, 0x0, 0x2, 0x6, 0xfffffffe, 0x1, 0x8, 0x8, 0x0, 0x1, 0x6d, 0x3, 0x9, 0x0, 0x8, 0x20, 0x5, 0xffae, 0x7, 0xa0b, 0x4, 0x8, 0x4, 0x2b9, 0xd4f7, 0xfffffff9, 0x1, 0xa5, 0x5, 0x0, 0x5, 0x7f, 0xb2, 0x7, 0x3b7, 0x5, 0x7, 0x7, 0x4a, 0x7, 0x9, 0x9, 0x51, 0x80000000, 0xf0ac, 0x9, 0x8, 0xbc, 0x3, 0x5, 0x8000, 0x3f, 0x0, 0x7ff, 0x800, 0x1f, 0x40b7, 0xfffffffb, 0x0, 0x4, 0x3, 0x4, 0x42, 0x0, 0x5, 0x7fffffff, 0x7, 0x3, 0x101, 0xa17, 0x3, 0xff, 0x7f, 0x9, 0x1, 0x2, 0x0, 0x7aff, 0x7fff, 0x9, 0x20000000, 0x0, 0x4, 0x6, 0x2, 0x400, 0x4, 0x2b, 0x40, 0x3e, 0x3c1, 0x1ff, 0x4, 0x4f46, 0x3, 0x80000001, 0x940, 0x6, 0x35b, 0xffff, 0x5, 0xaf, 0x4, 0x5, 0x0, 0x1ff, 0x6, 0x6, 0xfffffff9, 0xb6, 0x5, 0xfffffffc, 0x3, 0x80, 0x2, 0xfb7, 0x1000, 0x401, 0x906, 0x1, 0xffffffff, 0x2, 0x7fffffff, 0x446a, 0x4d59, 0x1, 0x5, 0x401, 0x5, 0x6, 0x83a2, 0x10001, 0x7e, 0x75e, 0x5, 0x7, 0x6, 0x7, 0xfe, 0x3ef, 0x8, 0x3ff, 0x9, 0xffffffe0, 0x3, 0x0, 0x80, 0x3, 0x5, 0xf8b7, 0x2, 0x5, 0x9, 0x8, 0x0, 0x80000000, 0x80, 0x137, 0x4, 0x5db2, 0xe60, 0xf5, 0x2, 0x7fffffff, 0x5, 0x2, 0x7ff, 0x9, 0x81, 0x2, 0x3, 0x6, 0x2, 0x6, 0x0, 0x9, 0xa70, 0x80000000, 0xd2f9, 0x7, 0x7, 0x6, 0x1be9fd01, 0x2, 0x4, 0x6, 0x5d5, 0x3, 0x0, 0x1000, 0x1000, 0x8, 0x40000, 0x80000000, 0x4, 0x7ff, 0x7, 0xfffffffc, 0x7, 0x1cb989c1, 0xfffffeeb, 0x1, 0xff, 0x7fff, 0xffffff29, 0x1, 0x5304d59d, 0x499, 0xd54a, 0x400, 0x400, 0x100, 0x10001, 0x4, 0x1b89, 0x1f, 0x0, 0x4, 0x7, 0x3, 0xffffa4c8, 0x6b489978, 0xfff, 0x9, 0x9, 0xc8560000, 0x9, 0x8, 0x9, 0x80, 0x8, 0x3ff, 0x5, 0x6, 0x80000000, 0x9, 0x9, 0xbe, 0x5, 0x3, 0x200, 0x9, 0x7, 0x4, 0x7ff, 0x6, 0xe66, 0x80000000, 0x2c, 0x3, 0x69, 0x8, 0x2, 0x101, 0x5, 0x1, 0x47e, 0x4, 0x9, 0x7c0, 0x8307, 0x7, 0x80, 0x9, 0x6, 0xffff, 0x81, 0x2, 0x35, 0x9, 0x3, 0xfff, 0x5, 0x80d, 0x5, 0x3, 0x0, 0x1ff, 0x3, 0xbd50, 0x2, 0xface, 0x1000, 0x4, 0x84e9, 0x58, 0xaff8, 0xf370, 0x80000001, 0x80000000, 0xffffff81, 0x3, 0x80000000, 0x8, 0x0, 0x8, 0x10001, 0x6, 0x3ff, 0xcf4a, 0x2, 0x0, 0x1f, 0x7, 0xffffffc1, 0x2, 0x7, 0x672, 0x5, 0x1f, 0x1, 0xf676, 0x99, 0x8, 0x5, 0x5, 0x1a9, 0x6, 0x3ff, 0x5, 0x7fffffff, 0xfffffffa, 0x1f, 0x100000, 0x2, 0x0, 0x3, 0xa9b, 0x9, 0x7, 0x41, 0x3, 0xff, 0x1000, 0xa6a, 0x101, 0x400, 0x9, 0xca00, 0x80, 0x9, 0x8, 0x0, 0x8, 0xac2, 0x3, 0x10000, 0x2, 0x7, 0xffff8000, 0x2, 0x800, 0x1, 0xb74f, 0x1f, 0x0, 0x0, 0x8000, 0x0, 0x130cbdbb, 0x8, 0x4, 0x2, 0x0, 0x1, 0x80, 0xffff, 0xf79e, 0x64f24a6a, 0x1, 0x7fff, 0xa1f, 0xe644, 0x5, 0x401, 0x6, 0x1000, 0x0, 0x8000, 0xfffffffe, 0x6, 0x200, 0x2, 0x20, 0xfffffff9, 0x2, 0x2, 0x2000, 0xae59, 0x6, 0x0, 0x9, 0x2, 0x3, 0x9, 0x4, 0x8000, 0x2, 0x8, 0x7ff, 0x2, 0x7, 0x0, 0x50cf, 0x9, 0x2, 0x7, 0x3, 0x7ff, 0xf6, 0x1, 0x5, 0x7fffffff, 0x81, 0x6, 0x100, 0x7, 0xbf5, 0x8000, 0x2, 0x0, 0x7f, 0x400, 0x400, 0x5, 0x1, 0x1, 0x1, 0x0, 0x2b0, 0x4, 0xd6, 0x6, 0x1f, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x5, 0xffffffff, 0x8b, 0x55b9359e, 0x8, 0x7, 0x1, 0x5f44, 0x2adb, 0x15, 0x3, 0x2, 0xe3, 0x7c02e6c7, 0xad13, 0x1000, 0x3c80, 0xfffffffb, 0x25, 0x5, 0x3a0c, 0x507, 0x8001, 0x5, 0x8, 0x100, 0x9, 0x3, 0x2, 0xf7b6, 0x2, 0x319b, 0x800, 0xfff, 0xffffffff, 0xff, 0x7, 0x0, 0x3, 0x1ff, 0xcc, 0x59, 0x6, 0x7ff, 0x3, 0xdd, 0xff, 0x6, 0x6, 0x1, 0x82c9, 0x7fff, 0x20, 0x200, 0x6, 0x1, 0x525b, 0x80000000, 0x24580000, 0x7, 0x6, 0x6, 0x5, 0x2, 0x4, 0x10001, 0x2, 0x5, 0x4, 0x9, 0xfffffff8, 0x100, 0x10000, 0xfff, 0x7, 0x8, 0xffffffff, 0x0, 0x3f, 0x80000000, 0x1, 0xfd, 0xb76, 0x7, 0x5, 0x8001, 0x7, 0x2, 0x9, 0x7, 0x6, 0x4, 0x9, 0x3092eb9a, 0x1, 0x0, 0x4, 0x4, 0xfffffff8, 0x1, 0x4, 0x1000, 0xfffffff9, 0x1, 0x5, 0xc32, 0x200, 0x1d, 0xa9e, 0x8, 0x68c, 0x101, 0x8, 0x20, 0x70c, 0x7, 0xfffffff7, 0xf83c, 0x7f, 0x9, 0x3, 0x7, 0x8, 0x2, 0xbb, 0xaa2, 0x100, 0x66, 0x6, 0xfffffff7, 0x0, 0x100, 0x1, 0x7, 0x6, 0xfffff001, 0x5, 0x9, 0x20, 0x9, 0x2, 0x0, 0x8000, 0x5, 0x80000000, 0x80000001, 0x1, 0x1ff, 0x3, 0xffff, 0x7, 0x8, 0x5, 0x8, 0x100, 0xb1b, 0xffffffff, 0x4, 0x8, 0x40000000, 0x2, 0xdd0, 0x3ff, 0x401, 0x5648, 0x3, 0x6, 0x34b, 0xfffff1c9, 0x6, 0xffffffff, 0x5ae, 0x0, 0x80000000, 0xff, 0x2, 0x5, 0x7ff, 0xfff, 0x101, 0x0, 0x9, 0x100, 0x3, 0x6, 0x5, 0x1f, 0xffffffff, 0x1, 0x0, 0x7e, 0x7f, 0x3, 0x1, 0x7878, 0xce, 0x7f, 0xfffff75d, 0x7, 0x5, 0x6, 0x400, 0x7, 0x1, 0x6, 0xb6d0, 0x26, 0x8, 0x100, 0x0, 0x5, 0x8, 0x400, 0x20, 0x3, 0x4, 0x416, 0xbeeb, 0x8d, 0xfffff172, 0xffffffff, 0x87d, 0xfffffffc, 0x8, 0x4, 0x7, 0x0, 0x2, 0x1, 0x1, 0x4977, 0x400, 0x5, 0x7fff, 0x1, 0x4, 0x9, 0x7, 0x8, 0x4002, 0x578c, 0x3, 0x9, 0x7, 0x3, 0x5, 0x5, 0x741, 0xfffffff7, 0xd5, 0x0, 0x0, 0x80000000, 0x10001, 0x8, 0x0, 0xcb, 0x0, 0x80, 0x0, 0x80, 0x5, 0x10000, 0x0, 0xffffffff, 0x4, 0x5, 0x8, 0x0, 0xf085, 0x5, 0x0, 0x7, 0x5, 0x8, 0x9, 0x40, 0x10001, 0x1, 0x47e, 0xffffffff, 0x0, 0x7f, 0x1, 0x2, 0x8, 0x1e3, 0x140, 0x9, 0x5, 0x9, 0x7, 0xd3cb, 0xfff, 0x6ac9, 0xbd90, 0x800, 0x200, 0xfffffffa, 0x16, 0x800, 0xffffffff, 0x4, 0x10001, 0x4, 0x5, 0x77, 0x5, 0x53c, 0x5, 0xbee, 0x6, 0x386, 0x2, 0xa7b, 0x0, 0x7, 0x65, 0x6, 0x20, 0x1f, 0x14fd, 0x80000001, 0x1f, 0x0, 0xd84, 0xfff80000, 0xfffffffe, 0xfff, 0x7fff, 0x5, 0x2, 0x80000000, 0x4, 0x3, 0x4, 0x2, 0xc61a, 0x7, 0x3f, 0x4d1a2fcb, 0x10000, 0x3, 0x8001, 0x7c8b6262, 0x5, 0xfffff5f4, 0x40, 0x2c1, 0x1, 0x7, 0x0, 0x2, 0x4, 0x400, 0x3ff, 0x8, 0x3, 0x4, 0x81, 0xfffffffa, 0x7, 0xff, 0x9, 0x1, 0xcf02, 0xfffffffb, 0x401, 0x0, 0x9, 0x2092b6e3, 0xa2, 0x1000, 0x2, 0x8, 0x9, 0x80000000, 0x5, 0x6, 0x7, 0x3, 0x81, 0x81, 0xfffffff7, 0xd1f, 0xfe0c, 0x4, 0xf9000000, 0x8001, 0x3, 0x80, 0x8, 0x7, 0x8, 0x8, 0x2, 0x7, 0x8, 0x3ff, 0x5afe, 0x6, 0x7ff, 0x9, 0x7, 0x9, 0x20, 0x6, 0x47c34afd, 0x2, 0x3, 0x7, 0x4, 0x0, 0x9, 0x3, 0x9, 0x6, 0x7, 0x2, 0x8, 0xff, 0x3f, 0x8, 0x80, 0xffffff7f, 0x80000001, 0x4, 0xffffffff, 0x800, 0x1, 0x8001, 0x1200000, 0x10000, 0x4, 0xed7b, 0x33fc56b3, 0xe7, 0xfffffffa, 0x76d, 0x8, 0x7, 0x1, 0x0, 0x3, 0x9, 0x7, 0x6, 0x7f, 0x4, 0x40, 0xffff, 0x40, 0x1, 0x40, 0x400, 0x8, 0x10000, 0x2, 0xce, 0x10000, 0xfff, 0x9, 0x1, 0x0, 0x8, 0x1000, 0x3, 0x1, 0xff, 0x800, 0x9, 0xffff, 0x2, 0x2b, 0x5, 0x7, 0x5, 0x3, 0x10000, 0x8, 0x0, 0xffffffb7, 0x3, 0x10001, 0x2, 0x1f, 0xe00a, 0x1, 0x7, 0x2, 0x4, 0x1f, 0x7, 0x657c, 0x80000001, 0xff, 0x332b, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]})
preadv(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)

22:30:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000680000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 38)

22:30:22 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000012c0)={"f42dde27fbf9c9583cd4d46315fc64c1f1cb4157d6adfc9d1e2d0802c1a8c9ba81afaa3e747497d61458d0faef60b1c7507d242870c4d7d44d6bb7228e0ae17bbb06b961fe491872292678d643ee95f89d437e28eb5a066e8855a34226f0bbeed17337c7943f78380395d88df5fa134a3a6bb488ca4cb5270c2a78a34c651f2de4f45c2f616514e0f888e416f911518cfc95ec4209fe89178090b33a4a13ba07c7bd3c12e86b16d7e1e272b604fdb9bc2887633c531b801caa6c170cadb697e3321c3339c379debc1c7677471209499d1174af8f47b2a5cc577aa5364e01674d086e4b1342ba1a06297dd998fa7e419e25f9ad57ba04c480ec10d4beebafd70e550408e619d1f6ae90de18e9ab963af5a9bf2086255ed8633801de7ffd87e0d97a7eedf0178bc8b55c9c977dcf3ade49d00cd2c473d03401f287f955a17dc35bc3783b6a92df81dc3ca286eba17d1fb2970507ef9ff9d05fbdd0f576ffb6b3dee0fa5491b828f74c53a4eb578861d7b5a477a025d45ad81f56dc666833d8982ad5ec7cfd78b9e356fe913e0ee5f1c7d99aeca2a8bda22188a405d99885ced52e523fb2506d2d58ff467a279ced8b6c2771fa4a252eec584792902e01b9ac7d83b9c54bfa382f9fd29e220fe42e024a59b0d7d969c46d20bdcfceeec39f544940132e112b9a7f52caed685523234dea6ba630cc91870feb94e98f307314d6faa33aea8fbc4a563b1f330edabf11b190ff7f45d0448d5d05e8a3c19a34fec078149c704a0d00d6bfa68f7a385e350792d1b1867abb2d1fa2ec4bfebfff7fac30011a829a1eb6abd9b2d13ebd2b1512cee6fad0b30a9ff6eb3a24dea3e1a5266e13e0762c02e869520d3391340b726377a4aa21512a3fb5c6157a5ca6acff511b59644fb5159a6b30ed7827d756c9e5a0e9a8fa14edc2508e30c2b5b3cd18c66d83df534ea1f2d5144aaf1ddb1c861ac77372d0689daa739be154eabd4d8da87a3e9aa8c2de65a7245bdd6a1d23fbcdf7b7ee6e4e1547ee56abfd17c65c4a4d2f2e4e0d073acfd84d1945b4e5e8d5f0e045d5ff701b2a2497d25ba1a29f36dd54b129e243b5fc9de7cc775c463471ce92222a9d26e3d7ca73e68c4a1b8875a994c21bb37f94bd6c19225f1a08ac3e485e89884c0091bfa5a3162035b1875f9c559b3ffd9abd764826cb692597b97dc04a56fbc7da55237b2bc6c2a6fda9daed2124eb03b6cddb96a47b183cc84f78e01b17d301fd5161c1cc8b0f12113292523df222971268b6076a22b111d976e7dd9bec65371328e6ce6c2374717c78d38d406361e464a7cc432ccbd348a1554b37790588e643ee9ac335d21ba593dbd239f9a76ec66220c6a2c0ef863f4145af655d1fb53bce96383ec67b3843d351fc94f7cda36b6cc6cf2a44543c3c25ab4e1126ca1bf0b6c4ddf061f11e1e4c6ab6ab1f32"})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001280)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x2, 0x0, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

[ 1560.613214][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1560.621417][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1560.645599][T16567] ------------[ cut here ]------------
[ 1560.651129][T16567] WARNING: CPU: 0 PID: 16567 at arch/x86/kvm/x86.c:11096 kvm_arch_vcpu_ioctl_run+0x2379/0x2820
[ 1560.661626][T16567] Modules linked in:
[ 1560.665656][T16567] CPU: 0 PID: 16567 Comm: syz-executor.2 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1560.676403][T16567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1560.686564][T16567] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x2379/0x2820
[ 1560.693151][T16567] Code: fc ff ff e8 a9 61 71 00 44 89 e6 48 c7 c7 40 8a 42 8a c6 05 2b dd 51 0d 01 e8 23 21 39 00 0f 0b e9 2a fc ff ff e8 87 61 71 00 <0f> 0b e9 26 fb ff ff e8 7b 61 71 00 0f b6 1d 08 dd 51 0d 31 ff 89
[ 1560.713779][T16567] RSP: 0018:ffffc9000de0fcb8 EFLAGS: 00010216
[ 1560.719898][T16567] RAX: 0000000000000785 RBX: 0000000000000001 RCX: ffffc90006481000
[ 1560.728509][T16567] RDX: 0000000000040000 RSI: ffffffff8112e149 RDI: 0000000000000001
[ 1560.736593][T16567] RBP: ffff888079955180 R08: 0000000000000001 R09: 0000000000000000
[ 1560.744663][T16567] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc90002ebf918
[ 1560.752658][T16567] R13: ffffc90002ebf908 R14: 0000000000000000 R15: ffff88807995546c
[ 1560.760754][T16567] FS:  00007f03f2ffc700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 1560.769775][T16567] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1560.776483][T16567] CR2: 0000001b2e727000 CR3: 000000004ce8c000 CR4: 00000000003526f0
[ 1560.784538][T16567] Call Trace:
[ 1560.787866][T16567]  <TASK>
[ 1560.790830][T16567]  kvm_vcpu_ioctl+0x574/0xea0
[ 1560.795637][T16567]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1560.800457][T16567]  ? xfd_validate_state+0x5d/0x180
[ 1560.805667][T16567]  ? __fget_files+0x26a/0x480
[ 1560.810433][T16567]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1560.815475][T16567]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1560.820284][T16567]  __x64_sys_ioctl+0x197/0x210
[ 1560.825186][T16567]  do_syscall_64+0x39/0xb0
[ 1560.829648][T16567]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1560.835652][T16567] RIP: 0033:0x7f03f228c169
[ 1560.840095][T16567] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1560.860161][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1560.866305][T16567] RSP: 002b:00007f03f2ffc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1560.874845][T16567] RAX: ffffffffffffffda RBX: 00007f03f23abf80 RCX: 00007f03f228c169
[ 1560.882864][T16567] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1560.890932][T16567] RBP: 00007f03f22e7ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1560.898999][T16567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1560.907071][T16567] R13: 00007f03f24cfb1f R14: 00007f03f2ffc300 R15: 0000000000022000
[ 1560.915401][T16567]  </TASK>
[ 1560.918455][T16567] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1560.925758][T16567] CPU: 0 PID: 16567 Comm: syz-executor.2 Not tainted 6.4.0-rc3-syzkaller-00017-g9d646009f65d #0
[ 1560.936292][T16567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[ 1560.946360][T16567] Call Trace:
[ 1560.949659][T16567]  <TASK>
[ 1560.952590][T16567]  dump_stack_lvl+0xd9/0x150
[ 1560.957204][T16567]  panic+0x686/0x730
[ 1560.961114][T16567]  ? panic_smp_self_stop+0xa0/0xa0
[ 1560.966241][T16567]  ? show_trace_log_lvl+0x285/0x390
[ 1560.971468][T16567]  ? kvm_arch_vcpu_ioctl_run+0x2379/0x2820
[ 1560.977288][T16567]  check_panic_on_warn+0xb1/0xc0
[ 1560.982338][T16567]  __warn+0xf2/0x390
[ 1560.986425][T16567]  ? kvm_arch_vcpu_ioctl_run+0x2379/0x2820
[ 1560.992242][T16567]  report_bug+0x2da/0x500
[ 1560.996594][T16567]  handle_bug+0x3c/0x70
[ 1561.001796][T16567]  exc_invalid_op+0x18/0x50
[ 1561.006310][T16567]  asm_exc_invalid_op+0x1a/0x20
[ 1561.011265][T16567] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x2379/0x2820
[ 1561.017695][T16567] Code: fc ff ff e8 a9 61 71 00 44 89 e6 48 c7 c7 40 8a 42 8a c6 05 2b dd 51 0d 01 e8 23 21 39 00 0f 0b e9 2a fc ff ff e8 87 61 71 00 <0f> 0b e9 26 fb ff ff e8 7b 61 71 00 0f b6 1d 08 dd 51 0d 31 ff 89
[ 1561.037310][T16567] RSP: 0018:ffffc9000de0fcb8 EFLAGS: 00010216
[ 1561.043391][T16567] RAX: 0000000000000785 RBX: 0000000000000001 RCX: ffffc90006481000
[ 1561.051375][T16567] RDX: 0000000000040000 RSI: ffffffff8112e149 RDI: 0000000000000001
[ 1561.059354][T16567] RBP: ffff888079955180 R08: 0000000000000001 R09: 0000000000000000
[ 1561.067338][T16567] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc90002ebf918
[ 1561.075315][T16567] R13: ffffc90002ebf908 R14: 0000000000000000 R15: ffff88807995546c
[ 1561.083302][T16567]  ? kvm_arch_vcpu_ioctl_run+0x2379/0x2820
[ 1561.089130][T16567]  ? kvm_arch_vcpu_ioctl_run+0x2379/0x2820
[ 1561.094956][T16567]  kvm_vcpu_ioctl+0x574/0xea0
[ 1561.099645][T16567]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1561.104428][T16567]  ? xfd_validate_state+0x5d/0x180
[ 1561.109641][T16567]  ? __fget_files+0x26a/0x480
[ 1561.114613][T16567]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1561.119654][T16567]  ? kvm_vcpu_kick+0x4c0/0x4c0
[ 1561.124437][T16567]  __x64_sys_ioctl+0x197/0x210
[ 1561.129243][T16567]  do_syscall_64+0x39/0xb0
[ 1561.133680][T16567]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1561.139593][T16567] RIP: 0033:0x7f03f228c169
[ 1561.144015][T16567] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1561.163718][T16567] RSP: 002b:00007f03f2ffc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1561.172137][T16567] RAX: ffffffffffffffda RBX: 00007f03f23abf80 RCX: 00007f03f228c169
[ 1561.180116][T16567] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1561.188269][T16567] RBP: 00007f03f22e7ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1561.196341][T16567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1561.204332][T16567] R13: 00007f03f24cfb1f R14: 00007f03f2ffc300 R15: 0000000000022000
[ 1561.213369][T16567]  </TASK>
[ 1561.216659][T16567] Kernel Offset: disabled
[ 1561.221194][T16567] Rebooting in 86400 seconds..