# https://syzkaller.appspot.com/bug?id=48416b0e063ad24428bf04ec2da5b59711dc0eb3
# See https://goo.gl/kgGztJ for information about syzkaller reproducers.
#{Threaded:true Collide:true Repeat:true Procs:8 Sandbox:none Fault:false FaultCall:-1 FaultNth:0 EnableTun:true UseTmpDir:true HandleSegv:true WaitRepeat:true Debug:false Repro:false}
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2000000, 0x32, 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = accept4$unix(0xffffffffffffff9c, 0x0, &(0x7f0000001000-0x4)=0x0, 0x800)
mmap(&(0x7f0000ae1000/0x1000)=nil, 0x1000, 0x3, 0x32, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000ae2000-0x9)="2f6465762f6b766d00", 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
mmap(&(0x7f0000000000/0xaf6000)=nil, 0xaf6000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00005e4000)="2f6465762f6b766d00", 0xc1, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000ae6000-0x20)={0x110207, 0x2, 0x100000, 0x1000, &(0x7f000017a000/0x1000)=nil})
mmap(&(0x7f0000af6000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000af7000-0x10)={0x3, 0x3})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r5, 0x4008ae48, &(0x7f000004d000-0x8)=0x100802)
mmap(&(0x7f0000af6000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000af6000/0x1000)=nil, 0x1000, 0x3, 0x30, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000af6000/0x1000)=nil, 0x1000, 0x7, 0x32, r3, 0x0)
mmap(&(0x7f0000a27000/0x3000)=nil, 0x3000, 0x1, 0x32, r4, 0x0)
mmap(&(0x7f0000af8000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f000055b000/0x3000)=nil, 0x3000, 0x4, 0x60012, r2, 0x0)
unshare(0x80000000)
mmap(&(0x7f0000af9000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f00000ea000)={0x5, 0x4001})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000215000-0x40)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
mmap(&(0x7f0000af9000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000afa000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000610000/0x1000)=nil, 0x1000, 0x4, 0x33, r0, 0x8000000000043)
mmap(&(0x7f0000afb000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000afc000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000058000/0x18000)=nil, &(0x7f0000af3000-0x18)=[@text64={0x40, &(0x7f0000605000-0x5b)="0fc7580066ba210066b80d0066ef440f20c03502000000440f22c0cf0f005700f23e0f22c0c402e1069101000000b9800000c00f3235001000000f3066baa100b04dee48b844430000000000000f23d80f21f835400000200f23f8", 0x5b}], 0x1, 0x1, &(0x7f0000afd000-0x10)=[@cr4={0x1, 0x400}], 0x1)
mmap(&(0x7f0000561000/0x1000)=nil, 0x1000, 0x400000002000008, 0x18010, r2, 0x0)
mmap(&(0x7f0000afd000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000afd000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
nanosleep(&(0x7f0000afd000)={0x77359400, 0x0}, &(0x7f0000afe000-0x10)={0x0, 0x0})
wait4(0x0, &(0x7f0000afe000-0x4)=0x0, 0x100000b, &(0x7f000008e000)={{<r7=>0x0, 0x0}, {0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
nanosleep(&(0x7f00007db000-0x10)={r7, 0x0}, 0x0)
mmap(&(0x7f0000afa000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000afa000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r8 = creat(&(0x7f0000afb000-0x8)="2e2f66696c653000", 0x3)
mmap(&(0x7f0000af9000/0x1000)=nil, 0x1000, 0x3, 0x30, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000af9000/0x1000)=nil, 0x1000, 0x3, 0x32, r0, 0x10000)
ioctl$DRM_IOCTL_MODESET_CTL(r8, 0x40086408, &(0x7f0000afa000-0x8)={0xff, 0x2})
mmap(&(0x7f0000afb000/0x1000)=nil, 0x1000, 0x3, 0x110, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000af7000/0x4000)=nil, 0x4000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00002cd000/0x1000)=nil, 0x1000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000afa000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000254000/0x4000)=nil, 0x4000, 0x1000002, 0x30, r5, 0x0)
mmap(&(0x7f0000afd000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00009db000/0x3000)=nil, 0x3000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f000028f000/0x4000)=nil, 0x4000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f00007b2000/0x18000)=nil, &(0x7f0000afe000)=[@text16={0x10, &(0x7f0000afb000-0x52)="fbbaf80c66b8fea4078266efbafc0cb80030ef66b9800000c00f326635008000000f30ba2100ed66b8010000000f01d9f26dc13700baf80c66b83061af8266efbafc0ced66b9e50a00000f32", 0x4c}], 0x1, 0x0, &(0x7f00009bd000)=[@vmwrite={0x8, 0x0, 0xde7, 0x0, 0x100, 0x0, 0x8, 0x0, 0x1f}, @cr0={0x0, 0x2}], 0x2)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r6, 0xae80, 0x0)