786b15face7dd0ad3b1c36c8fef9a5d624cb30dbdab184d75cefefa6e97365721142b06bfb701ad031e1b0be0c641a7cec70e7e460d0b549718a8378a516d45d3855aa11c96685c35648e303c009807ca331db251d010a5d484bd0d4ae73a545b31110c17bbc5cd7ef658977d9f4f4c4b0d9d76190504b1861c18e30ffbc8d8c0f6580a36003a1657440c8ebb652b67394e192485b7aa1be0301b6b8b2c3fa803342fe1444553ea6cc039564a585519bd2f162029c40892134d7ecce7e403fc38a8bb6dbd226e88e5263582818cff8990766d96a553805ba9795e3556a5f847c314bd4db1bc85067b4ace0d181015cbe535ac9d75c464e4920b50e73b99dc6aa828f6b3499a82536a2cc47ad93c42e0ce803bf20f753d6caf28d426a9c332451af0e834abcaecb802ef281d991405cc5e2c85c3ae16a136fd800ca288faf7d7ca388de491d41cca73079c3ef947b894403c5872a6bcabc203c242c27ceb100c30d880a5500224a1ae29fd08056bb60ba852a836eac3cbdd8259eca273e0959b44a8b4b927f9ecff754ea686b983ee16a0def06a794d48f9334880b29fdfc7c55ac6d66508e0847fbbdd6ac394d4d33d088b39c4315c2584ab2aeff9a71466aa37bd4cca1100811a7ca2f50cc3867e35830152f85311575d9fca2ee406a2764ac7c86a692f2de383f2719f75a1463a45cb80b8a87fded3983fc0f2a0ef3d9dd36c0e1ecba2d535e5070e9572220c9ae4af697b4d0051d38787df62b3ef56129d3d59a7232619f699b87c1cd7a3c97719b37b7c3b14fe88947b14c47c218f5ad06ccf6245dc932139a1da221053124340858c00201f4f222de54b003822ab85f01bf29b055984c77f74c62fd2b216487359e4e63e5168509a70ac246ca03bc3d720d45868eeec71cefc9d64cd68b48864635326fbc6334e84181d8630d827c8c19cfa7f0d00e1aa7e5ec279bcb338e692f8777828351985590379eab5abcf282e6f1a97517ff629a47a03c16c98f661b1b8d53466cf16b20837948604088b5e3e2bdb0b88f88e28aea2ac58ea4a310ab099e1ecf021da49c4b30edc2ba1e1ef3d79fb62fceed3c8405978173df944575a02822e488fab68493286db7d562608d38c6bd738706fdab9aebc62e33fefdfa314abf04c76a6759f1317b2737c9b113a2d71c92df7990504df4922dd8d365b3f06196cd80a4178b345f2c15ea9307deb697b404abaa2a38c59aac6da75648b537057e5ab7b97f076a749edd895e45b6364421891083d21538998c9be81a5072104a598077e8f226e4f0940edc7608c529cf037b8cfe2fdc28cb55b7f7891bb08fef56c26caaca4ad40a085f5a8c445176a791dc92b5aba33830181f02061dbd181185081144bd4acfd67a6354c2e92a6596d8e5b5fbc162757dd1b4087f6a2fe1d1c4685d640885bf7225ef8ca12f764767046f5d0a55a04a11ed171ff751ff7c8b3bf93581457746a4872bf525fef8f184f4d404811c6e4ec27929e03d55b8cd4df632a49c7cc7a83dda16886b53aa76b7e14207a5a2a6710b38c53bab7e0dcbbe61a480bcb3244c4d2e9111b2a0ac74e24e40eae402680c2da64e46a44142d55e4c9419b8e292a6cbb5db6308702c9ad187a0bc47131a9f3c42090a20cfe0fdee17d2d8f91d29c684e14eb4edb7574f067eb759b9fc8c448711993000aa111df9d105608f110e30d8dee7e2bfe81d7fb99fac6aa912b18747072370cf0379ffb51b86e327bf42bdfa76e212ce339fba5da803f6d851ad14a62340eead592f5f98068558fae402f44dd0ef3674fb83ef99d29466680bee61d71df1131b0a4f0dcee987c0e55ff5d7e8cd37d4128a38f1260043f8a82b8d2772bb40bb5b311a8644cb51d56fb1afd78722b9a2a62148768e0675bb871766e26dcc7ec9a9065d388586f35fac31ede76edde2e35a9f45ad71de2091bd40b8bbcdc0fe35672850d4a7c6c74ba168958069d58bb0a7317a1982c1d3ab07647d8e7cf9e9ca50f2a16749d65f1b2391045c0a5379c2bb3472c80a70e75c79595b1e68a2ca122a91b7b8d5d3ff5b613530eb70acfc3c47df60a8d20e8cbf8ab7e698dd46763e2b651f22ee045755d9b07d3616149081c68539ce114e2c1ac53ce7dc3a966efc733053ea13ee1fece90f469da8a50fb6f76282fe6303938388d70cde4a05d86842358b63365c4f4f20b2eff86a26687d576c70f69f9b8c3d7c989825fff7cf3de1cf925a763e1188b5f2fb5391d61013948596b16f3a815d96c2271da94b3b291cc6131a4ae653d9c40cc6d9185d491fe91f4dc44cf4d3fdb54c8c0fd485edea354a1bd0d97b13b1d734975d42f9b614246029d5c98bdb58680fa757f983c5c9066ffeb80fb5666017df0cab588372551e0b6969589bedf4cdda121f84df9f1540c9003139af01a40fad95a83cf9b47cc2c7169a0726cee35dc9415e91cee3a07d8ab4bef5761835922d5eb25ea8a97ebe47ffe0aa9ec09e78f44fb9782f2eb151b77327d5f4172527ef036ccd895b4cb3da8f6a58cb37c9e97553cdbf41e5006108807cdf686412a48707e5ad31e888506fa53502e2c6f851e24a270f9d973780d15c3"}, {0x0, 0x22429aea1a6e66c0, 0x3f, "17189fff28a24f9ea53079186e2c4bd6cc3e53ec7f4937c41a9c674fe8871a02490a5acfcdf4ccbe5b26eade71960542a381d1cadc4c5b95dab2464cd0c59f0647e3b31e12d73cbdd645c1a1893b511553ee67ea12b514b0a07d73e8ab3367bea4ee68cbe8570fd877ec17a67d75d2b5b7b43fee04beb9a26abb180ed77c2e9a48676820f5a30bef4c85963693b2f2ba513abce60ce62604bf359ab341d8f9ae1e7a43780c9112faa0fabcbac4862fa716fbf49c6f9a9e43f7d405a0cf1f1d9f5c48f7d98cd50907e730d6c1f87ab75ee7b93653e58269"}, {0x0, 0x0, 0xfffffffffffffffe, "1b1527b5c27feca8b2fe52c237013fd6f8293495a38a0a8df18604b901f6dcccaaf7d743e2133d0e4ab71290bde8dcdc55b9dde02670e0920e0b0468699bc2fefb248325b781c535e78007ad6f0c3e5a003ec093c1e7d7ec5aad8c45f96c7c0ab2ebca82a023241e5d1246c9c4a3bcff6c8b16ff2a629bec8c7fdf038a749a6fbe055b92278e81d31258089b5ec5331fd692163126f450a5e57e9c7b0f7364aa93f80e3c439a0d6b2bb8606db520833c067500d230c17e38c25ac5d2f5f538bcef9654a4c26ca6ff34b533f09d6960ae0afb3fcf73928feb6bb045f2e9d8105eac907d5b4ee67be519cc539ac0732a305f5b92c9a71603e141b3a65d"}, {0x0, 0x102, 0x9, "b84624078e2936e5bfbb79470b6c89391ba1c294d7e8dd5a22e5bfd502d2209f8a194f888908f6a5161253fe285719b635922d451690a745892685d2fb46915dc40736cfeaff22b86fac4a06c91b0967e1c935b342542635f41239ae506cec024705fc8fcba666b9717991cd130d326de0f0198788e067729cbbd49f6cb3b84fc908cc66a4ed0b4e6141d8c2aa84a4caeba91d3a62418fb5600e3e7aa5600afde44f768fc3ef33805116e67b5ed55a97d875c0b27889250cbb6767ef2487d70eee97c4fa64e300240a492724d9a809b8720d24"}, {0xfffffffffffffe9e, 0x108, 0x401, "97de4b0a7b02112dbac49e90c49d9a943c14f15137fd28a3cfc95bbb9298805035d5976289777847594ffa971e8c37668fe6d8777bbfbbd0013093de35bcbf17fd9b33bb9c7f4e9b6f0d0238e0b372726dbee282ee552958271445735a4bd8b42d23be1cc203060e0a5fa371dfbb26e1c8fbeeb6ad431795b705866cc85f2e7edd89538a7b3406058b2775cb0a62e2e610770cd5f7829384a75c953d2489a557f045aaee3ad09a189d504f78118e7c4dda29305c17d86a0c57a710603dfd46d03c258f20919e420fb19cf4bb0f7d3a3922f2d5d0a9241b09e89ffd5bc9d145e1767ebc"}, {0x0, 0x6, 0x7ff, "0524b23aaada2444d9676e75be7a072c7f6cd0983a451f7d7bb7bf2b8b7be4e12c07098b2ef0eff99e8d3c2e284923bdacd6d8d7225d7cf05d9559f04c97c207985381f753d025e33d4b3c4e87b787b4e0dc28fb8dd8ab30f2ab6d6a9042e831fc8e8b902a1e274cc44184481d60e57131cdc1533ac79cbaa8c3189a3f75d3b6dda25c43269f5e76aa634e514373c23963e5b4804113be3b6d4d7a77c100b3d3ccb7b8f82b161e521ce35fad0d34a10d3502859b905c5d808a892abe6fe83c4ce1be0d25d8d8335061415e2776d44b0cd40dab9f31672c01d78dc5c7545b67061850371defc5d4d4f26845a6af2d6a5fe9273b"}, {0x0, 0x1bf, 0x6, "b360b4e9849d5a41a6be747c427741c931e4b6d0b7973db2b12337bb41578081be0b6d203acaf58a413705eedaa57fb3e9d20e8d450ec48292066eb14ce20ff47a83a21457b486e78e70616f8f18ca89c73d704797afdb605dea"}, {0x0, 0xff, 0x5, "c979df"}, {0x0, 0x117, 0xffffffffffffff33, "0522d8e2fe7f056ee2b2a572c4c45e788d7456d10e54071377f3a6b016d7bd03b348e961fffa9ff2cc8df7bdd2790c6f7d0e55f6bc73ebc952ebb4c7956dee8cf061e6eee8147fa3c1671d7fb187d8b19d6f32c93414010ee2cb429bdc3a5f6ca00198568f72ed9c089955deaa43968f924c331cba9585f5d98ba86af9dbd9"}]}, 0xfffffffffffffffd}], 0x1, 0x0)

07:16:12 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x6}}, 0x14)

07:16:12 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
sendfile(r0, r0, &(0x7f0000000000), 0x7)
r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x200, 0x200000)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, &(0x7f0000000080)={0x7ff, 0x3})

07:16:13 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r1, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r1, 0xae80, 0x0)

07:16:13 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bcsf0\x00', 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x2, 0x0)
ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000100)={0x4, 0x4, 0x3f, 0x9bee, 0x40, 0x4})
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)

[  772.904060] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:13 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000000)='[-(eth0#-proc\x00', 0x1)
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100))
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r2, 0x4008af23, &(0x7f0000000040)={0x2, 0x8})

07:16:13 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r1, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r1, 0xae80, 0x0)

07:16:15 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580))
mount(&(0x7f0000000200)=@nullb='/dev/nullb0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
llistxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000480)=""/222, 0x1848fbac9b87a7fd)
read$FUSE(r0, &(0x7f00000030c0), 0x1000)
r2 = gettid()
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:15 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xf4ffffff00000000}}, 0x14)

07:16:15 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x17, &(0x7f0000000040)=0x4fe8, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)

07:16:15 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r1, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r1, 0xae80, 0x0)

07:16:15 executing program 4:
r0 = socket(0x14, 0x2, 0x200)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:15 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

07:16:16 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
lseek(r0, 0x0, 0x0)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)

07:16:16 executing program 4:
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000000)={0x0, 0x80000, <r0=>0xffffffffffffff9c})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={<r1=>0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000080)={0x0, r1, 0x3bc})
r2 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r3, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  775.826143] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:16 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:16 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x7400000000000000}}, 0x14)

07:16:16 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0x1c3)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0xcb, 0x4)
getpeername(r0, &(0x7f0000000040)=@nfc_llcp, &(0x7f00000000c0)=0x80)

07:16:16 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
r1 = socket$l2tp(0x18, 0x1, 0x1)
r2 = msgget(0x1, 0x1)
msgctl$IPC_INFO(r2, 0x3, &(0x7f0000000080)=""/21)
ioctl$PPPIOCGFLAGS(r1, 0x8004745a, &(0x7f0000004ac0))
write$binfmt_aout(r0, &(0x7f0000000100)={{0x107, 0x14bf, 0x80, 0xd0, 0x297, 0x1ff, 0x3e2, 0x81}, "d50ec2cb5f1ae240f6fc2fba3a594bf14bdce4057f12b65d51086ba011869dadbde4755a8ff357a21d4aac131a18901106534ce7f0864c3dee04a1c7bd16bf392b9def13c7c650cb942fa49c6fde7c23314d40d38afa8c41f596d179f9085ad27827d8aea2ffe4391f180c055a27389b51e0", [[]]}, 0x192)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
r3 = syz_open_dev$vcsn(&(0x7f00000003c0)='/dev/vcs#\x00', 0x1, 0x0)
bind$vsock_dgram(r3, &(0x7f0000000400)={0x28, 0x0, 0xffffffff, @host}, 0x10)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x10000000000002e1, &(0x7f00000002c0)=[{0x0, 0x1, 0x7, "f301267a6867ebb1d1082a6d4e4b80bded838b7c8e87a6056ac6ff518d7e03e9c42760aaedd3ee71bf5a3ae801bccc0cf942473c8992d444f23d307e31b1c58f92e61f16dda5fcccc08e9200681708f89ae38d545b919241e9eadad074cb6b"}, {0x0, 0x111, 0xca39, "704df3232b148ed8b495aef0c04b6588c4f39b6ef37f98d2d865a2aef25987262e51f7b98278cf8950f5a64575542ee6243015077f8d26870e205c4a095bdc509f28a3cc3635aca3b09b118c"}]}}], 0x31e9cd3487dc94, 0x20004bc2)

[  775.976185] *** Guest State ***
[  775.979827] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  775.989604] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  775.999485] CR3 = 0x0000000000000000
[  776.007881] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  776.015596] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  776.022043] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  776.040291] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  776.091602] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  776.149054] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  776.158969] 9pnet: bogus RWRITE count (33554433 > 20)
[  776.166218] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  776.185010] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  776.195103] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  776.207833] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  776.217723] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  776.226449] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  776.234985] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  776.243110] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  776.250170] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  776.258977] Interruptibility = 00000000  ActivityState = 00000000
[  776.266060] *** Host State ***
[  776.269551] RIP = 0xffffffff81212b2e  RSP = 0xffff880140bf7350
[  776.276813] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  776.283762] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  776.291581] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  776.297600] CR0=0000000080050033 CR3=00000001ba677000 CR4=00000000001426e0
[  776.304884] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  776.311625] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  776.318043] *** Control State ***
[  776.321758] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  776.328731] EntryControls=0000d1ff ExitControls=002fefff
[  776.334503] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  776.341462] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  776.341472] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  776.341480]         reason=80000021 qualification=0000000000000000
[  776.341486] IDTVectoring: info=00000000 errcode=00000000
[  776.341492] TSC Offset = 0xfffffe5e6bae39ce
[  776.341497] TPR Threshold = 0x00
[  776.341508] EPT pointer = 0x00000001b93c301e
07:16:19 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x2, 0x10000)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0xa000, 0x0)
ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000140)=r2)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
openat(r1, &(0x7f0000000180)='./file0\x00', 0x0, 0x1d6)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)

07:16:19 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000002700)='/dev/sequencer2\x00', 0x341000, 0x0)
ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
clock_settime(0x6, &(0x7f0000000000))
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_set$uid(0x3, r1, 0x10000)
recvmmsg(r0, &(0x7f0000002f00)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000040)=""/126, 0x7e}, {&(0x7f00000000c0)=""/45, 0x2d}, {&(0x7f0000000100)=""/4096, 0x1000}, {&(0x7f0000001100)=""/166, 0xa6}], 0x4, &(0x7f0000001200)=""/23, 0x17, 0x6}, 0x300000000000000}, {{&(0x7f0000001240)=@ax25, 0x80, &(0x7f00000025c0)=[{&(0x7f00000012c0)=""/83, 0x53}, {&(0x7f0000001340)=""/231, 0xe7}, {&(0x7f0000001440)=""/4096, 0x1000}, {&(0x7f0000002440)=""/134, 0x86}, {&(0x7f0000002500)=""/166, 0xa6}], 0x5, &(0x7f0000002640)=""/177, 0xb1}}, {{0x0, 0x0, &(0x7f0000003040), 0x7, &(0x7f0000002bc0)=""/87, 0x57, 0x100000000000}, 0x8}, {{&(0x7f0000002c40)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80, &(0x7f0000002e00)=[{&(0x7f0000002cc0)=""/181, 0x315}, {&(0x7f0000002d80)=""/104, 0x68}], 0x2, &(0x7f0000002e40)=""/186, 0xba, 0x2}, 0x8}], 0x4, 0x42, &(0x7f0000003000)={0x0, 0x1c9c380})

07:16:19 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xf4ffffff}}, 0x14)

07:16:19 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:19 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580))
mount(&(0x7f0000000200)=@nullb='/dev/nullb0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
llistxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000480)=""/222, 0x1848fbac9b87a7fd)
read$FUSE(r0, &(0x7f00000030c0), 0x1000)
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(0x0, 0x15)

07:16:19 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
dup2(0xffffffffffffffff, r0)

[  779.173521] *** Guest State ***
[  779.177110] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  779.180242] 9pnet: bogus RWRITE count (33554433 > 20)
[  779.191771] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  779.204243] CR3 = 0x0000000000000000
[  779.208012] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:19 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
sendmsg$rds(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/147, 0x93}, {&(0x7f00000000c0)=""/41, 0x29}, {&(0x7f0000000100)=""/52, 0x34}, {&(0x7f0000000140)=""/36, 0x24}], 0x4, &(0x7f0000000240)=[@mask_cswp={0x58, 0x114, 0x9, {{0x9, 0xf425}, &(0x7f00000001c0)=0x2, &(0x7f0000000200)=0x2be6, 0x5, 0x88dc, 0x20, 0x10000, 0x8, 0x4}}], 0x58, 0x800}, 0x4000044)

07:16:19 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x765, 0x20200)
bind$llc(r1, &(0x7f0000000100)={0x1a, 0x10e, 0x1, 0xd550, 0x1, 0x0, @random="db9a2df0ee81"}, 0x10)
sendmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000180)="b1e67b619c4cb99159809bd8e5e4bbc026eba87fe08f163949189553ad6c6185d77c1e96af99c0323fc7c30a33e536ee4b329ba1fa6fed69f590ce590a578e860057773e064e1173d2e093b2d3c2ab310755ea77a1ff79868e7a40eeddbd949a2af15e2b058e3857c270c65a836a8d66af98cecaceb9eb96af8802db54b4a18b1362a3ca274ddb426112c299afeb9167654f", 0x92}, {&(0x7f0000000240)="7daf8a79213129c11c67d360af22d4aebad61dfb4003bbefb10907cbdda217a8672d0ac676cfe7d0219658cc8848257662dbe3b4091a99af0fcda19d405e93706998b326ae1e29517bcd7bfb7c56", 0x4e}, {&(0x7f00000002c0)="47a07ea569c31eadcc3a5130fb5112bda1fbd725bec13b429c63ce3fff163756e8231a693dc8cab418e5357e1cb00d3ffc55a3e558c21f4ef5ee72d441cbc870a9a99c618d7ddeb5db6fbd0829d1ef23959343bd2fe39bd0d2096443e9e493b13ad5eff26dfbd8ae04d23aa3dd04bf6c09a2fbe4ff27a2feb9f23d1757fd6ba9fb", 0x81}, {&(0x7f0000000380)="2d200e6dfe3f3fc7999e19bfa7276b2aa4c757529db3fcf66b051de6cd59cc0ee485afcf7c6b52aa80c60585c82c8f6ab42d4514d13933e45b3fb4a9808fb87b3f6c0bfc52570b114c492253ac3eb9e77622c898731e4a", 0x57}], 0x4, &(0x7f0000000440)}, 0x2}], 0x1, 0x20004bc0)

[  779.222935] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  779.246677] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  779.259037] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  779.282685] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:19 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x10000000}}, 0x14)

07:16:19 executing program 4:
syz_open_dev$admmidi(&(0x7f0000000200)='/dev/admmidi#\x00', 0xad, 0x0)
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(r1, 0x0, 0x0)
r2 = dup(r0)
read$eventfd(r2, &(0x7f00000001c0), 0x8)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x44302, 0x0)
write$P9_RREADLINK(r3, &(0x7f0000000040)={0xffffffe1, 0x17, 0x2, {0x7, './file0'}}, 0x10)
ioprio_set$uid(0x3, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6, @in6}}, {{@in6=@remote}, 0x0, @in=@remote}}, &(0x7f0000000180)=0xe8)

07:16:19 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x800, 0x100)
write$P9_RREAD(r1, &(0x7f0000000100)={0x55, 0x75, 0x2, {0x4a, "cca7ae0450e0bdf13b024ca12006f8151bc70f53e8964c5d22f65574dcb0c98a5bce8a0a89ed54b8bd956f59095ce0d1759540b5b9b505795179fd632296bce50b5dbedfdee597378c81"}}, 0x55)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)

[  779.303356] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  779.313587] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  779.327007] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  779.335553] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  779.344368] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  779.387382] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  779.426075] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  779.443912] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  779.468319] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  779.479526] 9pnet: bogus RWRITE count (33554433 > 20)
[  779.484874] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
07:16:19 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
r1 = add_key(&(0x7f00000002c0)='asymmetric\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)="a72eff6734ef71e12913d553c61e40689de6faffa53268a946a18efc279defb73a15f51cb4cd36aba4f22b26391ae660a3c0d552358289e3a242adaba5a4bb6c0eaf4f8c0ef4befc757647cf162ddfde69d1aa22c59a23aa80a7cc3f7383a2cb468ac917c3e8", 0x66, 0xffffffffffffffff)
add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, r1)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)
r2 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x800, 0x28840)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000100)={<r3=>0x0, 0x1}, &(0x7f0000000140)=0x8)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f00000003c0))
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000180)={r3, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}}, 0x7f, 0x10000, 0x6, 0x4, 0x10}, 0x98)

[  779.484887] Interruptibility = 00000000  ActivityState = 00000000
[  779.484891] *** Host State ***
[  779.484904] RIP = 0xffffffff81212b2e  RSP = 0xffff880140ef7350
[  779.484926] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  779.484939] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  779.484960] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
07:16:19 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x3000000}}, 0x14)

[  779.542498] CR0=0000000080050033 CR3=00000001c7e65000 CR4=00000000001426f0
[  779.550344] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  779.575850] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  779.582307] *** Control State ***
[  779.586543] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
07:16:19 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)
r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x9, 0x80002)
ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000000100))

[  779.594099] EntryControls=0000d1ff ExitControls=002fefff
[  779.599930] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  779.618406] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  779.632418] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
07:16:19 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
r1 = openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x20000, 0x0)
getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000240), &(0x7f0000000600)=0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0xfffffffffffffde7)
getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/net/pfkey\x00', 0x800, 0x0)
ioctl$EVIOCGSW(r2, 0x8040451b, &(0x7f0000000540)=""/44)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)="a41e12d0a77e96a52ccf7c2b17afe13fb557963f9de1109020a0cfa8f21eb9f47f0c4bbf86a9e384f0e51bc7a63a7e79673719778a", 0x35}, {&(0x7f0000000100)="43e20857107f8216995346994b2a09fc1a231e02d25aa19c6a5d95da603592502db404bc6fd81918d05b5c447b0528a4c5855289fd47aef8e4dc5306fbf78a73bb92ebb04fd3dba89fb038bdb528ec80c5c2c6875fe609f3afe0c55ac4a55424d06504bff2a93927d2c6f9ae968ace74177ac0b68505a994b0a75a75b80e30a263ce1393112f7db404748d8d45a3ae517602b5d43ab5f1e21b1baf5d36e4122ce07ecbcd64c7aa4d40a0464ac7e5c3932a9382f93e7108812119c42684e3059d117211ed62f4d74b859e0d7751a0bcc7472a425043", 0xffffffffffffff7c}, {&(0x7f0000000580)="e56da96e9e3289209381883ac18609ea9c95290cd5dd96c94625192021ef81db8a3cf1571d4489c169881da748887ee8581212a6e77efe9a33a12b413002667145ce2bf3278d14f094b2", 0x4a}, {&(0x7f0000000280)="231d8a37d14c7218b6b2551a17", 0xd}, {&(0x7f00000002c0)="6873263cede34d35c2deb6c2218291b62d57b8f14df97da69174d4def8e3c40bfa428b28e2aac513b44ba49aaaae53cf2e428203da717e80c2288863875013ad7b0fe056d22d2d9d086bf888eccd87d5c56e477baaa7ffa820b87643f1cb3a3000e7b8c9f990425a7c4e5343a229eeee201594a3f06ee4e0bfc8b56e8e2a71722034b9fd902c553e85e13809726298261e507152cb3c8ac0a78e8644ddb1847005bf1ed64eb6d05f530240ab2f885e1435eedce556727666d08ad2a8970d97e07a10cd31c040b09a5053ca9fab37d36def8fca", 0xd3}, {&(0x7f00000003c0)="265869753de11be8c5dd740724dfb49ca30fc72fdc7f62ef98", 0x19}], 0x1000000000000115, &(0x7f0000004bc0)}}], 0x1, 0x20004bc0)

[  779.650740]         reason=80000021 qualification=0000000000000000
[  779.683516] IDTVectoring: info=00000000 errcode=00000000
[  779.705072] TSC Offset = 0xfffffe5cb7c39a95
[  779.716811] TPR Threshold = 0x00
[  779.720721] EPT pointer = 0x00000001bb10301e
[  779.742365] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:19 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  779.830930] *** Guest State ***
[  779.835281] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  779.844904] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  779.854484] CR3 = 0x0000000000000000
[  779.858386] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  779.865140] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  779.871348] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  779.879343] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  779.887701] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  779.896044] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  779.905324] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  779.914402] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  779.923237] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  779.931293] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  779.939700] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  779.948014] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  779.956246] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  779.964504] EFER =     0x0000000000000000  PAT = 0x0007040600070406
07:16:20 executing program 3:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x2, 0x0)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000200)={0x1, 0xc, 0x5, 0x1c44, "64dbfb730ea479436004c313051809f794b4a85a78fd6b517465725f8ac8506d"})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x2)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffff9c, 0x4c82)
ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000240)={[{0x80, 0x401, 0x7f, 0x9, 0x101, 0x7, 0x401, 0x0, 0x63, 0xff, 0xf86d, 0x8, 0x2}, {0x1000, 0x3, 0x6, 0x2, 0x7, 0xffffffffffff1118, 0x401, 0x7ff, 0x7f, 0xff, 0x20, 0x0, 0x7f}, {0x14000000000000, 0x4, 0x65f, 0x200, 0x7, 0x668, 0x0, 0xffffffffffffff80, 0x4, 0x4e86, 0x80, 0x6, 0xe9f7}], 0x6})
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
r4 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$read(0xb, r4, &(0x7f0000000340)=""/231, 0xe7)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x44000, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000000)=0x1, 0x4)
r5 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x8, 0x131180)
ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x541b, &(0x7f0000000100))
connect$inet(r1, &(0x7f00000000c0)={0x2, 0x4e21, @local}, 0x10)
sendmmsg(r1, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)

07:16:20 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x5000000}}, 0x14)

07:16:20 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580))
mount(&(0x7f0000000200)=@nullb='/dev/nullb0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
llistxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000480)=""/222, 0x1848fbac9b87a7fd)
read$FUSE(r0, &(0x7f00000030c0), 0x1000)
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(0x0, 0x15)

07:16:20 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

[  779.982376] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  779.990620] Interruptibility = 00000000  ActivityState = 00000000
[  779.997675] *** Host State ***
[  780.003831] RIP = 0xffffffff81212b2e  RSP = 0xffff88013dfc7350
[  780.019620] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
07:16:20 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

[  780.039275] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  780.053197] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  780.068220] 9pnet: bogus RWRITE count (33554433 > 20)
[  780.074020] CR0=0000000080050033 CR3=00000001c7e65000 CR4=00000000001426e0
[  780.082136] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  780.089346] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  780.095810] *** Control State ***
[  780.099662] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  780.109465] EntryControls=0000d1ff ExitControls=002fefff
[  780.138880] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  780.153788] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  780.163452] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  780.188866]         reason=80000021 qualification=0000000000000000
[  780.206417] IDTVectoring: info=00000000 errcode=00000000
[  780.212590] TSC Offset = 0xfffffe5c5b359f2e
[  780.217298] TPR Threshold = 0x00
[  780.220893] EPT pointer = 0x00000001d483001e
07:16:20 executing program 4:
r0 = socket(0xe, 0x805, 0x7e)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000000)=0xfffffffffffffdee)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000080)=ANY=[@ANYBLOB="030439f2", @ANYRES32=<r2=>0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f00000000c0)=0x10)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0xffffffffffffffff, 0x200, 0xfffffffffffffffc, 0x5d1f, r2}, &(0x7f0000000140)=0x10)
setresuid(r1, 0x0, 0x0)
io_setup(0x3b, &(0x7f0000000180))
io_setup(0x801000, &(0x7f0000000200))
ioprio_set$uid(0x3, r1, 0x0)

07:16:20 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

07:16:20 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x7400}}, 0x14)

07:16:20 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x15, &(0x7f0000000000)=0x1, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)
r1 = dup(r0)
ioctl$DRM_IOCTL_CONTROL(r1, 0x40086414, &(0x7f0000000080)={0x2, 0xdd})

07:16:20 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:20 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
exit(0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

07:16:20 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1000000000022, &(0x7f0000000040)=0x1, 0x1f1)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x80, 0x4)
r1 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x8, 0x4000)
ioctl$KVM_SET_FPU(r1, 0x41a0ae8d, &(0x7f0000000100)={[], 0x7, 0x6, 0x20, 0x0, 0x10000, 0x6000, 0x0, [], 0x1f})
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
sendmmsg(r0, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004b40), 0x36a, &(0x7f0000004bc0)}}], 0x31e9cd3487dc94, 0x20004bc0)

[  780.436847] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:20 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:20 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xf0ffffffffffffff}}, 0x14)

[  780.663642] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:21 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580))
mount(&(0x7f0000000200)=@nullb='/dev/nullb0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
llistxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000480)=""/222, 0x1848fbac9b87a7fd)
read$FUSE(r0, &(0x7f00000030c0), 0x1000)
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(0x0, 0x15)

07:16:21 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={<r1=>0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r3 = syz_open_procfs(r1, &(0x7f0000000000)='net/icmp6\x00')
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x13f, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x4, @mcast1, 0x4}, {0xa, 0x4e24, 0x1, @ipv4={[], [], @multicast1}, 0x31c2}, r4, 0x81}}, 0x48)

07:16:21 executing program 3:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000900)='/dev/full\x00', 0x705000, 0x0)
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000940)={0x3})
io_setup(0x6, &(0x7f0000000040)=<r1=>0x0)
r2 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x41, 0x40000)
r3 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x4000000000, 0x20000)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r5 = socket$pppoe(0x18, 0x1, 0x0)
r6 = openat$cgroup(0xffffffffffffffff, &(0x7f00000004c0)='syz0\x00', 0x200002, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000700)='cpuset.effective_mems\x00', 0x0, 0x0)
io_submit(r1, 0x5, &(0x7f0000000780)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x7, r2, &(0x7f0000000280)="e0373b262c7540e50ab8e8ac1db34f6b46096a82c459af53b89cde0809faaf632b72c32c0bc951f05657a1787c835d594a1f8369603cfb5c62a31ea9c470bd863aa0ad6c2210847569127e74d677f046f523eaf8ee0f24459904c94cbb48de48980083da9bc3bb1f5cac58886f49b718a7599d47960071be153cbc8f8a39a3d5242c67093e65fab674319ae4c0509bab5233cc8151246328940aa50bfb1efbc3423fb5e2898881cbaf51d31a9713b4dea627ec425c68d7d7e6559539", 0xbc, 0x2, 0x0, 0x0, r3}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2, 0x7f, r4, &(0x7f0000000340)="78dc4ae75b326b200ebf730b6d8344364338773e6338d3d36dd8837fa0b6306913a696fb377da1813cd7e13b7cd77ea2898dbcf6f236059b26ebd465854385bb20400345367671317b55d2b1fcd8e9513cc26a1de8cf83ca854346c018005b47b2970f261c315db03350f1443e8c244b4064c9690b953c4d3fad3b640f8ef60b118eb68794dbb46444302b0f79756fdffa27f75e0a54c908175366b57442c01da82b8e241c6e593577e7c8", 0xab, 0x8, 0x0, 0x0, 0xffffffffffffff9c}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x7, 0x5, r5, &(0x7f0000000440)="d376f69ae09bd5d3f9a76a234e163dc8690787d36faa3bbdd306d9897ba22bed7a840fcf264dd9b3ebfb1eaba8", 0x2d, 0xeac, 0x0, 0x0, 0xffffffffffffff9c}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f0000000500)="a620aff7ff7994634d97df6af7c939cc8f6d765c35f92f7752371290f37c5424d62a87d9179934c71bb85b0697cb29215b76ea4402c4492df82bd0f3704356d59b1a150f3da24da415eb1fda25d154527349a0754b36360bab03e7e32bedd166fe398e3332e575ed3ee86f761eba7e712e032911e61d5b008256aa30ffbebfe2aea7f097c081443fe0d6075d36d8ca65c6379b9f74e268ae14289abdc6f2709e23c1c7d45295daf494d62454", 0xac, 0x8000, 0x0, 0x1, 0xffffffffffffff9c}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x8, 0x450d, r7, &(0x7f0000000600)="1eb06fbc63897ffa6ec538b3be9f7bc8488253d377979fb85fba78b427e5f453b4e3f151f6d520da0780f1eadafc68b343666ed83ae9ae8344a06dbbc29f1a358293dd800f925cf7f4ca8f122e720a748322c75fa010b3e403b007a3a804018b4f78d42567347fc1b78a839ef9e443f03f6352c5949ca73c442bc20ad9eac4140853fa752d014d7764fd6a700e6db2d45e2b47a8158a96abc0dfd8840a0a7884876683e21d3b79a5d0896ab086f62916c9aaf2f53920fabcc020031c22f7276e2b10b543437a02eeab36cd37f375bb35a9b85a0fc21ca188a2b98744653334586e", 0xe1, 0x9, 0x0, 0x1, r8}])
io_setup(0x200, &(0x7f0000000140)=<r9=>0x0)
mount$9p_tcp(&(0x7f00000007c0)='127.0.0.1\x00', &(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='9p\x00', 0x4, &(0x7f0000000880)={'trans=tcp,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@uname={'uname', 0x3d, 'syz0\x00'}}, {@msize={'msize', 0x3d, 0x80000}}], [{@seclabel='seclabel'}]}})
r10 = socket(0x2, 0x803, 0xff)
connect$inet(r10, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10)
shutdown(r10, 0x1)
io_submit(r9, 0x1, &(0x7f0000000000)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, r10, &(0x7f0000000240)="cf5e9960dcde87e7aa066f8dada2b83aec8bbfbc", 0x14}])

07:16:21 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:21 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x8500000000000000}}, 0x14)

07:16:21 executing program 5:
socket$l2tp(0x18, 0x1, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:21 executing program 4:
r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x4, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000000180)={@mcast2, <r1=>0x0}, &(0x7f00000001c0)=0x14)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={@dev={0xfe, 0x80, [], 0xf}, @mcast2, @mcast2, 0x7, 0x1, 0xfffffffffffff1da, 0x500, 0x10001, 0x0, r1})
r2 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0x1c3)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@loopback, 0x27, r1})
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x70182)
openat$cgroup_ro(r4, &(0x7f0000000280)="6d656d6f72792e6576656e747300e160ce14", 0x0, 0x0)
setresuid(r3, 0x0, 0x0)

[  781.150621] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:21 executing program 3:
shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil)
shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x40180, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000140)={<r1=>0x0, @in={{0x2, 0x4e21, @multicast1}}, [0xffffffffffff8001, 0x4, 0x92, 0x956a, 0x4, 0x7fff, 0x40, 0x4, 0x6, 0x5, 0x800, 0x9, 0x9, 0xffffffffffffff7f, 0x6]}, &(0x7f0000000240)=0x100)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={r1, 0xffffffffffffefd7}, &(0x7f00000002c0)=0x8)
clone(0x0, &(0x7f0000000000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000000000))
socket$inet6(0xa, 0x0, 0x0)
unshare(0xc010d00)
remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x49)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000080)={0x6, {0x2, 0x4e22, @rand_addr=0x970e}, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x210, 0x7fffffff, 0x1, 0x200, 0x3, &(0x7f0000000040)='bridge_slave_0\x00', 0x9, 0x1, 0x11dc00})

[  781.228994] *** Guest State ***
[  781.247045] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  781.259915] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  781.281705] CR3 = 0x0000000000000000
[  781.287344] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  781.293842] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  781.308281] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  781.315857] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
07:16:21 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
exit(0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

07:16:21 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x6000000}}, 0x14)

07:16:21 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000000)={<r2=>0x0, 0xaa, "777a9a9600c2c7c7c7345bf34f0b3d007458f35c5114e107503d16b40d39ff15144e5b142e531f858972e0ac973352d20c2faad12ffbac22720fa79823e0a0210707ef484feb97f0a0c88d4ffc4024adb6a3d4a78959899bf1bf2cb6c0f7bc5c6c1f30434b1a1c0c5efd0351f3452b99d24d13259619d64489e979e4730709f3d48107aa7be010852a54ad03fd6662be904e27aef06249557148a78c88659ed0210dda45adc6febfcc45"}, &(0x7f00000000c0)=0xb2)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000180)={r2, 0x4c, &(0x7f0000000100)=[@in6={0xa, 0x4e20, 0x3, @loopback, 0x2}, @in={0x2, 0x4e20, @remote}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e21, @multicast2}]}, &(0x7f00000001c0)=0x10)

[  781.324860] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  781.349222] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  781.418712] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  781.444353] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  781.478895] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  781.487850] 9pnet: bogus RWRITE count (33554433 > 20)
[  781.505107] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
07:16:21 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x140, 0x92)
ioctl$NBD_CLEAR_QUE(r2, 0xab05)
ioprio_set$uid(0x3, 0x0, 0x0)

[  781.522290] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  781.532843] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  781.543479] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  781.551496] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  781.562103] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  781.584465] Interruptibility = 00000000  ActivityState = 00000000
[  781.608633] *** Host State ***
[  781.619024] RIP = 0xffffffff81212b2e  RSP = 0xffff880119817350
[  781.628718] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  781.638128] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  781.652051] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  781.661934] CR0=0000000080050033 CR3=00000001d7a65000 CR4=00000000001426f0
[  781.669813] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  781.677225] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  781.690951] *** Control State ***
[  781.694947] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  781.701886] EntryControls=0000d1ff ExitControls=002fefff
[  781.718347] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  781.727340] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  781.734363] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  781.741204]         reason=80000021 qualification=0000000000000000
[  781.747931] IDTVectoring: info=00000000 errcode=00000000
[  781.753827] TSC Offset = 0xfffffe5b9c6fbf60
[  781.758326] TPR Threshold = 0x00
[  781.761757] EPT pointer = 0x00000001c934201e
07:16:22 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0x0, <r1=>0x0})
r2 = request_key(&(0x7f00000002c0)='big_key\x00', &(0x7f0000000380)={'syz', 0x0}, &(0x7f0000000640)="3050d65300", 0x0)
keyctl$describe(0x6, r2, &(0x7f0000000680)=""/70, 0x46)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000240)={0x1, &(0x7f0000000180)=[{0x1, 0x5, 0x3, 0x1}]}, 0x10)
write$cgroup_int(r1, &(0x7f0000000980), 0xffffff4d)
ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000340))
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000940))
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000280)={<r3=>0x0, 0x400, 0x80}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000480)={r3, 0xa8, &(0x7f00000003c0)=[@in6={0xa, 0x4e24, 0x200, @mcast1, 0x2}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1e}}, @in={0x2, 0x4e21, @local}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e23}, @in={0x2, 0x4e20}, @in6={0xa, 0x4e20, 0x59b, @mcast1}, @in={0x2, 0x4e22, @broadcast}, @in={0x2, 0x4e22, @multicast2}]}, &(0x7f00000004c0)=0x10)
close(r1)
recvmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00)

07:16:22 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x68000000}}, 0x14)

07:16:22 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
r1 = dup2(r0, 0xffffffffffffff9c)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f00000000c0)=0x1)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0, <r3=>0x0}, &(0x7f0000cab000)=0x1c3)
ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000100)={'team0\x00', {0x2, 0x4e23, @remote}})
setresuid(r2, 0x0, 0x0)
socket$bt_hidp(0x1f, 0x3, 0x6)
ioprio_set$uid(0x3, 0x0, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000040)={{}, {0x1, 0x4}, [{0x2, 0x2, r2}, {0x2, 0x1, r2}, {0x2, 0x6, r2}, {0x2, 0x6, r2}, {0x2, 0x1, r2}, {0x2, 0x2, r2}, {0x2, 0x4, r2}, {0x2, 0x6, r2}, {0x2, 0x7, r2}], {0x4, 0x6}, [{0x8, 0x1, r3}], {0x10, 0x4}, {0x20, 0x7}}, 0x74, 0x2)

07:16:22 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580))
mount(&(0x7f0000000200)=@nullb='/dev/nullb0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
llistxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000480)=""/222, 0x1848fbac9b87a7fd)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:22 executing program 5:
socket$l2tp(0x18, 0x1, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:22 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
exit(0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

07:16:22 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0xfffffffffffffffc)
ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000000))

[  782.345884] 9pnet: bogus RWRITE count (33554433 > 20)
[  782.346950] *** Guest State ***
[  782.366644] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  782.395385] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  782.419379] CR3 = 0x0000000000000000
[  782.423585] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  782.429985] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  782.437329] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
07:16:22 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x4800}}, 0x14)

[  782.445074] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  782.455134] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  782.463599] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  782.478029] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  782.486501] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:22 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000000)={'HL\x00'}, &(0x7f0000000040)=0x1e)
connect$vsock_dgram(r0, &(0x7f0000000080)={0x28, 0x0, 0x2711, @hyper}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
fgetxattr(r0, &(0x7f0000000100)=@random={'security.', '!trusted(trustedem0GPL\x00'}, &(0x7f0000000140)=""/129, 0x81)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f00000000c0)=0x5, 0x4)

[  782.516658] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  782.533015] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  782.552625] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  782.572892] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  782.627584] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  782.649952] 9pnet: bogus RWRITE count (33554433 > 20)
[  782.670128] EFER =     0x0000000000000000  PAT = 0x0007040600070406
07:16:22 executing program 4:
r0 = socket(0x10, 0x2, 0x4)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
getpeername$unix(r0, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e)
setresuid(r1, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nullb0\x00', 0x40000, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r2 = shmget$private(0x0, 0x3000, 0x78000000, &(0x7f0000ffd000/0x3000)=nil)
shmctl$SHM_STAT(r2, 0xd, &(0x7f0000000000)=""/133)

07:16:22 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x48}}, 0x14)

[  782.685011] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  782.707317] Interruptibility = 00000000  ActivityState = 00000000
[  782.715863] *** Host State ***
[  782.719579] RIP = 0xffffffff81212b2e  RSP = 0xffff880119a57350
[  782.726869] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  782.746459] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  782.784106] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  782.806990] CR0=0000000080050033 CR3=00000001bad95000 CR4=00000000001426e0
[  782.834207] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
07:16:23 executing program 4:
r0 = socket(0x1, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  782.861694] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  782.879408] 9pnet: bogus RWRITE count (33554433 > 20)
[  782.887833] *** Control State ***
[  782.899096] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  782.919681] EntryControls=0000d1ff ExitControls=002fefff
[  782.937901] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  782.972378] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  782.983304] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  782.990304]         reason=80000021 qualification=0000000000000000
[  782.997412] IDTVectoring: info=00000000 errcode=00000000
[  783.005251] TSC Offset = 0xfffffe5b02572400
[  783.024531] TPR Threshold = 0x00
[  783.058890] EPT pointer = 0x00000001c8b7a01e
07:16:23 executing program 3:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x4800}}, 0x14)

07:16:23 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x1400000000000000}}, 0x14)

07:16:23 executing program 5:
socket$l2tp(0x18, 0x1, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  783.288326] *** Guest State ***
[  783.292126] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  783.301815] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  783.315671] CR3 = 0x0000000000000000
[  783.317089] 9pnet: bogus RWRITE count (33554433 > 20)
[  783.319631] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:23 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580))
mount(&(0x7f0000000200)=@nullb='/dev/nullb0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:23 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={<r1=>0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x7fff, 0x7, &(0x7f0000000500)=[{&(0x7f0000000080)="1b5b75b1ec672edc31c56e7c85b08a4ae247943a6c9d3d6e4b0ffa23f150d3421055c3c0440f37ae1567b6f12086831bdd0fc27fae2a7619eae0638407d206604a2f6e7b4d41ab9ddc0560fa716187205f1aec80c780490405698ab13322975d3accdc292edfedf9c514861e968031843981e2ec12b5639ee53a5be873", 0x7d, 0x101}, {&(0x7f0000000100)="125775e0abd5ca4cecd8e03cfafae9cbf0c3c8a35ad71327c99db11d49624573a74d9863c8c2f29a3d7211336296240229ace2313d6c8e0e5f7b3b5ab382ab487d26696d7214199430ff408576e7d6eebb0746d2b8b63cb6ca40e6f439d1b72fc61d990418d6cba7acf5f8be682e6e4e5229ca68f688416f72", 0x79}, {&(0x7f0000000180)="194ad2959ddd16d2e587353213443017fde3faa90160cd4127ee0cb98698e99909266e76ae1be89929158b662d57ab51ee8fe34586757417c6418c6f29b289c284249719248262c4c1ab15045f7a3c0a422dc03e6f0526bd407ec2555bf0eae8b833680f8497fa8db908acf307f88c5beeaa35d72488775db03c4a52cd4ed3dd77951107f8d97d8ba668b0b47224c8da7cd30ba9534c91a554d55abb0536925333ceadda2f777b1e33575d46f92246d4f821187c", 0xb4, 0x100}, {&(0x7f0000000240)="1aed2e95428c45fa1caea2a5c9947457a1f28d39b2d5614d5e8ccb47daceae945b70248eaa614ecdc94dbc843b6ca158d327393c523b6990207793600685d6e1859b1d9e8af7", 0x46, 0xfffffffffffff74c}, {&(0x7f00000002c0)="4d6a8188313f11c7bbf41526f4fa82ca27c491efae46735dd8a8717f0064c4176ea3f621e19d9df95f2051a9eff89da60d9e66bb3069603d2598d6934ef94269504979b2789fa2f33d3142dc068bb54ce16ae674f22ebbf5b5b00822c6578fc78d28560442623376e8ced0c95d70b34b08c309", 0x73, 0xffff}, {&(0x7f0000000340)="4b0dd27c784af76276758b00ac84ebf1981f2fbf66747858d96ca4c4ae19c6b3ef473bcdb6db583837378c6399137c6d24396f280134cebe369f9b405376ff5b2c1e3f59cf51cc7b7ce72e6d20736c438c48b3a31a05e4af93813717ab78a32817c8a97e2760e8564ebb25e1f1175a3558b6049d46cf87d5b6042b82bab5057239e86c0588c5ca80bb34ee5422", 0x8d, 0x200}, {&(0x7f0000000400)="90ebf6a4542a5becf455ab6ae259b9e3ccd7c267fdb013a2e9577339367c4734c09026f97469a10c15496757260cf460c8312427f2a1ac97657dd8f056261d69944c48157db9c523b9770e1acfe564df4ee01df48f8836dd9e14dc4cef7960974ec57af07e1c1011e35c2f8ac85f9df652ed4998623d5cd53b04fd75bf5c3efc6e8e7c9af7eec56d3001f5f8996bcaa8a238974871ca82ee9788084b3726b56f0ec148bbcf86f0521b28612b31fb83efde03955a27129d03b349aef96c133646e7dd8375c0acf8c6dc1d", 0xca, 0x8}], 0x8000, &(0x7f00000005c0)={[{@errors_recover='errors=recover'}], [{@obj_type={'obj_type', 0x3d, 'vmnet1#vmnet0%]'}}]})
setresuid(r2, 0x0, 0x0)
capget(&(0x7f0000000600)={0x0, r1}, &(0x7f0000000640)={0x9, 0x2, 0xfcf, 0x40, 0x2, 0x10})
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:23 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

[  783.347014] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  783.354233] 9pnet: bogus RWRITE count (33554433 > 20)
[  783.359164] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
07:16:23 executing program 3:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket(0x1e, 0x1, 0x0)
sendmsg(r1, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x2ef, &(0x7f0000d1b000), 0x0, &(0x7f000012e000)}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000))
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240)='/dev/hwrng\x00', 0x8000, 0x0)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r1, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610)
fcntl$setown(0xffffffffffffffff, 0x8, 0x0)
close(r1)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x4000, 0x0)
ioctl$LOOP_SET_FD(r2, 0x4c00, r0)

07:16:23 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x700000000000000}}, 0x14)

[  783.392780] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  783.409931] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  783.418759] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  783.418777] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  783.432450] ntfs: (device loop4): parse_options(): Unrecognized mount option obj_type.
[  783.442201] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  783.459228] ntfs: (device loop4): parse_options(): Unrecognized mount option .
[  783.490523] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  783.524806] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  783.543949] 9pnet: bogus RWRITE count (33554433 > 20)
[  783.549582] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  783.575812] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
07:16:23 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xa0008000}}, 0x14)

[  783.612168] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  783.635012] ntfs: (device loop4): parse_options(): Unrecognized mount option obj_type.
[  783.644728] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  783.668494] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  783.682282] ntfs: (device loop4): parse_options(): Unrecognized mount option .
[  783.695643] Interruptibility = 00000000  ActivityState = 00000000
[  783.704418] *** Host State ***
[  783.713669] RIP = 0xffffffff81212b2e  RSP = 0xffff8801c4af7350
[  783.721288] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  783.728540] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  783.736917] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  783.743213] CR0=0000000080050033 CR3=00000001ce090000 CR4=00000000001426f0
[  783.750506] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
07:16:24 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
ioprio_set$uid(0x3, 0x0, 0x0)
fcntl$setsig(r0, 0xa, 0x24)
flistxattr(r0, &(0x7f0000000080)=""/221, 0xdd)

[  783.771625] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  783.809022] *** Control State ***
[  783.812757] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
07:16:24 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = getegid()
syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x3, &(0x7f0000000240)=[{&(0x7f00000000c0)="3d0488fbebc27f23da1222c8", 0xc, 0x401}, {&(0x7f0000000440)="0a358c71f239913bd35e032524ed9186c95d65e254cb49e330868e576d309563be1bbe3679531c96703241b95a443fc72d1d66028bffb9ace7b2e3686bba3d4931352e8ca5384196f37ef15878ed0db6458e244efb198c749a145d428d2301dfdea79fb245075c78f2260d515ed926cc78dc715baea0a86d55d63a97e0e39fe023830418f4fb7ebc0361b18def83992c2c1c33563063c55e8d672d428d201c15f9d9ed453006ea1cfadf6e560954a938649882594aa970a98df82bfc0b20649db86bf2f1c8ca30e3e1b8ca30e37f04287053a5cd0cd707a9a3326b8bf89af508cdc9b4ff762e790ac88dfa25a38b25f6f30beb8b11655f2ac7f68e3db09ce4e00fd3699539ef892cf4a5595f755e4d66ba07f2a7868683e9cbf663b3b6aeaed48dbda7585d7413af9269c11f46bebd8a53254f758d81f3b5b0220ee4eddc7446a8ac7d314eb96e5226f2a13e3b8e87996a3683b485d32ddbc95f207addd18d86efe45f48a6117885852acabfa8f3ea86097ee0288758a0a8ab4e24757463985659e3a56346563b8ca9f8a756c480721aac988191a974d79958b89fae91298ce0ad1c6fb222462cc3d633d80b1216d522ca8f6b15d02ac4f9b67cec6d3e9b5992d8afa5070f6734722faa7de78ff909d4c3c323b0c2a4dbf3b19ff0d8600fca6039f2610b2406ed6f038abbf968b89f4d7f6e02ade09c504f7dc356c3ba610ce57259ef937ed3cfb8de21532985eddf33bc6c054dc459ecf4ad0966e102027a94f3a97eb1b047519b794e8e2399f0f2ca2756ce93d37a4ce25aa7d53009a36a20489245d4e7b47683d3bc5f126de9c737c6cc87905317bb4a4a5106f4fa589e92cff6a775ed160e003acc8545686f5856e455c7b413eff5a90b138237ef3d56a9a2c8b5597ca4ef11daec087eb9b32bc674bfe63062ff03233e8c60131101caa450da2426caea0acb184a11189b9ee0d16ed26b6acbaebbc6d83476652f13f5b4c96a41b11d2ca3b620c3ce4a466567d16e4a0a53a8b7d58a4969415ecb2eda2c57c8db18ab4161de55622ce05bfa3cf77c6d48916fea657bd631cc491a84cd99266cb332b4cab84b2fec195f18649a717df4b3393cef7d5cb10a1d5f4aea8b979eae5ecd17f43ccdad773a4961062aebe798768a88b7f0f4cee4d987bd8ef8bf94db5544c24c85157055cc78bc2f9a5e2c341e563a47de3e7a62fa10af52c9d70b2f61c07fdd43b0f0a3b17c5247bf5899c19d2efc7000d9f69d803bf31744e5148cae2428279f8812cd33c9f6adc8aacef13e42db6f5aa033e8d1f65a2efad372f1f135e9d1512915e0ca9ca2989b34dad38eaaf9f7c6d42b39c5efe92825d0b6ce1b117c443441f1a2f31f59199aff32aa92c90abdd54f05443943addfbbc1b513ad50a9e4447e82f0c006df3d4986c4d95a848c83dbb997f510bd0ae7dae914ec206bd89bae3caeae3dde5ff0a697289282835d78c46ec81b5958fa71f6732122fbc2a07161ac072ef1ad5953be4e5bc25e2172f2e8ed6c9d4f9b592c6664dd48a49b917627f47f89de413f5cdc782d968936e1129c02d8c61987dac8140cb81cc79c2909ffbc5fcd8c80fd8e858543107c25196bd2f0ba5685b37ecddcb20217724d754d0c7a2785c1192be6e16b3ce21f829e750afa2fe8fe3d6c61cd113c14c625f651f22d5d93fb3fdf2265c1a0f981454ca51b9c7b1cd4c5f4402b6a2a82497cc108f800a1b07e2e5e417e09257d832e0172ed405473dae35dafc23cc7e8040e6df9ceaf3c0dc3f3f7d9a52f809c441050ad07820ae204d108a9e19961e900246f974ff404a80dab5ceab949bc7f57eb199362867024146cf255a470026a439fb0002ee5329665a0bd624365bd2c76a47a75fbaa16498dbcdc347f161737da0a62d3d13e50997eab959523e3d226da1485f7f1fd264bd3f8c60cf603e4e1c93d019a5dcbeff22631eb743a92006b55048ba666b0c77d2dd66a88262334a2de941a56397f68f5a0e6baa9b8c34b79a2fb056642da5e010c7ea824a576469227e2ce248a7a50fc61ba6c06c0fa455b6a006cd5906c9057a3aa91a9f970f001ba012290560c402d98270db499c42bc8b045edc2e2ef9e21ec7245a2279295d3a1ab56a0fa000d883cd1902559912e062adf7ec79902970d041e21f1ad182172d12de1a1d71d63d57ea76aa3ddbc6cf094fa1c356b7a2dca98f7d481ba6f17d790d4304ed4532964446d868d55d71b95334d5c8650332a6bd9137f7923f8796a7d2088bef47e9bd74f6cfa25ba44ef71bc668e3e8d6833605788936f7f37d0f291b2b03333a0ac632a33e96da41e95676526b5c60825e7484a21a3e2e75bb5fc2ef676ed536ddfb82a862928d781e693c350860244a61db790f912210e960cf01434712c5ac1633d434bdb859cd30dd0c908f46b27634169833b83811278160cf893096c92ef3a1cd8a139172f3d816d27d46df5811162c5e117f4e9669cdc9d162692f93c0a745f3b1758270e6475b5564021609b29e80cc5a9325e3795a5f42b213170f5f796934de44086b24d12a2b71dd3fc3d5239379b73e7950d083eb66c550315350d2aabf8f639528be0ed9a0691461d8f29c60447a11c49ca1dbf1fa4a1472b358c41ed5fd1ec25a8a494be7acdcd9041fe60a0a85715dcbe1c2df0962bfddd329111410cb3724cb83bb627ddab4612baa4c5c0d01c888ddea689d9061627e3ab3bbb4de80783e748a5882ba0a86c71986ab76c7506baa93eeeb9c09d26235740943f9b63258f3505e0bde604992b632a810c37350958d18881b5d60dcaa251371655679b6fb0bd1412e36c11833a6f1d596d67f34229603b63df5f02412aa675e90602ab9bc1adadb2157f991b8cd4d39b0c81dde43cfe9d54f69c972565acdaeb2549c632b0f2587cf110f498f7c1dd854e3a3ede8d3af7a34fcda3daad29097d80d25ea827815a39d1effb5a18e505d42f161d3e9961e521b48f465c32401d9db203d5d8c676daf823eafe2268e12ecd9a450c80c29a3ec91666ec5b6ea4ada4d4df4712faf3982b0cc1eab36169575f5ca938e0352dbcd01346fb0efa1b65e308092e57aadd65f93bbd26639c7717d6a795606881a7e0c20f054c296760f0344106d96f2b75ed2e6075272c64b0c074f49623f6950e6cd5d24f99b5cd5f03d6e5376a1f77fcf01de81bfdc291ab761e5e9f883e529819c90f116287718eddfc1297ee1c6b00e221f6a3b088446e4d93a196fcbebdcf43b9a229b30a48e79637d84fcdb869d8d1ab25bfa58b908c0f1c54a98549b3c36b6e89e9a3fd0589b018a227db77f6bc78781176a110d02f3a6b4261ea53928e1d37d7e7168d5354f07a336a2e7665a7c55ad60ad068bcce6a06a978ad0836fe0c80ec4f0b2f935ed8c460e7294d0675e7506cce83bf58acf7e7dc6f532fa808fcd7e17817edc99776820b559f7133c10da96b19d8422b8a452ce850aa4ba074fa2518e05e6e8fd20458c406664d8d294b74808ad219b9a85f51d4e95eef4cea911b1ef7a125099642d1b5014a96424e4a23fdb0fae0c78803c897b553f2ad55a379f6ef3125a63de7326c47a70c269a3da1f5afbacff909f89469879ea8c6aaef9be294c9d4e084028d2e04bc8bf3c2b000a0a7c3de6e7268a36e0e592589f1598782328a47ddc8a26484f0183506c7d54edb9a6dde6d22e31d80956a04d7312058d813b7ccb74518416eeefdab003f4133b67003a36227effcfb104e6a7402fcbcf76e2f351497b98f506faa5dfa8f7afd90e0e803f171e327ff9fc6b787fe19361e10a931e9612977ba3b187bb10241cdc7dcd32fd3ce6ba599299339d219e2c239b2750b824927f730bd2971c17b6c1e0f1702c74fbd9f9e9ed08629e7ccf362db6ce640bd674c34301cfc59e2e4159ddd09aa038e61f59f7aeee180c3ff1e5d6af9bef5fb2d6b0cd2c60cfed0124fde361d52ce9dbd138ec8ccb028b3065d4da641d82130e93e3a9b42f7ca1eb3d84f1009c02d85a1f9f72452fa529a60988350395c913d71494edad92dd121790f42a27ff51cf354e701040c2f6ace2091e5603e22de6c4a1ef5b56eb2d505b95217fb899cfb3b04d8bad86aacbb7b43f9e35c697a4c8af95fc84cc8c9b84346ae217c9cf9c0c123b30e39d5b85e2065fe04e634deed8ca289864eda16bc7400772aadbf21796024cd6cd9a48eaa09cf3a18b5dd6a2684c4489e10c79ff8e19874b8cc091a32d9ec50d070ddc55f6fcdfc596d1b47952628820085c81d8d9fcf1c60315e2c3fedb54e29a3844ca561dfbcf716f4f6739a05e300f41a601541d1a98976423bea7f4059545c7c11ad72cb3767be958ce2a0a116d7952f1a3e52ff7bddd8795b92c9903a1224f93143b4afcef746b22fcac3c772aef86ee93da0e58396344a192419413ae0032ecbda26c4f30631d3a49b59da865349ac1955050cc287941b0d1be865df877d53167880f45534abc45d7d803e9207be94f6a07d2c44998b2048e9bef39ccdd6a5ed52a99ccd305407e4d788638837fe510bbf26f6b4d99e54134c0f6fc0091cb8deeeed9458503e658cd9be79653b5bd7508fe94b02f088b980cd4e74c043af5f3213fbdd546b27fb3e2eca927ca0401a3ac0efeacb8c3a551e3807094f829f4c7fa58cb9063a71da9015a0162d0965bbfffda8a3ad83d4e924ca4106ab7d298753332e2393e23bec4dbe34a638891185eed328dfe9477fc15ddca03f3fb4a71c59020a4662564abeba18f916c46b2f20521428ca4dab00f0b5be2bb966ec9ddaefad3dbe42ed8ff2401552854d0da6102c9ced75a3292483a141596c694f1ff9d5cd5b625969c96d3c3e05269f7aca741e352c5943663e6cf2e21e7936b65ab9e6910016af95d3e8b1865a074276a604770fccb8de6faf4923d72b6f658d442dbcd9e0b7db1517c1327f962e657577cf8ee4a840ac53d9da60c8de97333da60792ccd3e22e5e5903050bc6ad3c0c0c7817755aa9ffd10720bcff527da1b575f9795a26edeeb1c11842abda90909e5cb608f4a503e4b3fa9253f1396e8306adf36509cce2bb63603f10a98e8aa5bc44c98035cba2dc5feb561f27ab8477a867d7e55da124385663c6578304233fc57dc5a9f9d126a693b476fda7ce484067ef7bc5b4f4e4c264a0f76450c30fba5b07fdef307ee648b930cbddbf56acd9aa89b8be9e6725dd62bfb06642e26f43ff7f3a3727cdd63f31e224ff06ce3f39c373fbb8d2e4fb5089186d36b6aa90282e2543f6877684ace3e0ed0dcac795e845a472df9dd3bfbf0f4354e57cb2b2c2ae395e82c1e5a23f6f3025dc1be575b6e2c98e470ed8fd7557183757e106709ef2d29da810f8187cba7fa1ecc4ff627b13b2f9cbc11227d953d8ecf84463dab5a00780b99f51dbc68d05d464521b9b9aac563ba4f689fd532218876b116a9faadeddfe834f54ced2441de00c5e1d4fcd541b77dc7b12200e035b2984e9b92724b8c3a198d4486cb172ac82ff5e8d53a5df11fc6a36b3d761186d458b9ebdfb51a523ee786e57a167964dc5c1a6566f8ce3e35b301e5412c883a67d8911668e36ea2f788be67d516d5c231d8c06822224eb1bd83c416e2f2c8af09c3df91c93ab68e4c60fe19d32a7517acd2b616f117dc50914f13345b9723cd620025f5014a28f56d00fcc1377e9e393e5963ee81c01e2a70e2bde233f0c08dd6c63e24185f08057e7c374681c63b3c40b19755b3c26f8abb92ea926a8ad4fa2302747cc41d922182908977af196899dfbc423b4c867facdc35999572cf0dd", 0x1000, 0x7f}, {&(0x7f00000001c0)="e41f4d3635512cfc794f49a89edc51e66fca5632832d2c4823ecd30c5a5cd9cd33ec372512f116241829d6675bdd9ab13dfcbec1361e738bef2ddaee1df1019519f10f39978b5caac136c50c4101ff9989f745501305c8d55e6e5030fc2bd1ac6390fcc13172b4dac5a43496de379dc215d52c0bb6a8d0237aa090", 0x7b, 0x9}], 0x0, &(0x7f00000002c0)={[{@six_active_logs='active_logs=6'}, {@resgid={'resgid', 0x3d, r1}}, {@inline_xattr_size={'inline_xattr_size'}}, {@noextent_cache='noextent_cache'}], [{@smackfshat={'smackfshat', 0x3d, 'trustedppp1'}}, {@fsuuid={'fsuuid', 0x3d, {[0x0, 0x33, 0x0, 0x77, 0x3b, 0x0, 0x0, 0x66], 0x2d, [0x77, 0x33, 0x77], 0x2d, [0x31, 0x33, 0x73, 0x77], 0x2d, [0x77, 0x37, 0x7f], 0x2d, [0x73, 0x77, 0x77, 0x34, 0x71, 0x66, 0x65, 0x77]}}}, {@smackfshat={'smackfshat', 0x3d, '/dev/autofs\x00'}}]})
clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
r2 = getpid()
openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0)
sched_setscheduler(r2, 0x5, &(0x7f0000000180))
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000400)=0xffffffffffffffda, 0x360)

[  783.819773] EntryControls=0000d1ff ExitControls=002fefff
[  783.825595] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  783.852219] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  783.890444] 9pnet: bogus RWRITE count (33554433 > 20)
[  783.897445] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
07:16:24 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0x1c3)
ioprio_set$uid(0x3, 0x0, 0x0)

[  783.932971]         reason=80000021 qualification=0000000000000000
[  783.952877] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x2824ae8c)
[  783.975882] IDTVectoring: info=00000000 errcode=00000000
07:16:24 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x1000000}}, 0x14)

[  783.989937] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  784.002830] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  784.004915] TSC Offset = 0xfffffe5a824f0d57
[  784.015115] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  784.022573] TPR Threshold = 0x00
[  784.025580] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x2824ae8c)
[  784.027631] EPT pointer = 0x00000001be95501e
07:16:24 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xfffffffffffffecb)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:24 executing program 5:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  784.034655] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  784.060949] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  784.069364] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  784.259860] *** Guest State ***
[  784.263675] 9pnet: bogus RWRITE count (33554433 > 20)
[  784.275018] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  784.286738] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  784.296258] CR3 = 0x0000000000000000
[  784.300191] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  784.307086] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  784.314003] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  784.320963] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  784.329303] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  784.337422] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  784.345491] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  784.353595] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  784.361634] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  784.369779] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  784.369811] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  784.385959] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  784.385982] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  784.385994] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  784.386007] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  784.386024] Interruptibility = 00000000  ActivityState = 00000000
[  784.402100] *** Host State ***
[  784.402117] RIP = 0xffffffff81212b2e  RSP = 0xffff8801429c7350
[  784.402140] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  784.402154] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  784.402166] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  784.402181] CR0=0000000080050033 CR3=00000001ced88000 CR4=00000000001426f0
[  784.402198] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  784.416293] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  784.416315] *** Control State ***
[  784.416325] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  784.416332] EntryControls=0000d1ff ExitControls=002fefff
[  784.416347] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  784.416361] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  784.425918] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
07:16:24 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580))
mount(&(0x7f0000000200)=@nullb='/dev/nullb0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:24 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$TIOCLINUX3(r1, 0x541c, &(0x7f0000000040))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:24 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$kcm(r3, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e88, 0x0, @mcast2={0xff, 0x2, [0xe82b]}, 0x5}, 0x80, &(0x7f0000000340), 0x2b, &(0x7f0000000180)}, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:24 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

07:16:24 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x4000}}, 0x14)

[  784.438398]         reason=80000021 qualification=0000000000000000
[  784.452149] IDTVectoring: info=00000000 errcode=00000000
[  784.452157] TSC Offset = 0xfffffe59fc09774e
[  784.452163] TPR Threshold = 0x00
[  784.452175] EPT pointer = 0x00000001b947301e
07:16:24 executing program 5:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:24 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000000)={<r2=>0x0, 0xb0, "1c9567523d277a8b105ddf9812c44e0c7350237c32b854c11b7899147639be8cf3f1ef5e9f360c1591ff568075e55d2ea95d520e756d31e4b7743c27bed3f0f6efb25cfdab7ce283b33d451eeab5162a9265cdbde0ccb37c9393f1eb7ada7e3ffd273feda02ae6fc378c6004dad1abff99843ef5237210630b0787c0e6d859e5a511e7845aad5899cbde8baebeedb2669edce94a712362c8cd370cfd69532e3d593d012438d5a102744c838c4e6587f4"}, &(0x7f00000000c0)=0xb8)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000100)={r2, @in6={{0xa, 0x4e20, 0x1, @mcast2, 0xfffffffffffffff8}}}, 0x84)
setresuid(r1, 0x0, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0))
ioprio_set$uid(0x3, 0x0, 0x0)

[  784.584916] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:24 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x68}}, 0x14)

07:16:24 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
getsockname$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, &(0x7f00000000c0)=0x10)
setresuid(r1, 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioprio_set$uid(0x3, 0x0, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x1, 0x4)

[  784.694055] *** Guest State ***
[  784.697670] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  784.713532] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  784.731739] CR3 = 0x0000000000000000
07:16:24 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$kcm(r3, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e88, 0x0, @mcast2={0xff, 0x2, [0xe82b]}, 0x5}, 0x80, &(0x7f0000000340), 0x2b, &(0x7f0000000180)}, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  784.746407] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  784.766842] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  784.781145] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
07:16:25 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x400, 0x0)
write$P9_RCLUNK(r2, &(0x7f0000000040)={0x7, 0x79, 0x2}, 0x7)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  784.828717] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  784.864109] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  784.876378] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  784.893902] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  784.899596] 9pnet: bogus RWRITE count (33554433 > 20)
[  784.906624] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  784.917024] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:25 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x40000000}}, 0x14)

[  784.926997] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  784.936612] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  784.946090] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  784.955158] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  784.964945] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  784.971599] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  784.981220] Interruptibility = 00000000  ActivityState = 00000000
[  784.988053] *** Host State ***
[  784.991455] RIP = 0xffffffff81212b2e  RSP = 0xffff88013b47f350
[  784.997989] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  785.004930] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  785.012958] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  785.029938] CR0=0000000080050033 CR3=00000001bc962000 CR4=00000000001426e0
[  785.037285] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  785.044344] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  785.050581] *** Control State ***
[  785.054922] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  785.061787] EntryControls=0000d1ff ExitControls=002fefff
[  785.069297] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  785.077091] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  785.085005] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  785.091817]         reason=80000021 qualification=0000000000000000
[  785.098844] IDTVectoring: info=00000000 errcode=00000000
[  785.104791] TSC Offset = 0xfffffe59c09978bf
[  785.109287] TPR Threshold = 0x00
[  785.112808] EPT pointer = 0x00000001c8b7a01e
[  785.180741] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:25 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$kcm(r3, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e88, 0x0, @mcast2={0xff, 0x2, [0xe82b]}, 0x5}, 0x80, &(0x7f0000000340), 0x2b, &(0x7f0000000180)}, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:25 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, r1)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:25 executing program 5:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:25 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x100000}}, 0x14)

07:16:25 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580))
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:25 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0xe2, 0x4)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r2, r0)

07:16:25 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={<r1=>0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
bind$bt_rfcomm(r0, &(0x7f0000000440)={0x1f, {0x5b, 0xe4b, 0x2, 0x5, 0x5, 0x9}, 0x7}, 0xa)
process_vm_readv(r1, &(0x7f0000000040)=[{&(0x7f0000000000)=""/47, 0x2f}], 0x1, &(0x7f0000000340)=[{&(0x7f0000000080)=""/46, 0x2e}, {&(0x7f00000000c0)=""/11, 0xb}, {&(0x7f0000000100)=""/124, 0x7c}, {&(0x7f0000000180)=""/37, 0x25}, {&(0x7f00000001c0)=""/219, 0xdb}, {&(0x7f00000002c0)=""/68, 0x44}], 0x6, 0x0)
ioprio_get$uid(0x3, r2)
ioprio_set$uid(0x3, 0x0, 0x0)
r3 = syz_open_dev$mouse(&(0x7f00000003c0)='/dev/input/mouse#\x00', 0xffffffff, 0x20080)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r3, 0xc0405519, &(0x7f0000000400)={0x5, 0x7, 0x3, 0x1, '\x00', 0xfffffffffffffffd})
close(r0)

[  785.702867] *** Guest State ***
[  785.706777] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  785.707475] 9pnet: bogus RWRITE count (33554433 > 20)
[  785.717578] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  785.731376] CR3 = 0x0000000000000000
[  785.735651] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  785.741890] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  785.750913] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  785.758439] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  785.775743] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  785.787156] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:26 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x74}}, 0x14)

07:16:26 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$kcm(r3, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e88, 0x0, @mcast2={0xff, 0x2, [0xe82b]}, 0x5}, 0x80, &(0x7f0000000340), 0x2b, &(0x7f0000000180)}, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  785.797244] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  785.806343] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  785.816968] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  785.826456] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  785.835211] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  785.843785] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  785.852369] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  785.861060] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  785.869564] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
07:16:26 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x2)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  785.899603] Interruptibility = 00000000  ActivityState = 00000000
[  785.934128] *** Host State ***
[  785.950465] RIP = 0xffffffff81212b2e  RSP = 0xffff88013cf1f350
[  785.972371] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  785.986396] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
07:16:26 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
connect$l2tp(r0, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x4, 0x3, 0x0, 0x4, {0xa, 0x4e20, 0xaf, @remote, 0x7ff}}}, 0x3a)
ioprio_set$uid(0x3, 0x0, 0x0)

[  785.996053] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  786.006371] CR0=0000000080050033 CR3=00000001be20b000 CR4=00000000001426f0
[  786.015277] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  786.022453] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  786.030120] *** Control State ***
[  786.037710] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  786.056388] 9pnet: bogus RWRITE count (33554433 > 20)
[  786.061829] EntryControls=0000d1ff ExitControls=002fefff
[  786.075772] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  786.084439] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  786.091881] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  786.099606]         reason=80000021 qualification=0000000000000000
07:16:26 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:26 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$kcm(r3, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e88, 0x0, @mcast2={0xff, 0x2, [0xe82b]}, 0x5}, 0x80, &(0x7f0000000340), 0x2b, &(0x7f0000000180)}, 0x0)

07:16:26 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xa0010000}}, 0x14)

[  786.107341] IDTVectoring: info=00000000 errcode=00000000
[  786.121851] TSC Offset = 0xfffffe59363ff8ed
[  786.136186] TPR Threshold = 0x00
[  786.140287] EPT pointer = 0x00000001bf2c601e
07:16:26 executing program 5:
socket$l2tp(0x18, 0x1, 0x1)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:26 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000040)={{{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000140)=0xe8)
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000180)={{{@in=@multicast1, @in=@rand_addr=0x3e5f, 0x4e23, 0x9, 0x4e24, 0xfff, 0x2, 0x80, 0x80, 0x3c, r2, r1}, {0x8b4c, 0x13, 0xd3, 0x7fff, 0x1b96, 0x0, 0x1000, 0xdb}, {0x3, 0x6, 0x1, 0x5}, 0x0, 0x0, 0x1, 0x0, 0x2, 0x3}, {{@in=@multicast2, 0x4d3, 0x3c}, 0xa, @in=@local, 0x3507, 0x3, 0x0, 0x9, 0x3f, 0x4, 0x6}}, 0xe8)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000280)={{0x2, 0x4e24}, {0x7}, 0xa, {0x2, 0x4e22}, 'veth1\x00'})

[  786.298778] 9pnet: bogus RWRITE count (33554433 > 20)
[  786.298855] *** Guest State ***
[  786.308521] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  786.319530] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  786.329032] CR3 = 0x0000000000000000
[  786.334661] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  786.340952] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  786.349763] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  786.357316] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  786.371430] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.384858] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.393640] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.401956] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.410890] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.419321] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  786.427968] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  786.437095] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  786.449114] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  786.458186] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  786.465029] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  786.472528] Interruptibility = 00000000  ActivityState = 00000000
[  786.478922] *** Host State ***
[  786.482138] RIP = 0xffffffff81212b2e  RSP = 0xffff88018897f350
[  786.488865] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  786.495492] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  786.503845] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  786.513273] CR0=0000000080050033 CR3=00000001d1bed000 CR4=00000000001426f0
[  786.520390] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  786.520405] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  786.520410] *** Control State ***
[  786.520420] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  786.520429] EntryControls=0000d1ff ExitControls=002fefff
[  786.520443] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  786.520452] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  786.520468] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  786.535903]         reason=80000021 qualification=0000000000000000
[  786.572904] IDTVectoring: info=00000000 errcode=00000000
[  786.582500] TSC Offset = 0xfffffe58e4fd690d
[  786.587292] TPR Threshold = 0x00
[  786.590881] EPT pointer = 0x00000001cdd9801e
07:16:26 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000000)={{{@in6=@mcast2, @in=@local}}, {{@in=@multicast2}, 0x0, @in6}}, &(0x7f0000000100)=0xe8)

07:16:26 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x74000000}}, 0x14)

07:16:26 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:26 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200))
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:26 executing program 5:
socket$l2tp(0x18, 0x1, 0x1)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:27 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  786.794323] *** Guest State ***
[  786.797931] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  786.807239] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  786.829388] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:27 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x60000000}}, 0x14)

[  786.846500] CR3 = 0x0000000000000000
[  786.856340] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  786.863601] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  786.871170] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  786.883376] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
07:16:27 executing program 4:
r0 = geteuid()
setresuid(0x0, 0x0, r0)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f0000000100)=0xaec4)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)={@dev, @rand_addr, <r2=>0x0}, &(0x7f0000000080)=0xc)
setsockopt$inet_mreqn(r1, 0x0, 0x0, &(0x7f00000000c0)={@local, @empty, r2}, 0xc)
ioprio_set$uid(0x3, 0x0, 0x0)

[  786.892163] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.901258] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.929938] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.957231] Unknown ioctl 1074026289
[  786.962963] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.967988] Unknown ioctl 1074026289
[  786.976465] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  786.985352] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  786.993695] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  787.002486] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  787.011442] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  787.022227] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  787.029275] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
07:16:27 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:27 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x4, 0x2000)
setsockopt$inet6_dccp_buf(r0, 0x21, 0xd, &(0x7f0000000140)="eb0dbe01db887ba4087b7db166202222fad4af839d8cecc0ca5c1273f691e595d8b3fcb28ee331c53ba4dc23", 0x2c)
ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f00000000c0)={0x90, 0x1})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000100)={r0, r1})
setresuid(r2, 0x0, 0x0)
getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x1)
ioprio_set$uid(0x3, 0x0, 0x1f)

[  787.076405] Interruptibility = 00000000  ActivityState = 00000000
[  787.100013] *** Host State ***
[  787.115050] RIP = 0xffffffff81212b2e  RSP = 0xffff88018b69f350
[  787.128160] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  787.148637] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  787.166173] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
07:16:27 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x1, r1, 0x9)

[  787.172631] CR0=0000000080050033 CR3=00000001d3bc7000 CR4=00000000001426e0
[  787.180110] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  787.195699] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  787.202062] *** Control State ***
[  787.207145] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
07:16:27 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x804}}, 0x14)

07:16:27 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000040)=0x2, &(0x7f0000000080)=0x2)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000280)=""/182, &(0x7f0000000340)=0xb6)
r1 = socket(0x10, 0x200000000000002, 0x4)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000000000)=0xfffffffffffffe82)
setresuid(r2, 0x0, 0x0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x2400, 0x0)
ioctl$EVIOCSREP(r3, 0x40084503, &(0x7f0000000200)=[0x5, 0x81])
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000140)={{0x3, 0x2, 0x1, 0x3, 0x2}, 0x0, 0x3ff, 0x1400})
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000240)=0x7, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x200, 0x4)
syz_extract_tcp_res$synack(&(0x7f0000000440), 0x1, 0x0)
ioprio_set$uid(0x3, r2, 0x980c)

[  787.224223] EntryControls=0000d1ff ExitControls=002fefff
[  787.234680] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  787.241898] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  787.248998] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  787.256518]         reason=80000021 qualification=0000000000000000
[  787.263134] IDTVectoring: info=00000000 errcode=00000000
[  787.269587] TSC Offset = 0xfffffe58a0b169b8
[  787.274516] TPR Threshold = 0x00
[  787.278113] EPT pointer = 0x00000001ba5d401e
07:16:27 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  787.428993] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:27 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0xfffd)

07:16:27 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:27 executing program 5:
socket$l2tp(0x18, 0x1, 0x1)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:16:27 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x500000000000000}}, 0x14)

07:16:27 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:27 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:27 executing program 4:
r0 = socket(0x8000000000012, 0x7, 0x10003)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, r1, r1)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x6, 0x2, &(0x7f0000000280)=[{&(0x7f0000000080)="cc8a483601a7bd080eee8bfc47455d80d6987f8cc475d4c0281f1d7b47b5797280a824792e5b1d9e4e85cb7cb50a9d4737847e0081b4d521377953479a8d3a1fe70de403a1008a7d5efee09ae376b2ea28c56b4fac640ba981fa5e181521367b8a1b2f2d901ee30502a961503f8bead6eae4a3af98618d985f20659d567f9c89408e8b2af8ed514fb85e4fd74bffd36664d54d259a348f4c72597595306defedd16014369ac390811a7367804a4803edc4672183749f5be623bf5f1da53cdbddfcdb426c03cf11a845dd76e654431a227daaf67bf581fb090271b6197fdb63208e9eb2a8ba2286dcec", 0xe9, 0xba}, {&(0x7f0000000180)="955cb10f7bddd6c6b517009670ed0ea8a9f14e2be051e7c93132c9ca95626dcc42e48dd9e0e6ac981338b814844b026b7c5b1f8c69b2c8906acb9d4ab1d5188d7657314291d093b9fd8bca87c6aaaf06fa247c9387728fcac34667e58b0971f966ecf8ea642240df77a1e42881f5c90a61db23ca95161d990433c62bb2aaab4eb18780c8a62db8881e2ffc327ec82f27a11e1ac4472b3709dcecc321c5adec6a003dc67ebcb962d45589cd9dd23af69936f6f2f01c75dc159617e1d4107994c41f2cd337b01cce2c86fa589172b3164e5834a0cb498cb797b1b3ce21be688d9e598bb5d70abd91fc0654bfe6", 0xec, 0x8}], 0x10, &(0x7f00000002c0)={[{@umask={'umask', 0x3d, 0xffffffffffffffff}}, {@barrier='barrier'}], [{@uid_gt={'uid>', r1}}, {@seclabel='seclabel'}, {@subj_role={'subj_role', 0x3d, 'usersecuritysystem'}}, {@audit='audit'}]})
ioprio_set$uid(0x3, 0x0, 0x3)

[  787.815760] *** Guest State ***
[  787.823259] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  787.839693] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  787.847658] 9pnet: bogus RWRITE count (33554433 > 20)
[  787.851588] CR3 = 0x0000000000000000
[  787.862272] hfsplus: unable to parse mount options
[  787.867680] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  787.876381] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  787.884436] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  787.891135] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  787.901638] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:28 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x600000000000000}}, 0x14)

[  787.910120] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  787.918578] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  787.926940] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  787.941435] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  787.950917] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
07:16:28 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  787.988674] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  788.021565] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
07:16:28 executing program 4:
r0 = socket(0x10, 0x2, 0x80)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000000)={{{@in6=@remote, @in6=@mcast2}}, {{@in6=@mcast2}, 0x0, @in=@loopback}}, &(0x7f0000000100)=0xe8)
setresuid(r1, r1, r1)
ioprio_set$uid(0x3, 0x0, 0x0)

[  788.046108] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  788.056941] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  788.064495] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  788.081416] Interruptibility = 00000000  ActivityState = 00000000
[  788.118001] *** Host State ***
[  788.126907] RIP = 0xffffffff81212b2e  RSP = 0xffff88013c9ef350
[  788.140984] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  788.158230] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
07:16:28 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(r1, 0x0, r1)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000000)={0x0, @rand_addr, @rand_addr}, &(0x7f0000000040)=0xc)
ioprio_set$uid(0x3, 0x0, 0x0)

[  788.159636] 9pnet: bogus RWRITE count (33554433 > 20)
[  788.176110] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  788.187345] CR0=0000000080050033 CR3=00000001bc306000 CR4=00000000001426f0
[  788.196349] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  788.203712] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  788.210055] *** Control State ***
07:16:28 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xfbffffff00000000}}, 0x14)

[  788.214357] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  788.221226] EntryControls=0000d1ff ExitControls=002fefff
[  788.227388] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  788.234890] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  788.250254] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
07:16:28 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  788.262724]         reason=80000021 qualification=0000000000000000
[  788.271617] IDTVectoring: info=00000000 errcode=00000000
[  788.299264] TSC Offset = 0xfffffe5814ef631e
[  788.314703] TPR Threshold = 0x00
[  788.324534] EPT pointer = 0x00000001bd20b01e
[  788.378728] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:29 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x0, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:29 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000000)={<r2=>0x0, @in={{0x2, 0x4e21}}, 0x3, 0x9d0}, &(0x7f00000000c0)=0x90)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={r2, 0x100000000}, 0x8)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:29 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xff0f0000}}, 0x14)

07:16:29 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:29 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200))
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:29 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:29 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r2 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x4000, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x6d7)

[  788.879851] *** Guest State ***
[  788.883340] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  788.886464] 9pnet: bogus RWRITE count (33554433 > 20)
[  788.892223] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  788.892243] CR3 = 0x0000000000000000
[  788.892250] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  788.892262] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  788.892287] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  788.892304] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  788.892326] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  788.892361] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:29 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
setresgid(r2, r2, r2)

07:16:29 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xfbffffff}}, 0x14)

[  788.981559] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  789.019484] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:29 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x11)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f0000000040)=r3, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  789.039519] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  789.051985] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  789.082485] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  789.092617] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  789.104948] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  789.113301] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  789.120575] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
07:16:29 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={<r1=>0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, r2)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
tgkill(r1, r1, 0x3)
setsockopt$sock_int(r0, 0x1, 0x3f, &(0x7f0000000000), 0x4)
ioprio_set$uid(0x3, 0x0, 0x0)

[  789.151197] Interruptibility = 00000000  ActivityState = 00000000
[  789.171027] *** Host State ***
[  789.181036] RIP = 0xffffffff81212b2e  RSP = 0xffff88017d807350
[  789.196584] 9pnet: bogus RWRITE count (33554433 > 20)
[  789.198790] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  789.213408] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  789.230065] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  789.237520] CR0=0000000080050033 CR3=00000001d9afe000 CR4=00000000001426f0
07:16:29 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x20000000}}, 0x14)

[  789.253551] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  789.264895] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  789.290120] *** Control State ***
[  789.297523] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  789.305294] EntryControls=0000d1ff ExitControls=002fefff
[  789.311084] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  789.320601] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  789.329551] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  789.337368]         reason=80000021 qualification=0000000000000000
[  789.344485] IDTVectoring: info=00000000 errcode=00000000
[  789.350195] TSC Offset = 0xfffffe5783231b52
[  789.355207] TPR Threshold = 0x00
[  789.358907] EPT pointer = 0x00000001c91fa01e
07:16:29 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x0, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:29 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:29 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
syz_genetlink_get_family_id$fou(&(0x7f0000000000)='fou\x00')
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, r1, 0x0)

[  789.417394] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:29 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x804000000000000}}, 0x14)

[  789.515727] *** Guest State ***
[  789.519269] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  789.533931] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  789.551032] CR3 = 0x0000000000000000
[  789.562856] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  789.569742] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  789.577612] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  789.588537] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  789.609322] 9pnet: bogus RWRITE count (33554433 > 20)
[  789.611590] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  789.624337] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  789.657353] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  789.666838] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  789.675979] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  789.684662] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  789.692984] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  789.701627] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  789.709876] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  789.718195] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  789.724945] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  789.732657] Interruptibility = 00000000  ActivityState = 00000000
[  789.739123] *** Host State ***
[  789.742435] RIP = 0xffffffff81212b2e  RSP = 0xffff880139d27350
[  789.748607] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  789.755899] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  789.763829] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  789.769770] CR0=0000000080050033 CR3=000000013f17d000 CR4=00000000001426e0
[  789.776935] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  789.776950] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  789.776955] *** Control State ***
[  789.776964] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  789.776971] EntryControls=0000d1ff ExitControls=002fefff
07:16:30 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:30 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x5537)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:30 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x1000000000000000}}, 0x14)

07:16:30 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:30 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00')
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:30 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x0, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  789.776985] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  789.776992] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  789.777001] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  789.777016]         reason=80000021 qualification=0000000000000000
[  789.790827] IDTVectoring: info=00000000 errcode=00000000
[  789.800239] TSC Offset = 0xfffffe572b995750
[  789.800247] TPR Threshold = 0x00
[  789.800257] EPT pointer = 0x00000001c1e8f01e
07:16:30 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000000))
setresuid(r1, 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x8000, 0x20000)
ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x10)

[  789.980943] *** Guest State ***
[  789.984901] 9pnet: bogus RWRITE count (33554433 > 20)
[  789.992747] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  790.023688] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  790.037649] CR3 = 0x0000000000000000
[  790.048213] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  790.062968] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
07:16:30 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x1ff, 0x3, &(0x7f00000001c0)=[{&(0x7f0000000080)="1a243b99d32e8c0ee5c5e6499ef5738a4c03f421fb8ca6202e1364ed7006b5d6e1a176105293bab4", 0x28, 0x80000001}, {&(0x7f00000000c0)="6de9fc214b4bf93818d49834884f01d87a9b3bcd2c38b2ad101777c2756ce191740df194f03d9b35c95c866e6f6ddbd67c992b3de67074ac0a45dc7182fc06a76a3ddfa82d168db5bf96457b1256dbe1344d1a293a9095d0a5f2de1fad302c5d9c6dd689511d7f158407d7eecb940ad804999c878e0438ae4bf24bc15734752015cbb2252d0fe0", 0x87, 0x7}, {&(0x7f0000000180)="72ba5946ad5bab089b5bfe2503ff83f66ba5", 0x12, 0xb68}], 0x4000, &(0x7f0000000240)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}, {@data_journal='data=journal'}, {@jdev={'jdev', 0x3d, './file0'}}, {@noattrs='noattrs'}, {@barrier_none='barrier=none'}, {@nouser_xattr='nouser_xattr'}, {@balloc_noborder='block-allocator=noborder'}, {@barrier_flush='barrier=flush'}, {@balloc_border='block-allocator=border'}], [{@hash='hash'}]})
setresuid(r1, r1, r1)
r2 = semget$private(0x0, 0x2, 0x4)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000580)=@assoc_value={<r3=>0x0}, &(0x7f00000005c0)=0x8)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000680)={<r4=>r3, 0xfdfffffffffffeff}, &(0x7f0000000600)=0x8df344d909dc6601)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000003c0)={r4, 0x97, "83ce9e3ae59d18c215efd1536d9cf05b4d0454549cbe5a0559b2d23dc8f867ab3281933e6871e01e2f4e92ae0723faf4b9576a3b370ea05421af96af0fcfbdc748dbdc86cb6a6bce62c73682cd5d101aa23c9f200a6981720b94cac6bb1e20a80c6bc23622b59a0e3d523a48af8afeecf8fe57f14a2be1def3ab48a07ddb9547880e1399579b76a0195211056910a567f6bb5c88fe1e4c"}, &(0x7f0000000480)=0x9f)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000300)=[0x2, 0xfff, 0x10001])
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:30 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  790.076676] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  790.084499] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  790.103743] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  790.113910] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:30 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x6c}}, 0x14)

[  790.121934] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  790.171221] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  790.181274] REISERFS warning (device loop4): super-6502 reiserfs_getopt: unknown mount option "hash"
[  790.191466] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  790.204780] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  790.213754] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  790.222380] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  790.231255] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  790.240157] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  790.247225] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  790.269838] Interruptibility = 00000000  ActivityState = 00000000
[  790.280482] *** Host State ***
[  790.284662] RIP = 0xffffffff81212b2e  RSP = 0xffff8801c415f350
[  790.301861] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
07:16:30 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:30 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0, <r1=>0x0}, &(0x7f0000000000)=0xc)
setresuid(r1, 0x0, r1)
ioprio_set$uid(0x3, 0x0, 0x0)

[  790.316581] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  790.338388] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  790.362652] CR0=0000000080050033 CR3=00000001c5020000 CR4=00000000001426e0
[  790.384265] 9pnet: bogus RWRITE count (33554433 > 20)
[  790.395153] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  790.411276] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
07:16:30 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:30 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x85}}, 0x14)

[  790.434015] *** Control State ***
[  790.440337] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  790.448407] EntryControls=0000d1ff ExitControls=002fefff
[  790.461944] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  790.483534] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  790.491016] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  790.498134]         reason=80000021 qualification=0000000000000000
[  790.505445] IDTVectoring: info=00000000 errcode=00000000
[  790.511618] TSC Offset = 0xfffffe56ec398382
[  790.530075] TPR Threshold = 0x00
07:16:30 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x8000, 0x400000)
mkdirat(r2, &(0x7f0000000040)='./file0\x00', 0x44)

[  790.537528] EPT pointer = 0x00000001d745e01e
[  790.631445] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:30 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:31 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:31 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:31 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:31 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x400180, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r3, 0x408c5333, &(0x7f0000000040)={0x0, 0x3, 0x9, 'queue1\x00', 0x8000})
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
fchown(r0, r1, r2)
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000100))
getsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140), 0x10)

07:16:31 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x4800000000000000}}, 0x14)

[  790.932463] *** Guest State ***
[  790.935264] 9pnet: bogus RWRITE count (33554433 > 20)
[  790.939498] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:16:31 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x8800000}}, 0x14)

07:16:31 executing program 4:
getresuid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)=<r0=>0x0)
fstat(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000300)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000000400)=0xe8)
syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x5, 0x2, &(0x7f0000000180)=[{&(0x7f0000000080)="6675a338e4dc74348ac84cb3137f028165460f6e7da8b796bf27249a0a107c78071b966ce26d862039c18c316b453f0c85d025d939995f6330ad29aaba410eedbe7d15ddd3cad2f0ae8a32c7b6326b38088a701dd0d1a51304b9b69f22305ae6594b5800d7b004e529a5c126c4f6f3670d96b74a", 0x74, 0xfffffffffffffffa}, {&(0x7f0000000100)="b111cb5eaa9e14f1baa0cc0e7a21da44ff0cf73f4dccefe21839789f630e5f21aa079ac410097e19b13de1fbf25d3be24ceae250cc24a9c762c88f2116b6cc2a6617c55e528faa6d0bcead3c84e50511b96eb8b161e084e6", 0x58, 0x5}], 0x8000, &(0x7f0000000440)={[{@nodots='nodots'}, {@dots='dots'}], [{@hash='hash'}, {@fowner_lt={'fowner<', r0}}, {@euid_lt={'euid<', r1}}, {@fowner_gt={'fowner>', r2}}]})
r3 = socket(0x4000000800000010, 0x80000000, 0x7d)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r4, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  790.974984] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  791.016728] CR3 = 0x0000000000000000
[  791.021965] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  791.063341] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  791.080263] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  791.092654] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  791.103495] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  791.118102] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  791.118415] 9pnet: bogus RWRITE count (33554433 > 20)
[  791.127010] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  791.140499] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  791.149424] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  791.158702] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  791.168662] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  791.179071] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  791.187894] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  791.196728] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  791.203955] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  791.212323] Interruptibility = 00000000  ActivityState = 00000000
07:16:31 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:31 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x14000000}}, 0x14)

[  791.219455] *** Host State ***
[  791.223041] RIP = 0xffffffff81212b2e  RSP = 0xffff88011979f350
[  791.230467] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  791.238709] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  791.248944] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  791.257176] CR0=0000000080050033 CR3=00000001bdc7f000 CR4=00000000001426e0
[  791.265215] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  791.272294] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  791.282240] *** Control State ***
[  791.286523] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  791.293968] EntryControls=0000d1ff ExitControls=002fefff
[  791.299811] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  791.307579] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
07:16:31 executing program 4:
r0 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$FICLONE(r0, 0x40049409, r1)
r2 = socket(0x10, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, &(0x7f0000000040)={0x3, 'irlan0\x00', 0x4}, 0x18)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xffffffffffffff3d)
setresuid(r3, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  791.315075] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  791.322605]         reason=80000021 qualification=0000000000000000
[  791.331198] IDTVectoring: info=00000000 errcode=00000000
07:16:31 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000200)='/dev/fuse\x00', 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x0, 0x101000)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="470e00000000000002004e23e000000200002000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008fe291d86aaf6f5bf42959f6cc31209a97790e08b19badd6c32ac5df4f602cd16da2bf6abba981b97bb3d70e2760b9dd7ce4499d6f35c0cc1cb070d6430030cc333da420e649ac1a0563e48922f07c7d72a316a10dddc77d907ef7afd2641e38a95b5bb18bd693e23e71f37f66a02282c9ea45a97451850bbe4298d8fbf40a4f241adc"], 0x90)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x13f, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_ACCEPT(r2, &(0x7f00000000c0)={0x8, 0x120, 0xfa00, {0x2, {0x1, 0x6, "89b03a9c3f15969768f6bfb01925f6c3d7a0b05a9ce8d79cd4a198c06101d4eeb1b86e76ea7926a9c41025928355da5d61c0874ce47f7801276c31856d734c9b066cb0a09f44ac31bb402ab3251f0a019cae1b5cd51871f3c8dd17dc90f5fb584083a3bd34249d5946d8bd5f8a38c48603d3b29e05e16804ca258fc3bee81007e6e03add728dcc65195b3c44ea639ba5cdff9a3e45bfce95f2741f0bc13b842108d2e5eb6a4135b6701dd1bf09199b1122216b39709175b713714ec56032c780d941fe5779492d1ecf3dd73ba8d5181ff8b0357c641ae6d346f3d64eb16c826726fb9854975b5320f0f1cdfb3daae4ec7414644fb9708e9a95f1f9fa7d7c2261", 0x6e, 0x101, 0x1, 0x100, 0x50, 0x80000000, 0xee4}, r3}}, 0x128)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  791.360556] TSC Offset = 0xfffffe566a099e83
[  791.379828] TPR Threshold = 0x00
[  791.388490] EPT pointer = 0x00000001cda6a01e
[  791.430273] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:31 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:32 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000000)=0x6, 0x4)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x6, r1, 0x3)

07:16:32 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:32 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x1300}}, 0x14)

07:16:32 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:32 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:32 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_set$uid(0x3, r1, 0x69)

[  791.879624] *** Guest State ***
[  791.884474] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  791.893323] 9pnet: bogus RWRITE count (33554433 > 20)
[  791.918539] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
07:16:32 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  791.949967] CR3 = 0x0000000000000000
[  791.963561] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  791.971645] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  791.985328] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
07:16:32 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x6b00000000000000}}, 0x14)

07:16:32 executing program 4:
r0 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key(&(0x7f00000002c0)='pkcs7_test\x00', &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0x0)
keyctl$instantiate(0xc, r0, &(0x7f0000000280)=@encrypted_update={'update ', 'ecryptfs', 0x20, 'user:', '/dev/null\x00'}, 0x20, r1)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x4040, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000000c0)={<r4=>0x0, 0xa0, "a15a1537f7e446baa17baab7ccf883ef351e8ebc663dbdc668fa00ee5f66b5de180d1ee7e5c04316406a4c7022d4c5ad85b53bfcd3c3eeb444448a0021271ea7d1c8fee45e3466e00d49e4a0a71c0c3d5e14ea24f270df742d7d638470c1fd237428649d385f2c9c64fc67cbdf8bf59c33faac4a49b96b81eb9ab677ac31e0c4ae1a0f3b216f3eae23a1eb2ff0edfee63beb1a922c79a5680d06ff55910b4761"}, &(0x7f0000000180)=0xa8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f00000001c0)={r4, 0x6, 0x1, 0x8, 0x2, 0x80000001}, 0x14)
r5 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r6, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
getitimer(0x1, &(0x7f0000000340))

[  791.996150] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  792.006627] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  792.018304] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  792.028561] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  792.067732] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  792.093937] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:32 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  792.110567] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  792.119788] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  792.129410] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  792.138180] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  792.148273] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  792.155750] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
07:16:32 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
socket(0xa, 0x0, 0x6)
ioprio_set$uid(0x3, 0x0, 0x0)

[  792.166257] Interruptibility = 00000000  ActivityState = 00000000
[  792.173027] *** Host State ***
[  792.183069] RIP = 0xffffffff81212b2e  RSP = 0xffff88014e82f350
[  792.189926] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  792.197689] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  792.212075] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  792.224566] CR0=0000000080050033 CR3=00000001c0a08000 CR4=00000000001426e0
[  792.239611] 9pnet: bogus RWRITE count (33554433 > 20)
[  792.242761] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  792.264307] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  792.270717] *** Control State ***
[  792.275209] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  792.283853] EntryControls=0000d1ff ExitControls=002fefff
[  792.290234] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  792.298940] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  792.306364] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  792.316115]         reason=80000021 qualification=0000000000000000
[  792.324092] IDTVectoring: info=00000000 errcode=00000000
[  792.341469] TSC Offset = 0xfffffe55e790d163
[  792.346290] TPR Threshold = 0x00
[  792.350011] EPT pointer = 0x00000001d53f201e
07:16:32 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:32 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x400000000000000}}, 0x14)

07:16:32 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:32 executing program 4:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x555090765f8a3f44, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040)=0x1, 0x4)
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  792.531954] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:32 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, r1)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0x2, 0x800, 0x204, 0x6, 0xffff, 0x800, 0xf86, 0x8f3, <r2=>0x0}, &(0x7f0000000040)=0x20)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000080)={r2, @in6={{0xa, 0x4e20, 0x3, @mcast1, 0x140000000}}, [0x800, 0xffffffff, 0xffff, 0x1, 0x100000000, 0x77, 0x0, 0x4, 0x106c, 0x4, 0xfffffffffffffffb, 0x5, 0xda, 0x8, 0x6]}, &(0x7f0000000180)=0x100)
ioprio_set$uid(0x3, 0x0, 0x0)
syz_mount_image$ntfs(&(0x7f00000001c0)='ntfs\x00', &(0x7f0000000200)='./file0\x00', 0x200, 0x5, &(0x7f00000004c0)=[{&(0x7f0000000240)="16b41542bbb6b4acd501a706a78d8296994de4b9fc4f05a706cfaf718cec61cba1077e681cee69f4e18f731032b96c71e76e281bafa1e0616a2f9792fa39a37f49097d0da9429cf9c716666641dc4969d05fcee3aaa43c4d513e7bc8e6bd", 0x5e, 0x10001}, {&(0x7f00000002c0)="287a052e50dd62c9897e1dbca215ff8b134bb36d5a99cdc778d16d145691f9cb880e89467b34869873bb0854be1a6934849a2c1c7b32728e7251592d5b4906117068cb31edb10ca226426e080ba61c9c341e7ef02ba96556e503aadb91c80fb1f08fd9507f27440297e597bde2b91834f4cd55f602c8ff87376caab9745b9d5a71770d589bdb689e", 0x88, 0x1}, {&(0x7f0000000380)="1f1231b3efb1e42140bf6e0a41", 0xd, 0x3}, {&(0x7f00000003c0)="e8929898b3dfa578afac363bed7cc7f18bdb5f988f49cdafc8fa7dfe8c4d8e4f8bf2d85a22c5341adb33d7791a2a83e702097009101df945e221bf95a22f4e2919c1b0a94ab01f8837c9f477a7f859eae056705acfaad35b4bda9ae7de721a18c3a2ee11", 0x64, 0xffffffffffffffff}, {&(0x7f0000000440)="9da4f5f583a1a894d803f9479263e1f8430c5656a10a9281ffbe474b4fff68f58a89f028348ce6ae713bfab26a2acf86c49cb572f93b1ebf975ed77b23fe61380bc3c339114e9ceb7b1f428a6ed09fd5229500fd6d062629b3d4c53bad19f6135f74ce110de9b833492cd396934031", 0x6f, 0x7}], 0x800, &(0x7f0000000540)={[], [{@uid_lt={'uid<', r1}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'self-[%]\\lomime_typeself!posix_acl_access!em0'}}, {@fsuuid={'fsuuid', 0x3d, {[0x77, 0x39, 0x63, 0x7f, 0x64, 0x77, 0x36, 0x33], 0x2d, [0x66, 0x65, 0x31, 0x37], 0x2d, [0x35, 0x33, 0x30, 0x3d], 0x2d, [0x30, 0x35, 0x39, 0x30], 0x2d, [0x75, 0x33, 0x35, 0x37, 0x77, 0x37, 0x38, 0x65]}}}]})

07:16:32 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:32 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:32 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffff9c)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:32 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x8040000}}, 0x14)

[  792.832360] 9pnet: bogus RWRITE count (33554433 > 20)
[  792.870835] *** Guest State ***
[  792.880209] ntfs: (device loop4): parse_options(): Unrecognized mount option uid<00000000000000003327.
[  792.890056] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  792.899273] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  792.909748] ntfs: (device loop4): parse_options(): Unrecognized mount option smackfstransmute.
07:16:33 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xf0ffffff}}, 0x14)

[  792.919595] CR3 = 0x0000000000000000
[  792.923645] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  792.929867] ntfs: (device loop4): parse_options(): Unrecognized mount option fsuuid.
[  792.940786] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  792.947354] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  792.955251] ntfs: (device loop4): parse_options(): Unrecognized mount option .
[  792.962947] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
07:16:33 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  792.971555] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  792.979953] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  792.993692] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  793.013858] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  793.036997] ntfs: (device loop4): parse_options(): Unrecognized mount option uid<00000000000000003327.
[  793.041740] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:33 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  793.083911] ntfs: (device loop4): parse_options(): Unrecognized mount option smackfstransmute.
[  793.098875] ntfs: (device loop4): parse_options(): Unrecognized mount option fsuuid.
[  793.108287] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  793.112102] ntfs: (device loop4): parse_options(): Unrecognized mount option .
[  793.127238] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  793.139851] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  793.152194] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  793.160625] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  793.167484] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  793.175282] Interruptibility = 00000000  ActivityState = 00000000
[  793.213945] *** Host State ***
[  793.227644] RIP = 0xffffffff81212b2e  RSP = 0xffff88017d807350
[  793.250634] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  793.279294] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  793.289192] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  793.300937] CR0=0000000080050033 CR3=00000001d7fc1000 CR4=00000000001426f0
[  793.310455] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  793.317499] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  793.324687] *** Control State ***
07:16:33 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
ioprio_set$uid(0x3, r1, 0x4)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:33 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:33 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:33 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x408}}, 0x14)

[  793.329000] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  793.336851] EntryControls=0000d1ff ExitControls=002fefff
[  793.342505] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  793.350028] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  793.362598] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  793.370450]         reason=80000021 qualification=0000000000000000
[  793.404497] IDTVectoring: info=00000000 errcode=00000000
[  793.410006] TSC Offset = 0xfffffe556187d8a6
[  793.435559] TPR Threshold = 0x00
[  793.448510] EPT pointer = 0x00000001bede001e
07:16:33 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
readv(r0, &(0x7f0000002680)=[{&(0x7f0000000180)=""/229, 0xe5}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/38, 0x26}, {&(0x7f00000012c0)=""/191, 0xbf}, {&(0x7f0000001380)=""/134, 0x86}, {&(0x7f0000001440)=""/4096, 0x1000}, {&(0x7f0000002440)=""/5, 0x5}, {&(0x7f0000002480)=""/191, 0xbf}, {&(0x7f0000002540)=""/124, 0x7c}, {&(0x7f00000025c0)=""/187, 0xbb}], 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={<r2=>0x0, 0x2, 0xffff}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000080)={r2, @in6={{0xa, 0x4e24, 0x5, @mcast1, 0x4}}, 0x2, 0x4, 0x35b4, 0x7, 0xdda}, &(0x7f0000000140)=0x98)
ioprio_set$uid(0x3, 0x0, 0x0)

[  793.474605] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:33 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418d")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:33 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x4c00000000000000}}, 0x14)

07:16:33 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  793.640730] *** Guest State ***
[  793.646628] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  793.660501] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  793.667779] 9pnet: bogus RWRITE count (33554433 > 20)
[  793.670151] CR3 = 0x0000000000000000
[  793.678884] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:33 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x85000000}}, 0x14)

[  793.685295] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  793.691564] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  793.698681] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  793.708996] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  793.719010] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  793.727551] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  793.735987] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  793.744258] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  793.752436] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  793.761013] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  793.769854] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  793.778298] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
07:16:34 executing program 3:
pipe2(&(0x7f00000000c0), 0x4800)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  793.786834] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  793.802078] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  793.809843] Interruptibility = 00000000  ActivityState = 00000000
[  793.816530] *** Host State ***
[  793.819909] RIP = 0xffffffff81212b2e  RSP = 0xffff880149abf350
[  793.827206] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  793.834132] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  793.842141] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  793.848269] CR0=0000000080050033 CR3=00000001c3136000 CR4=00000000001426f0
[  793.848287] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  793.848300] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  793.848312] *** Control State ***
[  793.871896] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  793.888903] EntryControls=0000d1ff ExitControls=002fefff
[  793.894619] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  793.913181] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  793.920093] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  793.926992]         reason=80000021 qualification=0000000000000000
[  793.933606] IDTVectoring: info=00000000 errcode=00000000
07:16:34 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418d")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  793.939235] TSC Offset = 0xfffffe54f656c338
[  793.945058] TPR Threshold = 0x00
[  793.948650] EPT pointer = 0x00000001c012401e
[  793.985718] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:34 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:34 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x7a000000}}, 0x14)

07:16:34 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  794.071833] *** Guest State ***
[  794.079377] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  794.090011] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  794.099537] CR3 = 0x0000000000000000
[  794.110164] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  794.116447] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  794.122644] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  794.132350] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  794.172937] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  794.209410] 9pnet: bogus RWRITE count (33554433 > 20)
[  794.215009] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:34 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:34 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  794.225441] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  794.244990] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  794.298057] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  794.325323] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  794.335437] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  794.344127] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
07:16:34 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00')
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, r2, 0x301, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_SERVICE={0x54, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3e}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1c}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3f}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x510e800000000}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x40)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:34 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x1000000000000}}, 0x14)

07:16:34 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  794.370953] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  794.392265] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  794.411353] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
07:16:34 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  794.424761] Interruptibility = 00000000  ActivityState = 00000000
[  794.442127] *** Host State ***
[  794.457965] RIP = 0xffffffff81212b2e  RSP = 0xffff880139edf350
[  794.478391] netlink: 88 bytes leftover after parsing attributes in process `syz-executor4'.
[  794.493621] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  794.509818] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  794.518385] netlink: 88 bytes leftover after parsing attributes in process `syz-executor4'.
07:16:34 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={<r1=>0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
process_vm_writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/35, 0x23}, {&(0x7f0000000040)=""/122, 0x7a}], 0x2, &(0x7f0000000240)=[{&(0x7f0000000100)=""/137, 0x89}, {&(0x7f00000001c0)=""/65, 0x41}], 0x2, 0x0)
setresuid(r2, 0x0, 0x0)
r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhci\x00', 0x101000, 0x0)
write$P9_RSTAT(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="700000007d020000006900030003000000200200000008000000000000000000c775be8d0ca63e8acc0c1535b70500030000008800000006000000000000000d00707070305e76626f786e65743005002b5e47504c0c0075736572707070306574683018006370757365746574683193eeca6e6f6465765d7b2a3a6e6f"], 0x70)
ioprio_set$uid(0x3, 0x0, 0x0)
getsockopt(r0, 0x81, 0x3, &(0x7f00000002c0), &(0x7f0000000300))

[  794.527471] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  794.539133] CR0=0000000080050033 CR3=00000001c5ab6000 CR4=00000000001426f0
[  794.554448] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  794.567339] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
07:16:34 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  794.586706] 9pnet: bogus RWRITE count (33554433 > 20)
[  794.591080] *** Control State ***
[  794.595749] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  794.602606] EntryControls=0000d1ff ExitControls=002fefff
[  794.608372] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  794.627129] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  794.639359] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  794.651864]         reason=80000021 qualification=0000000000000000
[  794.663956] IDTVectoring: info=00000000 errcode=00000000
[  794.677445] TSC Offset = 0xfffffe54baed7118
[  794.693700] TPR Threshold = 0x00
[  794.697285] EPT pointer = 0x00000001cf0f801e
07:16:34 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418d")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  794.824662] *** Guest State ***
[  794.827990] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  794.837320] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  794.846382] CR3 = 0x0000000000000000
[  794.850119] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  794.856212] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  794.862205] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  794.868959] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  794.877011] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  794.885086] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  794.893068] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  794.901152] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  794.909165] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  794.917244] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  794.925301] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  794.933397] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  794.941391] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  794.949442] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  794.955917] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  794.963444] Interruptibility = 00000000  ActivityState = 00000000
[  794.969698] *** Host State ***
07:16:35 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:35 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x6c00000000000000}}, 0x14)

07:16:35 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={<r1=>0x0, <r2=>0x0, <r3=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
setgid(r3)
ioprio_set$uid(0x7, 0x0, 0x0)
pipe(&(0x7f0000000140)={<r4=>0xffffffffffffffff})
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r4, 0xc0a85320, &(0x7f0000000180)={{0x1, 0x8cd}, 'port0\x00', 0x50, 0x20000, 0x200, 0xffffffffffffffe1, 0x5, 0x8, 0x93, 0x0, 0x6, 0x7})
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000080)=0x3, 0x4)
r5 = shmget(0x1, 0x4000, 0x42, &(0x7f0000ffb000/0x4000)=nil)
shmctl$IPC_SET(r5, 0x1, &(0x7f00000000c0)={{0x0, r2, r3, r2, r3, 0x161, 0x20}, 0x1, 0xff, 0x5, 0x6, r1, r1, 0x8})
getsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000000), &(0x7f0000000040)=0x4)

07:16:35 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  794.972894] RIP = 0xffffffff81212b2e  RSP = 0xffff880139edf350
[  794.978949] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  794.985418] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  794.993306] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  794.999211] CR0=0000000080050033 CR3=00000001c9841000 CR4=00000000001426f0
[  795.006394] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  795.013263] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  795.026102] *** Control State ***
07:16:35 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
chown(&(0x7f0000000000)='./file0\x00', r1, r2)

[  795.046581] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  795.058093] EntryControls=0000d1ff ExitControls=002fefff
[  795.063925] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  795.072341] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  795.079958] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  795.087169]         reason=80000021 qualification=0000000000000000
[  795.094048] IDTVectoring: info=00000000 errcode=00000000
[  795.099713] TSC Offset = 0xfffffe5453bb9236
07:16:35 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r0, 0x111, 0x2, 0x1, 0x4)
ioprio_set$uid(0x3, 0x0, 0x0)

[  795.144243] 9pnet: bogus RWRITE count (33554433 > 20)
[  795.154260] TPR Threshold = 0x00
[  795.157660] EPT pointer = 0x00000001c486901e
07:16:35 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x4000000}}, 0x14)

07:16:35 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d76")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  795.327209] *** Guest State ***
[  795.343837] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  795.355689] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  795.364828] CR3 = 0x0000000000000000
[  795.368740] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:35 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:35 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
r2 = socket$inet6(0xa, 0x80003, 0x4)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x240000, 0x0)
ioctl$KDGETLED(r3, 0x4b31, &(0x7f0000000100))
ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r4 = socket(0x200000000000011, 0x200000000003, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x40106614, &(0x7f0000000140)={0x0, @aes256})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r5=>0x0})
bind$packet(r4, &(0x7f0000000000)={0x11, 0x400000000000005, r5}, 0x14)
syz_emit_ethernet(0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaae080045000028000000000000eb8dbae40002e000fa0200000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], &(0x7f0000000240))
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, r1, 0xffffffffffff)

[  795.375081] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  795.381241] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  795.399826] 9pnet: bogus RWRITE count (33554433 > 20)
[  795.403566] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  795.414618] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:35 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xffffffffa0008000}}, 0x14)

[  795.446006] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  795.464692] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  795.483330] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  795.491540] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  795.499756] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  795.507903] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  795.516338] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  795.524385] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  795.524399] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  795.524411] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  795.524422] Interruptibility = 00000000  ActivityState = 00000000
[  795.524426] *** Host State ***
[  795.524439] RIP = 0xffffffff81212b2e  RSP = 0xffff880139c9f350
[  795.524462] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  795.524475] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  795.524485] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  795.524500] CR0=0000000080050033 CR3=00000001d52cb000 CR4=00000000001426f0
[  795.524516] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
07:16:35 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
getuid()
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

[  795.524528] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  795.524533] *** Control State ***
[  795.524544] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  795.524552] EntryControls=0000d1ff ExitControls=002fefff
[  795.524566] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  795.524589] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  795.541713] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  795.553287]         reason=80000021 qualification=0000000000000000
[  795.562606] IDTVectoring: info=00000000 errcode=00000000
[  795.578247] TSC Offset = 0xfffffe540ec86465
[  795.608366] TPR Threshold = 0x00
[  795.619081] EPT pointer = 0x00000001bd20b01e
[  795.794023] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:36 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000080)={0x9, [0x20000000000, 0x9, 0x2, 0x8, 0x5, 0xffffffffffffff32, 0x101, 0x401, 0x8000]}, &(0x7f00000000c0)=0x16)
pipe(&(0x7f0000000400)={<r1=>0xffffffffffffffff})
ioctl$NBD_DISCONNECT(r1, 0xab08)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0, <r3=>0x0}, &(0x7f0000cab000)=0x1c3)
r4 = syz_open_dev$sndpcmc(&(0x7f0000000300)='/dev/snd/pcmC#D#c\x00', 0x9, 0x800)
write$P9_RGETATTR(r4, &(0x7f0000000340)={0xa0, 0x19, 0x1000, {0x800, {0xc, 0x2, 0x4}, 0x84, r2, r3, 0xc9, 0x6, 0x7, 0xf5, 0x5, 0x9, 0x9, 0x5, 0x2, 0x9, 0xcef5, 0x6, 0x8, 0x7, 0x7}}, 0xa0)
setresuid(r2, r2, r2)
socketpair(0xe, 0x3, 0xb1, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f00000002c0))
ioprio_set$uid(0x3, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='\x00', 0x6, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="41f6f8f697cbf32554763441ddbe380ea859d56b930a817a3bd139edba770c63775a0fd2e66f99fc6963c3f6225f46f55054b87feb62a2a88ac29c6adfdeca4aa32cfec009a7d8010000006c6b1d5a12004b38c35c50a9be3c57e230f669fc78764d2f2322a00a40dc33029fb05b61a6bd60c36a826fb0faf8044e34d7d167c9a8758c80ba1be810076f9ec46a2e92523494c384d956153c88326f1410c452665770d8140000000000000000000000000000", 0xb2, 0x40}], 0x4000, &(0x7f0000000180)={[{@shortname_win95='shortname=win95'}, {@fat=@umask={'umask', 0x3d, 0x8}}, {@numtail='nonumtail=0'}], [{@audit='audit'}, {@uid_lt={'uid<', r2}}]})

07:16:36 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:36 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d76")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:36 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x2000000}}, 0x14)

07:16:36 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:36 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  796.034185] *** Guest State ***
[  796.037511] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  796.037527] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  796.037534] CR3 = 0x0000000000000000
[  796.037542] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  796.037558] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  796.058197] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  796.068276] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  796.086239] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.086260] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.086278] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.086303] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.105048] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.132211] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
07:16:36 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:36 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x6c000000}}, 0x14)

[  796.180230] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  796.203962] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  796.212187] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
07:16:36 executing program 4:
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80000)
ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000040))
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
r3 = getuid()
setresuid(r2, r3, r2)
ioprio_set$uid(0x3, 0x0, 0x0)

[  796.228861] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  796.235830] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  796.244873] Interruptibility = 00000000  ActivityState = 00000000
[  796.251287] *** Host State ***
[  796.271422] RIP = 0xffffffff81212b2e  RSP = 0xffff880181037350
[  796.289353] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  796.307587] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  796.316420] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  796.322592] CR0=0000000080050033 CR3=000000013f81a000 CR4=00000000001426f0
[  796.335402] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  796.342323] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  796.349032] *** Control State ***
[  796.354809] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  796.361680] EntryControls=0000d1ff ExitControls=002fefff
07:16:36 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
socket(0x8, 0x6, 0x9)

[  796.362597] 9pnet: bogus RWRITE count (33554433 > 20)
[  796.367947] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  796.380148] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  796.387482] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  796.395597]         reason=80000021 qualification=0000000000000000
[  796.402198] IDTVectoring: info=00000000 errcode=00000000
[  796.415080] TSC Offset = 0xfffffe53ae0014ec
07:16:36 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  796.422528] TPR Threshold = 0x00
[  796.426609] EPT pointer = 0x00000001cb34201e
07:16:36 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x8000000000000000}}, 0x14)

07:16:36 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d76")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:36 executing program 4:
r0 = syz_open_dev$usb(&(0x7f0000001580)='/dev/bus/usb/00#/00#\x00', 0xfe000000000000, 0x64000)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f00000015c0))
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
accept(r1, &(0x7f0000001480)=@l2, &(0x7f0000001500)=0x80)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x101000, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r3, 0xc08c5334, &(0x7f00000013c0)={0x8, 0x7, 0x0, 'queue0\x00', 0x8})
write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000100)={0x1, 0x10, 0xfa00, {&(0x7f0000000040), r4}}, 0x18)
ioprio_set$uid(0x3, 0x0, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000001540)='/dev/vsock\x00', 0x420001, 0x0)
syz_mount_image$ntfs(&(0x7f0000000140)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x3, 0x2, &(0x7f00000012c0)=[{&(0x7f00000001c0)="f3616b140892416997e2d4156418dbd919e72c8cc90f143c6fe03c80f71d71520294b65ae03dd4345db2ee3b8349d04fffcb72b1763c9cd6351fdbc5398132fa4cedf917c3deb22cdefc600305f87f00a00b176ee797f61b39949324a0772a4906356d9ad3bb5c447f01057062884f071e11c5abc4e0e6a2812bb51d076963a71c1b65d8e774774b1781af873b4daceb621d1f49cff5932a4eecaa5217fb3f01cb540488e5bada3c0bde4bc88d29318f74464476339e199a0fcda6d2dbc3de4cf59a65302850161691ebf0a0147199844c3265554e3c874b6ca72cc66d83e8e9ad0d75fcd186be89237d17d2d0d8f90b91b20545e9b045e3687a82930e247a1cadde8d2a450b341e6681da880509cff23cc4732bc2143e10df606e8d67b663b7f6bd11d277912a0552a66833e77c730d722e8b9bff6ef843fd4d29f1a855933555384d0af7966e05de6cc1912883d5e309ff4fcef7690b1191436681da90de8f5cc40b7e0d97871c3cd17ba82653b554d2cdc376da449434dca548c50d42740ab57d20aad7c2026da7b115a8eacc5515d96762d938f055c4af21b7843ac26640d17c46b60c70c0c2a239391df1fbb704e3fa330c89b919c40398f33ea35a6bf219bc9b76f06a02e93c15278126aa1eea2a76732950d2b8db79b4d0f98002c7508a6d296cfecdeb2e2e0e4da6b98626595161895f10c24603d5d24c0bc186d69912412bfb6e24f4c0ac760a438efe4d87ac94fb37f2ba94b5ba4e939901c79a6f1323b8e43265703f97d4155ce96293752f7e3f1841aefd70f429e697031f9e8adbc7eb9fbff034770f17e65f306d090f91c46d48178ae6c49187ada323bed0c8457513576039d3a3f46558ca99b569f8768950d48d22d3f7fc795273c698a5b7e88827a3b4af78f1e6cae0cc0ede9174d6282f96e77398388d83774e2a1cc6a202d27e26b8ea1d34c11025bd7db9c2064ce8eb2e4e038cfa57355eda951b45be39509406c8e6fd99c5080855c6f2618a03df676056d60c8415f2332fea8a523b058f4e5b9ec71dd05d293c0b462ded2a6da9b7f96191f73a1ad96064a1f988f2ae56e96f19eaff51e1209ada34f3164bdf56b85f9a87bf038d5249e5066d4b422211c5248708d025a0aaefa80a9a4be6a278780620bab1dce7c49a82dfd24b4083a47a119f003721ee0bfbb770fc2a2f3de00dd44f05d49cf192aaf583ab89b7ee1fefb2544ca94d466b0fb3adf2b10c8db8a0d66b9f49b20462f3c081fd6d60b5875bc866b727269e64ad39ef39a618e673242711acf3763e10bc8822a214e6ac2432272d567977a44e14a0d2ff00d0a251a1768fc3fcaf772791004d5b491ecb5767f8c5d61fc9cbd3de852d4a70178bfdc66f4a5c1ad93e0ece16973bfd1707248a3f225944b4362a9a1dfb409f2ba26768874bf38bcdf214ad77cdad6ebfa6b360c46922549a7354f6516059fe6bece163732833ae02e9d45f3d34a0e530077bcda9ca9c71fc19b4d3708f255775b9953b15f73fe449da70a370aad2ebd554cbe577d40ce8e0eb356b5309062c9da10c048ad3e5030cf33b16bd3d46953d7169dc7bf943c58013fbd539f4d032364ce957e16ce801639cd905107a4862c430459dd33cdbdfe18619bedd2214729cdef5a09d7663281b4f85fcb0598ec381e0d113e3184624028d256fecf62cb2a5ab196d4ab2141b0afe52f2375ea2c84545b5a902af6267f115d0f22ab6b754bfa81b2cf51a99ce1b421e46a41dd30159a0b3a07a1ec34d01a41edaddf429afd43f37bb72b2bb91d137ad79c53ac2e3a2fe218d217269284ddd17d22a318fb4baa892e2aec7f61caccfd22e8b6da51838bb80e82b5926cd740bf12a2630962ae80f6fdb2480d72086ee4ce4befae2605c0408f0dadc150f4172177bea9d98fc587f0cc44609cb4603b94b990d4d91f8daf38a7c1e75d236e52d8e164bb05492759429c87603b94652d25de0dca63f135448110edeea3d0da10d8c820fabc52f043ca84bbe8eedb8c6a6209c9eb06e54f64158073f9dae8417264a3c6cac84bd0061eda662e9ece21595381af29780e3a0c49accc1965b6161760d05a02a0faf55fee68b14a2f9146b540890742823180a4703e493ad42bf6c80ef5735ddc3ebe8cdc4dab227123a8b1160a7fc7f08105cf8725ee8c82c3236204c4d4bc43a9285f49f971de56f18a0756e171f867aae7f120f8ba785e6bfe87fae575bd6debca33582f0338774ff0b82da08c2612ead320d99aefe7dc48b56b18969dfff9a0d03c46d8f3ccd68e20156208e49970c58a30cdfd02e695d65b957b09df9674bfce4bc56fea45224d520b98dcc4beb95849af161d3931374b55f07a6cd7001fdb4ccea8426061ece86e812b1fc2de2969b83cf211f1fca76cda3fc1174a5a5dc0bf50246e3db24a1bb78533d0779b342c12e6a3e69a0a6ae6df6106a720fc2cab6308a1b7c39a997bffe3b7b1e7fe88cd3df9a9cb9c8f081da9b8413e6b3889bbff6ffe7a05bf7d55d0ef27d9fb1c3a145ccb9e0a8f3f84b15c8b1804c9e2931aebb7565bc11fce43731881283aced8c80d83b9da247804c602d706899ced7db3a569b3f04a64053020206c552742ed8375c57d5fc0ff7d476a42a5db7fceb1102ec69c80b61b90e95c3042a4ea3a1e23c0b24528e02a5f6b5bf19284bc0d84bc60035ee8e9824860a358c853b0b9f7f83b865a48258cb1f98e111e4b3fce1167e9309cc85536a33fba4aceb65c852625ab9d4da5e031b2e10f9ff8e9b9ac5deef1a90946828eb107a87ef951ec1379db7ff807e6459ae5b86e9066988b8ce45b7555832b46c59ec014054f147184ed51fff4198fa6676b739cd8abd8bca4518911087e65a48b5a84881bb21b19621dc91014f07263e097ced83592ee94c3581a2a7b9604291dfdb61aa00cb72e41e0cd273564227536c5e45ad3f8db3adbb9de17fbec7b2444195b8b43601dcc1f1efe5815a7fd2b1e8ffc083f15efb30381ac004213288242131608804d25a3705fb6dfa5ec8b1d48dec44b50f527512de346830abbc6f7371bd962a2e3148d13a87cbd910c096137fe46e89e3e3e111e95c23b83a55d809ccca2a1bbb1aa6142a8f498b2db8ca0217f68aac2d15cb646260651e2664162c6cfd30671a8dd733a61e82fbfa60c2d28651cad1378c8f850c338173567e23b67d837b4076d2b4744d52e0a8b72cc6c7e10e4c08e62162481603a20983689e1935fda04c7e86eb6d60e09b6032a70624be834c44922fc656722dd2944732e24bdfc5f441c161a89d8ef7b00ce52200e83f4cd2721472da35aed53d5c8fd27bd1eb2c5d81295e0d9b3a8f7c7c1b788fa2c51c303cc71cb4645db1e6e568fbdaca87450eb200910fbfd17de67ae4c925807036f9110851718369b3b7e2601bd9aeb8c41dcdc893fe639f5e0ca3ce4d04f0c0d2eb0792c7ff20ad74de66181466d66682e6754f355710ea21b97a8e3765cfde426f5578721692252c7cb25439198311adb98fd67bb96d479f6c8a70b567bb2222bd4a90654db07e6d1eb8ea88f9e7589086565772972f0490ece718d8d6efd616648d2429cf968bcce6e9753c7f30fbdcb2f9f44ceab5ab70bc77e3e26cba4845f79fda1920b14c4ffb2bf59bcff135380a3bdab0f0fdf42a2c5213ac8c90a765aefbaa491976e3464d093f9a8f59d5418c26645b8b290bced57ff58939f18924f9e73eb52853b3cba0036275c0444b0e9deb5e79b3d641eeb235ec8f39e44675c867e0eadd45407324a0da275a055bd1e0fadd7b358f903b260d24886e460cfe725d5a7b41ba0081decb6a80914685788621086f89f11092f538e5ebc64ed62605d8d44a66902aaa25daad175c86003fca7328d2a91b8e9227db7b050ea7705563c9e14c8e97a1afcf1746e028d879b84deb7bd937883749462e79809b78ccc71a6a393884818b2749263df0e1a3ba013220a7ca3ef926d45813a2403f97268688e00ebfb14c16108fe2dcfa0ed8b778ad112db14cc7cfcf4bf58cb86d5643ff0a41c76a36fd31759d83d137630a1322a525cd5fbe67c8c3ef05350562706822497348c6a4a12cadd759e794a36eef2970776e292389334f2cd3aa689a7fc897522f1b24d026031382f968cedb18aa3ab689c889886c3df1800ac3db109a512e44f56db8b1e465cd97b5e0a0595a726a7f9cbb68177b497cfdf943fa225762b5b54e3ebdd3e6a2f6785e33c0b54d93e4d90669e309370e11250aa4d297ccbdfa51d3c4995612ce457588f655b3c76c8e222b5cdfb02ef6ad539d644bd0e8ab64bfe0b27bf9e4fd16b05f43e05601fab23d69a091486ea244a2d85ea2bfc0e52956aa92be5c6426a287ac4dbbc45045e0165f5cc82cf8eb829a009843b631fb75c23d767b62cb34ed87357d859fc6e7c95661b45f993b8d1d5cb55ba726392078b0ca4f9cf64a33aead6441b5365d4d1b1b3ec0327c4f12e824bb3b544eebb4e6c84b918eda6fd92f7b216e7a5acfb8d2d22de00b22c450306695a5f45f827e593561d3e1ff6bb28bfbbfa45234e5dbde54a851f8e1bcb23a4c8c3f1991e27e6b51be51e3bbcb47ea805f6e043e6e6500a013c7f19315d4552c64ee6ca5fcc35c4cb9f147294aab32b20032fed7f39e9ef42e4ffa29e64df5539a10659bc0c5deeb7da79d99b0afd479bd1ef69155603286c84f3b6c0976f34e954b092e2d28008b11b406227319c81f4fefbb29c0ffb09c7f7d3cd9ebf74e7d02b25c6234a6a8a9f7acea5fcda8bb99e1e0c01c2fea48603e16ad0399157a1c00b518fe6c8e0133909939e12563d64499a63d4ae03a529957948d961c1e8bc24fa5804c5ce4d6fb2afd717f9260a1cb00b54a2d066461f7f5fdde56aa3f242408d9dcd09dcfc3149a971708533aedb437cc08ff73a5247e03c19249c82fa29030c506c39d0725529d6ff59a0e6989943420e287810befe3bfe8746def1a73bd2bc809840705b82fbb3798179728574e9433c985503779e6144379b4663c2b3c75db42992922e29361e700de8fb3e5aa343a69bf0e2a457ba7e6be19e32dadcdbdb7404ef40b1580c48522220f00ee5182560157c2110107f5f5be3d30853ed2c3228787e6ba50846118d34fa8306cd674576623cfc2c9d405d75c19557bfb59fe2db1a9c794aa2813ba109101afc5da5fe00c1af81ecb6bd422e2a8836a05aea33c65fd300991fd2c15f1f2bdbfa538100a69d1913dfa3657f22a6a6b14fba163446c7b287b279e6e705faa8a97c65aa28e79a3b8672524c9fa3052967197a30fdff2421feb55eecea0b8dc7c77dc07d1e5fb6411b9236413cfeb45adf68e45cf886ece3b67d33b754ec3e4461e96952ca523d83cd9d8e510c75a5c67c78fecf489924c03a96cdbbaf643e566f237ebe1c810277508768be45ac8bd90ca0071ea4dcc4c3e7a7c03cc8ba28a60cead0c3cc1f6afb4f4ab2948b61838f6642c533feffcfd1a1f5ebbf93c1e09e963373e05c2f97a2685ae7fd45b42ba9d9d8407e7d9f327e9aeae477ca3710cc82af4b977f5be070af91a72774f271908f4fe5b25690f3943f9aadd1fda4455c24b89559d5e6526fde1a5107b68efdce90c3ca8eb6d6d9d783ae6f1e24251f81226aedd8224609b6570dc65b51c74f8bf05b4c70fbb8ce631b99bb6be02db56b56cb630494d2ad27c7285ad835c37d5fa083a2bac52325848e7b44d62844e7ea64ec28ffb1ab575329d5fc93853a46d236a439e6f0976c1a8ffee737c27d0ae96557bc6b9fd8805f12728709c4c400b14088268b0", 0x1000, 0x200}, {&(0x7f00000011c0)="f5d7271a5e3492ccd54d572e5d3beb40f891a5d48bd9d54545fdb46c246760e0ceb0614eb3c08609744c34940672fe72f0854514a0ac19475c239c09181067d539d16e8248b841519901522e29552e3bbc543a75f8b170b843b212207adef89a713619f74581b226c0d24b44009fd2dd1774da001e4d7724e64ce04e6606294fb8980d56e3b10051903d60410eebc93e5ba7740d80ad0a33ce282f0f98ef1fc5ad75a885df14a81cd68405fd256fd8a0ab5fc0bb1a596daf4b5bdc0d70b1c3754ef594a0414b361524c495431e0c3f8ceeba93a1f026d36795de", 0xda, 0x100}], 0x2200004, &(0x7f0000001600)=ANY=[@ANYBLOB="636173655f73656e7369746976653d6e6f2c636173655f73656e0069746976653d6e6f2c6572726f72733d7265636f7665722c757466382c6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030332c64697361626c655f7370617273653d7965732c657569643d4a8570ae23daf2a900f9dcf1e600b5113f230f719f0cd18ece3a626b095536915dca8af37879eb0e898a8e3a4b24d269c6f7a2c93bd9224a82103f46deb66aa7e0057db856197dafda44491df66daa4911b8b8d3d5483c811eeb1ab2523801d0482cb8a4b39cfe7b35004f918400e0427e724b3403fb4eccbff0e9af90bd34b9b2d5a1b8cfdee8c484e2ba490330d3d65e42d8d07fbb1b76f49952482a23c5bd1cbca7800494841ba061f23264c6f190445a487276cdae14f5a2262e1b48a9f4dad9c1f4b9c682c500ce5cff69d38bf3b7f4a5d21e48a0", @ANYRESDEC=r2, @ANYBLOB="2c7365636c616265bd3f00"])

[  796.561191] *** Guest State ***
[  796.573030] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:16:36 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  796.601045] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  796.607571] 9pnet: bogus RWRITE count (33554433 > 20)
[  796.611885] CR3 = 0x0000000000000000
[  796.620082] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:36 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x800800000000}}, 0x14)

[  796.643742] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  796.652184] ntfs: (device loop4): parse_options(): Unrecognized mount option case_sen.
[  796.662576] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  796.679316] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  796.691563] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.703862] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.716665] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.727395] ntfs: (device loop4): parse_options(): Unrecognized mount option case_sen.
[  796.738078] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.751758] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  796.760739] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  796.781991] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  796.788776] 9pnet: bogus RWRITE count (33554433 > 20)
[  796.803898] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  796.812194] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  796.821584] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  796.839319] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  796.853861] Interruptibility = 00000000  ActivityState = 00000000
[  796.867437] *** Host State ***
[  796.891059] RIP = 0xffffffff81212b2e  RSP = 0xffff88013a247350
[  796.914021] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  796.920642] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  796.928672] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  796.934737] CR0=0000000080050033 CR3=00000001c93d3000 CR4=00000000001426e0
[  796.941772] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  796.948963] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  796.955238] *** Control State ***
[  796.958722] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  796.965565] EntryControls=0000d1ff ExitControls=002fefff
[  796.971067] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  796.971078] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  796.971087] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
07:16:37 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:37 executing program 4:
r0 = socket(0x10, 0x2, 0x4)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
setfsuid(r1)

07:16:37 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:37 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:37 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x600}}, 0x14)

[  796.971102]         reason=80000021 qualification=0000000000000000
[  796.984920] IDTVectoring: info=00000000 errcode=00000000
[  796.984928] TSC Offset = 0xfffffe53669a61c7
[  796.984935] TPR Threshold = 0x00
[  796.984945] EPT pointer = 0x00000001d8bd801e
07:16:37 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d7660")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:37 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x40040, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000540)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff7000/0x9000)=nil, 0x1000, 0x1})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
connect$can_bcm(r0, &(0x7f0000000000), 0x10)
ioprio_set$uid(0x3, 0x0, 0x0)
syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x101, 0x5, &(0x7f0000000440)=[{&(0x7f0000000140)="3eab39f90e60ef89a61a5c320be7bcdeb59725394213cd5af1773dd4db0d345c8365a8c4ebee2fcbf1232b5bc98b28b70ea03dbec3060853d2cb4599d7a228e0eee1ecf868e1b618c1dd506727eae12f39235d20326eda07c36e22e294a77d6f7cd7668801847f5da1e57a0f8fb61422613566d05d704e335cb59d3ef16cf50a74f802d46f44275f889bed0f2070ac94cb5b1713a55b663f51993c3ca9b6ff5565e09a3923f1f750eae55df0f9deb88640c425eea915f93383d93dc150a9e80a65a265d8e6cdb150adb8fd7199da0a45888a68b16e1cfe8e9e17dd220b445fbe8b7d18183ef83598414f187d4b5e772b9d09626ae2aeeca6fa7daaf14465", 0xfe, 0x2}, {&(0x7f0000000240)="ecae0c3cf6c2cd236897f63889cf0b62d4589152e1f37e7c8df8fb25944d8fe023184b134790bb84b6527d7979d3530dfca6e89fc66c68dde777426a60d93e8f0c32c0f8856843150da3777273e2cc3ae653024dc5d99f34e6dbcbdfcae091dae4437cbf934c0aa7198a37b98007395e60c6572d20a19686844f676b8c582c8d7a2df5b4614a225a92cee83cd9bff365b49f6fd2ff699c241512d2c2e7a3c007803528340b60bf01aa845c54ceb4252cdae59d23092dfd0e0beac5308e3185e88fc662345b78aa487738c06a6c5c4ad18854b12c08ad044aa3f7401eebf559602f757948033441ed31ef02224db0cf6845", 0xf1, 0x9}, {&(0x7f0000000340)="685de3f8143577e2a00757118fb9c0dce39aee86efbc01ff3b8cca3131c16be287205d41c70f69d57d0c0877ce2fed1ba508a2aca28dfb3f09b644899fe9ee39d26274df0b4a421ca4858486be7c030b662fb315b4bf67221155b009da9a47507c0be122ac6cf02d2a70fa1ca9f8e487f0c591620403", 0x76, 0x4a8}, {&(0x7f00000003c0)="db750d9d6144f3278e2cb87b587c6a21ae3c5d08a84a1c32", 0x18, 0x4}, {&(0x7f0000000400)="c58273bcc929d127d41ccc614d2266908705454cf51f08d62fe287f99656edf4667e", 0x22, 0x80000000}], 0x2, &(0x7f00000004c0)={[{@noquota='noquota'}, {@rtdev={'rtdev', 0x3d, './file0'}}], [{@rootcontext={'rootcontext', 0x3d, 'root'}}]})
r3 = shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffe000/0x2000)=nil)
shmctl$SHM_LOCK(r3, 0xb)

07:16:37 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(0xffffffffffffffff, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r0, 0xffffffffffffffff)

07:16:37 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  797.175650] 9pnet: bogus RWRITE count (33554433 > 20)
[  797.177500] *** Guest State ***
[  797.187972] XFS (loop4): unknown mount option [rootcontext=root].
[  797.194586] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  797.205271] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  797.230405] CR3 = 0x0000000000000000
[  797.246338] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  797.270429] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
07:16:37 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x3}}, 0x14)

07:16:37 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x80, 0x0)
ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000040))
setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000080)={@multicast1, @remote}, 0x8)
syz_mount_image$erofs(&(0x7f0000000100)='erofs\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0xa, &(0x7f00000026c0)=[{&(0x7f0000000180)="afe872436bf2b7cec586bcc2dc0f2874727feceb25b093e446bdf3537c84b8ecde6a59ef8770b552efce76cb7ee8c1595299f0a6bde1e7da286557c685293e112f69f9e530abf60c0e281e192626c29a7762d12416d6b0e3bb725e478ce261940df0b6d2813af4b616710465a724349f42038a99d852c3ec09242d778462f5f4fce625be85785fa67f2e69badcb5b63ce387c9f9ab3ff6061bebefa3d1724341887c49db2398e2b3afa6fdb9bdd9d93bac51f31f2cd9a3ec6e543e08e7", 0xbd, 0x1}, {&(0x7f0000000240)="37992b2261b8423032edfe3c2deb93dd03d9adfb4e54ae5497de6d217c86e1d0942311bd3a20343b29939daa94f614b4b958cdf8615c0fbaf28ca402d8d7d1b43e34ece19b50c268378a45d045b40b7a5c8d4cd18e33900bfd431a7b22988db3acd3eefd017cf26573f2be41df38fbd1b2d2f77552fd8afbebcdc0824c065b7d490aeb7d1660a020718e8d3a4a1c919c9b23367e233ac31e0b498b3df334281af9558bfaa75244f40b796f83fe5334c62d1c4542297fbe238f564e7e609342236ef583d724ee718084bb766fa3efe8579f34c24c8fb6dd42453e4228d3bf19b31525e9a2e485fabf67a9c0a27e", 0xed, 0x6}, {&(0x7f0000000340)="2d8157d7968d5fda9deeb68b689a23317756da811311d6034f3dc4acb8c69313ffadd25afea7e43500c9209278b8a01cc261d8ee328fccf376604367a55584a772e6fb62dc8fc18c483d1318934733a18492ab60c45c5091026ac399570ce5781a1e7e65c37c7612792e5d84f8e262587caf89824730bd7f0f425d497f9f4890f6951e0f9ac0a3bc415d7a71fda3db42f5532e3abb54b711644443912e9ddb0a0fbd2c48dd2177007eb60e496b61a9f241ff4aec937dc9772819e4bcff40137f4e23d7fde0e9e3c87385c4ea191deabc0ea8687f7de2ef3f251e742afd975bda9da918b091b324", 0xe7, 0x9}, {&(0x7f0000000440)="5de165b5dd9fdcbda0134dea95ca96d09747e970685b53759a777500b78a3264fd634cd5a58b76d990ea737640797771be50a9fcb8cf7610f7fcc2d4b6245338f4fccddb628997e22fad2fab08179893a48fc093d31c30bb0b15cf99f8251a54fc826030bfd49e88e0b5ab7516b704019b72a96b3ca5f945ffd5e96e57fa32832f46305d4fb152c1b9a3fd0c0b605da5deb0ac2b042060b4513a06f012f16d915d82b12bd048a2386b38b25611", 0xad, 0x6}, {&(0x7f0000000500)="0e21c76057", 0x5, 0x4}, {&(0x7f0000000540)="7e775ad12663d223f1bdb589306bd6b7323826d20b482faef8eb0f", 0x1b, 0x7}, {&(0x7f0000000580)="fb40894aef9f2ac3016e5676bc10933db998a3534c", 0x15, 0x6}, {&(0x7f00000005c0)="34e915713a3eca893e1fed6f8de67036029a2c811c29d3e8e967fa934876048f1f22cb3f9a2d6473d5c3f998caaac6e5a677a727e30af835e1c457f17db69aaf6ffa49e33e1b7c3d8aec7f9bebaa2c5559168483b3ab1ea8c7d90b036c485f1e3c81358814ba523bc6f15e8a92651547b27a3b2a03b8075661fd627ea462007f51273313c884ed50b7cf494e13ad1b10c1c6972ff403b84e5936f6b96c1e9f8419fdc2a111851a37b02da8c79b4958b747f138d069ac8dacd864c4b475c66ea57cfd6b1fcf4b65d37d17f259faaccf518fab949996d937e9e049356aeb120e294d390fafe7af545278ed2d082d6cff4c31d77d34aa1a50240b925b6c207ce0531a98538890e8d25fa8034ec8818812cb5b10f3242f6787a7aab6206c259c2fdb97ac8c6d8066156666b2df23ad2d3203d033a11963712b455db98c6c1d8e94e0039134b5cf4b8a7617d1047d0ff1e09747cbd5e68d56cb0ef0af5dd56e85899003b6f7ea39914afa6667ed58ed0212f6eed3c91ff97c16a6b16068d38a4af047abb0dd88ffa8437e2ff2e7d6f5e4db78f11077dc0f81546360afcc0b23c9d26e48b5c3650a578c4f3188e4266575353817be8c8235e5a14af2bc427761936f730c4373990028812b35b91a6f298c7d72a61770158a0bf05e187ceddbc752a702d5bef1c5f6e58b8aaa99ed3377f7736cce2ce9bcdbecd0b406ca2733f83f5e6ddd8e5a2e5f7b62f25c76ca0ec232b0a91eb5d5f28e9f0a9abfff9437fe7a0bd8e6da874ef655cb59ca9c73d5f656070692cae4b33f8caf44145f9deed979bec2f10f489d5aecbb1ae4887c8edb740551f196ceee4d739fd6b37b0d49feacaf14815c3d0f2557e00a2dde1eebbbdebc8b2a2f3713130d79336261fb35cef2923218ba12634d5ef0ec6aaaf9337d513097bf53d7c093f8dd254387e3658d8f944b733af3b6f78cbede50e04ab7b64f1f2b84cd397610280053293c8b516ec59371ba4d46a13d8721683c5046d5dc76da21ed476d7751087fe3289837bed12a0bcf9ada2a3899785ba82e62ca0089e36268c86ceee6c8af34e4c0a1535a52167b8d6990cefb41f52381e1ae91c37d51f7a65f165fc4dbec283b56202a40d531d72ca789d5a43df37287b2b1598ee3cdcc9a837a741d272d3eaba300065fe8047f553fa27acc6393de28324267ca5bd9c6ef9a6f43f2b7aa11c7ad40f49d0abbc71fe9441f5fd720d247da01448ed211770b2575806c77acfe8bc04e4a4387ebba5337b69cb87a2973e0e64184a86201f66366bad475d578a34ea5f71617c112313328f409a60c1d6ef5f64704f3576d27db164821800dc29aaf8daeb5b93d3fdf22e27cb773075a2366bb1794795381bb8245836d3f1e542ed2c8a524d020cdbe86d1cbcf6d209586aed5106f2da3ada2fddf12b63abaeddbbc57fa6dedc95b51ab1e8bd1f83e54fe656da5c7b9cf884f934bf61303e1e340163d2425f256edc403e9d2af5fec5d185df4709054cc52a37e44179f60b02e528a049f8d21e08acfa159753f6b03b3b7e94590347e575c704e82295e55b83348e5f25a76600aba46a37ef59da36d1a9d6d3d784eb7d0ba65e5d5be36aefee1bb91466e394209dde95de5acc377c24206c927342340998ff14c1e1c69dc44296e883f83305e2221c3e772ae572e62909387d62285f28bc76322caf7e25719abf421710390039f0682a838535846d7eeccc88dac997198f9ca09521a8fcb80818e86c7b64c636be5b4d43c58e7ba9e0e40997dc2d8a22250647edaa98b6365fdbac936b875fcbc37f91638d2c8adc679cc2b9ca1b2233de887d6785802e1213ea827a1f9f6367e62fa09e19298508b034b7c6683fa0269310eb24b574901686b4040f62b2f627ed8213d586f5038d80bd681edcf9f160443f3970e475c081a3797788b99eb8695d3e9dadf5025a04adcb52a93831df3b10260a5b9ddb979909655f48e68b823e8a8e70d6faa6373a170696d43a0fc1c0fd5776dd859caeba401eea9ca2e940c4418e431ef98e9cc6f2351a0caa64e8b37e8105e56b6a10fd9745840c7cabf8fad53e74d66ea56b978ecf3ce23b59262151611a71db9c0cff3d6798d16d7ef215c524c02c0efd20af4f36274c84c5faf6462481a8e10cebc33415de59093d99ab453848d72e34f9880d3f3b0103aaccc6ae313105e5953d67061285ad9525bef621c0b695230cb0a3c45a5643e367249b839e5408d4fd2b6a4b9d514218b541ad028b8e07d1bc46996ee1a16516558d21020d501500fa90b26b3c72e7c5abd697255ef1123df409a5d189d051d5352ba0fe46635d1f25307838af2f24eb97673e076064a78693da6d6a8f349651fbc84768c262b240e0a13a2f4fb6d0cd0c1dda7df77d1e318c5cd9e5cea333affaceb68b566675b4deda200b80844fa410759467e8c8e53f4590f2a76e295b91681904a1338bc0c9d98549b337d3a3d5cf79b3fff74f754e1308211f9a0a0c13a1888b04e9f6a1e2acb1734627ca2f8f8aa81d0284abbc9e63f314dc6c833081586646118764e84543b694374f564b4a13e4bd3ec8c4c64b6a02ac43c2ab60673c3f3e92d265d83e2fb4b8ccbcc6d1b8b99de2f6d0e2198750970c5e55252d6fa2d766b35a69389097e296750b750cfc662150909360dd419bc7084f2df64d02e7efa52f92c686925c162d906403efe148ad01d09ee48c76943de0ace06597649bce0a5ef2851a1c26ba51117e9e97594813a5d98ca7f9a7547e21f7975e83cace7c5219b7785183f20df0536d576cc258541be519045b780ed377eb6e29cc71734b85ca624456c0d6eeaa57f6b70fe713a6a383120a8666f113ac404a0c1da3a790771b76c4c511fccd583ffa36ace55465da1947f8e0308f73b3b860247484784e26ae187a1716af518a5a50790fdc8a433b74966dd39db0eb3553643191946035361e594aa05248693013ec9408ef5941f45352fe74c56ecef3fee4094ba7a3bfd4078879c3267313db122cbe3e6af94e2caefc21876d9a1fefd5b00c88b7b93ccf91d19956727ef2cd2ad4db9b72b1ee1175d627e98352ffda87e6a7f74705e420a02497b979920e898e0e228e4ca648c085ed0a66c662c01932c2d3a4fce66925b329a1a8e44806e96e7a7f243f915591b10ac9a6559d97ef8a23bf3c91fe09526258761380a8871c171a831563e8b152f62f19cafa9b3459299c9d090bbf6b0f65f5d45b77183b32fbf71ac919b1721e7e9894f6516ed6a326e33de697a40ae1308fbdbdcf0aaf8f343cafd8850a1ca60f670da96cb7a1f8f873bc0a67f58ee46f005727ad22faae6d370807511e24353d5dce98b35a7978da1de8b7aa67e446ee4a04e12176d2152bb90398c64fc0c268b33518271997f037a55d3f86c14f6fb403e476db243e573f3bfb469cac667b885697d4c0752b469fc63532c7a1e070e3ebbe5619380bcc974ec850b0e4f8eaf1824e2f0a109e6cdeb33b8231241cfc2aef15ab0ea9094524b7cfd01b1e4709c92406e334bb50560754b7721c1f46853477816c026bbb38439e1390753effe9e146d4ecb7be9923fc8ca1e7a121e300558b3935f1b4ec45c7c823f6512f55449c0dff7baff54a22ca4a8ae59786038bc5e6fa18f86f6f2a007e40004efbcff00a34db35cca2729aed5e09114bd08fd71843cdce804b51f9ffaf83932e0e9902067996ce28b0cf4ae87944abaef1954fbbf222e08580b2b97300bade0c0041fd9ee73a3560952a8a75403d980104666eead2ca5bc78893e240b0a539b9da0cb3f611e77227c65981cb60cd9fb6d1e284c4d2f6fa2d29b53f2333df149c09a643d3e25073b4e83bfaa0908a600470b8f0637b5564922debb0898ce1968b7f50cbe84c7683451e98def52140878947ddd8eb627a796227887b3ae2f02a23fa20bc6b5c6114bef246332eeb955aa6596fa01e78f05e7eb63827322f1afe9df9f268ed6fe20f98b1ce2f18ab6d20ecba45187e3da6d3c3b6dea89d497eba76ed27b4968f8d4fb6904ee95dcfaae1fe484e224870486bee43be99a560636d09fd3375f6221eb859b4a48b869cb89f42991dff07dac51dd653f3bb3203326e6d210003d840f8844f5c23d99cb0f7528216f1727d5c94f94010246ec71528b2922dba65c5e88c270369719c660ccb1d3f38be7bc45d4984951264c6c8d3682eaddb171fe2936bba5496a28f4d1beb798c7040849de8c371fa96fd57b3b42940bfc53321b3a8838c7e2a2e2355e6bc6867caef04cfdcc351a77375c80af077ed23ffc3662f83473afe8d7e18416015b7dc147b14a819b27a5ccacedd81e73c463f9f4461225c980a7f1d1316da6db14c22bae61d58031ae0b89206e2e6d88b783f23c40e3c7520db9f241ce60d44bb8ac9cd725c3c27fb8fbb71c8828761502020ee323f691d5d001a8777ab265758149eed0d99013f68007d460a7c43ba8309bea7ddb9fcf75675032076ce05bce8c9e460bcc5ead269e0e3be863457ecb1365e4206fba75882519bc2ab01bcc02664932204d2b983a70c725553614bf9aff91bc84ac4e55b1b6245645d5d301d8f1710432ac3021573f13b0740259007e9f789ce7def6bc82e3417252162a7e15c3a5516342df47e044b05121c6ee3fb207632748ee516a74eeb17f1053138c8803ebf06848849267d6464b3cc914c1074a1b172584ef7089d775288b56f6e0c5740b6f89fa7dc87c13a385acdaca3cbf43ccb7376de69de86500f4170fc14275004c01cfcbf60b6fe830317af47c8fd7eef74fa89ddb89d3cba81f1b4e77e1ccc0689808e40a8697bdbc652aea9da4145f60e8155faf8e33ef0c23b751317a0eb7fc403c04bf7a3db1a3bd1c9040784676fb70c2543557812107122a7e3f402debf8eac744f6bffb470a55a6c5072203d2061c6a80af4c84c00b116e0ea0df488e29239c7429fba78f1b6392f9f50727bec38104703140a99c35d6ee0ecd6976a6c0e7b30eb3c00c16e443b83f877c0a3ee581f8bfa0680a507b486ae827bbf185faef0e05332503be40d8cb7ce0490e73e09c616672bb4d0c20b074309bd3799f1220206f627ca7a881e4fe07923975d0705fa2a435060143f64568e238360246c07aa7846ab2d202dc375198bfc9c04740483832c32b7f1fd10713fe0a7deb54b03f00f21f76b07897540df36deba530b95cde1b09d4073eaf8e97979078b8d68a0f4aebdfe03d3e792c92e5beba3291a9398020cc1188f7a4e48c7d658c30f312d3968616b50f7cd8239b52f455422ff9db0dbed6cc8ffdef81d0582a7da44cc1d6f6fa93a5cd8c946bb8324a4810e479a6fe3c449e62f7c123cf7355c394c505ce4e631d57deb7d71e3a338d997cdb8be1576e843ce626d20ff4d40b8ae3547105ce2458dad8d176d17f7fa8c1ba82417f9b5d5be5dc271586ad9f7db83a807713499288c9fa61bd95b2ce311972f13cf9ff172be55fe91bd3fa2986a7fc1b22d3a181ec154bb295170c5722ea3d666d0968f9eedfa18382ed8b642547ccac38a891bcc42a01c56a0dd127c012c8066cd6c3f062a84e26a123ab04d3325fb1a043575ce486e8aac45b6861d350bc858dc17c3188c8463e33903c542834ba7f937904772b3bfab8281ed8080d3c7b2843ba71710fea80b89cf3721333c115aac702bf18446d894c62196b6dfd3fdc0535d736a589c795daaf4bbceaac58000d24b6abbeb6825005b5deb310eb9c3a8f36c82283ba9f79e6ca019c7a73ba8474c652264e2d7f83f07b78d5fbf60e5de971db857e71dd9ae3", 0x1000, 0xcfe0}, {&(0x7f00000015c0)="c5580274f88aa880a3a6a477fe027c837ad231653037aba38037a7c033d9ef08b2d737fb442dd31281a690e6e29c1a9342eaf666c6fa00003312137038567b0e9c1ff29ee25c4e696cae34bbad49990f037712372276de3e6cfb39b2db278c45266d0a51cf0aa02a3d3d4802cf1142e88c62e5cadef02c3ea197d6967d003545e7e45aca23768429fb1ee97cfbc7cbabc7a2ab5accc03b1ce386f8912b6744ad90e7c063180caae7dffed9f1cf07a61ec9ed4cac39dafab1fce6b616661480c21686c6060e0742317ba4dfeaaa46a5d678d03f79f4ea415c199c1c904d63cc4e3938ca1c510a665391cfb6ea7e4fd310fd1abd7c", 0xf4, 0xef}, {&(0x7f00000016c0)="c067d619243e692f4f9b162a686fd5ca8aa51a3864baf9361b5a1bd5673a6a7ccc50dfa0d1b1e83d4e71df3119b3834b14315d8cefbd5ece5421a71e0c89e557e86a3eec1cc2c8dc97797fa8f4cc96b2b7f2d86981fb19b36909ede725e9b432c0922c97cd7173f4b728ac70866d2beed426a3700bcdf36ca305cab0e43a6324a3b3c4d4a2ae975ff6fc84608cd53d0486682e34c686de4d1001e94e43ea95b4a3598770f2a471c4da9263ddf64ffffe012b340f3936e6053bb8aeba115e8b91135e02034fd5f77095435b854ca23ba42891b14bdecd05399f44975aaf5f5e7e234b1c02b3cbf7a112c24969551744d307d43e5d23b982b8457c798752e560b1810fec556ba409df8cddb9ce3f55a090f6f70d5fe0b919197a0c86c383687df9803663d1bbb4c0af15cf6b0772a1caa144eed49a3f4b98b33feaeb53eb9d28499e3b7f8b0b73add9472a1d9e2d697356336de9b0cab7a6abc17798de9945b03c90acb7316cf6f3a45be9ad938b9ce7b6af430cffc833a1aba05aa9e31746a004dedcd97ba807122140b6877041ca1c003f36f5aecb0975925ff6309673fc0d938095044d2665683a9b7a6e9782fe98de4eb35dfe8329c6e7a318ff5e16a82a268b4652a1198b05f1a565f5eb03142e9cd4fbeb64e819b3e79dd3e4f35be31f3bd96e7895a6a9f07bbec940b5432b5b2649cf12bfae0e97b8dd2fa6d061e743ac17b565251d87d18f632c5c786043b567579fd8d9a217dde4da3dd99f8455bcb510b90d9426e7c8205cac872aa36e12c39e57ae331034a9aaf071e8072302ee2d6e92280d645b9da219937bbb09d51c781daf38994988e61f25192a953a888734bd0a870def34e6f547d7a2014e6f0f3be1abe51cec652c0fff77bf14cef619b3078fe4deb0b171f01d808cc2969b92b5353c69c93806d66642e7d593f92722046b7e23127093e60c0bdf9f256209aec58659ff86494018d14488619380373158717a4a2b70f71e7d104f8885cc4197ff4d2eb75d6f0df7a8f66f16da266739d15098cf8e138078a9e4213371c999e7a6a408a23f1b85f6017da71783a0d9e0fe80d04005641fd3714b410c9c1f60e645d74cc49f5b038c0c4711e76dd6ebd5c8c659a327ae9987722736c22642c0fae446c104ec612b216864f307378a01ec360fbb5962fe08d6bc6d3ada3e1f68d5f602acef4cc6e714e21f931acea16a879d870904a33e536872fddee769ebda197e2bca6968c7084d6101cd9b2569cb688f71457ca0d1ac1542de6a7e32b598975da2db2924294965b0db09d37860bfe430f0b5c8743ce6e01d915f8602fc6d7d5672542eedc9173fa784a4bd396a13463f723e8a6b7c3de574bbf21ced3067eee19c7e79135e12a2bfd8b932a0cc6c4676dc27aa6065812e385f7ee058a54267780845479b978812d8a015b7a76ed72d673ba855c9a484c0917beb3f9a8238b82fb2ddcfc32e2b06768a4a9f23454987718b29eede2a61f532723dfdea820488aac4b1be8b41618125450b291e0962fbd352bf57aa9552a7df31a5a94a63e5273505217b077196c1b3ec140b3c256314edab67d20dd39776770f7b0b7b1257d2df3d5fe2a6ba1b3742afd67d6cbfa7902937395f904f8f29aa0d88f83e937c8f07e61f798dd47a5705b3c672a234a4c606f0cae88d80c6ec7e4357c5dd4e7c3702e0284e11fd22050536bbf5c08b84a13b60fa621d21af0c867f26a50ba8794e28ea575a76d1a84ce5eb7a06eae3491af570805c2ac4cf02bf3f647cc93b5f227cb245f1e2673be8711f3412da7fc747d3f72b58b72e7d941eb83f3a1ab11c9db3c03b2e9f0abd55041adc7fbfd1b4912aa9fc0840ba4da916c613d06c64dd48d5a043875dec220aeca289172352bbd5d842933fd10bba0b6646797df3b8f0089fdbf5fe732f8c5324874928492443e4a7064526e02744070cf4f9b12a9c0ba8ec3970062e115fa4bd89f7e9e166e71f9839e0879040428e5f7872fcbf2cb98bd6eb3b25c0bc70f88e9d14bf82407fb29ec340827896aa37c4408e04920a0a9bc8b2e016af7494a90b125d256647d51abe0be4cb8d64659403e41e25e09ba403cd05ca6229256f100e531b4c0fd71109bf6e67f72b22e6ea2a4f6aacbc837ba7bcd099a486742a7fddc913dddd89209012317aba2dc9475979d1a6360f47fc1eba28251921cf6e2519c27678a52ef75c0ff24aa6abdcf03111f736c9b026c0952ea8231067525c0c81d0f9b39dd9ab5324fc4aa3edde1b5a696a82e1bc66b934de1e892fd65a1e93ab7bfe20ebcae557444831bfa2f7ef1dcf10c6e3ab82dd729685d508550b2dbb9257941cf674237d3416274e318f069217fb86e26be6ef91e449f86cc9f2c267d36aa2910622288dde9543e6bb1263502933465f236768b5b8c03f48f30e575e23d84bca2af51ff7463085eee947eb0cb9871dd937bd19b5571eed8b86a89ca844d9618be4882bce3a06645ab1b94f191e974b59e08b6618efdfe7f4cca679ec9ef0c20ce16149819887b927244c60a8c3348ef12b5ac022703b808cb74fcf4d9034c667c293e9377eb48a433ad1dbf4a4406881201f7c2046664cc1775328d51d8cfd21adfa41b505ae044ed536551c4ce64cc3effcfb27056aed2d0a29c68c7a9d7c5c6184ad8d2b0a76415d54ee3c4beab619d1086799187f77d0c95f4df438ab8f86b55f13071c938e15c3a3b44481a5270081d4bdf81d779e843a539af234a012a93426bcc7d47888ca7783fd28ae4de89549f62ac768d393b616476688d7725c9084664c10bbfde71f6f381663531c897666369d0c30b637b3ff49eba996b070ff3f1fddb2ee38a67eccc937fb21b7d621b79e1301b9762b251722b2ddb63357ce9a603d04dc30625f8b77de3e2c2cf55417ebfc1234789d689cb9f66cba215af43800747e2d55070df11de4d231ae59a7026797b63d4816b468aae1e948bf8d775931283c8eae5d78e45d3e52248838baa428a1fe869f538bc3ffb633e660c4294c0f8d0e5980241bf652823f5d20d48ba45ea367b550239810cb7908ffc1625b47c964778b632622acb9915eeb6f753fad75f541af40a3f5681faf36147b59c5d92c27e2f5671b8c6355ae035db682cf10ed5b9ae65ea75f249616a8a4ad6dd3602f4e6f109a9236ae066535989e56071261d9e29590063c2b9df3a8bae83980ea8ab3d2225805684306db03a41c92dce52eb1c1fbe7a46f708e310a66c349dd44df2bf297fc5ce6387b72dc10fd937a360215f6c41b78556ee2d5011678f61f4a36e34242ba6687af87c6aff3d8fa91b252b6cc9d1be08db68dc529ac93393e2f2d35d1bca2a3c86db8c3008194196d03bf4a181c75a32a1f5d49dc43e6951a1bedaa3a8540c678d823a87a687451ef830c32fd49d90cdb6bc59f12732487961f8d96211b3f935e69ecc01e496743837ac3e9abddd8249d76d58eaeeae9902239ee2afaf0b48f782cbd3cfc1d603e48c2d5542d4ce39426b529e228a1da13e454bd7a86a55ca005b413d262925ac63fdbc8c867ef886b5c96fcfa9de128240b672669f67623a6c9dfe0e1754ee2e9ba54a783d049c1dd40bcddf910a4b7c6c603a1f6853984b11bf36db6df584e5992d36ea794c62bb3722e9e044a4f6d8d17e08212d0f3ac3be88d8446291ea0ee5d55e74214f9796d66d19b315c6064d73ab08f04a504439aac56ed89e6e183b5f1dc432fef47e8c8baea20957a33d862b3cd41c427487ed52ea1fd9c7609383bac0617ffdfb223a86331ce90629bc2698af0f88b5f5250e7fdf84f97d0c1cdcb8afeb643d46932f3fc084bd609ded6df9cb5a30078593b5108fbb428b33623a3344bdbedb199443f5278e2f0225de18a8a584fe3adad70fe8b7837683f497566b842f7252fd7c9f5b1d12d1bd123f5b60d08403f54ca15ab1716275be60c5768d1805c68183619190ee98f17f5f0a7a7c3e77b8a7838654d40956ae156c72686d6b45e3cdce4e0e3d5b20a165a8cc522bac222deb82e5961617993d49ce8a574a079ba64a761fae86785812d00115821d9e708ba656cffe2b16cad9ed579f340bd686151008ca8b30a3a87f8f0aa2a60f9d10735c7eba3ce00365dfca677c65298b6e2378942c1d3441077ffb3efff5885e3e95a429919ab58ebf87e833b95541bdda6c4287b33de9e8bbe794363fb0bfab8338800760dfb61b5cc4b579df843e35cffbb1ceefd65706645916b9acc3ebe22f61573f160bc1876205c5997afd00d968a4d2c87b94b6950174adc63d00c8545d819416f6b275e9d914c6439677831d1f2eb1d2cefb321eda4d545d09c7aa2c0ab5758cdc69245cc268c34562eef6a983ba9d65ccd8b026977928230db0adb942fe4e13984e598e9846ca8b55304fd828a89cd4099b5f75d7430b6c50db0dcc6e2b0dacb08c4c84766f67be3fb1275816bd90426493f9e8f65bd428c40ba435e5fe78a843ec4a678f167503e04bd3368799bfcf29e16fd9f3aa84b1305de331bc8b32b357ea961c856a01e53dd5dad6d26fd54bc077f7cf31c55dee812cf04aae24bc86c15e0358c14a55ac618ece73ee722cfe83fc8e6814a467f3000ac11242026039ac32b066e03bc9aa4d57844d622d6c8969ac4eee60683f81b003ac00521eaa07d6fb744b9e7e80ca92f5a0a3c89ac8373636830aa749a2a3b19042dd4d16b45587df8afd615580c6973d1c57dad5df09c0d180a28bd49ea16e0b848b97be956465a58033ad2b7dbf897934dd3b95fbbaa2e36b6c50556909e6c600d3dc2de53e3ecb1cb1eb85a3d0d2dde31382efbe7f4e417ae585e5be7238bbefaf10be311697489d40970bc856913176ea19b3bcc6b681476b08e4cf41661be7f564631ca5554008f9074d791f087a557ed807014251ee52ee2f657b27674b745b6278c6a539eb9ec2a92f2cfd228cf3866fbe2d8701f201bbd840450842611bdef74af0e73b73ffe437df0be46829962f35ba969c56e073c7e6eb6ab9afc5b5c2e306570e242f2afe6658abe8d6f1b1767c94a65d35b0e4203332b4b07b42a123dc48923906ec41dfdf5cc38227efc602d90ed5942beee5ef46780f2d9a832f4bc93204e5159258f2a8516e099e7ee4fd206a8711092c4a81b85ae1bac041cd825ecfbcf27d28dd348126990f7179d310029df0a43970d9e70f4fe2bda87cf9fdd8f87c9ad872ae3d5e593b11513f556359ae140dff476f34c9bf2ed6074eeab9e867c75515000fdfa1d3701471b5e4109df1472640b4b5e03c12a9c9ea1646c3a9e5b3b1ceae62d95d9723bad89ea38b08f2bb3b3923c4852e7d47e0f8c6c2e974e86671634c5990c24d54354415a79368b70a1ad8ab4df39ebc804c325b6b42aa786dee86ed0d0931e8d0a89f7aac8832c85217762bfe6cc3c4472d15d74c6f9b292b67bb4909a56a98df164f39c68fa60947162585546674375fc38ce9020805493881d6ec55d62b10225c852ed0817925cb7e915470c95ad7d32e0d3a8f370bca625e0c7d67e900391584b070f5962d26f6f328f033748e33ca5a9fb4472036b6f38883b46e3b4c901689eac4d4d4c3a8023d6c69152a11ecfaa92ce5bafd21ff1279a37f8b1c50477eb84f3c1c165fd4227a38707c60251add56ea8299c03e833f85e16d76a165efe37ca7dd39c9a35854f2033983f8cf0c095c66b83dc4394a194273d6745b80e6c3e9226fa0ec9d31bf1cf2aaa76285819eca413c1b0c06855c5f6ad1a4453107db98c697ca4349abbacfccd9db3c7ead1047f403d60f00f96d8bf", 0x1000, 0x20}], 0x20809, &(0x7f00000027c0)={[{@user_xattr='user_xattr'}, {@nouser_xattr='nouser_xattr'}, {@noacl='noacl'}], [{@audit='audit'}, {@obj_role={'obj_role', 0x3d, "a2"}}]})
setresuid(0x0, 0x0, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)={@rand_addr=0x6, @loopback, 0x0, 0x5, [@empty, @local, @rand_addr=0x7fffffff, @rand_addr=0x9, @broadcast]}, 0x24)

[  797.287590] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  797.303391] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  797.349612] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  797.368649] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  797.377209] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  797.385618] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:37 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  797.395348] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  797.414949] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  797.446072] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  797.467119] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  797.478169] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  797.486617] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  797.493335] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  797.501053] Interruptibility = 00000000  ActivityState = 00000000
[  797.507830] *** Host State ***
[  797.511071] RIP = 0xffffffff81212b2e  RSP = 0xffff88013a2af350
[  797.517320] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  797.525176] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  797.534294] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  797.540295] CR0=0000000080050033 CR3=00000001cd80f000 CR4=00000000001426e0
[  797.547483] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  797.554369] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  797.560593] *** Control State ***
[  797.565092] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  797.573001] EntryControls=0000d1ff ExitControls=002fefff
[  797.587689] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  797.596496] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  797.603360] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  797.610085]         reason=80000021 qualification=0000000000000000
[  797.616580] IDTVectoring: info=00000000 errcode=00000000
[  797.616587] TSC Offset = 0xfffffe5311bd393d
[  797.616593] TPR Threshold = 0x00
[  797.616607] EPT pointer = 0x00000001890ab01e
07:16:38 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:38 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, r1, r1)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:38 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x10000000000000}}, 0x14)

07:16:38 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:38 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d7660")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:38 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x22000)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000040)={{0xffffffffffffffff, 0x1, 0x9}, 0x5, 0x1, 0x401})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r2, 0x0, 0x0)
ioprio_set$uid(0x4, 0x0, 0x0)

[  797.972513] *** Guest State ***
[  797.978068] 9pnet: bogus RWRITE count (33554433 > 20)
[  797.983634] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  798.004242] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  798.041915] CR3 = 0x0000000000000000
[  798.049746] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  798.067707] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  798.081010] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
07:16:38 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xfff0}}, 0x14)

07:16:38 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:38 executing program 3:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380))

[  798.089253] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  798.098741] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  798.107154] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  798.115529] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  798.126639] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  798.142462] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:38 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x140, 0x0)
ioctl$PIO_SCRNMAP(r2, 0x4b41, &(0x7f0000000080)="6e251fa2d6a8bcc2b97625d480899e30b4e1abfbcdb281")
ioprio_set$uid(0x3, 0x0, 0x0)
ioctl$TIOCNXCL(r2, 0x540d)
accept(r0, 0x0, &(0x7f00000000c0)=0x34)

[  798.183665] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  798.200789] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  798.238707] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  798.248882] 9pnet: bogus RWRITE count (33554433 > 20)
[  798.253655] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  798.264393] EFER =     0x0000000000000000  PAT = 0x0007040600070406
07:16:38 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  798.283649] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
07:16:38 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x300}}, 0x14)

[  798.320374] Interruptibility = 00000000  ActivityState = 00000000
[  798.334080] *** Host State ***
[  798.344520] RIP = 0xffffffff81212b2e  RSP = 0xffff880139e7f350
[  798.350767] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  798.357701] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  798.365768] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  798.371766] CR0=0000000080050033 CR3=00000001c1499000 CR4=00000000001426f0
[  798.379669] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  798.386517] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  798.392691] *** Control State ***
[  798.396434] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  798.403302] EntryControls=0000d1ff ExitControls=002fefff
[  798.408821] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  798.415895] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  798.422561] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  798.429502]         reason=80000021 qualification=0000000000000000
[  798.435928] IDTVectoring: info=00000000 errcode=00000000
[  798.441432] TSC Offset = 0xfffffe52a4ad22fe
[  798.445850] TPR Threshold = 0x00
[  798.449240] EPT pointer = 0x00000001ceaf701e
[  798.518831] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:39 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:39 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={<r2=>0x0, @in={{0x2, 0x4e24, @remote}}, 0x3, 0x87b, 0x7ff, 0x81, 0x28}, &(0x7f00000000c0)=0x98)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000100)={0x10000, 0x5, 0x8006, 0x80000000, 0x100000001, 0x6, 0xa5, 0x2, r2}, &(0x7f0000000140)=0x20)
setresuid(r1, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)

07:16:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:39 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d7660")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x240, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:39 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x8000a0ffffffff}}, 0x14)

07:16:39 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1c3)
setresuid(r1, 0x0, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x444000, 0x0)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0xfffffffffffffff9, 0x7f, 0x0, 0x8c2}, 0x10)
ioprio_set$uid(0x3, 0x0, 0x0)

[  798.924270] *** Guest State ***
[  798.926271] 9pnet: bogus RWRITE count (33554433 > 20)
[  798.947546] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:16:39 executing program 3:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x600}}, 0x14)

07:16:39 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x6800}}, 0x14)

07:16:39 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  798.986054] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
07:16:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  799.036420] CR3 = 0x0000000000000000
[  799.057089] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  799.099717] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
07:16:39 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  799.147635] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  799.152504] 9pnet: bogus RWRITE count (33554433 > 20)
[  799.174501] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:39 executing program 3:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x400000000000000}}, 0x14)

[  799.190186] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  799.205257] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  799.216887] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  799.225186] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  799.233400] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  799.250159] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  799.259335] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  799.267701] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  799.282312] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  799.291585] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  799.300036] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  799.329231] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  799.353228] Interruptibility = 00000000  ActivityState = 00000000
[  799.359583] *** Host State ***
[  799.362806] RIP = 0xffffffff81212b2e  RSP = 0xffff880119ac7350
[  799.375435] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  799.381877] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  799.381890] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  799.381911] CR0=0000000080050033 CR3=00000001c9180000 CR4=00000000001426e0
[  799.405587] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  799.412314] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  799.422702] *** Control State ***
[  799.426688] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  799.433814] EntryControls=0000d1ff ExitControls=002fefff
[  799.439288] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  799.449314] 9pnet: bogus RWRITE count (33554433 > 20)
[  799.454777] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  799.461707] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  799.468750]         reason=80000021 qualification=0000000000000000
[  799.476111] IDTVectoring: info=00000000 errcode=00000000
[  799.481593] TSC Offset = 0xfffffe52247f4bae
[  799.486298] TPR Threshold = 0x00
[  799.489661] EPT pointer = 0x00000001d762001e
07:16:39 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xf0ff}}, 0x14)

07:16:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:39 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:39 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:39 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:39 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:40 executing program 4:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x804000000000000}}, 0x14)

[  799.809869] 9pnet: bogus RWRITE count (33554433 > 20)
[  799.814314] *** Guest State ***
[  799.818544] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  799.847106] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  799.872747] CR3 = 0x0000000000000000
[  799.883342] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  799.889350] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
07:16:40 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x7}}, 0x14)

07:16:40 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:40 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  799.915816] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  799.924157] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  799.958861] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  799.978005] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  800.006925] 9pnet: bogus RWRITE count (33554433 > 20)
[  800.024546] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:40 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  800.051477] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  800.066991] 9pnet: bogus RWRITE count (33554433 > 20)
[  800.077927] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  800.086965] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
07:16:40 executing program 4:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x1000000}}, 0x14)

[  800.096630] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  800.106985] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  800.126178] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
07:16:40 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0), 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:40 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x200000000000000}}, 0x14)

07:16:40 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  800.173324] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  800.200543] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  800.218009] Interruptibility = 00000000  ActivityState = 00000000
[  800.242857] *** Host State ***
[  800.249854] RIP = 0xffffffff81212b2e  RSP = 0xffff880119877350
07:16:40 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  800.270558] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  800.283660] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  800.292571] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  800.296558] 9pnet: bogus RWRITE count (33554433 > 20)
[  800.299547] CR0=0000000080050033 CR3=00000001d7fc1000 CR4=00000000001426e0
07:16:40 executing program 4 (fault-call:0 fault-nth:0):
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  800.323232] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  800.371313] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  800.407555] 9pnet: bogus RWRITE count (33554433 > 20)
[  800.433509] *** Control State ***
[  800.437476] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  800.455268] EntryControls=0000d1ff ExitControls=002fefff
[  800.468019] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  800.481700] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  800.494028] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  800.501741]         reason=80000021 qualification=0000000000000000
[  800.508818] IDTVectoring: info=00000000 errcode=00000000
[  800.508828] TSC Offset = 0xfffffe51a84b12e2
[  800.519234] TPR Threshold = 0x00
[  800.522774] EPT pointer = 0x00000001c092c01e
07:16:40 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:40 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:40 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:40 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[], &(0x7f0000000380))
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:40 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xff0f}}, 0x14)

07:16:40 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:40 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x3f00, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  800.649146] *** Guest State ***
[  800.652661] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  800.662962] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  800.673019] CR3 = 0x0000000000000000
[  800.678671] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  800.692765] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  800.703670] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  800.728126] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  800.763502] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  800.798628] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  800.819621] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  800.828164] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  800.836628] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  800.848564] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  800.857720] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  800.866222] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  800.874900] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  800.883046] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  800.890836] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  800.898767] Interruptibility = 00000000  ActivityState = 00000000
[  800.906248] *** Host State ***
[  800.909608] RIP = 0xffffffff81212b2e  RSP = 0xffff88013ac97350
[  800.915872] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  800.922431] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  800.930841] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  800.936914] CR0=0000000080050033 CR3=00000001c0068000 CR4=00000000001426e0
[  800.944086] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  800.950774] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  800.956954] *** Control State ***
[  800.960416] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  800.967338] EntryControls=0000d1ff ExitControls=002fefff
[  800.973693] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  800.980626] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  800.987396] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  800.994046]         reason=80000021 qualification=0000000000000000
[  801.000378] IDTVectoring: info=00000000 errcode=00000000
[  801.005923] TSC Offset = 0xfffffe51352f9a45
[  801.010265] TPR Threshold = 0x00
[  801.013732] EPT pointer = 0x000000018132001e
07:16:41 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0), 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:41 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x3f00000000000000, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:41 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)

07:16:41 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xffffff7f00000000}}, 0x14)

07:16:41 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:41 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[], &(0x7f0000000380))
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:41 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(0xffffffffffffffff, &(0x7f0000000580), 0x124c)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:41 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x100000000000000, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  801.137446] *** Guest State ***
[  801.140943] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  801.150640] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  801.163818] CR3 = 0x0000000000000000
[  801.167730] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  801.181900] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  801.204577] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  801.232396] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  801.246535] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:41 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x3f000000, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  801.255178] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  801.263828] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  801.272246] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  801.293817] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:41 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xffffffffffffff7f}}, 0x14)

07:16:41 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0), 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:41 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(0xffffffffffffffff, &(0x7f0000000580), 0x124c)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

[  801.314514] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  801.345588] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
07:16:41 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(0xffffffffffffffff, &(0x7f0000000580), 0x124c)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

[  801.407780] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  801.424070] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
07:16:41 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x1000000, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  801.449377] 9pnet: bogus RWRITE count (33554433 > 20)
[  801.455332] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  801.471937] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  801.485475] Interruptibility = 00000000  ActivityState = 00000000
[  801.510794] *** Host State ***
[  801.527659] RIP = 0xffffffff81212b2e  RSP = 0xffff880182e37350
[  801.552664] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  801.561658] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  801.569826] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  801.575977] CR0=0000000080050033 CR3=0000000182c42000 CR4=00000000001426e0
[  801.585046] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  801.591940] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  801.598284] *** Control State ***
[  801.602500] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  801.609781] EntryControls=0000d1ff ExitControls=002fefff
[  801.615606] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  801.623021] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  801.636338] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  801.644204]         reason=80000021 qualification=0000000000000000
[  801.650683] IDTVectoring: info=00000000 errcode=00000000
[  801.656445] TSC Offset = 0xfffffe50f2e917f9
[  801.660936] TPR Threshold = 0x00
[  801.664565] EPT pointer = 0x00000001c26e601e
07:16:42 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x10}}, 0x14)

07:16:42 executing program 2:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:42 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x3f00000000000000, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:42 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:42 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[], &(0x7f0000000380))
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:42 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x100000000000000, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  801.954289] *** Guest State ***
[  801.962409] 9pnet: bogus RWRITE count (33554433 > 20)
[  801.967989] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  801.981027] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  801.991359] CR3 = 0x0000000000000000
[  801.995996] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:42 executing program 2:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  802.003878] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  802.010260] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  802.017310] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  802.026618] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  802.036533] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  802.061576] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  802.083688] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:42 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x3f000000, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  802.111679] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  802.123420] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  802.137622] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  802.169781] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  802.180945] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  802.189521] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  802.198304] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  802.211894] Interruptibility = 00000000  ActivityState = 00000000
07:16:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:42 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xfffffffffffffff0}}, 0x14)

07:16:42 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:42 executing program 2:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  802.219666] *** Host State ***
[  802.223052] RIP = 0xffffffff81212b2e  RSP = 0xffff88013ac97350
[  802.229310] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  802.242595] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  802.251849] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  802.258672] CR0=0000000080050033 CR3=00000001d7fc1000 CR4=00000000001426f0
07:16:42 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x1000000, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  802.295579] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  802.323457] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
07:16:42 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  802.350559] *** Control State ***
[  802.361716] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  802.368887] 9pnet: bogus RWRITE count (33554433 > 20)
[  802.378314] EntryControls=0000d1ff ExitControls=002fefff
[  802.384608] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  802.392936] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
07:16:42 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xffffffffffffffff}}, 0x14)

[  802.400860] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  802.423547]         reason=80000021 qualification=0000000000000000
[  802.436501] IDTVectoring: info=00000000 errcode=00000000
[  802.444651] TSC Offset = 0xfffffe5082e4c0ad
07:16:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  802.449834] TPR Threshold = 0x00
[  802.461751] EPT pointer = 0x00000001d8b2e01e
07:16:42 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:42 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x3f00, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:42 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:42 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  802.653041] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:42 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x3f00000000000000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  802.696917] *** Guest State ***
[  802.704939] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:16:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  802.740649] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
07:16:42 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:42 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  802.784700] CR3 = 0x0000000000000000
[  802.788618] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:43 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xfffffe00}}, 0x14)

[  802.840727] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  802.867387] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
07:16:43 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x100000000000000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  802.886701] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  802.903610] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  802.911630] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  802.926632] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:43 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  802.942994] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  802.965654] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  802.970657] 9pnet: bogus RWRITE count (33554433 > 20)
[  802.980007] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
07:16:43 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xfffffff4}}, 0x14)

07:16:43 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  803.021980] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  803.050254] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  803.059702] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  803.078110] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  803.085248] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  803.106472] Interruptibility = 00000000  ActivityState = 00000000
[  803.129241] *** Host State ***
[  803.144246] RIP = 0xffffffff81212b2e  RSP = 0xffff88013ad2f350
[  803.163479] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  803.175976] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  803.190309] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  803.197836] CR0=0000000080050033 CR3=00000001c22a3000 CR4=00000000001426f0
[  803.202178] 9pnet: bogus RWRITE count (33554433 > 20)
[  803.206850] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  803.218064] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  803.224420] *** Control State ***
[  803.224433] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  803.224448] EntryControls=0000d1ff ExitControls=002fefff
[  803.234707] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  803.263195] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  803.269904] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
07:16:43 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:43 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x3f000000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:43 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x13}}, 0x14)

07:16:43 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  803.276701]         reason=80000021 qualification=0000000000000000
[  803.290773] IDTVectoring: info=00000000 errcode=00000000
[  803.296354] TSC Offset = 0xfffffe501c7e4d28
[  803.300685] TPR Threshold = 0x00
[  803.304405] EPT pointer = 0x00000001be00c01e
[  803.405890] *** Guest State ***
[  803.416258] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  803.435069] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  803.460403] CR3 = 0x0000000000000000
[  803.465449] 9pnet: bogus RWRITE count (33554433 > 20)
[  803.469143] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  803.482654] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  803.488899] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  803.497099] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  803.505633] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  803.514188] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  803.522427] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  803.530887] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  803.539083] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  803.547207] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  803.555275] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  803.563353] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  803.571380] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  803.579481] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  803.579494] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  803.593962] Interruptibility = 00000000  ActivityState = 00000000
[  803.600386] *** Host State ***
[  803.603793] RIP = 0xffffffff81212b2e  RSP = 0xffff88013c287350
[  803.609826] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  803.616329] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  803.624259] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  803.630162] CR0=0000000080050033 CR3=00000001c22a3000 CR4=00000000001426f0
[  803.637337] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  803.644102] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  803.644108] *** Control State ***
[  803.644118] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
07:16:43 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:43 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:43 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:43 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x2}}, 0x14)

07:16:43 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x1000000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  803.644130] EntryControls=0000d1ff ExitControls=002fefff
[  803.653921] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  803.666088] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  803.679816] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  803.679844]         reason=80000021 qualification=0000000000000000
[  803.692956] IDTVectoring: info=00000000 errcode=00000000
[  803.698920] TSC Offset = 0xfffffe4fbd74e9a3
[  803.703434] TPR Threshold = 0x00
[  803.706903] EPT pointer = 0x000000018adb201e
07:16:44 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:44 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x3f00)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  803.862537] *** Guest State ***
[  803.873028] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  803.876226] 9pnet: bogus RWRITE count (33554433 > 20)
[  803.883955] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  803.903972] CR3 = 0x0000000000000000
07:16:44 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(0xffffffffffffffff, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:44 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  803.919661] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  803.926526] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  803.967276] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
07:16:44 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000008001000c073423897d66eecf349979902453a12cbe1115c358ce143612af74135c8ffffa058b343696b983f8b461287b5"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)=<r2=>0x0)
setpriority(0x1, r2, 0x2)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:44 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xff0f000000000000}}, 0x14)

[  804.009955] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  804.030868] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  804.057177] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  804.080171] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  804.098620] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:44 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:44 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(0xffffffffffffffff, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  804.112809] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  804.152161] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  804.179725] 9pnet: bogus RWRITE count (33554433 > 20)
[  804.185650] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  804.198687] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  804.218317] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  804.237841] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  804.244869] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  804.252746] Interruptibility = 00000000  ActivityState = 00000000
[  804.262262] *** Host State ***
[  804.265964] RIP = 0xffffffff81212b2e  RSP = 0xffff88013a7bf350
[  804.272203] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  804.280512] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  804.288845] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  804.303103] CR0=0000000080050033 CR3=000000013f17d000 CR4=00000000001426f0
[  804.316908] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  804.325835] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  804.331910] *** Control State ***
[  804.335586] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  804.342268] EntryControls=0000d1ff ExitControls=002fefff
[  804.347986] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  804.355457] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  804.362143] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  804.368879]         reason=80000021 qualification=0000000000000000
[  804.375232] IDTVectoring: info=00000000 errcode=00000000
[  804.375240] TSC Offset = 0xfffffe4f7cbc9c6e
[  804.375259] TPR Threshold = 0x00
[  804.375269] EPT pointer = 0x00000001cd65701e
07:16:44 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x7fffffffffffffff}}, 0x14)

07:16:44 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:44 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:44 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(0xffffffffffffffff, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:44 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, <r0=>0x0}, &(0x7f0000000100)=0xc)
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, <r1=>0x0}, &(0x7f00000001c0)=0xc)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, r0, 0x0, 0x0, r1}})
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r3 = msgget(0x3, 0x2)
msgsnd(r3, &(0x7f0000000080)={0x0, "4738fe60a8bc7d52c52b3c35bbbe1cba85faafcb026d455e8f265f38420683ef7107ccfea01449eb7ca8db1914359e7b1e4fadf27a0bd5608ddb274a32490bd72260d36b8f2c6760dae0454b1819ad1daef6"}, 0x5a, 0x800)

07:16:44 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:44 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xa52)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:44 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  804.717650] 9pnet: bogus RWRITE count (33554433 > 20)
[  804.729364] *** Guest State ***
[  804.745795] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:16:44 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x6c00}}, 0x14)

07:16:45 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  804.773110] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  804.811705] CR3 = 0x0000000000000000
07:16:45 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000140)=<r0=>0x0)
r1 = fcntl$getown(0xffffffffffffff9c, 0x9)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, r0, r1})
r2 = msgget$private(0x0, 0x408)
msgsnd(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="0e8f359361"], 0x1, 0x800)
r3 = syz_open_dev$adsp(&(0x7f0000000400)='/dev/adsp#\x00', 0x6, 0x408800)
ioctl$EVIOCGKEY(r3, 0x80404518, &(0x7f0000000440)=""/224)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f0000000040)={0x1d, 0x33, 0xd, 0x18, 0x4, 0x6, 0xad, 0x25})
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff})
sendto$inet6(r6, &(0x7f0000000240)="4fb2eb0b9ebf1cf805280259258f73878c916d35ad2d1dcc03ee89e26ddad39d5bcba6381b244c080a384b627b3f508fca0b40c5acbb63450f29b73afd0a60f9372e8048940d60d3d3191bd7113e5d2f9e12c9a59d0c0c82baa90534e934efced91ceb84be5af9cb760575e134b94138c8a2a3e9f8da6a18483c09cdc748feeaf951698dd4ddb103fbe96686da398ec95b6a9b96294f1b7dafda3398ac08ae4e3744a8851bba120e6963386585f2cc85a864885453bfef9c5722ec32f7ef016eb62f6180f71eca64d8c0f21ededc2a3d71fac77c1441a4252ec4c9bcd9af3f7d742bcbb0934dcd814e37a5c67a1e7ee6f258f619e60e", 0xf6, 0x0, &(0x7f0000000340)={0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, [], 0x17}, 0x5}, 0x1c)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
write$P9_RLOCK(r6, &(0x7f0000000000)={0x8, 0x35, 0x1}, 0x8)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r7 = syz_open_dev$admmidi(&(0x7f0000000580)='/dev/admmidi#\x00', 0x7, 0x800)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000080)={<r8=>0x0, @in6={{0xa, 0x4e23, 0x1, @empty, 0x3}}, 0x5, 0x1000, 0x6, 0x6, 0x41}, &(0x7f0000000540)=0xfec4)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r7, 0x84, 0x7c, &(0x7f00000001c0)={r8, 0x26, 0x2}, 0x8)

[  804.826400] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  804.848406] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  804.861071] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  804.880794] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  804.901590] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:45 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x5, 0x40000)
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  804.929235] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  804.951203] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  804.968661] 9pnet: bogus RWRITE count (33554433 > 20)
07:16:45 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  804.985402] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  805.020875] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  805.041699] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  805.054456] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  805.062470] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  805.077351] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  805.087582] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  805.094442] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  805.102623] Interruptibility = 00000000  ActivityState = 00000000
[  805.110246] *** Host State ***
[  805.117019] RIP = 0xffffffff81212b2e  RSP = 0xffff88013c2f7350
[  805.123918] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  805.132860] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  805.141324] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  805.147554] CR0=0000000080050033 CR3=00000001ba9dc000 CR4=00000000001426e0
[  805.154922] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  805.161615] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  805.168277] *** Control State ***
[  805.171786] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  805.178519] EntryControls=0000d1ff ExitControls=002fefff
[  805.178536] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  805.178546] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  805.178561] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  805.191362]         reason=80000021 qualification=0000000000000000
[  805.204793] IDTVectoring: info=00000000 errcode=00000000
[  805.217281] TSC Offset = 0xfffffe4f06760da3
[  805.221834] TPR Threshold = 0x00
[  805.226304] EPT pointer = 0x00000001cd4bc01e
07:16:45 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:45 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:45 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
recvmmsg(0xffffffffffffff9c, &(0x7f0000002b00)=[{{&(0x7f0000000100)=@xdp, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/23, 0x17}, {&(0x7f0000000200)=""/64, 0x40}, {&(0x7f0000000240)=""/96, 0x60}], 0x4, &(0x7f0000001400)=""/190, 0xbe, 0x8}, 0x8}, {{&(0x7f0000000300)=@l2, 0x80, &(0x7f0000002680)=[{&(0x7f00000014c0)=""/142, 0x8e}, {&(0x7f0000001580)=""/237, 0xed}, {&(0x7f0000001680)=""/4096, 0x1000}], 0x3, &(0x7f00000026c0)=""/59, 0x3b, 0xfffffffffffffff7}, 0x40}, {{&(0x7f0000002700)=@pppol2tp={0x18, 0x1, {0x0, <r0=>0xffffffffffffffff}}, 0x80, &(0x7f0000002a80)=[{&(0x7f0000002780)=""/158, 0x9e}, {&(0x7f0000002840)=""/96, 0x60}, {&(0x7f00000028c0)=""/213, 0xd5}, {&(0x7f00000029c0)=""/54, 0x36}, {&(0x7f0000002a00)=""/67, 0x43}], 0x5, 0x0, 0x0, 0x8}}], 0x3, 0x40, &(0x7f0000002bc0)={0x0, 0x1c9c380})
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000002c40)='nbd\x00')
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000002c80)='/dev/null\x00', 0x82000, 0x0)
r3 = open(&(0x7f0000002cc0)='./file0\x00', 0x80000, 0x100)
sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000002e00)={&(0x7f0000002c00)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000002dc0)={&(0x7f0000002d00)={0x90, r1, 0x0, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x2}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x6}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SOCKETS={0x14, 0x7, [{0x8, 0x1, r2}, {0x8, 0x1, r3}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x90}}, 0x0)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
socketpair$inet6(0xa, 0x8000a, 0x6, &(0x7f0000000000))
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
ioctl$BLKROTATIONAL(r5, 0x127e, &(0x7f00000000c0))

07:16:45 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x13000000}}, 0x14)

07:16:45 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:45 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:45 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  805.624056] *** Guest State ***
[  805.628125] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  805.643336] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  805.655502] CR3 = 0x0000000000000000
[  805.659529] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:45 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='cpuset\x00')
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f00000001c0)=""/169)
r2 = memfd_create(&(0x7f0000000000)='userem1\x00', 0x2)
r3 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x800, 0x4000)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={r2, r3, 0x7, 0x3}, 0x10)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f0000000140)={0x3, 0x100002})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000280), 0x13f, 0x2}}, 0x20)

07:16:45 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  805.675061] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  805.694688] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  805.701608] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
07:16:46 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x6b000000}}, 0x14)

[  805.764621] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  805.795380] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  805.807081] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:46 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:46 executing program 4:
r0 = msgget$private(0x0, 0x208)
msgrcv(r0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgsnd(r0, &(0x7f0000000000)={0x0, "459265fc433471f208d223cad27b9d175d648192519ce6ddbe67efd880f68f456a3b50db615526ad6e0b71d52697fa4b562da7ef91"}, 0x3d, 0x800)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  805.815595] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  805.826204] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  805.834770] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  805.842992] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  805.851647] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  805.860270] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  805.869001] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  805.891286] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  805.910744] Interruptibility = 00000000  ActivityState = 00000000
[  805.961204] *** Host State ***
[  805.974644] RIP = 0xffffffff81212b2e  RSP = 0xffff88013a7cf350
[  805.987794] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  805.998309] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  806.005608] 9pnet: bogus RWRITE count (33554433 > 20)
[  806.006631] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  806.017651] CR0=0000000080050033 CR3=00000001cd2d2000 CR4=00000000001426e0
[  806.025015] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  806.031947] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  806.038508] *** Control State ***
[  806.042206] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  806.049162] EntryControls=0000d1ff ExitControls=002fefff
[  806.054965] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  806.062133] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  806.069864] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  806.076575]         reason=80000021 qualification=0000000000000000
[  806.082935] IDTVectoring: info=00000000 errcode=00000000
[  806.088994] TSC Offset = 0xfffffe4e8b43d267
[  806.093408] TPR Threshold = 0x00
[  806.096798] EPT pointer = 0x00000001d939e01e
07:16:46 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:46 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:46 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x1a0}}, 0x14)

07:16:46 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  806.492792] *** Guest State ***
[  806.499375] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  806.508529] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  806.517669] CR3 = 0x0000000000000000
[  806.521624] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  806.528949] 9pnet: bogus RWRITE count (33554433 > 20)
[  806.529600] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
07:16:46 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  806.541377] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  806.560780] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  806.574017] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  806.582352] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:46 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x8008}}, 0x14)

[  806.593572] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  806.613350] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  806.624262] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  806.632684] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  806.640947] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  806.649239] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  806.657690] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  806.665903] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  806.673037] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  806.680837] Interruptibility = 00000000  ActivityState = 00000000
[  806.687259] *** Host State ***
[  806.690613] RIP = 0xffffffff81212b2e  RSP = 0xffff8801c538f350
[  806.696798] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  806.703395] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  806.711230] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  806.717345] CR0=0000000080050033 CR3=00000001cd690000 CR4=00000000001426f0
[  806.724825] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  806.731769] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  806.737924] *** Control State ***
07:16:46 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:46 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  806.737935] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  806.737944] EntryControls=0000d1ff ExitControls=002fefff
[  806.737958] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  806.737973] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  806.753842] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
07:16:47 executing program 4:
r0 = gettid()
sched_setattr(r0, &(0x7f00000000c0)={0x30, 0x7, 0x0, 0x0, 0x401, 0x5, 0x80, 0xffffffff}, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x14080, 0x0)
syz_mount_image$minix(&(0x7f0000000100)='minix\x00', &(0x7f0000000140)='./file0\x00', 0x81, 0x4, &(0x7f0000000600)=[{&(0x7f00000001c0)="ae00c18f67ab9608f853bebcc56af8ad93a1173f5967fc0ee9b207afdcf26c900f3a023d04e57896f384dc1159e0852e56a5422aa28ab0c1c1e7f95f6c493168b4830a422fa37401abbba9ad80a35cffdbfeabb17246a3ac372148cc3011c4c362d94805c486ab49f8fc64db1c9c30a35f5f7e70264a02020902de3cc442fc34fb424d576a14826b6b00a553d74e70e3b0a1ac8b1454c113673e03a233e2dd64866f2f52f561840edc26c9f128566cd53249e393d5cddf82a1f6a6b65602dfc6d33717c184eae9d44721961b6e92a54f4dbf308ffeeead67", 0xd8, 0x7}, {&(0x7f0000000400)="458797109a362521d8e2366355c4ba8351e7c3517e2bf219855b949a3850c8286b782742f894641968e55821c8dd166e34ad5d08c3fc7b2255eb368a0c0f047d3cc5d5c85818f74d73475e00edd4f5e75193d8141c2ace9362fa76b70cd31a7df67e1f870e70f226549037a3d6cf3bbe351d902d0555f15ae3cc55efa950c7ca732d806a40931cc65314f2474c6877c31a75c175fe3223b258c2bb4ec23cfc21776a2505432f5434cc86aaeaa77d14388cfe5e449136f5697f85c5798cc96e8f7c450f3d6e4b4a9954796381381325eab0885041abf00dbfe98f6f7765d70615d3c50acada231b381ad37d58fcdc0470eb37a95eaebccf", 0xf7, 0x2}, {&(0x7f00000002c0)="28f9248f5e0268a7f11d899296d8cc95ef3c9834708bc3cde85ec63ac142277105f3b059956cae00f33ea7ab7988b375baff7c7fcd2e81faec433f31774d318b7f932d7f711e6463e907d7f9193dcf98f80374fa4771afcfdc518397671444fa7322612f459387bcb8e5a7314097fa8f38bb1a37a6ab157de4b23884a05f1b66bf136c35df1f95b1ebf952378a11b41448755d1444c0c3a7902bb0", 0x9b, 0xa8c0}, {&(0x7f0000000500)="7ae3aabaa5dc9fcca8a2c22a771cac50a8cee015f6b37f0957f1af7dec1009a17435abf6143a2f72fa30266d6b7af1c1afb4eef7d175c12fb24ad7e84d89d05606319c56b7e5f44a940108a97533447af024251d411cb2b91c3fd9386c2d8500c8c33e3aad17218a8a710b0baac53ce917bc690484c796380baf7254c20863c3812451f63aec03b26a7eddda25f93c29427ce076e09e522fdfb55580d3b4978fb26ce4c08b60c893bbc431cee0ecaf001d531151d44697d1b2488f3e8a0b0ae1a8d4f0b533b9fabdd9ff7dc50a2481c4bf79d63e413ccc79e7c3b7a33442799e3f7a964c9791a6693d31d4f3c1c93ea21c10d341e489c19621b991853b32", 0xfe, 0x4}], 0x40000, 0x0)
r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x8, 0x800)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  806.805514]         reason=80000021 qualification=0000000000000000
[  806.811848] IDTVectoring: info=00000000 errcode=00000000
[  806.852028] TSC Offset = 0xfffffe4e14297ad5
[  806.875962] TPR Threshold = 0x00
[  806.887743] EPT pointer = 0x00000001cbc4001e
07:16:47 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:47 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r0=>0x0}, &(0x7f0000000080)=0xc)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, r0})
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="cdde9f003c000000"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:47 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0x5}}, 0x14)

[  806.951041] 9pnet: bogus RWRITE count (33554433 > 20)
[  807.115281] 9pnet: bogus RWRITE count (33554433 > 20)
[  807.121189] *** Guest State ***
[  807.134856] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  807.144317] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  807.154837] CR3 = 0x0000000000000000
[  807.158890] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  807.166754] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  807.173092] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  807.180352] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  807.189151] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.197730] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.206125] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.214957] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.223305] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.231555] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  807.239769] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  807.247898] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  807.255956] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  807.264054] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  807.270542] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  807.278089] Interruptibility = 00000000  ActivityState = 00000000
[  807.278094] *** Host State ***
[  807.278107] RIP = 0xffffffff81212b2e  RSP = 0xffff88014a04f350
[  807.278127] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  807.278144] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  807.293668] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
07:16:47 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:47 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:47 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:47 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xa)

[  807.300207] CR0=0000000080050033 CR3=00000001c3e5b000 CR4=00000000001426e0
[  807.300224] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  807.300240] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  807.323813] *** Control State ***
[  807.334061] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
07:16:47 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x100000001, 0x40040)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}})
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  807.383813] EntryControls=0000d1ff ExitControls=002fefff
[  807.391556] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  807.402013] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  807.408916] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  807.415587]         reason=80000021 qualification=0000000000000000
[  807.415601] IDTVectoring: info=00000000 errcode=00000000
[  807.431765] TSC Offset = 0xfffffe4dbedf1980
[  807.458513] TPR Threshold = 0x00
[  807.471097] EPT pointer = 0x00000001cdc0801e
07:16:47 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, <r0=>0x0}, &(0x7f00000000c0)=0xc)
ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f00000001c0)=<r1=>0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000100)={{0x0, 0x0, r0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1})
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x6, 0x0)
getrusage(0xffffffffffffffff, &(0x7f0000000200))
ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f0000000300)={0x4, &(0x7f00000002c0)=[{}, {}, {<r4=>0x0}, {}]})
ioctl$DRM_IOCTL_SWITCH_CTX(r3, 0x40086424, &(0x7f0000000340)={r4, 0x1})

[  807.515916] 9pnet: bogus RWRITE count (33554433 > 10)
07:16:47 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:47 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:47 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x9)

07:16:47 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffff9c)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:47 executing program 4:
socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000400)=ANY=[@ANYRES32=<r2=>0x0, @ANYBLOB="3c8800000000000010040000"], &(0x7f00000000c0)=0xb)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000001c0)={r2, @in={{0x2, 0x4e23, @rand_addr=0x6}}, [0x8, 0x81, 0x8, 0x0, 0x7ff, 0x5, 0xfffffffffffffffc, 0x0, 0x9, 0x2, 0x6, 0x10001, 0x0, 0x3, 0xc14]}, &(0x7f0000000100)=0x100)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="74f3cc0bd66a9ad5"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0xc)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000140), &(0x7f00000002c0)=0x4)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  807.752780] *** Guest State ***
[  807.756737] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  807.766871] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  807.773096] 9pnet: bogus RWRITE count (33554433 > 9)
[  807.776497] CR3 = 0x0000000000000000
[  807.786503] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  807.792822] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
07:16:48 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r1=>0x0, 0x1}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={r1, 0x38, &(0x7f00000000c0)=[@in6={0xa, 0x4e24, 0x8, @mcast1, 0x3}, @in6={0xa, 0x4e21, 0x3, @mcast1, 0x9}]}, &(0x7f0000000140)=0x10)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  807.824450] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  807.847684] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  807.862697] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.879561] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.903406] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.920752] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.935791] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  807.945609] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  807.956476] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  807.967759] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  807.986036] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  807.997940] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  808.005816] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  808.013435] Interruptibility = 00000000  ActivityState = 00000000
[  808.019674] *** Host State ***
[  808.022876] RIP = 0xffffffff81212b2e  RSP = 0xffff88013af6f350
[  808.029219] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  808.035753] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  808.043608] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  808.049487] CR0=0000000080050033 CR3=00000001c3108000 CR4=00000000001426f0
[  808.056620] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  808.063367] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  808.069425] *** Control State ***
[  808.072879] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  808.079688] EntryControls=0000d1ff ExitControls=002fefff
[  808.085171] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  808.092086] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  808.098816] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  808.105448]         reason=80000021 qualification=0000000000000000
[  808.111772] IDTVectoring: info=00000000 errcode=00000000
[  808.118199] TSC Offset = 0xfffffe4d677c3bfe
[  808.122531] TPR Threshold = 0x00
[  808.125958] EPT pointer = 0x000000018463b01e
07:16:48 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:48 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x2000001)

07:16:48 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffff9c)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:48 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0200000000000000"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200000, 0x22)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000080)={<r2=>0x0, 0x80000000, 0xc0, 0x9}, &(0x7f00000000c0)=0x10)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={r2, 0x7a73}, &(0x7f0000000140)=0x8)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:48 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:48 executing program 4:
msgrcv(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="13fa01dca6157829fe4a33d07e5a7ce8e2dd3bdb14371b5fe6a95813dd94145a342eb6c7d93bafcee63d076ab222a60a2b208b5e3e15259fb3ee6587aef2a470f39d38a4886793fe9acffc23befc3f5e41331a13b755830ff52f1de83c6f4683445c9934c737fde99976a1bc18f048808e58f59eb91cb5f4b473f9b250c87778450b6e36659919e4c57f871046abc038c42801a6b38530c4e107914cb57605af8c51d19c1c56095c4f02232f2560ac17b64e2f8bc54527adef8efdc2dec293c8c8a3974d79406eb22fea0000", @ANYRESDEC, @ANYRESOCT, @ANYPTR=&(0x7f0000000140)=ANY=[@ANYRES16], @ANYRESDEC], 0x5, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r0 = syz_open_dev$usb(&(0x7f0000000300)='/dev/bus/usb/00#/00#\x00', 0x1, 0x101203)
write$FUSE_WRITE(r0, &(0x7f0000000340)={0x18, 0xfffffffffffffff5, 0x4, {0x9}}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={<r3=>r1})
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f00000000c0)=ANY=[@ANYBLOB="06000000ff072000ff00040001000080"], &(0x7f0000000100)=0x10)
r4 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x8, 0x10401)
ioctl$TCXONC(r4, 0x540a, 0x34c0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  808.284277] *** Guest State ***
[  808.290741] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  808.299954] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  808.310149] CR3 = 0x0000000000000000
[  808.315735] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  808.324450] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  808.343556] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  808.374215] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  808.390979] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  808.427866] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  808.437565] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  808.447663] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  808.457593] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  808.466415] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  808.475007] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  808.483620] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  808.492544] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  808.501115] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  808.508046] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  808.516031] Interruptibility = 00000000  ActivityState = 00000000
[  808.520249] 9pnet: bogus RWRITE count (33554433 > 4096)
[  808.522444] *** Host State ***
[  808.531566] RIP = 0xffffffff81212b2e  RSP = 0xffff88013af67350
[  808.538363] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  808.546382] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  808.557649] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  808.564065] CR0=0000000080050033 CR3=00000001c1209000 CR4=00000000001426e0
[  808.571496] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  808.578599] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  808.585299] *** Control State ***
[  808.589042] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  808.596103] EntryControls=0000d1ff ExitControls=002fefff
[  808.601774] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  808.608878] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  808.615640] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  808.622235]         reason=80000021 qualification=0000000000000000
07:16:48 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:48 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffff9c)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:48 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000080)=0x9, 0x4)

07:16:48 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x20000354)

07:16:48 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cb"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  808.634688] IDTVectoring: info=00000000 errcode=00000000
[  808.640926] TSC Offset = 0xfffffe4d1ec81518
[  808.647054] TPR Threshold = 0x00
[  808.651025] EPT pointer = 0x00000001c07bf01e
07:16:48 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x802, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0xa2, 0xb7, &(0x7f0000000080)="f52d8042ac36d8f4d612c7f101003ee2386ba46aee2cc0a9c69a3543f8ba515d8ef51a9ee03ffebd2fcb11b023980dba39e55966fa517d1a2fcd05c8aa58ed693a780c9d536107bba7709ffc3c4e76e32c148009c42662375b7dc231fe25aef76d507ee7253ff31ea5cb8a29ee8951feb64848088b80afb9878c52d722dfc0a9459a3fefc93cd6c658692328f748d471466d43aee13e2e93f87eeecdafe5b7c7674b", &(0x7f00000001c0)=""/183, 0x5}, 0x28)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fgetxattr(r1, &(0x7f0000000280)=@random={'system.', '/dev/rtc0\x00'}, &(0x7f00000002c0)=""/109, 0x6d)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  808.789982] *** Guest State ***
[  808.838930] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  808.859749] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  808.881946] CR3 = 0x0000000000000000
[  808.888451] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  808.906503] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  808.917393] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  808.924890] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  808.943949] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  808.966813] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  808.978451] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  808.987601] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  808.996145] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  809.005263] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  809.013819] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  809.022030] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  809.031835] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  809.040437] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  809.047414] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  809.052588] 9pnet: bogus RWRITE count (33554433 > 4096)
[  809.055460] Interruptibility = 00000000  ActivityState = 00000000
[  809.067084] *** Host State ***
[  809.070306] RIP = 0xffffffff81212b2e  RSP = 0xffff88013af57350
[  809.076497] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  809.083315] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
07:16:49 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:49 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:49 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = getpgid(0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, r1})

[  809.091137] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  809.091155] CR0=0000000080050033 CR3=00000001c7740000 CR4=00000000001426e0
[  809.091171] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  809.091185] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  809.091196] *** Control State ***
[  809.156463] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  809.181960] EntryControls=0000d1ff ExitControls=002fefff
[  809.196201] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
07:16:49 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:49 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x39)

07:16:49 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  809.205780] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  809.217895] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  809.226327]         reason=80000021 qualification=0000000000000000
[  809.232939] IDTVectoring: info=00000000 errcode=00000000
[  809.239769] TSC Offset = 0xfffffe4cdab34706
[  809.244871] TPR Threshold = 0x00
[  809.248721] EPT pointer = 0x00000001d8b2e01e
[  809.421469] 9pnet: bogus RWRITE count (33554433 > 57)
07:16:49 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xd3e, 0x20140)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:49 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:49 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:49 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cb"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:49 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x63)

[  809.610695] *** Guest State ***
[  809.615925] 9pnet: bogus RWRITE count (33554433 > 99)
[  809.621345] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  809.632865] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  809.647325] CR3 = 0x0000000000000000
[  809.651227] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:49 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r0 = getegid()
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r0}})
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x28, 0xc0)
accept4$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x80800)

[  809.658011] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  809.664514] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  809.672358] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  809.681051] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  809.707226] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  809.724314] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  809.732584] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  809.741169] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  809.765491] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  809.779496] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  809.790894] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  809.799402] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  809.808111] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  809.814811] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  809.822485] Interruptibility = 00000000  ActivityState = 00000000
[  809.828934] *** Host State ***
[  809.832169] RIP = 0xffffffff81212b2e  RSP = 0xffff88013af57350
[  809.838426] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  809.844948] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  809.852747] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  809.858727] CR0=0000000080050033 CR3=00000001bd21e000 CR4=00000000001426f0
[  809.865787] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  809.872484] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  809.878641] *** Control State ***
[  809.882104] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  809.888920] EntryControls=0000d1ff ExitControls=002fefff
[  809.894474] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  809.901433] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  809.908191] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  809.914888]         reason=80000021 qualification=0000000000000000
[  809.921201] IDTVectoring: info=00000000 errcode=00000000
[  809.926734] TSC Offset = 0xfffffe4c690520ff
[  809.931060] TPR Threshold = 0x00
[  809.934542] EPT pointer = 0x00000001b9aed01e
07:16:50 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x7fffffffffffffff)

07:16:50 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
accept(0xffffffffffffff9c, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, <r0=>0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f0000000000)=0x80)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000400)=""/4096, &(0x7f0000000100)=0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:50 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cb"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:50 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:50 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  810.050965] *** Guest State ***
[  810.060305] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  810.081017] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  810.093663] CR3 = 0x0000000000000000
07:16:50 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x5f5e0ff)

[  810.098983] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  810.114744] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  810.125021] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  810.137016] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
07:16:50 executing program 4:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x250000)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x100)
r2 = dup2(r0, r1)
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000200"], 0x0, 0x0)
getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000100)={@empty, <r3=>0x0}, &(0x7f0000000140)=0x14)
connect$packet(r2, &(0x7f00000001c0)={0x11, 0x19, r3, 0x1, 0x9, 0x6, @random="5de84d8ba189"}, 0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  810.145522] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.156879] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.165230] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.173702] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.181983] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.191814] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  810.200159] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  810.213585] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  810.221929] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  810.232232] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  810.240150] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  810.248603] Interruptibility = 00000000  ActivityState = 00000000
[  810.255490] *** Host State ***
[  810.268203] RIP = 0xffffffff81212b2e  RSP = 0xffff88013afaf350
[  810.285853] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  810.294382] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  810.302632] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  810.308748] CR0=0000000080050033 CR3=0000000188e20000 CR4=00000000001426e0
[  810.316218] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  810.327391] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  810.333681] *** Control State ***
[  810.337300] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  810.345176] EntryControls=0000d1ff ExitControls=002fefff
[  810.350838] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  810.358045] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  810.365156] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  810.371932]         reason=80000021 qualification=0000000000000000
[  810.378463] IDTVectoring: info=00000000 errcode=00000000
[  810.384115] TSC Offset = 0xfffffe4c2d25810d
[  810.388642] TPR Threshold = 0x00
[  810.392176] EPT pointer = 0x0000000143e2301e
07:16:50 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x100, 0x0)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000140)={0x5, &(0x7f0000000100)=[{0x0, 0x3f, 0x7, 0x3ff}, {0x9, 0x0, 0x302, 0x100}, {0x2, 0x8000, 0x16, 0x8}, {0x4, 0x9084, 0x4, 0x5}, {0x9, 0x401, 0x2}]})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000080)={{0x7f, @dev={0xac, 0x14, 0x14, 0xd}, 0x4e22, 0x4, 'sed\x00', 0x3c, 0x1, 0x14}, {@rand_addr=0x4, 0x4e20, 0x2003, 0x8, 0x9, 0x2000000000}}, 0x44)

07:16:50 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:50 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x15)

07:16:50 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f1609"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  810.497762] 9pnet: bogus RWRITE count (33554433 > 4096)
07:16:50 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0)

[  810.572417] *** Guest State ***
[  810.580962] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:16:50 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x8800000)

07:16:50 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  810.623405] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  810.643086] CR3 = 0x0000000000000000
[  810.656439] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  810.669333] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  810.682529] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  810.696071] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  810.704819] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.715139] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.724229] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.732689] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.741708] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  810.750269] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  810.760058] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  810.768741] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  810.777392] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  810.800667] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  810.812627] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  810.830547] Interruptibility = 00000000  ActivityState = 00000000
[  810.837367] *** Host State ***
[  810.841903] RIP = 0xffffffff81212b2e  RSP = 0xffff880143237350
[  810.855253] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
07:16:51 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0), 0x0, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:51 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x4, 0x0)
r0 = syz_open_dev$midi(&(0x7f0000000140)='/dev/midi#\x00', 0xebd, 0x80)
ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000ff0000000bd4f9cfa9ad0bb00cff08dc37937bac982360acd6f525d1c8cc8ce7ed75ad02a326559cc214ab6e753714b818e31addac56f2092ae7df3de8a3e0b5c0f4e677f87f09a525990db4e5a124e3b7e9e5cec20a8ce1ce18ff033a0fdf2b6534c2808e"], 0x8, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x10000)
openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x80000, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:51 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  810.875859] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  810.906471] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  810.929676] CR0=0000000080050033 CR3=00000001be7c4000 CR4=00000000001426f0
[  810.946221] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
07:16:51 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x1, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x60})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  810.960125] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  810.973097] *** Control State ***
[  810.980894] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  810.994603] EntryControls=0000d1ff ExitControls=002fefff
07:16:51 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  811.005194] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  811.019488] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  811.049020] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  811.063398]         reason=80000021 qualification=0000000000000000
[  811.070211] IDTVectoring: info=00000000 errcode=00000000
[  811.076982] TSC Offset = 0xfffffe4be7855389
[  811.087645] TPR Threshold = 0x00
[  811.094106] EPT pointer = 0x00000001cdf8701e
07:16:51 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:51 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f1609"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  811.243661] 9pnet: bogus RWRITE count (33554433 > 4096)
[  811.277559] *** Guest State ***
[  811.281382] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  811.291473] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  811.313574] CR3 = 0x0000000000000000
[  811.317312] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  811.332728] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  811.364638] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  811.371421] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  811.379644] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  811.387723] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  811.395815] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  811.404275] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:51 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:51 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000000)={0x3}, 0x8, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x10)
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:51 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:51 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfffffffffffffdef)

[  811.412316] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  811.420483] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  811.437669] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  811.451918] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  811.470212] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  811.478932] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  811.488255] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
07:16:51 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x2, 0x1007}}, 0x20)
ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000100))
write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f00000000c0)={0xa, 0x4, 0xfa00, {r1}}, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  811.523882] Interruptibility = 00000000  ActivityState = 00000000
[  811.546688] *** Host State ***
[  811.570995] RIP = 0xffffffff81212b2e  RSP = 0xffff880139e3f350
[  811.593548] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  811.617348] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  811.651334] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  811.661233] CR0=0000000080050033 CR3=00000001cbf15000 CR4=00000000001426e0
[  811.668716] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  811.675843] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  811.682182] *** Control State ***
[  811.686524] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  811.694987] EntryControls=0000d1ff ExitControls=002fefff
[  811.700711] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  811.708028] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  811.715068] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  811.722072]         reason=80000021 qualification=0000000000000000
[  811.728853] IDTVectoring: info=00000000 errcode=00000000
[  811.734563] TSC Offset = 0xfffffe4b844cb9a9
[  811.739017] TPR Threshold = 0x00
[  811.742549] EPT pointer = 0x00000001c855c01e
07:16:51 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0), 0x0, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:51 executing program 3:
pipe2(&(0x7f00000000c0), 0x4800)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:51 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x40100, 0x20)
execveat(r0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)=[&(0x7f00000000c0)="6b657972696e6773656375726974795d5b6264657606736563757269747900"], &(0x7f0000000300)=[&(0x7f0000000140)='system\x00', &(0x7f00000001c0)='lo/\']^\x00', &(0x7f0000000200)='\x00', &(0x7f0000000240)='ppp1\x00', &(0x7f0000000280)='cgroup\x00', &(0x7f00000002c0)='systembdev+%]+eth0\x00'], 0x400)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r1 = msgget(0x0, 0x10)
msgsnd(r1, &(0x7f0000000400)={0xcdffa6fa859d110a, "08c8f6fb5850531c411d923e6a9bcce604d6e0ffe8294d8e1539af6960d26ed6af20f0668665a4ae4e2ef5b0f5a1a4075bed2bd9bf384bbade2332d01086fc6637f168fae3b249751b79dfa0fa7c06b131cec18866dc2a9a174a2cd7d0332bc26a57ba106a5b0433e990b2e730e707a633e840615df73482ff2d6d23ba125c69b6e3ffadb1cfc386e5b873e7bf8bf671a9182773784016dbf9368c207fe5af70287829945ae35efb8804cc06c6a1f681f348c28dd80386b58101e36bb19d7534000f082bdda37552c677331a4e"}, 0xd5, 0x800)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:51 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfffffdef)

07:16:51 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f1609"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:52 executing program 4:
msgrcv(0x0, &(0x7f0000000540)=ANY=[@ANYPTR=&(0x7f00000002c0)=ANY=[@ANYRES16, @ANYRESDEC, @ANYRES32, @ANYPTR=&(0x7f0000000000)=ANY=[@ANYRESDEC=0x0, @ANYRESOCT], @ANYRES64, @ANYRESOCT, @ANYRESHEX, @ANYPTR=&(0x7f0000000140)=ANY=[@ANYRES64], @ANYRES16=0x0], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="2bcba061fc562239859d76eb79f0edb3d3707826691066a1ad1a419c4c6f8da522b6e87ff42778e7d4d09c846c83035859df355620bbad3ffd535d10d1d8a9d70d128567188b932d8b6802bcf4ca55439b5ad409d16ebab915fc2cb637c68032fbe29224b211cd9bbaf8aa81572bf425e08a24a2fcebf1cfa4b460e590b6fcb8c924bd718af3d0ca39038f7568eb211f18dacb3960a280c5975a3a2e8cb79cb8b5479fa0910811dc6773dc48", @ANYRES16, @ANYRESOCT], @ANYBLOB="9f7ba7cd47252615ac8028721359a5d093980b84dfb09042a744bd4eefee7bc7b3d72704dbbebd88869b0cdefc536d8341d481f4fe9ce261007346ea349febfd74e811f4101454e5bf5c33d79ea63be31a1ffa55203a1bdcbfc017ebde8ad9bc3e3b8adb729dbb141944ae7b1360687b4fe6b7e6f0866fa0a79ff811ec9babb46ea622c1d1b574705e953036eebf4b8dd8dc3e55a47112995e42a6b9762c7fb5b800d1f5ef1a4a0b4b2dbdcf149a3b847d6d1cbadda94656b5779d4c9041120216b8c42e2db86289896669bffb44839de1115552bb2163b487042a1355686abd8bd16dff7c48e9d150eb04e105a91f6e5aadaf01c29d25c947e80104b499", @ANYRES16, @ANYRES64, @ANYRESDEC, @ANYRES32, @ANYRES32], 0x8, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r0 = open(&(0x7f0000000340)='./file0\x00', 0x800, 0x184)
readlinkat(r0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)=""/150, 0x96)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = msgget(0x3, 0x240)
msgsnd(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000000000000ec61b78d071eb33e4925b78ef70000000000000800822a492b4dcd2bd90e95a05e99097fb068405793adcf0254df972795bb822dab0000d9fa0b647c2326edef5e4b7aa89571b2de0348089e21b0b8d325fb0bc855e0838784c55b1cc13844e219adbf10b55d17ce2404e161a0dd3c892c5d6e82dd83672a2a714e6c75afad7904f3360e2dbd770ba53059445e023ba7563ab0bdf3751c106e44fec06f6eae4acc58558ccd86b4"], 0xaf, 0x800)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:52 executing program 3:
pipe2(&(0x7f00000000c0), 0x4800)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  811.925977] *** Guest State ***
[  811.929500] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  811.945987] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  811.955227] CR3 = 0x0000000000000000
[  811.959145] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  811.965725] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  811.971913] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  811.979476] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  812.001017] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.018434] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.026775] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.037035] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.045925] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.064718] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  812.072931] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  812.081213] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  812.092001] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  812.101169] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  812.107957] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  812.123790] Interruptibility = 00000000  ActivityState = 00000000
[  812.133260] *** Host State ***
[  812.140417] RIP = 0xffffffff81212b2e  RSP = 0xffff8801c406f350
[  812.147663] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  812.154369] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  812.162509] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  812.169731] CR0=0000000080050033 CR3=00000001c3cb7000 CR4=00000000001426e0
[  812.179474] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  812.189289] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  812.195826] *** Control State ***
[  812.202913] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  812.208933] 9pnet: bogus RWRITE count (33554433 > 4096)
[  812.220132] EntryControls=0000d1ff ExitControls=002fefff
[  812.225894] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  812.232973] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  812.239842] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  812.246674]         reason=80000021 qualification=0000000000000000
[  812.254886] IDTVectoring: info=00000000 errcode=00000000
[  812.260503] TSC Offset = 0xfffffe4b2c93f3f3
[  812.265429] TPR Threshold = 0x00
[  812.268945] EPT pointer = 0x00000001ce5a701e
07:16:52 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:52 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x3}, 0x8, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x0, 0x800)
ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f00000000c0)={0x100000001, 0x6})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:52 executing program 3:
pipe2(&(0x7f00000000c0), 0x4800)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:52 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:52 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

[  812.404491] *** Guest State ***
[  812.409162] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  812.424566] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  812.444554] CR3 = 0x0000000000000000
[  812.448411] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  812.454976] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  812.461043] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  812.473300] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  812.484071] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.503872] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.513423] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.533648] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.557772] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  812.566907] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  812.575379] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  812.583623] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  812.591786] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  812.600579] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  812.607363] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  812.609670] 9pnet: bogus RWRITE count (33554433 > 4096)
[  812.626201] Interruptibility = 00000000  ActivityState = 00000000
[  812.633892] *** Host State ***
[  812.637331] RIP = 0xffffffff81212b2e  RSP = 0xffff880143237350
[  812.643754] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  812.650413] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
07:16:52 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0), 0x0, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:52 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40080, 0x0)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f0000000080)=0xf000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:52 executing program 3:
write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:52 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

[  812.658533] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  812.678678] CR0=0000000080050033 CR3=00000001d8a1b000 CR4=00000000001426e0
[  812.687760] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
07:16:52 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[], 0xffffffba)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)=ANY=[@ANYBLOB="000000f3ffffff0000"], 0x9)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0)='9p\x00', 0x8, &(0x7f0000000980)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_user='access=user'}, {@aname={'aname'}}, {@version_L='version=9p2000.L'}, {@version_u='version=9p2000.u'}, {@cache_none='cache=none'}, {@cache_none='cache=none'}, {@uname={'uname', 0x3d, '('}}, {@uname={'uname', 0x3d, 'loeth0(\''}}, {@aname={'aname', 0x3d, 'cache=loose'}}, {@fscache='fscache'}], [{@fsuuid={'fsuuid', 0x3d, {[0x39, 0x37, 0x0, 0x38, 0x64, 0x31, 0x35, 0x33], 0x2d, [0x65, 0x65, 0x75, 0x76], 0x2d, [0x67, 0x66, 0x0, 0x7c], 0x2d, [0x62, 0x65, 0x35, 0x37], 0x2d, [0x61, 0x7d, 0x62, 0x38, 0x64, 0x66, 0x61, 0x33]}}}, {@dont_appraise='dont_appraise'}, {@fsmagic={'fsmagic'}}]}})
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)

[  812.714477] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  812.737651] *** Control State ***
[  812.749391] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  812.756508] EntryControls=0000d1ff ExitControls=002fefff
07:16:52 executing program 4:
r0 = accept$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, &(0x7f0000000240)=0x6e)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280))
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x2, 0x0)
write$FUSE_DIRENT(r1, &(0x7f0000000080)={0x68, 0x0, 0x6, [{0x2, 0x7, 0x19, 0x33, 'posix_acl_access:]selinux'}, {0x2, 0x0, 0x6, 0x181, '-eth1}'}]}, 0x68)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x4000000})
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000100)=0x9)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$FS_IOC_GETVERSION(r2, 0x80087601, &(0x7f0000000140))

[  812.762256] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  812.769879] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  812.776988] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  812.784374]         reason=80000021 qualification=0000000000000000
[  812.790962] IDTVectoring: info=00000000 errcode=00000000
[  812.797647] TSC Offset = 0xfffffe4ae9a92356
[  812.804085] TPR Threshold = 0x00
[  812.807723] EPT pointer = 0x00000001c073d01e
07:16:53 executing program 3:
write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:53 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:53 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000584b13ff9e0000000000"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x5)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:53 executing program 4:
msgrcv(0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000"], 0x0, 0x0)
r0 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0x73, 0x0)
ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f00000001c0)=""/217)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{0x0, r2}, 0x0, 0x100000003, 0x0, 0x11d8, 0x3, 0x1})

[  812.970306] *** Guest State ***
[  812.973879] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  812.982967] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  812.993043] CR3 = 0x0000000000000000
[  812.997690] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:53 executing program 3:
write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  813.020119] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  813.033553] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  813.053141] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  813.061999] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:53 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000000)={0x1, "4a7651e0d4addad1672a86919e57101bc32b9c76ace5eba4ef23404de0e2ce461bd79b57d3d1c62d1c1d9c36ae8c2fe556"}, 0x39, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  813.076637] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  813.085281] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  813.094052] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  813.111467] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  813.120605] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  813.128778] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  813.137201] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  813.147082] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  813.155406] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  813.169910] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  813.186491] Interruptibility = 00000000  ActivityState = 00000000
[  813.207565] *** Host State ***
[  813.210976] RIP = 0xffffffff81212b2e  RSP = 0xffff88018611f350
[  813.224135] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  813.231158] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  813.239371] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  813.245368] CR0=0000000080050033 CR3=00000001b97b1000 CR4=00000000001426e0
[  813.252410] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  813.259202] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  813.265333] *** Control State ***
[  813.268846] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  813.275899] EntryControls=0000d1ff ExitControls=002fefff
[  813.281750] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  813.288786] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  813.295547] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  813.302133]         reason=80000021 qualification=0000000000000000
[  813.308590] IDTVectoring: info=00000000 errcode=00000000
[  813.314987] TSC Offset = 0xfffffe4a9c1f920a
[  813.319508] TPR Threshold = 0x00
[  813.322879] EPT pointer = 0x000000018048c01e
07:16:53 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x84, r1, 0x720, 0x70bd25, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0xe}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}]}, 0x84}, 0x1, 0x0, 0x0, 0x48004}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:53 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x0)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:53 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:53 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:53 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:53 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0xd0000, 0x0)
ioctl$BLKREPORTZONE(r2, 0xc0101282, &(0x7f0000000980)={0xb3, 0x4, 0x0, [{0x8001, 0x1851, 0x1000, 0x400, 0x6, 0x9}, {0x80000000, 0x10000000000, 0x586e20c2, 0xffff, 0x7fffffff, 0x7ff, 0x3ff}, {0x3, 0x3f, 0x9, 0xfff, 0xa7a, 0x1, 0x2}, {0x7, 0x1, 0x6063, 0x0, 0x3, 0x66f, 0x4}]})
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r2, &(0x7f0000000200)={0xa0, 0x19, 0x1, {0x0, {}, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0xf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb6}}, 0xffffff25)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x2, 0xfffffffffffffffe}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b0000007501c513000000"], 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:16:53 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r0 = msgget(0x3, 0x40)
msgsnd(r0, &(0x7f0000000040)={0x1}, 0xffffffffffffffa4, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:53 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x0)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  813.682986] *** Guest State ***
[  813.692224] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  813.722135] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
07:16:53 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = getegid()
r2 = getgid()
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{0x0, 0x0, r1, 0x0, r2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x101000, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000080)={{0x2, 0x3, 0x519, 0x2, 0x6}})

[  813.764143] CR3 = 0x0000000000000000
[  813.775233] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  813.787076] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  813.793085] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  813.793108] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
07:16:54 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1, {0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000980)=ANY=[@ANYBLOB="0b2001c1eb01000000000027dc3b25be8c9a7f6a1e39ca67cc990097b5f6cc362720c0b5fa6d51ae2f0d91730fbac818ad915c112b234dcb1cb7f0aae54cce89f66b5d2bcc70088c3c7a257985ed98408651261d1160b96ffebc4b9acc9a96d1cd4e33fbccfd2698bf91b199759b8551159b29e6739a796e42d1c06ddf209db31ab98f0b7ccb7578c7118614fff9d8181c9fca9d6844c0b4d1f1c9af9c2148a27b3fdd1a14effb2da5b2b8236601c8871a15e18f3f284b8864fd20ff07bd999b95bf4b97dc7918c46b5de4695b9e1b2439d0480a32"], 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYRESDEC], 0x14)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(serpent))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000400)="d6d52260d1b7f800169821a2cc70532956b0cd5b68a0be35ecc64824f1149c97e2", 0x21)
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

[  813.808539] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  813.830988] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:54 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x0)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  813.859650] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  813.882022] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  813.896959] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:16:54 executing program 4:
msgrcv(0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  813.925512] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  813.934338] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  813.942609] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  813.952371] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  813.963655] EFER =     0x0000000000000000  PAT = 0x0007040600070406
07:16:54 executing program 3:
pipe2(&(0x7f00000000c0), 0x4800)
write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:54 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
syz_genetlink_get_family_id$nbd(&(0x7f0000000000)='nbd\x00')

[  813.978959] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  814.006718] Interruptibility = 00000000  ActivityState = 00000000
[  814.047316] *** Host State ***
[  814.063999] RIP = 0xffffffff81212b2e  RSP = 0xffff88017f7ff350
[  814.091069] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  814.102774] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  814.122492] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  814.138010] CR0=0000000080050033 CR3=00000001d892d000 CR4=00000000001426f0
[  814.146966] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  814.154116] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  814.160389] *** Control State ***
[  814.164343] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  814.171241] EntryControls=0000d1ff ExitControls=002fefff
[  814.178185] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  814.185429] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  814.192889] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  814.199852]         reason=80000021 qualification=0000000000000000
[  814.213396] IDTVectoring: info=00000000 errcode=00000000
[  814.221254] TSC Offset = 0xfffffe4a3c3baa86
[  814.226747] TPR Threshold = 0x00
[  814.230418] EPT pointer = 0x00000001bdbc601e
07:16:54 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:54 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x20000, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f00000000c0)={0x1, 0x70, 0x8, 0xfffffffffffffe01, 0x3, 0x1, 0x0, 0x400000000000000, 0x84, 0x4, 0x1045, 0x5, 0x2, 0x0, 0x8, 0x0, 0x1ff, 0x6, 0x9, 0x6fd, 0xac9, 0xdd, 0x10001, 0x1, 0x1, 0x2, 0xffff, 0x6, 0x0, 0x7, 0x20, 0x15f580000, 0x6, 0x1, 0x1, 0x400, 0x200, 0x302, 0x0, 0x401, 0x4, @perf_bp={&(0x7f0000000080), 0x1}, 0x21090, 0x4, 0x5, 0x0, 0x5, 0xff, 0x200})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000140), 0x4)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000001c0)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000200)=0x10)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:54 executing program 3:
pipe2(&(0x7f00000000c0), 0x4800)
write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  814.479125] QAT: Invalid ioctl
[  814.486181] QAT: Invalid ioctl
07:16:56 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:56 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000756da9c505008a44f8ac32e38ecc0000000000000ce00d8af5d67e34f828dc8ab1d1eb4b66ef"], 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f00000001c0)={0xe, 0xffff, 0x1})
ioctl$KVM_SET_NR_MMU_PAGES(r2, 0xae44, 0xc7)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1, {0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000980)={0x6, 0x9, 0x4, 0x96, 0x3, [{0x80, 0x9, 0x8001, 0x0, 0x0, 0x100}, {0x10001, 0x0, 0x8, 0x0, 0x0, 0x809}, {0xfa40, 0x3, 0x6, 0x0, 0x0, 0x4}]})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:16:56 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d0"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:56 executing program 3:
pipe2(&(0x7f00000000c0), 0x4800)
write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:56 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:56 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r1 = msgget(0x1, 0x10)
msgrcv(r1, &(0x7f0000000080)={0x0, ""/171}, 0xb3, 0x3, 0x2800)

07:16:56 executing program 4:
msgget$private(0x0, 0x113)
r0 = memfd_create(&(0x7f0000000140)='/dev/audio\x00', 0x3)
ioctl$RTC_VL_CLR(r0, 0x7014)
r1 = msgget$private(0x0, 0x401)
msgrcv(r1, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRESOCT], 0x2, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x4001, 0x0)
mknodat(r3, &(0x7f0000000080)='./file0\x00', 0x8056, 0x6)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r4 = getpgrp(0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, r4})

[  816.706107] *** Guest State ***
[  816.716477] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:16:56 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x0, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  816.748948] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  816.778299] CR3 = 0x0000000000000000
[  816.787919] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:16:57 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

[  816.816648] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  816.833966] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  816.842136] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  816.850503] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  816.859356] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  816.867728] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  816.875792] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  816.883831] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  816.883846] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  816.883864] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  816.883877] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  816.883894] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  816.901877] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  816.917128] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  816.936707] Interruptibility = 00000000  ActivityState = 00000000
07:16:57 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x0, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  816.969434] *** Host State ***
[  816.995717] RIP = 0xffffffff81212b2e  RSP = 0xffff880139fa7350
[  817.010512] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  817.017522] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  817.025526] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  817.031497] CR0=0000000080050033 CR3=00000001d7f2a000 CR4=00000000001426e0
[  817.038729] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  817.045590] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  817.051664] *** Control State ***
[  817.051675] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  817.051683] EntryControls=0000d1ff ExitControls=002fefff
[  817.051699] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  817.051709] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  817.051718] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  817.051727]         reason=80000021 qualification=0000000000000000
07:16:57 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x0, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:57 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d0"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  817.051736] IDTVectoring: info=00000000 errcode=00000000
[  817.051743] TSC Offset = 0xfffffe489ccbc03c
[  817.051749] TPR Threshold = 0x00
[  817.051759] EPT pointer = 0x00000001ca78701e
[  817.206010] *** Guest State ***
[  817.209317] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  817.218404] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  817.227394] CR3 = 0x0000000000000000
[  817.231132] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  817.237279] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  817.243432] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  817.243559] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  817.259756] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  817.268204] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  817.286962] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  817.301590] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  817.310482] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  817.327076] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  817.335620] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  817.343891] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  817.351996] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  817.360127] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  817.366694] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  817.374229] Interruptibility = 00000000  ActivityState = 00000000
[  817.380495] *** Host State ***
[  817.384515] RIP = 0xffffffff81212b2e  RSP = 0xffff88014466f350
[  817.390484] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  817.396989] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  817.404876] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  817.410748] CR0=0000000080050033 CR3=00000001d8969000 CR4=00000000001426e0
[  817.417830] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  817.424540] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  817.430595] *** Control State ***
[  817.434141] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  817.440823] EntryControls=0000d1ff ExitControls=002fefff
[  817.446411] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  817.453392] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  817.460067] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  817.466719]         reason=80000021 qualification=0000000000000000
[  817.473048] IDTVectoring: info=00000000 errcode=00000000
[  817.478582] TSC Offset = 0xfffffe48576c578e
[  817.482905] TPR Threshold = 0x00
[  817.486415] EPT pointer = 0x00000001bbd7001e
07:16:59 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x15)

07:16:59 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000b40)=ANY=[@ANYBLOB="0000000000000000008751082b43974e0ba22c63988426287c5214bd513c43c276d366e873aaaa8a102dd96aa9d1c7d0b1b9bbabe4c7064a4e70450a04f7380e3201c4d00757eded59a3d8988d9bc0cda1a76a37b74361ed97e73f977b1c549fa66555958ac0fb3464c25e1f3f30d7508e32257f43897bc5f3980edb406497e9544889fcfa4e0a3e00096f5540abc146c29c26e83bb8d8f2b387b947baa9040dd7bf9dacd59216979670a7aae20a4d7b6b1f1ca9a364b097f0e22c2f44895f8291e363cd0f6a737bf2bc89fc76dc"], 0x9)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x200002, 0x0)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000180), 0x4)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000001c0)={0x1, [0x400]}, 0x6)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:16:59 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:16:59 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(0xffffffffffffffff, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:16:59 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d0"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:16:59 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x8, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgget(0x0, 0x1)
r1 = msgget$private(0x0, 0x500)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={<r2=>0x0}, &(0x7f0000000100)=0xc)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x6, 0x0, 0x0, 0xd82c, 0x5, r2})

[  819.795733] *** Guest State ***
[  819.807241] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:17:00 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0xfffffffffffffffd, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x200, 0x0)
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x10013, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:00 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  819.843582] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  819.854046] CR3 = 0x0000000000000000
[  819.867680] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  819.893568] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  819.907239] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  819.914347] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  819.932019] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:17:00 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000900)='/dev/autofs\x00', 0x101000, 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
r2 = memfd_create(&(0x7f0000000480)='@\x00', 0x6)
ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000740)={0x1, 0x1, {0x1e, 0xb, 0x3, 0x8, 0x5, 0x8, 0x3, 0x165, 0xffffffffffffffff}})
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f010001000000000000000000bba2ef7000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x0, 0x0)
accept$packet(0xffffffffffffff9c, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000001c0)=0x14)
ioctl$TUNSETIFINDEX(r3, 0x400454da, &(0x7f00000003c0)=r4)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="180000007501000d0000006da9c5a38d8a44000000018ecc"], 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r5 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r5, &(0x7f0000000340)={0x14}, 0x14)

07:17:00 executing program 4:
msgget$private(0x0, 0x420)
r0 = msgget$private(0x0, 0x4)
msgrcv(r0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  819.942926] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  819.952297] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  819.961474] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  819.970596] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  819.978868] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  819.987751] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  819.999642] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  820.008865] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  820.021766] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  820.028922] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  820.036922] Interruptibility = 00000000  ActivityState = 00000000
07:17:00 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  820.046976] *** Host State ***
[  820.058783] RIP = 0xffffffff81212b2e  RSP = 0xffff88013d6af350
[  820.065400] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  820.093915] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  820.112087] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  820.123885] CR0=0000000080050033 CR3=00000001bc668000 CR4=00000000001426f0
[  820.131226] 9pnet: bogus RWRITE count (33554433 > 20)
[  820.131238] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
07:17:00 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000980)=ANY=[@ANYBLOB="180000007501000d008a44f8ac32e38e5d04ccf0e76b08a24329a16fa5e77081d17c5292066886967d5908fc7e6322a1479af4e969b9d3afd9f4cd42396902f8c690753a809cb68429db3d747267a828a5efec7e42a84a3c6d528ab2fc898876890e836ae7edd17bcc2af89e8e4df8b939602eaf872380237508d65a762be379cded4386e342770f2ef300651322dfa5cdecc6ce1bedb27769afa1098a8775b7383b9ca2"], 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

[  820.131252] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  820.149643] *** Control State ***
[  820.154212] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  820.161187] EntryControls=0000d1ff ExitControls=002fefff
[  820.167209] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  820.174478] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  820.186891] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  820.196383]         reason=80000021 qualification=0000000000000000
[  820.204277] IDTVectoring: info=00000000 errcode=00000000
[  820.210068] TSC Offset = 0xfffffe46f4c10da7
[  820.215776] TPR Threshold = 0x00
[  820.219524] EPT pointer = 0x00000001c23de01e
[  820.302793] 9pnet: bogus RWRITE count (33554433 > 20)
07:17:03 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(0x0, 0x15)

07:17:03 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x0, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:03 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d010"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:03 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)=ANY=[@ANYBLOB="098000006e01000000"], 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x40, 0x0)
openat$cgroup_int(r2, &(0x7f00000003c0)='cpuacct.usage\x00', 0x2, 0x0)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000004000100010000020000060000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f0000000980)={0x0, 0xfb, 0xeb, 0x5, 0xfffffffffffff372, "65a99c739b93ba1a075eb9dc0b7bf96f", "71ebad881fbeb734f28e18ab7bc2cc1f997860ac2acd85fcf0bcffc60fbd7f8ecc28cfa08b97722a6ca0357ac0d286c1e7461447dc40f62fe5b91bfa93fb22ad302362d7bdb1b46bef0ffc19905c011de563a603ff95fb591d15cc58c095d118ad8731a9bffe36ed800bf4fcf27cca0c665dc94e12dadbf3976cee9d67eac90696d6b711653791fb11f313f4f144d7a378e26c915bc5320ceae05112dea1d87df95b1a47bb60fc7a8e84db134b734644c8ff6d323c4c50068465d0bca90f93ce67b1301ccfbf9c8aa792a5a8fe21abffdafa685230bf"}, 0xeb, 0x3)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:17:03 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(0xffffffffffffffff, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

07:17:03 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
alarm(0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:03 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)=@random={'system.', 'md5sumsystemprocsecurity:selinuxnodev+eth0selinux\x00'}, &(0x7f00000001c0)='noexmend', 0x8, 0x1)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB="7472616e8b3d66642c723b36f7ffc6", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC=0x0, @ANYBLOB=',cache=loose,\x00'])
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

07:17:03 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r0 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x4, 0x400)
write$UHID_GET_REPORT_REPLY(r0, &(0x7f00000000c0)={0xa, 0x7, 0x4, 0xffff}, 0xa)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
nanosleep(&(0x7f0000000000), 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:03 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x0, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  822.922693] *** Guest State ***
[  822.936846] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  822.960848] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
07:17:03 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socket$can_bcm(0x1d, 0x2, 0x2)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  823.032488] CR3 = 0x0000000000000000
[  823.045726] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  823.064869] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
07:17:03 executing program 0:
pipe2$9p(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x200000, 0x0)
ioctl$UI_DEV_CREATE(r2, 0x5501)
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

[  823.087413] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
07:17:03 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x0, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  823.132317] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  823.144616] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  823.155254] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  823.171010] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  823.188356] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  823.214014] 9pnet: bogus RWRITE count (33554433 > 20)
[  823.224606] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  823.239076] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  823.247416] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  823.255837] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  823.268158] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  823.278509] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  823.285668] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  823.293676] Interruptibility = 00000000  ActivityState = 00000000
[  823.300202] *** Host State ***
[  823.303756] RIP = 0xffffffff81212b2e  RSP = 0xffff880139e3f350
[  823.311289] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  823.322027] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  823.330333] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  823.336555] CR0=0000000080050033 CR3=00000001d7560000 CR4=00000000001426e0
[  823.344067] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  823.350969] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  823.358145] *** Control State ***
[  823.362403] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  823.369269] EntryControls=0000d1ff ExitControls=002fefff
[  823.374842] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  823.381773] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  823.388524] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  823.395570]         reason=80000021 qualification=0000000000000000
[  823.401972] IDTVectoring: info=00000000 errcode=00000000
[  823.407573] TSC Offset = 0xfffffe454a5bc0cd
[  823.411901] TPR Threshold = 0x00
[  823.411912] EPT pointer = 0x00000001c502001e
07:17:03 executing program 0:
r0 = memfd_create(&(0x7f00000003c0)='em1vmnet0\x00', 0x5)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000480)=0x1, 0x4)
pipe2$9p(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r2, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r2, &(0x7f0000000980)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c653057f71a04516903d4d5d9c1883d1aa2a336a3ba4395d132d56d55fd4b7275a18b595467a4f00fdab977ec81b68ced639b333d4272336de90f8e0f2a31cc6c6c24cf12a44bdadd19a6f376ce2d74faa8d9725295afa23b74e05c4deda8af2e7cf8037abf625c01477cebecc138e0d10147db4bd31df07071b3ad6567b1dcd3f631cf2e6e53becd52e15356b50c458bda"], 0x2a)
write$P9_RGETATTR(r2, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r2, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r2, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r2, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r2, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r2, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r2, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r2, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r2, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x101080, 0x0)
ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f00000001c0)={0x15, 0x2f, &(0x7f0000000180)="66966d9839a4749208f602ca201b254498889a4513f80317fa6521cfdd2d329a7b3a5d34eadf537d1e091cd8be1af2"})
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="3c61636365730174", @ANYRESDEC=0x0, @ANYBLOB=',cache=loose,\x00'])
r4 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r4, &(0x7f0000000340)={0x14}, 0x14)

07:17:03 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x3, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="97f725a000000000a6bc301a2bc77829f955c97bd2843804f8675fdfd0da0bb92c2a5d447b3779007914548baeedbe311f6395ec7417cdcaf07e181b2e365d39773dbd33f4734e9467430efea54784"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
rmdir(&(0x7f0000000080)='./file0\x00')
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp\x00')
bind$nfc_llcp(r1, &(0x7f00000000c0)={0x27, 0x1, 0x2, 0x7, 0x40, 0xff, "4dc68dfe8d42e8cbc213c01cddb002b4eb756eb6ff163b696664ca2893431d3080a91ee30915b4a2899bfe4c9f241dfe92a77e2bde31bd0d4fd39a186dad1d", 0x27}, 0x60)
ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xb3a1)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:03 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:03 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d010"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:03 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(0x0, 0x15)

07:17:03 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(0xffffffffffffffff, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, r0)

[  823.828043] QAT: Invalid ioctl
[  823.834386] 9pnet: Insufficient options for proto=fd
[  823.867770] QAT: Invalid ioctl
[  823.870759] *** Guest State ***
07:17:04 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000fffc85d3fa82b0076c8b7d179b3c3bef2d29aaa7c8734f7609aa5bbbc67ffe0eab5153b5d8034610d5912378ab9401dfbe453cbd0c091b8f564e47c2800c8c3217e5b7ab1846de0a8847d9171fabe13a063c72de5e980ba9070b9bfb85f229af50e1de333dc8eccb6ea87791cc36bac4654aa7be500b1e4eac654ef837fa8e5b01f1dd8e782020853f4a5f8ee0c6c21fe6ac2354ea9a63d851b6"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mq_open(&(0x7f0000000000)='\x00', 0x2, 0x20, &(0x7f0000000080)={0x3, 0x6, 0x7488a16, 0xceea, 0x9, 0x3, 0x48000000, 0x7e})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  823.874909] 9pnet: Insufficient options for proto=fd
[  823.890751] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:17:04 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:04 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000900)='/dev/null\x00', 0xe0101, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r2)
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RLERRORu(r1, &(0x7f0000000040)={0x12, 0x7, 0x2, {{0x5, 'rfdno'}, 0x10001}}, 0x12)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000480)=ANY=[@ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYPTR64=&(0x7f0000000180)=ANY=[@ANYPTR, @ANYRES64=r1, @ANYPTR, @ANYRESHEX=r0, @ANYRESDEC=r0], @ANYPTR=&(0x7f0000000980)=ANY=[@ANYRESHEX=r0, @ANYRESHEX=r0, @ANYPTR, @ANYRESHEX=r2, @ANYRESHEX=r2], @ANYRESHEX=r2]], 0x8)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

[  823.922136] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  823.939213] CR3 = 0x0000000000000000
[  823.946045] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  823.952300] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  823.958851] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  823.988336] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  824.008335] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:17:04 executing program 4:
accept4(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, <r0=>0xffffffffffffffff, {0x2, 0x0, @remote}}}, &(0x7f0000000000)=0x80, 0x800)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x5, &(0x7f0000000100)=[{0x92da, 0x3, 0x8, 0x532}, {0x7, 0x780, 0x8001, 0xff}, {0x80, 0x80, 0x6, 0x1ff}, {0x4ea9, 0x0, 0x2, 0x100000000}, {0x6, 0x9, 0x46a7, 0x6b1f}]}, 0x10)
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r1 = msgget(0x2, 0x128)
msgsnd(r1, &(0x7f0000000200)={0x1}, 0x8, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  824.033937] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  824.042415] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  824.051540] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  824.060323] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:17:04 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  824.094235] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  824.112687] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  824.125194] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  824.133489] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
07:17:04 executing program 0:
r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000)
write$P9_RLOCK(r0, &(0x7f0000000740)={0x8, 0x35, 0x1, 0x3}, 0x8)
pipe2$9p(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r2, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@noextend='noextend'}]}})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='io.stat\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000180)={0x4, 0x8, 0x2, 0x0, 0xf})
write$P9_RREADDIR(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r2, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r2, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r2, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000480)=0x1)
write$P9_RGETATTR(r2, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r2, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r2, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r2, &(0x7f00000000c0)={0x14, 0x69, 0x1, {0xc4, 0x0, 0x1}}, 0xfffffffffffffe55)
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000980)={&(0x7f00000003c0)=[0x8, 0x3], 0x2, 0x95f1, 0x3, 0x401, 0x1000, 0x2, {0x81, 0x6, 0x4b, 0x88, 0x5, 0x5, 0x8, 0x2, 0x9d1, 0x400, 0x72, 0x7, 0x5, 0x0, "7f4491a9ec927d3b597953e1c7189dbf763bfe6d5781063ff2a2046435c52550"}})
write$P9_RREAD(r2, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100016a60020000002100000100000000"], 0x16)
write$P9_RGETATTR(r2, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r0, &(0x7f0000000340)={0x14, 0x67, 0x2, {0xfffffffffffffffd}}, 0xfffffffffffffe91)

[  824.141739] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  824.148490] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  824.163592] Interruptibility = 00000000  ActivityState = 00000000
[  824.181137] *** Host State ***
[  824.184717] RIP = 0xffffffff81212b2e  RSP = 0xffff880144d3f350
07:17:04 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x40000, 0x0)
syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x8, 0x400)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x20, &(0x7f00000000c0)="6d696d655f747970655e3a7f2b776c616e30707070315c76626f786e65743100", 0xffffffffffffffff}, 0x30)
syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x6, 0x0)
syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x4, 0x2402)
r0 = syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x10000)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0xfffe)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  824.190938] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  824.199330] FSBase=00007f2deae2a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  824.208159] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  824.219344] CR0=0000000080050033 CR3=00000001c8356000 CR4=00000000001426e0
[  824.227864] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
07:17:04 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x0)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  824.244947] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  824.274167] *** Control State ***
[  824.285228] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
07:17:04 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r0 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x4, 0x18000)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000140)={0x1f, 0x4, {0x81, 0x5, 0x3, 0x3831, 0x8c, 0x5}, 0x3ff, 0x4}, 0xe)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1, 0x400400)
ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f0000000080)={0x0, 0x4c54aaa6})
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="8e551c1d00000000"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = msgget(0x0, 0x2c1)
msgctl$IPC_RMID(r3, 0x0)
lstat(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
r5 = getpgrp(0x0)
msgctl$IPC_SET(r3, 0x1, &(0x7f0000000380)={{0x0, 0x0, r4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, r5})

[  824.302940] EntryControls=0000d1ff ExitControls=002fefff
[  824.314771] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  824.331052] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  824.354165] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  824.369881]         reason=80000021 qualification=0000000000000000
[  824.376797] IDTVectoring: info=00000000 errcode=00000000
[  824.382462] TSC Offset = 0xfffffe44c5e69d78
[  824.387354] TPR Threshold = 0x00
[  824.391040] EPT pointer = 0x00000001881e101e
07:17:04 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d010"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  824.504216] *** Guest State ***
[  824.507717] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  824.517205] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  824.526360] CR3 = 0x0000000000000000
[  824.530852] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  824.537195] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  824.543375] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  824.550246] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  824.559340] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  824.567619] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  824.575776] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  824.583907] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  824.591919] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  824.600061] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  824.608208] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  824.616278] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  824.624349] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  824.632380] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  824.638921] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  824.646485] Interruptibility = 00000000  ActivityState = 00000000
[  824.646491] *** Host State ***
[  824.646504] RIP = 0xffffffff81212b2e  RSP = 0xffff88013a3af350
[  824.646528] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  824.646544] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  824.677096] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  824.683017] CR0=0000000080050033 CR3=00000001d8f96000 CR4=00000000001426f0
[  824.690358] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  824.697217] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
07:17:04 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(0x0, 0x15)

07:17:04 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xffffffffffffff59, 0x4d, 0x40000000001ffffc}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RMKDIR(r1, &(0x7f0000000040)={0x14, 0x49, 0x1, {0x1, 0x2, 0x4}}, 0x14)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f00000001c0), 0x4)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000ec3fa096357501ec00000000"], 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

07:17:04 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x0)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:04 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="80b82ab50e418acf726a63d2deb9f3191e86ceae997347a140113a871e1526630738a177d8d4087c857395cddcc177970afac2d32a7844b33e5e7ef0a05cfadecb5e93e209f3a64230b83fb8bbce7e0c7381469ebdba422c76893fcc208aba7ff25808599698405fbe8792541257722813ab21813c388233631b7dd9b1b5d04c151ebbae1234a9668a2e4bd7e6c2c2ce7f03bbecb08e27c0ba5e4d378a1e4de8a1f922a0e570d14b45cf98c7e964a117e2c8fd33d43aa4a56da8f75ebc71e803a47f5a"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = msgget$private(0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000080)={{{@in=@multicast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@loopback}, 0x0, @in=@local}}, &(0x7f0000000000)=0xe8)
lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
getresgid(&(0x7f0000000340), &(0x7f0000000400), &(0x7f0000000440)=<r6=>0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000580))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc)
fcntl$getownex(r0, 0x10, &(0x7f0000000640))
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000680))
r7 = syz_open_dev$mice(&(0x7f00000007c0)='/dev/input/mice\x00', 0x0, 0x80)
ioctl$KDSKBLED(r7, 0x4b65, 0x1f)
getpgrp(0x0)
gettid()
ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000006c0))
fcntl$getownex(r1, 0x10, &(0x7f0000000700))
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000740))
getpgrp(0xffffffffffffffff)
ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000780)=<r8=>0x0)
r9 = semget(0x0, 0x7, 0x100)
semctl$GETVAL(r9, 0x4, 0xc, &(0x7f0000000900)=""/4096)
ioctl$KVM_ASSIGN_SET_INTX_MASK(r7, 0x4040aea4, &(0x7f0000000040)={0x9, 0x3, 0x9, 0x3})
r10 = getpgid(r8)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000004c0)={<r11=>0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x16, &(0x7f0000000480)='{.security}:#).(wlan0\x00', 0xffffffffffffffff}, 0x30)
msgctl$IPC_SET(r2, 0x1, &(0x7f0000000500)={{0x9, r3, r4, r5, r6, 0x42, 0x101}, 0x8c86, 0x54b8, 0x4, 0x1, 0x5, 0x3, r10, r11})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:04 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x0, 0x0)
dup2(r1, r0)

[  824.712284] *** Control State ***
[  824.732821] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  824.753309] EntryControls=0000d1ff ExitControls=002fefff
[  824.766124] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  824.784772] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  824.800915] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  824.824845]         reason=80000021 qualification=0000000000000000
07:17:05 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000380)="153f6234488dd25d766070")
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0xc}, 0x1c)
sendto$inet6(r1, &(0x7f0000000300), 0x0, 0x4008080, &(0x7f0000000240)={0xa, 0x14e23, 0x0, @remote, 0x7}, 0x1c)
sendmmsg(r1, &(0x7f00000092c0), 0x4f, 0x0)
r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x2711, @hyper}, 0x10, 0x80800)
r3 = memfd_create(&(0x7f00000000c0)='bdevm\x00', 0x7)
ioctl$FICLONE(r2, 0x40049409, r3)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r4 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x101, 0x60080)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x40042409, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$VT_GETMODE(r3, 0x5601, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:05 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x0)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:05 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
r2 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x40, 0x10)
r3 = openat$full(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/full\x00', 0x80082, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@text32={0x20, &(0x7f0000000980)="b9600a0000b8f8f9be37baaf64fc3d0f301ca80f01d1f20ff06d00660f388194b78a000000b9a30b00000f32c4c1d55cf5b97a0a0000b82cac7e0bba000000000f303e0fbaa1c11d000000b987010000b8b77e0000ba000000000f30", 0x5c}], 0x1, 0x1, &(0x7f0000000740)=[@efer], 0x1)
r4 = getpgid(0xffffffffffffffff)
move_pages(r4, 0x2, &(0x7f0000000040)=[&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil], &(0x7f0000000180)=[0x8, 0x1f, 0xfffffffffffffffe], &(0x7f00000001c0), 0x6)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r5 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r5, &(0x7f0000000340)={0x14}, 0x14)

[  824.845653] IDTVectoring: info=00000000 errcode=00000000
[  824.851499] TSC Offset = 0xfffffe446efa1eca
[  824.856654] TPR Threshold = 0x00
[  824.860177] EPT pointer = 0x00000001bfdff01e
07:17:05 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  824.974451] Dead loop on virtual device ip6_vti0, fix it urgently!
07:17:05 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  825.037708] 9pnet: bogus RWRITE count (33554433 > 20)
07:17:05 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:05 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r0 = msgget(0x3, 0x100)
msgctl$MSG_INFO(r0, 0xc, &(0x7f0000000080)=""/119)
r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1, 0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000100)={0x9, 0x0, {0x2, 0x2, 0x9, 0x3, 0x7}})
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f00000001c0))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:05 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x0)

07:17:05 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x4680, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000180))
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
ioctl$SG_EMULATED_HOST(r2, 0x2203, &(0x7f00000001c0))
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:17:05 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:17:05 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:05 executing program 4:
msgrcv(0x0, &(0x7f0000000300)=ANY=[@ANYPTR64=&(0x7f0000000400)=ANY=[@ANYRES64, @ANYRESOCT=0x0, @ANYBLOB="c6a0359fc0d43c606adcb64a4c0a084a2b13925015e98b5e048aca23be9f02d4590da8ed7b9a3bd0989a3d8d19ce0114057217805647f168ade9c96f2c88ba9c8f1b35d36d6b6b91605a215672425899dc68100a8d0d83864f62817453f5a8a73d3cf2177e0f61af0ce9aa55a7450d6214c2eb9b0dd5a30c47e2068e3acaedfe662747634d063095d47dfd935b8322b3411bd2f3bc1f7c6677b974fd9ed55abb31e8b08d4fe9cc52bb9d88081884a7435c40", @ANYBLOB="8211d322879cd740fde39b3da604777aad5726dd7883ae8c50a979d5a0440890656f24acedb5ea60b0de08ec932c1f88613f11ff6214c842ae4e9642cf1b107a80b8b00049ad590f23c68b680dab86251e3d2b367c0871143b58740580c0ebd131905b5d60dd28", @ANYRESDEC]], 0x1, 0x100000000000, 0x3800)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000"], 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000001, 0x10010, r0, 0x0)
r1 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x800)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000001c0)={0x0, 0x6, 0x1991, 0x5, 0x1000, 0x1, 0x5, 0x4, {<r2=>0x0, @in6={{0xa, 0x4e21, 0x7, @loopback, 0x3}}, 0x5, 0x100000000, 0x6, 0x4, 0x6}}, &(0x7f0000000280)=0xb0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x100)
sendmsg$kcm(r1, &(0x7f0000000e40)={&(0x7f0000000580)=@in6={0xa, 0x4e23, 0x8, @local, 0xf6e}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000340)="c9b65fb255f5794aa3da0f1dc7e8d0eb230ae8ef3e0143b6a6b439912485b5cd", 0x20}, {&(0x7f0000000600)="b2fe199ede95f896e3daab4710357938e5c014e8dc0c85a78b21cc20ec4c5b6dc317158d43152f7512f0215bfe45253ee34bc888893cbae97bf63f6568cbdc717b81b669663cc216c8b768ce3daf9c7a2bbb23f6ba83828a270177fcaac7bce94bb0c60ad79ef0dd3635a093b49d67fe05", 0x71}, {&(0x7f0000000680)="e3f11c073e12103a4b1787bc7086158d3caa3b19f8c5a926ba6447a47fecde1f059fb40df668d12190311fcfa12665eb67ec2aaf525cf8bccc55a24ccad7daa06f051c6d376324cd2587090553d82f1906e0a2bbc54bcdaee79e41eac76d4bbf7649f030d155134b6bfd444e0fd7c6c63298315b5f87c8f9ed8660804a651b95afea63af4b7e31c487356f14f03a6a15d507bb9dc5f0290f80f134017387572747cc1193", 0xa4}, {&(0x7f0000000740)="45859d4e4739f9c687ff5c62cc99f4cfb6e95c79e4275fa731c317829ae1a3507c7d54b868977d28319894cac86d0145a2e7dd1ed11922bef25b7dbbd17877c451789357e2878dcfe5e25690572e33485a03380187d74916ed513aecf60dcb0a1e9047f9ea21b8eb6876d7ad3b84a58ac9af48", 0x73}, {&(0x7f00000007c0)="2bb8fe3dc9fa24e54a8147aec27ccb4bc3491fda7606", 0x16}, {&(0x7f0000000800)="8a59bd67711cb33c630cefde67d806783a703f7ae1f3f544ac7ae4779681dc5c0f11820fe7b9e45cc5c245256804fbd64a2fc3afe0f0385daf1ada87c470e981555df8c40c68159a40d471b9be50988abe44025e9a9cd8bf6a9c559abc953fa7dc92a1af61df26df2411d91e6870b6124b3404afb8d234b575a73e47fe0d7f3bd7ddd5e70ffc835e593ab727a4b2850d3cef7f9fbb2b3a1dd9f1d49e27a062c9743c9f873da8a798c0dfd74dcd5bedf2b71317494ed1d033c19d8753149eab23bed587f1cb3ca39c76", 0xc9}, {&(0x7f0000000900)="fd1c79fa5335a75fa6c59eedd75a0380afffe72f270863b685dd36e94074a431c12832c40bf3948bb931decd941f3affdfc2dc4e19bef74b3da8866fb904a25c002e3996c635207a51bdcc79463aabe0bb9d0ea70cee0ea679e69d42e8906c017fd494ec965a29", 0x67}], 0x7, &(0x7f0000000a00)=[{0x110, 0x18b, 0x4, "04930a535fdd177cb5ba8f94bad9bba2e68e1894ad8e7b85a7c19b6810ad91478a99a4ab6473b260daa27108f4f864740119aab4b5b855f82bf27cda2dbb83c132d2459a7f3f7f74ecf12f78cf62938642db1a361ed449248cd3e982033a4d062a76df20069055b288dc384d721e948dfb720e9c2de211ae96e692ea924c160138054c4ac258275b086998e7e7511f694473d5390535692376085433961148b03d912044ce25451e9a71861a91a337aba45d1c1f1c5a5f1ad9086ff92e2a7866f2d1b35dd3549dbff09df5d15839a0a091514e2dc43555549b5a33b42e6182f1ca6e22012907e367977497d7c96918c59c3607919a9f88ab5f68193d"}, {0x108, 0x108, 0x3ff, "f827cb67a624ab4becabc710d59f222636562bc0c6b3846414604e003447eaf287758628746f89e80187057a98a0a9202d455238f3e5500776f711016398117e173e505a81d50405b384e2b236d3ddef9a4f73b59f6251b8f07e07e7834bb8151e9545913a1b8ef8910889107cf8c6fbf2072398cd8d1afb262eaad3eec30c072387b44e02a1a5984a05e8be1e7e77cecf9a5068a6662228fd3f2b82d2bc638fa4db9dac07b8a34d3830dd4d4c7eebfe37f33898267d5a17744b2c9ac4c6b51b3ef226d5cae620e28c7e3b1f852d07163a4744b1937c7bf87627831d8ad060ab014602574f2d29b5b7982a14e7a016de3d6a182496bef990"}, {0xa0, 0x10e, 0x4, "29426fc885124ad15d1145b018173226ab298272c40ae3f604b85c0edc2ad9b32beeff4a4a9935db9fbd01c1312d325542c6821695d70f2e7e6135e391b19946d10d87d2e762a001dd58a392fa8084bf8fbb4b7a000a478f361213ea5aa454de0870791df49e7f969b9511c63ebcdf31aea1e7acd5832aad3475efab26d594792b8cc6f18efc40d95f88a71805321504"}, {0x70, 0x8683f0253113e4ff, 0x9, "fdecbac1c9c93709f9a96bd85961a1a706881b77c420af4105aa77ae0ffd53dcd49e87132b860b4511e712e659c9c8a7d864b12484116817fd211b91ca85e1dd54621ea4e02b99e49ce53ce9fdbc23bf3a8421099a36ee6176daf348b9"}, {0x108, 0x116, 0xffffffffffff8001, "a5357f4672d83f279fb905bf8a576de82f77e3fd2e3165e26f08b428f703632313565c3123c8eeb16377840c675a50823c140857ddc9c4e528c8a2ca2c0c2f9bdc320d17bf1900be8ef019b384d587a5882d058068c0dc9b8a224beb65b3679767abd15764d5353921b1cf15a5bcf4de3255ec80cbe37f044eb44308a61d2bd0ae5c88a546d41e10d86b28cc6c11ddcd67860d413cf89a2530448270856480c3d8ebadd081561b4c973c2e76692b89c2ea2872bfdcad59bc251d6109fe3c3d3a97b301bf8bf619d8c6a6aaabf91325403816bdba488cd4aefcec667387b30eaf4827044fe80359ac24fc6f0c8791bc0d9924686bd079"}], 0x430, 0x1}, 0x4004001)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000002c0)=@assoc_value={r2, 0xe5}, 0x8)
prctl$intptr(0x0, 0x2)
r3 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0xfff, 0x42080)
ioctl$UI_END_FF_UPLOAD(r3, 0x406855c9, &(0x7f0000000140)={0x2, 0x800, {0x57, 0x9, 0x9, {0x921, 0x80}, {0x9, 0x2e}, @rumble={0x8}}, {0x0, 0x6, 0x7, {0x100, 0x78f50fa3}, {0xffffffffffffffff}, @cond=[{0x4, 0x10001, 0x100000000, 0x101, 0x9b57, 0x12}, {0x8, 0x9, 0x4f, 0x5704, 0x0, 0x1000}]}})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r4 = msgget(0x0, 0x8)
msgrcv(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000f9ffffff000000000000000000000000000000000000000000000000000000000000000000"], 0x3e, 0x1, 0x2800)

07:17:05 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(0xffffffffffffffff, r0)

07:17:05 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="aa1e7adc5c95a9a92abef2ee"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r1, 0xc0385720, &(0x7f0000000080)={0x1, {}, 0x7, 0x4})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:05 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  825.722986] 9pnet: bogus RWRITE count (33554433 > 20)
07:17:06 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:06 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RFLUSH(r1, &(0x7f0000000040)={0x7, 0x6d, 0x2}, 0x7)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

07:17:06 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:06 executing program 4:
r0 = msgget(0x2, 0x200)
msgrcv(r0, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES64, @ANYPTR64=&(0x7f0000000400)=ANY=[@ANYPTR=&(0x7f00000001c0)=ANY=[@ANYRESHEX, @ANYBLOB="31810a85ce2833c0a7bd8a07077cb7b0c172b2f9daf3e3c5300887eb9adf8a95a5b504122cd1df81cd1f7ae3e2944075f0ec1a37e7e2497d606abf0e55ee749879044f0fabe6e813bec16135347ba140ae5a1fd638bf05b43d78ef1d43efa5dae012f0f5ef45d8747a6572878d46014667e5c53944918b6578717dca0c77800f6a5624df65e4f53d265d1acfe9e2c06d922f5337535dc2f764514a2be2b112f20c8a16f243a16e996b067738e460b09a", @ANYRESDEC=0x0, @ANYBLOB="1164988238969d7c2eaebcbc45b1cbbe0c5efa828dad004c62141bd284147c9be1aaf53c4bf7a23bb03c9abf9d0b9964dccd849ad02d94f790e0fd66e540f9780b3982fd7cc69fff724889e907cc565427425380bf0d5502b3cd79d34c3792fec40ff2b4d44a21083a462636cf61996cf23688efab767b15b7f0a169c69368462d9f77dfb818ce6126c001c0f3dbc17bd24dea8bf2d4f3c24dbc0df52cd6", @ANYRESDEC, @ANYRES64, @ANYPTR64], @ANYPTR=&(0x7f0000000100)=ANY=[@ANYPTR, @ANYRESHEX], @ANYRESHEX=0x0, @ANYRES64, @ANYRESHEX, @ANYRESOCT, @ANYRESDEC, @ANYRESDEC, @ANYRESHEX]], 0x4, 0x0, 0x2)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  825.990635] 9pnet: bogus RWRITE count (33554433 > 20)
07:17:06 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:06 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:06 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x0)

07:17:06 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28)
sendto$inet6(r0, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect(r0, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80)
exit(0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
dup2(r1, 0xffffffffffffffff)

07:17:06 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000180)={0x7, 0x80000000})
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:17:06 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  826.581894] 9pnet: bogus RWRITE count (33554433 > 20)
07:17:06 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:06 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:06 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
r2 = gettid()
ptrace$getenv(0x4201, r2, 0x9, &(0x7f0000000040))
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f00000001c0)={0x4, &(0x7f0000000b40)=""/4096, &(0x7f0000001c40)=[{0xa82, 0xb2, 0x4, &(0x7f0000000980)=""/178}, {0x736, 0x83, 0xcd4, &(0x7f0000000a40)=""/131}, {0xfffffffffffffff8, 0xf0, 0x401, &(0x7f0000001b40)=""/240}, {0x3ff, 0x11, 0x3, &(0x7f0000000180)=""/17}]})
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:17:06 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:06 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:07 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0100000000000000133ddb4d4b799dfe0e210b92b7b7600ede72fd9da5515002000000603c3e0dd5970acd1f0abcaeaa8800ee080f24cb0c0d7b72e7a05d6dbb689f0c9399ce587f3ccd1a9cc48ced4c9b57565631309616ce7b9b277c11b4517b379d5389cc73ad974acda1b578d4a574f204c66461d95b6117929dff8b34a5d6615a9aad2297be8115777ed0d2bee9f524221d1c2a6e6e513ff299199d1b6a2dd300e7b652ecbf0a91cf7688a09d29325c8bbc0565fa1a3ae303d92758968524435742db1e60975d54fa4e6f24c1034ded5ed0017fcbdbbd74c236530ca072ba8b2375ae4739f0d7f0d90a18891d1f838599bd68262d2a542c9632b1a39dcc4311ae4bb4e04df98649ebffada97cda0a0804b6dd4e525d5121674368e13214140c502ddb73fe3e4e815c914021cf68ede37dc6cb1c34f7e3a63d8574ba5d4312b09621261b06cbfb7f8f333562325bd8cb959b9419084323a3a0e46ddec9ebab2057f36f82b43a670e6f2fc3cc42c6dd6d28acf214b5e87755e238b591226d3755e3a53f9d4bed49c1a8e56e16490442b4be606f200c83fb84b5c22db781073cf2ec10202d112dfc6894b940e12f5e2642070e95158712e5b31b6457125a8d3c6ebba3112f2a0c64fff88f8ed4d9e2708a12284470775e07a3281395a0631937cef3fcb1e1ca87b629aa2c8d3b42b0801d7648b8c330577f4644875ec01fd32a1e01cad8ec"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000040)={0x3b, 0x8001, 0x3, 0x6, 0x5, 0x3ff, 0x2, 0x5e})
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x321000, 0x0)
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)
write$FUSE_LK(r1, &(0x7f00000000c0)={0x28, 0x0, 0x1, {{0x80, 0x1000, 0x1}}}, 0x28)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:07 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  826.855312] 9pnet: bogus RWRITE count (33554433 > 20)
07:17:07 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000040000000000000000000000000000000007002e2f66616c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000180)={<r3=>0x0, 0x7}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000003c0)={r3, 0x3, 0x30}, &(0x7f0000000480)=0xc)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r4 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r4, &(0x7f0000000340)={0x14}, 0x14)

07:17:07 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100ffffffea0000"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  827.051120] 9pnet: bogus RWRITE count (33554433 > 20)
07:17:07 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480))
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:07 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f0000000580), 0x124c)
read$FUSE(r0, &(0x7f00000020c0), 0x1000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x0)

07:17:07 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:07 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
modify_ldt$read_default(0x2, &(0x7f0000000100)=""/103, 0x67)
r1 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x1, 0x88101000)
ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000080)={0x1, 0x400, 0x100000001})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:07 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000980)=ANY=[@ANYBLOB="1600001278010001000000000000000004000000001f63e0d5ad41269359b4d1c1de9b7b9d181c25960202618a2331b9481fe6a92192fd027e66be3a3adc55748cc9a6419b7bf39e4bc9a7b9c7cc7f192cbe68f37b341228cd14b97798d258e28015874201736453791b8b53b600fa6c8f00010000ba119c4006"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1, {0x800800, {0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}}, 0xfffffffffffffe02)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x121240, 0x0)
syz_open_pts(r2, 0x2200)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0852549ee1c546c5f367e7b06b1a891600001c748c102de702423a409c7323f88063a7fabf1e14b50df6724c75174929c8b0a1ba890328dc6e1fcfc75555b304ebac02659c86a0d231d612f0db1fceaada6bdcc46fccb67b06975e3c17eca950f3af2499c898fc97ad1ce7f9f8e7fbbe131ddb1b032cf20fb09dc1ecc229a0664787e056574d7d6ca0a0f0298d472dabfad4d93e451b795967d8c846e62733271cb795f6409f0767edd15df092cca6098e9a72929d8df8e1dae140e3de99ef15aab4851346f980f01ea06092a759763f"], 0x16)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f00000003c0))
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x200000, 0x0)
ioctl$PPPIOCGMRU(r3, 0x80047453, &(0x7f0000000180))
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r4 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r4, &(0x7f0000000340)={0x14, 0x67, 0x0, {0xfffffffffffffffd}}, 0x14)
ioctl$void(r1, 0x0)

07:17:07 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  827.444761] Unknown ioctl -2147199952
[  827.459437] FS-Cache: Duplicate cookie detected
[  827.464240] FS-Cache: O-cookie c=00000000b750d41d [p=00000000db173b0e fl=222 nc=0 na=1]
[  827.472394] FS-Cache: O-cookie d=00000000e03cd64a n=00000000b83c10be
[  827.478968] FS-Cache: O-key=[10] '34323935303139383938'
[  827.484522] FS-Cache: N-cookie c=000000000f5c665d [p=00000000db173b0e fl=2 nc=0 na=1]
07:17:07 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x80)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000080)={0x7fff, 0x6, 0x2, 0x4, 0x2, 0x6, 0x4, 0x101, 0x4, 0x9, 0x70, 0x1ff})
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x7ffffe, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000100)={0x0, 0x70, 0x81, 0x15f, 0xb54, 0xfffffffffffff912, 0x0, 0x8, 0x10000, 0xc, 0x3, 0x9, 0xfffffffffffffffd, 0x77d8, 0xfffffffffffffffc, 0xff, 0x40, 0x35, 0x4, 0x6, 0x0, 0x5, 0xa596, 0x5, 0x8001, 0x2, 0x4, 0x9, 0x7fff, 0x10000, 0x400, 0x5, 0xff, 0x7f, 0x9, 0x418e, 0x5, 0x81, 0x0, 0x0, 0x3, @perf_bp={&(0x7f00000000c0), 0x5}, 0x1100, 0x1, 0x8, 0x7, 0x4, 0x1, 0xfffffffffffffe01})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:07 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480))
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:07 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  827.492542] FS-Cache: N-cookie d=00000000e03cd64a n=00000000bd9db95d
[  827.499163] FS-Cache: N-key=[10] '34323935303139383938'
[  827.525045] 9pnet: bogus RWRITE count (33554433 > 4096)
07:17:07 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:07 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x4, 0x1fe)
setsockopt$inet_tcp_buf(r1, 0x6, 0x2b, &(0x7f0000000080)="e1e9052f03705a29d9cc7b74e8c7ccb61b0ba4a8d50d16e0784b1c00dd15f7b7a6f4e417133cb9fa963ac93e2837765bd830805fce38e1e65dfe44cedaf262", 0x3f)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  827.618458] Unknown ioctl -2147199952
07:17:07 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="39e2249aec6648da"], 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:07 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480))
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  827.743739] 9pnet: bogus RWRITE count (33554433 > 4096)
07:17:08 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:08 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0)
r3 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x62e, 0x30042)
ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f00000003c0)=r3)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000180)={0xb, 0x75, 0x20001, {0x0, "68fa56f13bc79523d0961b8908092b8ce41bd8529276e2ffceb3ca8900000000000000000000"}}, 0x2)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r4 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r4, &(0x7f0000000340)={0x14}, 0x14)

07:17:08 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:08 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x20080, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000080)="09e1ff9e3f4ba92153ce6fec20ac39ed", 0x10)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fsetxattr$security_ima(r0, &(0x7f0000000100)='security.ima\x00', &(0x7f0000000180)=@ng={0x4, 0xc, "417e97f790582718"}, 0xa, 0x2)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:08 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:08 executing program 2:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfffffdef)

07:17:08 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0xfffff02c}, {0x6}]}, 0x10)
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:08 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  828.348690] FS-Cache: Duplicate cookie detected
[  828.353655] FS-Cache: O-cookie c=0000000068ec1fc5 [p=00000000db173b0e fl=222 nc=0 na=1]
[  828.361816] FS-Cache: O-cookie d=00000000e03cd64a n=0000000057833bf8
[  828.368362] FS-Cache: O-key=[10] '34323935303139393837'
[  828.373880] FS-Cache: N-cookie c=0000000091c9b7d1 [p=00000000db173b0e fl=2 nc=0 na=1]
[  828.373892] FS-Cache: N-cookie d=00000000e03cd64a n=000000007713f07e
[  828.373899] FS-Cache: N-key=[10] '343239353031
[  828.388484] 39393837'
[  828.428359] *** Guest State ***
[  828.436401] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  828.465340] 9pnet: bogus RWRITE count (33554433 > 4096)
[  828.486014] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  828.509617] CR3 = 0x0000000000000000
[  828.521684] RSP = 0x0000000000000000  RIP = 0x0000000000000000
07:17:08 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
open(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x2)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
socket$can_bcm(0x1d, 0x2, 0x2)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
r2 = getpgid(0xffffffffffffffff)
process_vm_readv(r2, &(0x7f00000003c0)=[{&(0x7f0000000980)=""/227, 0xe3}, {&(0x7f0000000b40)=""/141, 0x8d}, {&(0x7f0000000180)=""/73, 0x49}, {&(0x7f0000000c00)=""/139, 0x8b}], 0x4, &(0x7f0000000480)=[{&(0x7f0000000a80)=""/68, 0x44}], 0x1, 0x0)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access}', @ANYRESDEC=0x0, @ANYBLOB=',cache=loose,\x00'])
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:17:08 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
write$P9_RAUTH(0xffffffffffffffff, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:08 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
getsockname$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x10)
socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:08 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  828.538125] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  828.553397] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  828.560130] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  828.625270] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  828.664304] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:17:08 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x40080, 0x0)
execveat(r1, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)=[&(0x7f00000000c0)='+cpusetppp1\x00', &(0x7f0000000100)=')/selfselinux:-ppp1lotrusted%trustedcpusettrusted]\x00', &(0x7f0000000140)='+{security\x00', &(0x7f00000001c0)='[eth1ppp0\x00'], &(0x7f0000000480)=[&(0x7f0000000240)='em1\x00', &(0x7f0000000280)='\x00', &(0x7f00000002c0)='vboxnet1$[ppp0%trusted/\bwlan0nodev\\\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='user\x00', &(0x7f0000000400)='\x00', &(0x7f0000000440)='ppp0#nodev.keyring\'@+$:^selinux\x00'], 0x100)

[  828.688686] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  828.718425] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
07:17:09 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
write$P9_RAUTH(0xffffffffffffffff, &(0x7f0000000340)={0x14}, 0xfdef)

[  828.746658] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  828.763394] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
07:17:09 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
r2 = geteuid()
getresgid(&(0x7f00000003c0), &(0x7f0000000480)=<r3=>0x0, &(0x7f0000000740))
write$P9_RGETATTR(r1, &(0x7f0000000980)={0xa0, 0x19, 0x2, {0x2010, {0x40, 0x4, 0x4}, 0x82, r2, r3, 0x100, 0x1, 0x200000000000000, 0x80000000, 0xfffffffffffffff7, 0x1f, 0x8, 0x7, 0x4477f733, 0x401, 0xff, 0x5, 0x6, 0x1000, 0x1}}, 0xa0)
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rtc0\x00', 0x40000, 0x0)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)={&(0x7f0000000040)='./file0/file0\x00', r4}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r5 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r5, &(0x7f0000000340)={0x14}, 0x14)

07:17:09 executing program 4:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2000, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setflags(r1, 0x2, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  828.827533] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  828.915086] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  828.945184] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  828.953436] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  828.960790] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  828.970553] 9pnet: bogus RWRITE count (33554433 > 4096)
[  828.971708] Interruptibility = 00000000  ActivityState = 00000000
[  828.982942] *** Host State ***
[  829.000205] RIP = 0xffffffff81212b2e  RSP = 0xffff88013d7df350
[  829.022610] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  829.043407] FSBase=00007f2deae2a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  829.052280] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  829.059365] CR0=0000000080050033 CR3=00000001d1bad000 CR4=00000000001426f0
[  829.067005] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  829.074323] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  829.080796] *** Control State ***
[  829.084816] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  829.091680] EntryControls=0000d1ff ExitControls=002fefff
[  829.104294] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  829.112328] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
07:17:09 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

07:17:09 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:09 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
write$P9_RAUTH(0xffffffffffffffff, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:09 executing program 2:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0)
r3 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x62e, 0x30042)
ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f00000003c0)=r3)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000180)={0xb, 0x75, 0x20001, {0x0, "68fa56f13bc79523d0961b8908092b8ce41bd8529276e2ffceb3ca8900000000000000000000"}}, 0x2)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r4 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r4, &(0x7f0000000340)={0x14}, 0x14)

07:17:09 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1001002}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r2, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1000}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040010}, 0x400c010)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x400, 0x5, 0x0, 0x0, 0x0, 0x1})

07:17:09 executing program 0:
pipe2$9p(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[], 0x0)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0xfc94, 0x6f, 0x1}, 0x1d)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1600000a000100f50d3dc5000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

[  829.119497] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  829.126510]         reason=80000021 qualification=0000000000000000
[  829.135344] IDTVectoring: info=00000000 errcode=00000000
[  829.140920] TSC Offset = 0xfffffe4254ed8898
[  829.145653] TPR Threshold = 0x00
[  829.149390] EPT pointer = 0x00000001c7c4b01e
07:17:09 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:09 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x400, 0x0)
ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0)

07:17:09 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1, {0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

07:17:09 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a55"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:09 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

07:17:09 executing program 2:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x8800000)

07:17:09 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:09 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

[  829.512265] 9pnet: bogus RWRITE count (33554433 > 20)
07:17:09 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a55"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:09 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

07:17:09 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt(r2, 0x8907, &(0x7f0000000180)="d55f9fc1102fa6cf2f0e3500a410d6bf19f78bfef6c68bcd54ccb093a33ce8b159b815609ce1bb6aa9b12f485296a713f4181333c3299ca6a37da3fc59e4ed9bcfbbdbdd7498c13d7b7729dcbd6df702f908a3d7c869b531349aa64a2dfb83541fac544948f9db423dc08980e5254aaf2f26f104ac8a30295755")
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1, {0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
fstat(r2, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
mount$9p_virtio(&(0x7f0000000380)='eth0/:eth1\x00', &(0x7f00000003c0)='./file0\x00', &(0x7f0000000480)='9p\x00', 0x6000, &(0x7f0000000a00)={'trans=virtio,', {[{@access_user='access=user'}, {@cache_mmap='cache=mmap'}, {@access_user='access=user'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@uid_eq={'uid', 0x3d, r3}}]}})
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000740)='/dev/dsp\x00', 0x2102, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000900)={0x1f, 0x5, {0x7, 0x4, 0x7, 0x7, 0x7fff, 0x5}, 0x1, 0x461}, 0xe)
write$P9_RATTACH(r1, &(0x7f0000000a80)={0x14, 0x69, 0x1, {0x0, 0xfffffffffffffffe}}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r5 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r5, &(0x7f0000000340)={0x14}, 0x14)

07:17:09 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:09 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:09 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a55"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  829.822037] 9pnet: bogus RWRITE count (33554433 > 20)
07:17:10 executing program 5:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x5f5e0ff)

07:17:10 executing program 4:
msgget(0x3, 0x40)
r0 = msgget$private(0x0, 0xa)
msgrcv(r0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x200000000000004)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fstat(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{0x20000000, 0x0, r3, 0x0, 0x0, 0x0, 0x10000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:10 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

[  830.034692] 9pnet: bogus RWRITE count (33554433 > 4096)
[  830.061034] 9pnet: bogus RWRITE count (33554433 > 4096)
07:17:10 executing program 2:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x20000354)

07:17:10 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000900)={0x23, 0x6f, 0x2, {0x2, [{0x20}, {0xc0, 0x2, 0x3}]}}, 0x23)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f0000000480)={0x14, 0x69, 0x1}, 0xffa0)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
add_key(&(0x7f00000000c0)='syzkaller\x00', &(0x7f00000003c0)={'syz', 0x0}, &(0x7f0000000740)="b6f3849b98b78cb5a89d21201288e049b0fd60400b0091c8bc2711dda0988a3106b168d33561d346a08824261f6337194d464c98a9db39ddbea09c", 0x3b, 0xffffffffffffffff)
r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$set_timeout(0xf, r2, 0x97ae)
write$P9_RREADLINK(r1, &(0x7f0000000040)={0x16, 0x17, 0x2, {0xd, './file0/file0'}}, 0x16)
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:17:10 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:10 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:10 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:10 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

[  830.219856] 9pnet: bogus RWRITE count (33554433 > 4096)
07:17:10 executing program 5:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14, 0x67, 0x0, {0x0, 0x0, 0xffffffffffffffff}}, 0x14)

07:17:10 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:10 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:10 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f2"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  830.607792] 9pnet: bogus RWRITE count (33554433 > 20)
[  830.650327] 9pnet: bogus RWRITE count (33554433 > 4096)
07:17:11 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:11 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:11 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f2"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:11 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="18dbdbc8a5f35f3cc99544f8ac32e38ecc"], 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

07:17:11 executing program 5:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:11 executing program 2 (fault-call:10 fault-nth:0):
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:11 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00000000000000001981ad7882a8df112d3d20c334dad02a4b14b838d918fed7b9c8689354661a5495e07ebc863b511fda71244aa8a0bb663787b455ce297eea680d77c6bc611bc7b549b1b362df1a067f141200a2be0f4e4774db044e1cfe01337bb6e04bb1fdfecc8f1c37dc7f91b85e6f26f0bf75bd776f754d3e29ef73f9ca9799784f4641fff7af7306f1f08da698126a655c3cc942ddca546edeb48d80ee45fc35fa95490dfdceae834bf204991df408d32fcdf9793ac456061f890f1aa90fcde120aa24a2a6063572bbec1832ca"], 0x0, 0x0)
r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x400a41, 0x0)
ioctl$KVM_SET_SREGS(r0, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x10001, 0xa, 0x886, 0x1, 0x8000, 0x56f, 0xe7a, 0x4, 0x1000, 0x7, 0xdaa}, {0x6000, 0x105000, 0xe, 0x8, 0x1, 0x401, 0x5, 0x8, 0x8000, 0x2, 0x6, 0x80000000}, {0x6000, 0x838ba41e4bdf0f98, 0xd, 0x9, 0x7fffffff, 0xa1, 0x74a, 0x7f, 0x6, 0x3, 0x5, 0x6}, {0x4, 0x10003, 0xf, 0xb23, 0x5, 0x21ee9955, 0x8, 0x8, 0x6, 0x7, 0x6, 0x800}, {0x7000, 0x0, 0xd, 0x9, 0x18, 0xfffffffffffffffa, 0x9c, 0x2, 0xdd9, 0x9, 0x4, 0x2}, {0x100000, 0x7001, 0xf, 0x1, 0xd, 0xff, 0x9, 0x1f, 0x1, 0x8, 0x7}, {0x2000, 0x3000, 0xb, 0xfffffffffffffffa, 0x10000, 0xc9, 0x7, 0x2be, 0x9, 0x3, 0x4, 0x7}, {0x2, 0xf000, 0xe, 0xfff, 0x9, 0x4, 0x80, 0x9, 0x7ff, 0x988, 0x4, 0x2}, {0x1}, {0x100004, 0x1000}, 0x20000004, 0x0, 0x102001, 0x40381, 0xf, 0x1100, 0x0, [0xfffffffffffffffc, 0x95b9, 0x3, 0x4]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:11 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:11 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f2"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:11 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x7f, 0x8200)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000080)={{0x1f, 0x600d3432}, {0x3, 0x48}, 0x8000, 0x4, 0xd1d7})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  831.039985] FAULT_INJECTION: forcing a failure.
[  831.039985] name failslab, interval 1, probability 0, space 0, times 0
[  831.086373] CPU: 1 PID: 15636 Comm: syz-executor2 Not tainted 4.19.0-rc8+ #292
[  831.093850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  831.103228] Call Trace:
[  831.105839]  dump_stack+0x1c4/0x2b4
[  831.109490]  ? dump_stack_print_info.cold.2+0x52/0x52
[  831.114697]  ? __lock_acquire+0x7ec/0x4ec0
[  831.118949]  should_fail.cold.4+0xa/0x17
[  831.123024]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  831.128138]  ? graph_lock+0x170/0x170
[  831.131948]  ? graph_lock+0x170/0x170
07:17:11 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:11 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c529942"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:11 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="092200006f010000009fd19d6ff4c6bb1e02d144bb09e075e97f98efe5432b47525ee9c48b7f4207a4f6ea2c9a733683faf3bf01fdf68d28"], 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

[  831.135757]  ? print_usage_bug+0xc0/0xc0
[  831.135772]  ? print_usage_bug+0xc0/0xc0
[  831.135786]  ? graph_lock+0x170/0x170
[  831.135799]  ? graph_lock+0x170/0x170
[  831.135834]  ? find_held_lock+0x36/0x1c0
[  831.135867]  ? __lock_is_held+0xb5/0x140
[  831.159672]  ? ___might_sleep+0x1ed/0x300
[  831.163842]  ? add_atomic_switch_msr_special+0x2b0/0x2b0
[  831.169351]  ? arch_local_save_flags+0x40/0x40
[  831.173983]  ? find_held_lock+0x36/0x1c0
[  831.178061]  __should_failslab+0x124/0x180
[  831.182346]  should_failslab+0x9/0x14
[  831.186177]  kmem_cache_alloc+0x2be/0x730
[  831.190339]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  831.195891]  ? kvm_pfn_to_page+0x7a/0xa0
[  831.199972]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  831.205017]  mmu_topup_memory_caches+0xf7/0x390
[  831.209715]  ? kvm_apic_has_interrupt+0xe9/0x230
[  831.214746]  kvm_mmu_load+0x21/0xfa0
[  831.218463]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  831.223987]  ? update_cr8_intercept+0x166/0x1f0
[  831.228659]  vcpu_enter_guest+0x3dbe/0x6380
07:17:11 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c529942"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  831.232972]  ? emulator_read_emulated+0x50/0x50
[  831.237628]  ? vmx_vcpu_load+0xb06/0x1030
[  831.241767]  ? vmx_write_tsc_offset+0x680/0x680
[  831.246436]  ? graph_lock+0x170/0x170
[  831.250263]  ? lock_downgrade+0x900/0x900
[  831.254433]  ? check_preemption_disabled+0x48/0x200
[  831.259457]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  831.265014]  ? check_preemption_disabled+0x48/0x200
[  831.270058]  ? check_preemption_disabled+0x48/0x200
[  831.270086]  ? __lock_is_held+0xb5/0x140
[  831.270106]  ? lock_acquire+0x1ed/0x520
[  831.279202]  ? kvm_arch_vcpu_ioctl_run+0x234/0x16e0
[  831.279224]  ? lock_release+0x970/0x970
[  831.279244]  ? kvm_gen_update_masterclock+0x350/0x350
[  831.297425]  kvm_arch_vcpu_ioctl_run+0x375/0x16e0
[  831.302282]  ? kvm_arch_vcpu_ioctl_run+0x375/0x16e0
[  831.307330]  kvm_vcpu_ioctl+0x72b/0x1150
[  831.311400]  ? kvm_vcpu_block+0x1030/0x1030
[  831.315727]  ? find_held_lock+0x36/0x1c0
[  831.319825]  ? __fget+0x4aa/0x740
[  831.323296]  ? check_preemption_disabled+0x48/0x200
[  831.328363]  ? kasan_check_read+0x11/0x20
[  831.332502]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
07:17:11 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c529942"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  831.337781]  ? rcu_bh_qs+0xc0/0xc0
[  831.341318]  ? __fget+0x4d1/0x740
[  831.344772]  ? ksys_dup3+0x680/0x680
[  831.348469]  ? find_held_lock+0x36/0x1c0
[  831.352545]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  831.357496]  ? kvm_vcpu_block+0x1030/0x1030
[  831.361836]  do_vfs_ioctl+0x1de/0x1720
[  831.365733]  ? __lock_is_held+0xb5/0x140
[  831.369818]  ? ioctl_preallocate+0x300/0x300
[  831.374234]  ? __fget_light+0x2e9/0x430
[  831.374251]  ? fget_raw+0x20/0x20
[  831.374268]  ? __sb_end_write+0xd9/0x110
[  831.374288]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  831.374315]  ? fput+0x130/0x1a0
[  831.374345]  ? do_syscall_64+0x9a/0x820
[  831.374359]  ? do_syscall_64+0x9a/0x820
[  831.374378]  ? lockdep_hardirqs_on+0x421/0x5c0
[  831.381847]  ? security_file_ioctl+0x94/0xc0
[  831.381871]  ksys_ioctl+0xa9/0xd0
[  831.381898]  __x64_sys_ioctl+0x73/0xb0
[  831.419010]  do_syscall_64+0x1b9/0x820
[  831.422916]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  831.428282]  ? syscall_return_slowpath+0x5e0/0x5e0
[  831.433221]  ? trace_hardirqs_off_thunk+0x1a/0x1c
07:17:11 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c5299420893"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  831.438072]  ? trace_hardirqs_on_caller+0x310/0x310
[  831.443092]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  831.448105]  ? prepare_exit_to_usermode+0x291/0x3b0
[  831.453167]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  831.458030]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  831.463226] RIP: 0033:0x457569
[  831.466423] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  831.485336] RSP: 002b:00007f49ef0fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  831.485354] RAX: ffffffffffffffda RBX: 00007f49ef0fbc90 RCX: 0000000000457569
[  831.485362] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  831.485369] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  831.485393] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f49ef0fc6d4
[  831.485400] R13: 00000000004c0027 R14: 00000000004d0108 R15: 0000000000000007
07:17:11 executing program 5:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:11 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00e469e87d290b00"], 0x0, 0x0)
socketpair$unix(0x1, 0x102, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:11 executing program 2 (fault-call:10 fault-nth:1):
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:11 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:11 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c5299420893"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:11 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x8001, 0x0)
epoll_pwait(r2, &(0x7f0000000980)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x8, 0x7, &(0x7f00000001c0)={0x9}, 0x8)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
ioctl$int_out(r1, 0x2, &(0x7f0000000040))
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000a00)={{{@in, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f00000003c0)=0xe8)
stat(&(0x7f0000000480)='./file0\x00', &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
write$P9_RGETATTR(r2, &(0x7f0000000bc0)={0xa0, 0x19, 0x1, {0x40, {0x1, 0x1, 0x4}, 0x82, r3, r4, 0x8001, 0x40, 0x8, 0x0, 0x1ff, 0xfffffffffffffffe, 0x1, 0x9, 0x401, 0x0, 0x1, 0x3, 0x29d5, 0x8, 0x9}}, 0xa0)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r5 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r5, &(0x7f0000000340)={0x14}, 0x14)

[  831.879981] 9pnet: bogus RWRITE count (33554433 > 20)
[  831.881767] FAULT_INJECTION: forcing a failure.
[  831.881767] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  831.897055] CPU: 1 PID: 15687 Comm: syz-executor2 Not tainted 4.19.0-rc8+ #292
[  831.904429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  831.913790] Call Trace:
[  831.913840]  dump_stack+0x1c4/0x2b4
[  831.913862]  ? dump_stack_print_info.cold.2+0x52/0x52
[  831.913880]  ? __get_user_pages_fast+0x253/0x3f0
[  831.913894]  ? __get_user_pages_fast+0x253/0x3f0
[  831.913911]  ? lockdep_hardirqs_on+0x421/0x5c0
[  831.913933]  should_fail.cold.4+0xa/0x17
[  831.913953]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  831.913971]  ? graph_lock+0x170/0x170
[  831.925393]  ? lock_downgrade+0x900/0x900
[  831.925412]  ? check_preemption_disabled+0x48/0x200
[  831.925433]  ? kasan_check_read+0x11/0x20
[  831.925451]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  831.925473]  ? find_held_lock+0x36/0x1c0
[  831.925490]  ? graph_lock+0x170/0x170
07:17:12 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c5299420893"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  831.925510]  ? get_mem_cgroup_from_mm+0x1e9/0x440
[  831.925524]  ? lock_downgrade+0x900/0x900
[  831.925537]  ? check_preemption_disabled+0x48/0x200
[  831.925560]  ? find_held_lock+0x36/0x1c0
[  831.925604]  ? rcu_read_unlock+0x16/0x60
[  831.935105]  __alloc_pages_nodemask+0x34b/0xde0
[  831.983854]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  831.983869]  ? kasan_check_read+0x11/0x20
[  831.983890]  ? __alloc_pages_slowpath+0x2d80/0x2d80
[  831.983905]  ? __lock_is_held+0xb5/0x140
[  831.983955]  ? ___might_sleep+0x1ed/0x300
[  831.983975]  ? trace_hardirqs_off+0xb8/0x310
[  831.993140]  cache_grow_begin+0x91/0x8c0
[  831.993158]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  831.993177]  ? check_preemption_disabled+0x48/0x200
[  831.993199]  kmem_cache_alloc+0x665/0x730
[  831.993215]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  831.993256]  mmu_topup_memory_caches+0xf7/0x390
[  831.993276]  ? kvm_apic_has_interrupt+0xe9/0x230
[  831.993293]  kvm_mmu_load+0x21/0xfa0
[  832.071052]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
07:17:12 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939c"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  832.076633]  ? update_cr8_intercept+0x166/0x1f0
[  832.081344]  vcpu_enter_guest+0x3dbe/0x6380
[  832.085688]  ? emulator_read_emulated+0x50/0x50
[  832.090393]  ? vmx_vcpu_load+0xb06/0x1030
[  832.094561]  ? vmx_write_tsc_offset+0x680/0x680
[  832.099258]  ? graph_lock+0x170/0x170
[  832.103061]  ? lock_downgrade+0x900/0x900
[  832.103081]  ? check_preemption_disabled+0x48/0x200
[  832.112257]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  832.117847]  ? check_preemption_disabled+0x48/0x200
[  832.122878]  ? check_preemption_disabled+0x48/0x200
[  832.127921]  ? __lock_is_held+0xb5/0x140
[  832.132030]  ? lock_acquire+0x1ed/0x520
[  832.136008]  ? kvm_arch_vcpu_ioctl_run+0x234/0x16e0
[  832.141016]  ? lock_release+0x970/0x970
[  832.144978]  ? kvm_gen_update_masterclock+0x350/0x350
[  832.150184]  kvm_arch_vcpu_ioctl_run+0x375/0x16e0
[  832.155075]  ? kvm_arch_vcpu_ioctl_run+0x375/0x16e0
[  832.160122]  kvm_vcpu_ioctl+0x72b/0x1150
[  832.164191]  ? kvm_vcpu_block+0x1030/0x1030
[  832.168505]  ? find_held_lock+0x36/0x1c0
[  832.172570]  ? __fget+0x4aa/0x740
[  832.176065]  ? check_preemption_disabled+0x48/0x200
07:17:12 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939c"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  832.181078]  ? kasan_check_read+0x11/0x20
[  832.185230]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  832.190538]  ? rcu_bh_qs+0xc0/0xc0
[  832.194121]  ? __fget+0x4d1/0x740
[  832.197611]  ? ksys_dup3+0x680/0x680
[  832.201329]  ? find_held_lock+0x36/0x1c0
[  832.205422]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  832.210384]  ? kvm_vcpu_block+0x1030/0x1030
[  832.210416]  do_vfs_ioctl+0x1de/0x1720
[  832.210432]  ? __lock_is_held+0xb5/0x140
[  832.218649]  ? ioctl_preallocate+0x300/0x300
[  832.218667]  ? __fget_light+0x2e9/0x430
[  832.218684]  ? fget_raw+0x20/0x20
[  832.218707]  ? __sb_end_write+0xd9/0x110
[  832.238671]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  832.244244]  ? fput+0x130/0x1a0
[  832.247564]  ? do_syscall_64+0x9a/0x820
[  832.251540]  ? do_syscall_64+0x9a/0x820
[  832.255531]  ? lockdep_hardirqs_on+0x421/0x5c0
[  832.260138]  ? security_file_ioctl+0x94/0xc0
[  832.264567]  ksys_ioctl+0xa9/0xd0
[  832.268079]  __x64_sys_ioctl+0x73/0xb0
[  832.271981]  do_syscall_64+0x1b9/0x820
[  832.275862]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
07:17:12 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939c"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  832.281260]  ? syscall_return_slowpath+0x5e0/0x5e0
[  832.286208]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  832.291042]  ? trace_hardirqs_on_caller+0x310/0x310
[  832.296048]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  832.301070]  ? prepare_exit_to_usermode+0x291/0x3b0
[  832.306110]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  832.311000]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  832.316207] RIP: 0033:0x457569
07:17:12 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)
r3 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)="9276a60ebf937d035c9b6a4476d6d2a88200f385e7314bd2f6e8089d19cce76e1295e77b733e215a51b963e0ff175fb4128aaaf26c", 0x35, 0xfffffffffffffffa)
r4 = add_key(&(0x7f00000003c0)='rxrpc\x00', &(0x7f0000000480)={'syz', 0x2}, &(0x7f0000000740)="f7e83ea6836e6f46bca4870a77041f6e130aa88ec68bbe34864c5dbddea45d1947949bc3ce550cc969fe3025ddf94890e4bbf1220be7ba57762a176c730a", 0x3e, 0xfffffffffffffffd)
keyctl$reject(0x13, r3, 0x1, 0x2, r4)

07:17:12 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x800, 0x0)
mq_timedreceive(r1, &(0x7f0000000080)=""/16, 0x10, 0xfffffffffffffffa, &(0x7f00000000c0)={0x77359400})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  832.319413] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  832.338321] RSP: 002b:00007f49ef0fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  832.338340] RAX: ffffffffffffffda RBX: 00007f49ef0fbc90 RCX: 0000000000457569
[  832.338350] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  832.338359] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  832.338369] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f49ef0fc6d4
[  832.338378] R13: 00000000004c0027 R14: 00000000004d0108 R15: 0000000000000007
[  832.365308] *** Guest State ***
[  832.392256] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  832.401717] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  832.440449] CR3 = 0x0000000000000000
[  832.453864] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  832.466363] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  832.494587] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  832.522252] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  832.541416] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  832.546310] 9pnet: bogus RWRITE count (33554433 > 20)
[  832.555001] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  832.563871] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  832.572041] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  832.580536] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  832.592412] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  832.600856] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  832.608946] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  832.616994] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  832.625027] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  832.631457] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  832.639067] Interruptibility = 00000000  ActivityState = 00000000
07:17:12 executing program 5:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x4f, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000400), 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x11)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:12 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

[  832.646192] *** Host State ***
[  832.649390] RIP = 0xffffffff81212b2e  RSP = 0xffff880141357350
[  832.649413] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  832.649426] FSBase=00007f49ef0fc700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  832.669715] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  832.687603] CR0=0000000080050033 CR3=00000001c2fc1000 CR4=00000000001426e0
[  832.705989] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  832.718516] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  832.725799] *** Control State ***
[  832.729451] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  832.736409] EntryControls=0000d1ff ExitControls=002fefff
[  832.745669] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
07:17:13 executing program 2:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:17:13 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x1, 0x500)
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000400)=@get={0x1, &(0x7f0000000280)=""/246})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x800000}, 0x0, 0x4000000000, 0x6, 0x0, 0x6})
msgsnd(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000000ec6039f26753086f769917d6d2f303ec"], 0x8, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
modify_ldt$read(0x0, &(0x7f00000001c0)=""/166, 0xa6)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000480), &(0x7f0000000000)=0x68)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r3 = fcntl$dupfd(r1, 0x406, r2)
setsockopt$IP_VS_SO_SET_EDITDEST(r3, 0x0, 0x489, &(0x7f0000000100)={{0xc, @dev={0xac, 0x14, 0x14, 0xa}, 0x4c20, 0x2, 'fo\x00', 0xa, 0x9b53, 0x32}, {@empty, 0x4e21, 0x1, 0x1, 0x3, 0x1f}}, 0x44)

07:17:13 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:13 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x20000000004800)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f0000000040))
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)=ANY=[@ANYBLOB="090000006f01030000"], 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b04000075240000000000"], 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0x14)

07:17:13 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

[  832.752734] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  832.759724] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  832.766544]         reason=80000021 qualification=0000000000000000
[  832.772923] IDTVectoring: info=00000000 errcode=00000000
[  832.778573] TSC Offset = 0xfffffe407d3a259c
[  832.782996] TPR Threshold = 0x00
[  832.786460] EPT pointer = 0x00000001bd28201e
07:17:13 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x100000000028)
socketpair$unix(0x1, 0x400000005, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
fsetxattr$security_ima(r0, &(0x7f0000000000)='security.ima\x00', &(0x7f00000000c0)=@sha1={0x1, "72b17c4ec92fc4112a4deb7f59883041e80f7f63"}, 0x15, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xfd8c)
setresuid(0x0, r3, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)="66642f33005571f81de61d17b8039c7abb60422a7572ff5f5322da93d9be987510a9af0d7a349eb8e409c31938af5b8d5fd3dde7eb6641")
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r5 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x2, 0x40)
getsockname$netlink(r5, &(0x7f0000000080), &(0x7f00000000c0)=0xc)

07:17:13 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:13 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:13 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000240)={0x1, "206b04a6a48732aab90ef10c07b0e214663257ddae9bf1c79f1d3480fb09b5eb66447182f38ef13cf317afc9d5bd11bc73d9ca0b33"}, 0x3d, 0x0)
r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x5, 0x800)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000080)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f00000001c0)=0xe8)
bind$packet(r0, &(0x7f0000000200)={0x11, 0x1d, r1, 0x1, 0x4, 0x6, @random="b9097df4cd2b"}, 0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

[  832.987587] *** Guest State ***
[  832.996735] audit: type=1804 audit(1540019833.186:270): pid=15746 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir366311997/syzkaller.JXOnRu/1807/file0" dev="sda1" ino=17901 res=1
[  833.025053] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
07:17:13 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000a00)=ANY=[@ANYBLOB="0900000016c6265e6f9ca6ac711af1da01fe4100000000b2b15de03409aeb14bad8d9ce6393a509b262d667d671ee34de4801ed97a699c6d942775a1cdb8f6f2c44a54e096df46f364c220b90d894325d934b66f1502d4d7cb44e0522a1f923d9519198a0f97f1c3117f089068b3ba0a1455dc0e8c94d9faad451dc8d7e3eed26a41f7a4f341b06388076dbf9efb3b3b244004"], 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f0000000b00)={0xb, 0x75, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x100, 0x146)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000180)={0x3, 0x3ff})
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x5, 0x18000)
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612)

[  833.041144] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  833.050249] CR3 = 0x0000000000000000
[  833.065904] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  833.094476] RFLAGS=0x0001a202         DR7 = 0x0000000000000400
[  833.110948] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  833.132817] FS-Cache: Duplicate cookie detected
[  833.133436] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  833.137722] FS-Cache: O-cookie c=00000000ab914835 [p=00000000db173b0e fl=222 nc=0 na=1]
[  833.147010] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  833.153744] FS-Cache: O-cookie d=00000000e03cd64a n=00000000e02c1e93
[  833.153752] FS-Cache: O-key=[10] '34323935303230343635'
[  833.153826] FS-Cache: N-cookie c=0000000084a305d8 [p=00000000db173b0e fl=2 nc=0 na=1]
[  833.153836] FS-Cache: N-cookie d=00000000e03cd64a n=00000000b4d54cf6
[  833.153842] FS-Cache: N-key=[10] '34
[  833.169476] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  833.173855] 323935303230343635'
[  833.200545] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  833.212700] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  833.233649] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  833.261150] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  833.274002] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  833.284797] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  833.293832] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  833.301911] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  833.308861] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  833.316445] Interruptibility = 00000000  ActivityState = 00000000
[  833.322693] *** Host State ***
[  833.322707] RIP = 0xffffffff81212b2e  RSP = 0xffff88013d3b7350
[  833.322730] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  833.332042] FSBase=00007f49ef0fc700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  833.346405] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  833.352297] CR0=0000000080050033 CR3=000000013a960000 CR4=00000000001426f0
[  833.352314] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  833.352327] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  833.352332] *** Control State ***
[  833.352355] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3
[  833.352367] EntryControls=0000d1ff ExitControls=002fefff
[  833.388159] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  833.395899] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  833.402711] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  833.409676]         reason=80000021 qualification=0000000000000000
[  833.420658] IDTVectoring: info=00000000 errcode=00000000
[  833.428142] TSC Offset = 0xfffffe3fe41f9e70
[  833.433750] TPR Threshold = 0x00
[  833.437396] EPT pointer = 0x00000001be7f401e
07:17:13 executing program 5:

07:17:13 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:13 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/ipc\x00')
fsetxattr$security_smack_transmute(r0, &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f00000000c0)='TRUE', 0x4, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
personality(0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:13 executing program 0:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
write$P9_RREAD(r1, &(0x7f00000001c0)={0x398, 0x75, 0x1}, 0xb)
r2 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x10000, 0x80080)
ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000180)={0x27, 0x6514, 0x1089, 0x3})
write$P9_RWALK(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="16000000000100010000020000000000000100000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r3 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r3, &(0x7f0000000340)={0x14}, 0x14)

07:17:13 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RGETATTR(r1, &(0x7f0000000640)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:13 executing program 2:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0x81a0ae8c, 0x0)

07:17:13 executing program 5:

07:17:13 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x80, 0x0)
inotify_add_watch(r2, &(0x7f00000001c0)='./file0\x00', 0x40000002)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x4e24, 0x3, @empty, 0x8001}, @in={0x2, 0x4e23}, @in6={0xa, 0x4e21, 0x3ff, @dev={0xfe, 0x80, [], 0xf}, 0x9}, @in={0x2, 0x4e20, @broadcast}, @in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x14}}, @in6={0xa, 0x4e21, 0xb825, @empty, 0x95}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}], 0xa4)
ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)=0x24080)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
unshare(0x400)

07:17:13 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:13 executing program 1:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000004e80)={0xbf}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}})
write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16)
write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0)
write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb)
write$P9_RWALK(r1, &(0x7f0000000940)={0x9, 0x6f, 0x1}, 0x9)
write$P9_RREAD(r1, &(0x7f0000000440)={0x18, 0x75, 0x1, {0xd, "6da9c5a38d8a44f8ac32e38ecc"}}, 0x18)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1}, 0x14)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x10, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@cache_loose='cache=loose'}]}})
r2 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x0)
write$P9_RAUTH(r2, &(0x7f0000000340)={0x14}, 0xfdef)

07:17:13 executing program 2:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="b7fef0cd2e870e0989c9471ebb82610cd6ab926222c25507138adb6886b01ed20078abb3fd8dacb30046f1146558ac16bc0300bf28adf7585dbe212b3b7570b64f7857a50bd46cceb9287db3b781000000df41471e9b59b3bf5053568f65998d7b9008c1f3e8e25629ef9faba6918e50cbfb9c718e5e1f160916300c2a54d01087"], &(0x7f0000000380)=0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "7914084b165e9ec52f1595ab29ebf015f37b541a5750acb2ac95e9ad3962af352e5323b779821fa55ee14bf9"})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xc0045878, 0x0)

07:17:13 executing program 5:

07:17:14 executing program 4:
msgrcv(0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x6, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:14 executing program 3:
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x4800)
write$FUSE_INTERRUPT(r0, &(0x7f0000001400)={0x10, 0x1, 0x7}, 0x10)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40000, 0x0)
inotify_add_watch(r1, &(0x7f0000000200)='./file0\x00', 0x2)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000c00e0ed618b6a00000000000000000000980200000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000e42d2a77f157db160a204a4d5c30d58449755f2dd5855da00f61ad3f0f4b0b8044de4ea3c4db54401c95bf74c05f93d75961b7b9c264385b13af5f51757dcab692e03f3b671c38a66b1bfde0ddf57db42d0fa98638dc306ff0f58703c4c64010551917c9a87405347a8a65115c9cecc2c8869b452d5c8746af5fb9b61c32607b3f4108064fc8730bcf414ea14595b5c9e6fbd71e7b35c005b50ee55ae6073516ba3a5548383b19ab54b630b44380fdc84bd6d036128f2a341c7126d8f25c52994208939ca8"], 0x1, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

07:17:14 executing program 5:

[  984.313452] INFO: task syz-executor0:15822 blocked for more than 140 seconds.
[  984.320966]       Not tainted 4.19.0-rc8+ #292
[  984.326465] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  984.334566] syz-executor0   D23976 15822   5352 0x00000004
[  984.343162] Call Trace:
[  984.345786]  __schedule+0x86c/0x1ed0
[  984.349491]  ? mark_held_locks+0x130/0x130
[  984.353816]  ? __sched_text_start+0x8/0x8
[  984.358028]  ? futex_wait+0x5ec/0xa50
[  984.361823]  ? graph_lock+0x170/0x170
[  984.365701]  ? graph_lock+0x170/0x170
[  984.369492]  ? print_usage_bug+0xc0/0xc0
[  984.373799]  ? futex_wait_setup+0x3e0/0x3e0
[  984.378151]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  984.384227]  ? find_held_lock+0x36/0x1c0
[  984.388395]  schedule+0xfe/0x460
[  984.391753]  ? __mutex_lock+0xbe2/0x1700
[  984.396045]  ? __schedule+0x1ed0/0x1ed0
[  984.400049]  ? kasan_check_read+0x11/0x20
[  984.404268]  ? do_raw_spin_unlock+0xa7/0x2f0
[  984.408770]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  984.413422]  ? __ww_mutex_add_waiter.part.15+0x120/0x120
[  984.418885]  ? mutex_destroy+0x200/0x200
[  984.422934]  ? do_raw_spin_lock+0xc1/0x200
[  984.427225]  schedule_preempt_disabled+0x13/0x20
[  984.432015]  __mutex_lock+0xbe7/0x1700
[  984.435948]  ? __fdget_pos+0x1bb/0x200
[  984.439829]  ? mutex_trylock+0x2b0/0x2b0
[  984.443989]  ? __fget+0x4d1/0x740
[  984.447456]  ? ksys_dup3+0x680/0x680
[  984.451156]  ? graph_lock+0x170/0x170
[  984.455649]  ? save_stack+0xa9/0xd0
[  984.459278]  ? save_stack+0x43/0xd0
[  984.462897]  ? find_held_lock+0x36/0x1c0
[  984.467046]  ? __fget_light+0x2e9/0x430
[  984.471034]  ? fget_raw+0x20/0x20
[  984.475066]  ? lock_release+0x970/0x970
[  984.479050]  ? arch_local_save_flags+0x40/0x40
[  984.483694]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  984.489177]  mutex_lock_nested+0x16/0x20
[  984.493375]  ? mutex_lock_nested+0x16/0x20
[  984.497623]  __fdget_pos+0x1bb/0x200
[  984.501340]  ? __fdget_raw+0x20/0x20
[  984.505154]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  984.510707]  ? put_timespec64+0x10f/0x1b0
[  984.514924]  ksys_write+0x7f/0x260
[  984.518482]  ? lockdep_hardirqs_on+0x421/0x5c0
[  984.523053]  ? __ia32_sys_read+0xb0/0xb0
[  984.527237]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  984.532691]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  984.538919]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  984.544527]  __x64_sys_write+0x73/0xb0
[  984.548446]  do_syscall_64+0x1b9/0x820
[  984.552335]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  984.557776]  ? syscall_return_slowpath+0x5e0/0x5e0
[  984.562712]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  984.567809]  ? trace_hardirqs_on_caller+0x310/0x310
[  984.572880]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  984.578005]  ? prepare_exit_to_usermode+0x291/0x3b0
[  984.583051]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  984.587993]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  984.593247] RIP: 0033:0x457569
[  984.596427] Code: Bad RIP value.
[  984.599777] RSP: 002b:00007f29b54a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  984.607563] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  984.614884] RDX: 0000000000000014 RSI: 0000000020000340 RDI: 0000000000000005
[  984.622145] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  984.630071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29b54a26d4
[  984.637440] R13: 00000000004c5138 R14: 00000000004d87c0 R15: 00000000ffffffff
[  984.644755] 
[  984.644755] Showing all locks held in the system:
[  984.651303] 3 locks held by kworker/u4:1/23:
[  984.655873]  #0: 0000000021904089 ((wq_completion)"writeback"){+.+.}, at: process_one_work+0xb43/0x1b90
[  984.665501]  #1: 0000000070dea1cf ((work_completion)(&(&wb->dwork)->work)){+.+.}, at: process_one_work+0xb9a/0x1b90
[  984.676268]  #2: 0000000096a90dd2 (&type->s_umount_key#60){++++}, at: trylock_super+0x22/0x110
[  984.685134] 3 locks held by kworker/u4:3/188:
[  984.689651]  #0: 0000000021904089 ((wq_completion)"writeback"){+.+.}, at: process_one_work+0xb43/0x1b90
[  984.699538]  #1: 00000000756eadc4 ((work_completion)(&(&wb->dwork)->work)){+.+.}, at: process_one_work+0xb9a/0x1b90
[  984.710195]  #2: 000000006b3ff569 (&type->s_umount_key#60){++++}, at: trylock_super+0x22/0x110
[  984.719011] 1 lock held by khungtaskd/980:
[  984.723779]  #0: 00000000f3f56b85 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424
[  984.732413] 1 lock held by rsyslogd/5222:
[  984.736754] 2 locks held by getty/5312:
[  984.740738]  #0: 00000000cdd46914 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  984.749209]  #1: 00000000c2014610 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  984.758226] 2 locks held by getty/5313:
[  984.762214]  #0: 00000000c4265594 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  984.770534]  #1: 0000000056946d6c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  984.779472] 2 locks held by getty/5314:
[  984.783487]  #0: 00000000690effbf (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  984.791768]  #1: 000000001fb1a075 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  984.800720] 2 locks held by getty/5315:
[  984.804719]  #0: 0000000060da6900 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  984.812968]  #1: 000000006f6a32b5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  984.821887] 2 locks held by getty/5316:
[  984.825902]  #0: 00000000e9683dfc (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  984.834906]  #1: 00000000f8e1234a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  984.843974] 2 locks held by getty/5317:
[  984.847965]  #0: 00000000857051fd (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  984.856248]  #1: 00000000a508a2ef (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  984.865275] 2 locks held by getty/5318:
[  984.869234]  #0: 000000003106aceb (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  984.877545]  #1: 00000000dc5e92df (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  984.886567] 3 locks held by syz-executor0/15775:
[  984.891391]  #0: 00000000f55b161f (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  984.899579]  #1: 0000000063c29396 (sb_writers#19){.+.+}, at: vfs_write+0x42a/0x560
[  984.907375]  #2: 00000000038d529a (&sb->s_type->i_mutex_key#25){++++}, at: generic_file_write_iter+0xed/0x870
[  984.917689] 1 lock held by syz-executor0/15822:
[  984.922353]  #0: 00000000f55b161f (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  984.930386] 
[  984.932020] =============================================
[  984.932020] 
[  984.939097] NMI backtrace for cpu 1
[  984.942808] CPU: 1 PID: 980 Comm: khungtaskd Not tainted 4.19.0-rc8+ #292
[  984.949877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  984.959220] Call Trace:
[  984.961797]  dump_stack+0x1c4/0x2b4
[  984.965417]  ? dump_stack_print_info.cold.2+0x52/0x52
[  984.970757]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  984.976292]  nmi_cpu_backtrace.cold.3+0x63/0xa2
[  984.980993]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  984.986312]  nmi_trigger_cpumask_backtrace+0x1b3/0x1ed
[  984.991573]  arch_trigger_cpumask_backtrace+0x14/0x20
[  984.996744]  watchdog+0xb3e/0x1050
[  985.000270]  ? reset_hung_task_detector+0xd0/0xd0
[  985.005226]  ? __kthread_parkme+0xce/0x1a0
[  985.009448]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  985.014535]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  985.019622]  ? lockdep_hardirqs_on+0x421/0x5c0
[  985.024189]  ? trace_hardirqs_on+0xbd/0x310
[  985.028491]  ? kasan_check_read+0x11/0x20
[  985.032618]  ? __kthread_parkme+0xce/0x1a0
[  985.036841]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  985.042326]  ? kasan_check_write+0x14/0x20
[  985.046574]  ? do_raw_spin_lock+0xc1/0x200
[  985.050793]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  985.055985]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  985.061509]  ? __kthread_parkme+0xfb/0x1a0
[  985.065732]  kthread+0x35a/0x420
[  985.069117]  ? reset_hung_task_detector+0xd0/0xd0
[  985.073961]  ? kthread_bind+0x40/0x40
[  985.077752]  ret_from_fork+0x3a/0x50
[  985.081586] Sending NMI from CPU 1 to CPUs 0:
[  985.086467] NMI backtrace for cpu 0
[  985.086473] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.0-rc8+ #292
[  985.086480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  985.086484] RIP: 0010:tick_check_broadcast_expired+0x0/0x40
[  985.086496] Code: e8 85 c5 ff ff eb b6 0f 1f 00 55 48 89 e5 e8 07 f0 0d 00 48 c7 c0 e0 0a ee 8a 5d c3 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 <55> 48 89 e5 53 e8 e6 ef 0d 00 e8 91 68 1c 02 bf 3f 00 00 00 89 c3
[  985.086500] RSP: 0018:ffffffff89207cd0 EFLAGS: 00000046
[  985.086508] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff838d203a
[  985.086514] RDX: 0000000000000000 RSI: ffffffff838d2048 RDI: 0000000000000005
[  985.086519] RBP: ffffffff89207d90 R08: ffffffff89276e40 R09: 0000000000000000
[  985.086524] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  985.086529] R13: ffffffff89f3bd20 R14: ffffffff89276e01 R15: 0000000000000000
[  985.086535] FS:  0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  985.086540] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  985.086545] CR2: ffffffffff600400 CR3: 00000001bb92f000 CR4: 00000000001426f0
[  985.086551] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  985.086556] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  985.086559] Call Trace:
[  985.086562]  ? do_idle+0x12f/0x5b0
[  985.086566]  ? arch_cpu_idle_exit+0x70/0x70
[  985.086570]  cpu_startup_entry+0x10c/0x120
[  985.086574]  ? cpu_in_idle+0x20/0x20
[  985.086578]  rest_init+0xe2/0xe5
[  985.086581]  start_kernel+0x8f4/0x92f
[  985.086585]  ? mem_encrypt_init+0xb/0xb
[  985.086589]  ? early_idt_handler_common+0x3b/0x60
[  985.086594]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  985.086597]  ? x86_family+0x3e/0x50
[  985.086602]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  985.086606]  x86_64_start_reservations+0x29/0x2b
[  985.086610]  x86_64_start_kernel+0x76/0x79
[  985.086614]  secondary_startup_64+0xa4/0xb0
[  985.087932] Kernel panic - not syncing: hung_task: blocked tasks
[  985.277915] CPU: 1 PID: 980 Comm: khungtaskd Not tainted 4.19.0-rc8+ #292
[  985.284826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  985.294170] Call Trace:
[  985.296742]  dump_stack+0x1c4/0x2b4
[  985.300380]  ? dump_stack_print_info.cold.2+0x52/0x52
[  985.305585]  panic+0x238/0x4e7
[  985.308781]  ? add_taint.cold.5+0x16/0x16
[  985.312919]  ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed
[  985.318353]  ? nmi_trigger_cpumask_backtrace+0x1c4/0x1ed
[  985.323796]  ? nmi_trigger_cpumask_backtrace+0x173/0x1ed
[  985.329263]  ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed
[  985.334704]  watchdog+0xb4f/0x1050
[  985.338233]  ? reset_hung_task_detector+0xd0/0xd0
[  985.343211]  ? __kthread_parkme+0xce/0x1a0
[  985.347499]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  985.352582]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  985.357731]  ? lockdep_hardirqs_on+0x421/0x5c0
[  985.362305]  ? trace_hardirqs_on+0xbd/0x310
[  985.366613]  ? kasan_check_read+0x11/0x20
[  985.370765]  ? __kthread_parkme+0xce/0x1a0
[  985.375049]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  985.380490]  ? kasan_check_write+0x14/0x20
[  985.384825]  ? do_raw_spin_lock+0xc1/0x200
[  985.389172]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  985.394279]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  985.399807]  ? __kthread_parkme+0xfb/0x1a0
[  985.404085]  kthread+0x35a/0x420
[  985.407434]  ? reset_hung_task_detector+0xd0/0xd0
[  985.412272]  ? kthread_bind+0x40/0x40
[  985.416059]  ret_from_fork+0x3a/0x50
[  985.420704] Kernel Offset: disabled
[  985.424331] Rebooting in 86400 seconds..